This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | namespace Consolidation\SiteAlias; |
||
3 | |||
4 | use Consolidation\Config\Config; |
||
5 | use Consolidation\Config\ConfigInterface; |
||
6 | use Webmozart\PathUtil\Path; |
||
7 | |||
8 | /** |
||
9 | * A host path is a path on some machine. The machine may be specified |
||
10 | * by a label, and the label may be an @alias or a site specification. |
||
11 | * If there is no label, then the local machine is assumed. |
||
12 | * |
||
13 | * Examples: |
||
14 | * |
||
15 | * @alias |
||
16 | * @alias:/path |
||
17 | * host:/path |
||
18 | * user@host:/path |
||
19 | * user@host/drupal-root#uri:/path |
||
20 | * /path |
||
21 | * |
||
22 | * Note that /path does not have to begin with a '/'; it may |
||
23 | * be a relative path, or it may begin with a path alias, |
||
24 | * e.g. '%files'. |
||
25 | * |
||
26 | * It is permissible to have an alias or site specification |
||
27 | * without a path, but it is not valid to have just a host |
||
28 | * with no path. |
||
29 | */ |
||
30 | class HostPath |
||
31 | { |
||
32 | /** @var SiteAlias The alias record obtained from the host path */ |
||
33 | protected $alias_record; |
||
34 | |||
35 | /** @var string The entire original host path (e.g. @alias:/path) */ |
||
36 | protected $original_path; |
||
37 | |||
38 | /** @var string The "path" component from the host path */ |
||
39 | protected $path; |
||
40 | |||
41 | /** @var string The alias record is implicit (e.g. 'path' instead of '@self:path') */ |
||
42 | protected $implicit; |
||
43 | |||
44 | /** |
||
45 | * HostPath constructor |
||
46 | * |
||
47 | * @param SiteAlias $alias_record The alias record or site specification record |
||
48 | * @param string $original_path The original host path |
||
49 | * @param string $path Just the 'path' component |
||
50 | */ |
||
51 | protected function __construct($alias_record, $original_path, $path = '', $implicit = false) |
||
52 | { |
||
53 | $this->alias_record = $alias_record; |
||
54 | $this->original_path = $original_path; |
||
55 | $this->path = $path; |
||
56 | $this->implicit = $implicit; |
||
0 ignored issues
–
show
|
|||
57 | } |
||
58 | |||
59 | /** |
||
60 | * Factory method to create a host path. |
||
61 | * |
||
62 | * @param SiteAliasManager $manager We need to be provided a reference |
||
63 | * to the alias manager to create a host path |
||
64 | * @param string $hostPath The path to create. |
||
65 | */ |
||
66 | public static function create(SiteAliasManager $manager, $hostPath) |
||
67 | { |
||
68 | // Split the alias path up into |
||
69 | // - $parts[0]: everything before the first ":" |
||
70 | // - $parts[1]: everything after the ":", if there was one. |
||
71 | $parts = explode(':', $hostPath, 2); |
||
72 | |||
73 | // Determine whether or not $parts[0] is a site spec or an alias |
||
74 | // record. If $parts[0] is not in the right form, the result |
||
75 | // will be 'false'. This will throw if $parts[0] is an @alias |
||
76 | // record, but the requested alias cannot be found. |
||
77 | $alias_record = $manager->get($parts[0]); |
||
78 | |||
79 | if (!isset($parts[1])) { |
||
80 | return static::determinePathOrAlias($manager, $alias_record, $hostPath, $parts[0]); |
||
81 | } |
||
82 | |||
83 | // If $parts[0] did not resolve to a site spec or alias record, |
||
84 | // but there is a $parts[1], then $parts[0] must be a machine name. |
||
85 | // Unless it was an alias that could not be found. |
||
86 | if ($alias_record === false) { |
||
87 | if (SiteAliasName::isAliasName($parts[0])) { |
||
88 | throw new \Exception('Site alias ' . $parts[0] . ' not found.'); |
||
89 | } |
||
90 | $alias_record = new SiteAlias(['host' => $parts[0]]); |
||
91 | } |
||
92 | |||
93 | // Create our alias path |
||
94 | return new HostPath($alias_record, $hostPath, $parts[1]); |
||
95 | } |
||
96 | |||
97 | /** |
||
98 | * Return the alias record portion of the host path. |
||
99 | * |
||
100 | * @return SiteAlias |
||
101 | */ |
||
102 | public function getSiteAlias() |
||
103 | { |
||
104 | return $this->alias_record; |
||
105 | } |
||
106 | |||
107 | /** |
||
108 | * @deprecated Use getSiteAlias |
||
109 | */ |
||
110 | public function getAliasRecord() |
||
111 | { |
||
112 | return $this->getSiteAlias(); |
||
113 | } |
||
114 | |||
115 | /** |
||
116 | * Returns true if this host path points at a remote machine |
||
117 | * |
||
118 | * @return bool |
||
119 | */ |
||
120 | public function isRemote() |
||
121 | { |
||
122 | return $this->alias_record->isRemote(); |
||
123 | } |
||
124 | |||
125 | /** |
||
126 | * Return just the path portion, without considering the alias root. |
||
127 | * |
||
128 | * @return string |
||
129 | */ |
||
130 | public function getOriginalPath() |
||
131 | { |
||
132 | return $this->path; |
||
133 | } |
||
134 | |||
135 | /** |
||
136 | * Return the original host path string, as provided to the create() method. |
||
137 | * |
||
138 | * @return string |
||
139 | */ |
||
140 | public function getOriginal() |
||
141 | { |
||
142 | return $this->original_path; |
||
143 | } |
||
144 | |||
145 | /** |
||
146 | * Return just the path portion of the host path |
||
147 | * |
||
148 | * @return string |
||
149 | */ |
||
150 | public function getPath() |
||
151 | { |
||
152 | if (empty($this->path)) { |
||
153 | return $this->alias_record->root(); |
||
154 | } |
||
155 | if ($this->alias_record->hasRoot() && !$this->implicit) { |
||
156 | return Path::makeAbsolute($this->path, $this->alias_record->root()); |
||
157 | } |
||
158 | return $this->path; |
||
159 | } |
||
160 | |||
161 | /** |
||
162 | * Returns 'true' if the path portion of the host path begins with a |
||
163 | * path alias (e.g. '%files'). Path aliases must appear at the beginning |
||
164 | * of the path. |
||
165 | * |
||
166 | * @return bool |
||
167 | */ |
||
168 | public function hasPathAlias() |
||
169 | { |
||
170 | $pathAlias = $this->getPathAlias(); |
||
171 | return !empty($pathAlias); |
||
172 | } |
||
173 | |||
174 | /** |
||
175 | * Return just the path alias portion of the path (e.g. '%files'), or |
||
176 | * empty if there is no alias in the path. |
||
177 | * |
||
178 | * @return string |
||
179 | */ |
||
180 | public function getPathAlias() |
||
181 | { |
||
182 | if (preg_match('#%([^/]*).*#', $this->path, $matches)) { |
||
183 | return $matches[1]; |
||
184 | } |
||
185 | return ''; |
||
186 | } |
||
187 | |||
188 | /** |
||
189 | * Replaces the path alias portion of the path with the resolved path. |
||
190 | * |
||
191 | * @param string $resolvedPath The converted path alias (e.g. 'sites/default/files') |
||
192 | * @return $this |
||
193 | */ |
||
194 | public function replacePathAlias($resolvedPath) |
||
195 | { |
||
196 | $pathAlias = $this->getPathAlias(); |
||
197 | if (empty($pathAlias)) { |
||
198 | return $this; |
||
199 | } |
||
200 | // Make sure that the resolved path always ends in a '\'. |
||
201 | $resolvedPath .= '/'; |
||
202 | // Avoid double / in path. |
||
203 | // $this->path: %files/foo |
||
204 | // $pathAlias: files |
||
205 | // We add one to the length of $pathAlias to account for the '%' in $this->path. |
||
206 | if (strlen($this->path) > (strlen($pathAlias) + 1)) { |
||
207 | $resolvedPath = rtrim($resolvedPath, '/'); |
||
208 | } |
||
209 | // Once the path alias is resolved, replace the alias in the $path with the result. |
||
210 | $this->path = $resolvedPath . substr($this->path, strlen($pathAlias) + 1); |
||
211 | |||
212 | // Using a path alias such as %files is equivalent to making explicit |
||
213 | // use of @self:%files. We set implicit to false here so that the resolved |
||
214 | // path will be returned as an absolute path rather than a relative path. |
||
215 | $this->implicit = false; |
||
0 ignored issues
–
show
The property
$implicit was declared of type string , but false is of type false . Maybe add a type cast?
This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42;
$correct = false;
$correct = (bool) $answer;
Loading history...
|
|||
216 | |||
217 | return $this; |
||
218 | } |
||
219 | |||
220 | /** |
||
221 | * Return the host portion of the host path, including the user. |
||
222 | * |
||
223 | * @return string |
||
224 | */ |
||
225 | public function getHost() |
||
226 | { |
||
227 | return $this->alias_record->remoteHostWithUser(); |
||
228 | } |
||
229 | |||
230 | /** |
||
231 | * Return the fully resolved path, e.g. user@server:/path/to/drupalroot/sites/default/files |
||
232 | * |
||
233 | * @return string |
||
234 | */ |
||
235 | public function fullyQualifiedPath() |
||
236 | { |
||
237 | $host = $this->getHost(); |
||
238 | if (!empty($host)) { |
||
239 | return $host . ':' . $this->getPath(); |
||
240 | } |
||
241 | return $this->getPath(); |
||
242 | } |
||
243 | |||
244 | /** |
||
245 | * Our fully qualified path passes the result through Path::makeAbsolute() |
||
246 | * which canonicallizes the path, removing any trailing slashes. |
||
247 | * That is what we want most of the time; however, the trailing slash is |
||
248 | * sometimes significant, e.g. for rsync, so we provide a separate API |
||
249 | * for those cases where the trailing slash should be preserved. |
||
250 | * |
||
251 | * @return string |
||
252 | */ |
||
253 | public function fullyQualifiedPathPreservingTrailingSlash() |
||
254 | { |
||
255 | $fqp = $this->fullyQualifiedPath(); |
||
256 | if ((substr($this->path, strlen($this->path) - 1) == '/') && (substr($fqp, strlen($fqp) - 1) != '/')) { |
||
257 | $fqp .= '/'; |
||
258 | } |
||
259 | return $fqp; |
||
260 | } |
||
261 | |||
262 | /** |
||
263 | * Helper method for HostPath::create(). When the host path contains no |
||
264 | * ':', this method determines whether the string that was provided is |
||
265 | * a host or a path. |
||
266 | * |
||
267 | * @param SiteAliasManager $manager |
||
268 | * @param SiteAlias|bool $alias_record |
||
269 | * @param string $hostPath |
||
270 | * @param string $single_part |
||
271 | */ |
||
272 | protected static function determinePathOrAlias(SiteAliasManager $manager, $alias_record, $hostPath, $single_part) |
||
273 | { |
||
274 | // If $alias_record is false, then $single_part must be a path. |
||
275 | if ($alias_record === false) { |
||
276 | return new HostPath($manager->getSelf(), $hostPath, $single_part, true); |
||
277 | } |
||
278 | |||
279 | // Otherwise, we have a alias record without a path. |
||
280 | // In this instance, the alias record _must_ have a root. |
||
281 | if (!$alias_record->hasRoot()) { |
||
282 | throw new \Exception("$hostPath does not define a path."); |
||
283 | } |
||
284 | return new HostPath($alias_record, $hostPath); |
||
285 | } |
||
286 | } |
||
287 |
This check looks for assignments to scalar types that may be of the wrong type.
To ensure the code behaves as expected, it may be a good idea to add an explicit type cast.