This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | namespace Consolidation\SiteAlias; |
||
3 | |||
4 | use Consolidation\Config\Config; |
||
5 | use Consolidation\Config\ConfigInterface; |
||
6 | use Webmozart\PathUtil\Path; |
||
7 | |||
8 | /** |
||
9 | * A host path is a path on some machine. The machine may be specified |
||
10 | * by a label, and the label may be an @alias or a site specification. |
||
11 | * If there is no label, then the local machine is assumed. |
||
12 | * |
||
13 | * Examples: |
||
14 | * |
||
15 | * @alias |
||
16 | * @alias:/path |
||
17 | * host:/path |
||
18 | * user@host:/path |
||
19 | * user@host/drupal-root#uri:/path |
||
20 | * /path |
||
21 | * |
||
22 | * Note that /path does not have to begin with a '/'; it may |
||
23 | * be a relative path, or it may begin with a path alias, |
||
24 | * e.g. '%files'. |
||
25 | * |
||
26 | * It is permissible to have an alias or site specification |
||
27 | * without a path, but it is not valid to have just a host |
||
28 | * with no path. |
||
29 | */ |
||
30 | class HostPath |
||
31 | { |
||
32 | /** @var SiteAlias The alias record obtained from the host path */ |
||
33 | protected $alias_record; |
||
34 | |||
35 | /** @var string The entire original host path (e.g. @alias:/path) */ |
||
36 | protected $original_path; |
||
37 | |||
38 | /** @var string The "path" component from the host path */ |
||
39 | protected $path; |
||
40 | |||
41 | /** @var string The alias record is implicit (e.g. 'path' instead of '@self:path') */ |
||
42 | protected $implicit; |
||
43 | |||
44 | /** |
||
45 | * HostPath constructor |
||
46 | * |
||
47 | * @param SiteAlias $alias_record The alias record or site specification record |
||
48 | * @param string $original_path The original host path |
||
49 | * @param string $path Just the 'path' component |
||
50 | */ |
||
51 | protected function __construct($alias_record, $original_path, $path = '', $implicit = false) |
||
52 | { |
||
53 | $this->alias_record = $alias_record; |
||
54 | $this->original_path = $original_path; |
||
55 | $this->path = $path; |
||
56 | $this->implicit = $implicit; |
||
0 ignored issues
–
show
|
|||
57 | } |
||
58 | |||
59 | /** |
||
60 | * Factory method to create a host path. |
||
61 | * |
||
62 | * @param SiteAliasManager $manager We need to be provided a reference |
||
63 | * to the alias manager to create a host path |
||
64 | * @param string $hostPath The path to create. |
||
65 | */ |
||
66 | public static function create(SiteAliasManager $manager, $hostPath) |
||
67 | { |
||
68 | // Split the alias path up into |
||
69 | // - $parts[0]: everything before the first ":" |
||
70 | // - $parts[1]: everything after the ":", if there was one. |
||
71 | $parts = explode(':', $hostPath, 2); |
||
72 | |||
73 | // Determine whether or not $parts[0] is a site spec or an alias |
||
74 | // record. If $parts[0] is not in the right form, the result |
||
75 | // will be 'false'. This will throw if $parts[0] is an @alias |
||
76 | // record, but the requested alias cannot be found. |
||
77 | $alias_record = $manager->get($parts[0]); |
||
78 | |||
79 | if (!isset($parts[1])) { |
||
80 | return static::determinePathOrAlias($manager, $alias_record, $hostPath, $parts[0]); |
||
81 | } |
||
82 | |||
83 | // If $parts[0] did not resolve to a site spec or alias record, |
||
84 | // but there is a $parts[1], then $parts[0] must be a machine name. |
||
85 | // Unless it was an alias that could not be found. |
||
86 | if ($alias_record === false) { |
||
87 | if (SiteAliasName::isAliasName($parts[0])) { |
||
0 ignored issues
–
show
The expression
\Consolidation\SiteAlias...:isAliasName($parts[0]) of type false|integer is loosely compared to true ; this is ambiguous if the integer can be zero. You might want to explicitly use !== null instead.
In PHP, under loose comparison (like For 0 == false // true
0 == null // true
123 == false // false
123 == null // false
// It is often better to use strict comparison
0 === false // false
0 === null // false
![]() |
|||
88 | throw new \Exception('Site alias ' . $parts[0] . ' not found.'); |
||
89 | } |
||
90 | $alias_record = new SiteAlias(['host' => $parts[0]]); |
||
91 | } |
||
92 | |||
93 | // Create our alias path |
||
94 | return new HostPath($alias_record, $hostPath, $parts[1]); |
||
95 | } |
||
96 | |||
97 | /** |
||
98 | * Return the alias record portion of the host path. |
||
99 | * |
||
100 | * @return SiteAlias |
||
101 | */ |
||
102 | public function getSiteAlias() |
||
103 | { |
||
104 | return $this->alias_record; |
||
105 | } |
||
106 | |||
107 | /** |
||
108 | * @deprecated Use getSiteAlias |
||
109 | */ |
||
110 | public function getAliasRecord() |
||
111 | { |
||
112 | return $this->getSiteAlias(); |
||
113 | } |
||
114 | |||
115 | /** |
||
116 | * Returns true if this host path points at a remote machine |
||
117 | * |
||
118 | * @return bool |
||
119 | */ |
||
120 | public function isRemote() |
||
121 | { |
||
122 | return $this->alias_record->isRemote(); |
||
123 | } |
||
124 | |||
125 | /** |
||
126 | * Return just the path portion, without considering the alias root. |
||
127 | * |
||
128 | * @return string |
||
129 | */ |
||
130 | public function getOriginalPath() |
||
131 | { |
||
132 | return $this->path; |
||
133 | } |
||
134 | |||
135 | /** |
||
136 | * Return the original host path string, as provided to the create() method. |
||
137 | * |
||
138 | * @return string |
||
139 | */ |
||
140 | public function getOriginal() |
||
141 | { |
||
142 | return $this->original_path; |
||
143 | } |
||
144 | |||
145 | /** |
||
146 | * Return just the path portion of the host path |
||
147 | * |
||
148 | * @return string |
||
149 | */ |
||
150 | public function getPath() |
||
151 | { |
||
152 | if (empty($this->path)) { |
||
153 | return $this->alias_record->root(); |
||
154 | } |
||
155 | if ($this->alias_record->hasRoot() && !$this->implicit) { |
||
156 | return Path::makeAbsolute($this->path, $this->alias_record->root()); |
||
157 | } |
||
158 | return $this->path; |
||
159 | } |
||
160 | |||
161 | /** |
||
162 | * Returns 'true' if the path portion of the host path begins with a |
||
163 | * path alias (e.g. '%files'). Path aliases must appear at the beginning |
||
164 | * of the path. |
||
165 | * |
||
166 | * @return bool |
||
167 | */ |
||
168 | public function hasPathAlias() |
||
169 | { |
||
170 | $pathAlias = $this->getPathAlias(); |
||
171 | return !empty($pathAlias); |
||
172 | } |
||
173 | |||
174 | /** |
||
175 | * Return just the path alias portion of the path (e.g. '%files'), or |
||
176 | * empty if there is no alias in the path. |
||
177 | * |
||
178 | * @return string |
||
179 | */ |
||
180 | public function getPathAlias() |
||
181 | { |
||
182 | if (preg_match('#%([^/]*).*#', $this->path, $matches)) { |
||
183 | return $matches[1]; |
||
184 | } |
||
185 | return ''; |
||
186 | } |
||
187 | |||
188 | /** |
||
189 | * Replaces the path alias portion of the path with the resolved path. |
||
190 | * |
||
191 | * @param string $resolvedPath The converted path alias (e.g. 'sites/default/files') |
||
192 | * @return $this |
||
193 | */ |
||
194 | public function replacePathAlias($resolvedPath) |
||
195 | { |
||
196 | $pathAlias = $this->getPathAlias(); |
||
197 | if (empty($pathAlias)) { |
||
198 | return $this; |
||
199 | } |
||
200 | // Make sure that the resolved path always ends in a '\'. |
||
201 | $resolvedPath .= '/'; |
||
202 | // Avoid double / in path. |
||
203 | // $this->path: %files/foo |
||
204 | // $pathAlias: files |
||
205 | // We add one to the length of $pathAlias to account for the '%' in $this->path. |
||
206 | if (strlen($this->path) > (strlen($pathAlias) + 1)) { |
||
207 | $resolvedPath = rtrim($resolvedPath, '/'); |
||
208 | } |
||
209 | // Once the path alias is resolved, replace the alias in the $path with the result. |
||
210 | $this->path = $resolvedPath . substr($this->path, strlen($pathAlias) + 1); |
||
211 | |||
212 | // Using a path alias such as %files is equivalent to making explicit |
||
213 | // use of @self:%files. We set implicit to false here so that the resolved |
||
214 | // path will be returned as an absolute path rather than a relative path. |
||
215 | $this->implicit = false; |
||
0 ignored issues
–
show
The property
$implicit was declared of type string , but false is of type false . Maybe add a type cast?
This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42;
$correct = false;
$correct = (bool) $answer;
![]() |
|||
216 | |||
217 | return $this; |
||
218 | } |
||
219 | |||
220 | /** |
||
221 | * Return the host portion of the host path, including the user. |
||
222 | * |
||
223 | * @return string |
||
224 | */ |
||
225 | public function getHost() |
||
226 | { |
||
227 | return $this->alias_record->remoteHostWithUser(); |
||
228 | } |
||
229 | |||
230 | /** |
||
231 | * Return the fully resolved path, e.g. user@server:/path/to/drupalroot/sites/default/files |
||
232 | * |
||
233 | * @return string |
||
234 | */ |
||
235 | public function fullyQualifiedPath() |
||
236 | { |
||
237 | $host = $this->getHost(); |
||
238 | if (!empty($host)) { |
||
239 | return $host . ':' . $this->getPath(); |
||
240 | } |
||
241 | return $this->getPath(); |
||
242 | } |
||
243 | |||
244 | /** |
||
245 | * Our fully qualified path passes the result through Path::makeAbsolute() |
||
246 | * which canonicallizes the path, removing any trailing slashes. |
||
247 | * That is what we want most of the time; however, the trailing slash is |
||
248 | * sometimes significant, e.g. for rsync, so we provide a separate API |
||
249 | * for those cases where the trailing slash should be preserved. |
||
250 | * |
||
251 | * @return string |
||
252 | */ |
||
253 | public function fullyQualifiedPathPreservingTrailingSlash() |
||
254 | { |
||
255 | $fqp = $this->fullyQualifiedPath(); |
||
256 | if ((substr($this->path, strlen($this->path) - 1) == '/') && (substr($fqp, strlen($fqp) - 1) != '/')) { |
||
257 | $fqp .= '/'; |
||
258 | } |
||
259 | return $fqp; |
||
260 | } |
||
261 | |||
262 | /** |
||
263 | * Helper method for HostPath::create(). When the host path contains no |
||
264 | * ':', this method determines whether the string that was provided is |
||
265 | * a host or a path. |
||
266 | * |
||
267 | * @param SiteAliasManager $manager |
||
268 | * @param SiteAlias|bool $alias_record |
||
269 | * @param string $hostPath |
||
270 | * @param string $single_part |
||
271 | */ |
||
272 | protected static function determinePathOrAlias(SiteAliasManager $manager, $alias_record, $hostPath, $single_part) |
||
273 | { |
||
274 | // If $alias_record is false, then $single_part must be a path. |
||
275 | if ($alias_record === false) { |
||
276 | return new HostPath($manager->getSelf(), $hostPath, $single_part, true); |
||
277 | } |
||
278 | |||
279 | // Otherwise, we have a alias record without a path. |
||
280 | // In this instance, the alias record _must_ have a root. |
||
281 | if (!$alias_record->hasRoot()) { |
||
0 ignored issues
–
show
It seems like
$alias_record is not always an object, but can also be of type boolean . Maybe add an additional type check?
If a variable is not always an object, we recommend to add an additional type check to ensure your method call is safe: function someFunction(A $objectMaybe = null)
{
if ($objectMaybe instanceof A) {
$objectMaybe->doSomething();
}
}
![]() |
|||
282 | throw new \Exception("$hostPath does not define a path."); |
||
283 | } |
||
284 | return new HostPath($alias_record, $hostPath); |
||
0 ignored issues
–
show
It seems like
$alias_record defined by parameter $alias_record on line 272 can also be of type boolean ; however, Consolidation\SiteAlias\HostPath::__construct() does only seem to accept object<Consolidation\SiteAlias\SiteAlias> , maybe add an additional type check?
This check looks at variables that have been passed in as parameters and are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. ![]() |
|||
285 | } |
||
286 | } |
||
287 |
This check looks for assignments to scalar types that may be of the wrong type.
To ensure the code behaves as expected, it may be a good idea to add an explicit type cast.