This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Anax\Content; |
||
4 | |||
5 | /** |
||
6 | * File Based Content, code for loading additional content into view through |
||
7 | * data["meta"]. |
||
8 | */ |
||
9 | trait FBCUtilitiesTrait |
||
10 | { |
||
11 | /** |
||
12 | * Support relative routes. |
||
13 | * |
||
14 | * @param string $route to load. |
||
15 | * @param string $routeIndex to use. |
||
16 | * |
||
17 | * @return string with active route. |
||
18 | */ |
||
19 | private function getActiveRoute($route, $routeIndex) |
||
20 | { |
||
21 | if (substr_compare($route, "./", 0, 2) === 0) { |
||
22 | $route = dirname($routeIndex) . "/" . substr($route, 2); |
||
23 | } |
||
24 | |||
25 | return $route; |
||
26 | } |
||
27 | |||
28 | |||
29 | |||
30 | /** |
||
31 | * Process content phase 2 and merge with new frontmatter into |
||
32 | * view structure. |
||
33 | * |
||
34 | * @param string &$views array to load view info into. |
||
35 | * @param string $route to load meta from. |
||
36 | * |
||
37 | * @return void |
||
38 | */ |
||
39 | private function processContentPhaseTwo(&$filtered) |
||
40 | { |
||
41 | $filter = $this->config["textfilter"]; |
||
0 ignored issues
–
show
|
|||
42 | $textFilter = $this->di->get("textfilter"); |
||
0 ignored issues
–
show
The property
di does not exist. Did you maybe forget to declare it?
In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { }
$x = new MyClass();
$x->foo = true;
Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass {
public $foo;
}
$x = new MyClass();
$x->foo = true;
Loading history...
|
|||
43 | |||
44 | // Get new filtered content (and updated frontmatter) |
||
45 | $new = $textFilter->parse($filtered->text, $filter); |
||
46 | $filtered->text = $new->text; |
||
47 | $filtered->frontmatter = array_merge_recursive_distinct( |
||
48 | $filtered->frontmatter, |
||
49 | $new->frontmatter |
||
50 | ); |
||
51 | |||
52 | // Update all anchor urls to use baseurl, needs info about baseurl |
||
53 | // from merged frontmatter |
||
54 | $baseurl = isset($filtered->frontmatter["baseurl"]) |
||
55 | ? $filtered->frontmatter["baseurl"] |
||
56 | : null; |
||
57 | $this->addBaseurl2AnchorUrls($filtered, $baseurl); |
||
58 | $this->addBaseurl2ImageSource($filtered, $baseurl); |
||
59 | |||
60 | // Add excerpt and hasMore, if available |
||
61 | $textFilter->addExcerpt($filtered); |
||
62 | } |
||
63 | |||
64 | |||
65 | |||
66 | |||
67 | /** |
||
68 | * Load view details for additional route, merged with meta if any. |
||
69 | * |
||
70 | * @param string $route to load. |
||
71 | * |
||
72 | * @return array with view data details. |
||
73 | */ |
||
74 | private function loadAndParseRoute($route) |
||
75 | { |
||
76 | // Get meta into view structure |
||
77 | $meta = $this->getMetaForRoute($route); |
||
78 | unset($meta["__toc__"]); |
||
79 | unset($meta["views"]); |
||
80 | |||
81 | // Get filtered content from route |
||
82 | list($routeIndex, , $filtered) = |
||
83 | $this->mapRoute2Content($route); |
||
84 | |||
85 | // Merge frontmatter with meta |
||
86 | // then merge frontmatter base into views main |
||
87 | $filtered->frontmatter = array_merge_recursive_distinct( |
||
88 | $meta, |
||
89 | $filtered->frontmatter |
||
90 | ); |
||
91 | |||
92 | // Do phase 2 processing to get new filtered content |
||
93 | // (and updated frontmatter) |
||
94 | $this->processContentPhaseTwo($filtered); |
||
95 | |||
96 | // Create complete frontmatter, inluding content |
||
97 | $filtered->frontmatter["data"]["content"] = isset($filtered->text) |
||
98 | ? $filtered->text |
||
99 | : null; |
||
100 | |||
101 | // Load additional content for view, based on data-meta |
||
102 | $view = ["main" => $filtered->frontmatter]; |
||
103 | $this->loadAdditionalContent($view, $route, $routeIndex); |
||
104 | |||
105 | return $view["main"]; |
||
106 | } |
||
107 | |||
108 | |||
109 | |||
110 | /** |
||
111 | * Load view data for additional route, merged with meta if any. |
||
112 | * |
||
113 | * @param string $route to load. |
||
114 | * |
||
115 | * @return array with view data details. |
||
116 | */ |
||
117 | private function getDataForAdditionalRoute($route) |
||
118 | { |
||
119 | $filter = $this->config["textfilter"]; |
||
120 | $textFilter = $this->di->get("textfilter"); |
||
121 | |||
122 | // Get filtered content from route |
||
123 | list($routeIndex, , $filtered) = |
||
124 | $this->mapRoute2Content($route); |
||
125 | |||
126 | // Get meta, remove unneeded details |
||
127 | $meta = $this->getMetaForRoute($route); |
||
128 | unset($meta["__toc__"]); |
||
129 | unset($meta["views"]); |
||
130 | |||
131 | // Do phase 2 processing to get new filtered content |
||
132 | // (and updated frontmatter) |
||
133 | $new = $textFilter->parse($filtered->text, $filter); |
||
134 | $new->frontmatter = array_merge_recursive_distinct($filtered->frontmatter, $new->frontmatter); |
||
135 | |||
136 | // Creates urls based on baseurl |
||
137 | $baseurl = isset($new->frontmatter["data"]["baseurl"]) |
||
138 | ? isset($new->frontmatter["data"]["baseurl"]) |
||
139 | : null; |
||
140 | $this->addBaseurl2AnchorUrls($new, $baseurl); |
||
141 | $this->addBaseurl2ImageSource($new, $baseurl); |
||
142 | |||
143 | // Create complete frontmatter, inluding content |
||
144 | $frontmatter = $new->frontmatter; |
||
145 | $frontmatter["data"]["content"] = $new->text; |
||
146 | |||
147 | // Load additional content for view, based on data-meta |
||
148 | $view = ["main" => $frontmatter]; |
||
149 | $this->loadAdditionalContent($view, $route, $routeIndex); |
||
150 | |||
151 | return $view["main"]; |
||
152 | } |
||
153 | |||
154 | |||
155 | |||
156 | /** |
||
157 | * Parse text, find and update all a href to use baseurl. |
||
158 | * |
||
159 | * @param object &$filtered with text and excerpt to process. |
||
160 | * @param string $baseurl add as baseurl for all relative urls. |
||
161 | * |
||
162 | * @return void. |
||
163 | */ |
||
164 | private function addBaseurl2AnchorUrls(&$filtered, $baseurl) |
||
165 | { |
||
166 | $textf = $this->di->get("textfilter"); |
||
167 | $url = $this->di->get("url"); |
||
168 | $request = $this->di->get("request"); |
||
169 | $part = $request->getRoute(); |
||
170 | |||
171 | // Use callback to url->create() instead of string concat |
||
172 | $callback = function ($route) use ($url, $baseurl, $part) { |
||
173 | if (!empty($route) && $route[0] == "!") { |
||
174 | return $url->asset(substr($route, 1), $baseurl); |
||
175 | } |
||
176 | |||
177 | if (isset($route[0]) |
||
178 | && isset($route[1]) |
||
179 | && $route[0] === "." |
||
180 | && $route[1] === "/" |
||
181 | ) { |
||
182 | return $url->create( |
||
183 | substr($route, 2), |
||
184 | $baseurl . $part |
||
185 | ); |
||
186 | } |
||
187 | |||
188 | return $url->create($route, $baseurl); |
||
189 | }; |
||
190 | |||
191 | $filtered->text = |
||
192 | $textf->addBaseurlToRelativeLinks($filtered->text, $baseurl, $callback); |
||
193 | } |
||
194 | |||
195 | |||
196 | |||
197 | /** |
||
198 | * Parse text, find and update all image source to use baseurl. |
||
199 | * |
||
200 | * @param object &$filtered with text and excerpt to process. |
||
201 | * @param string $baseurl add as baseurl for all relative urls. |
||
202 | * |
||
203 | * @return void. |
||
204 | */ |
||
205 | private function addBaseurl2ImageSource(&$filtered, $baseurl) |
||
206 | { |
||
207 | $textf = $this->di->get("textfilter"); |
||
208 | $url = $this->di->get("url"); |
||
209 | |||
210 | // Use callback to url->create() instead of string concat |
||
211 | $callback = function ($route) use ($url, $baseurl) { |
||
212 | return $url->asset($route, $baseurl); |
||
213 | }; |
||
214 | |||
215 | $filtered->text = |
||
216 | $textf->addBaseurlToImageSource($filtered->text, $baseurl, $callback); |
||
217 | } |
||
218 | |||
219 | |||
220 | |||
221 | /** |
||
222 | * Get published date. |
||
223 | * |
||
224 | * @param array $frontmatter with details on dates. |
||
225 | * |
||
226 | * @return integer as time for publish time. |
||
227 | */ |
||
228 | private function getPublishTime($frontmatter) |
||
229 | { |
||
230 | //list(, $date) = $this->di->get("view")->getPublishedDate($frontmatter); |
||
231 | list(, $date) = \Anax\View\getPublishedDate($frontmatter); |
||
232 | return strtotime($date); |
||
233 | } |
||
234 | } |
||
235 |
In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code:
Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: