DefaultRoute::__construct() - Code Metrics - Inspection of "DefaultRoute instead BaseRoute" - dspbee/pivasic - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 6088a1...4aa30c )

by Igor

created 2016-04-30 12:13 UTC

DefaultRoute::__construct() B

↳ Parent: DefaultRoute

Complexity

Conditions	3
Paths	3

Size

Total Lines	26
Code Lines	13

Duplication

Lines	0
Ratio	0 %

Metric	Value
dl	0
loc	26
rs	8.8571
cc	3
eloc	13
nc	3
nop	2

<?php
/**
 * @license MIT
 * @author Igor Sorokin <[email protected]>
 */
namespace Dspbee\Core;

/**
 * Base routing.
 *
 * Class DefaultRoute
 * @package Dspbee\Core
 */
class DefaultRoute
{
    /**
     * DefaultRoute constructor.
     *
     * @param string $packageRoot
     * @param Request $request
     */
    public function __construct($packageRoot, Request $request)
    {
        $this->response = null;

        $packageRoot = rtrim($packageRoot, '/');
        $path = $packageRoot . '/Route/' . $request->route() . '/' . $request->method() . '.php';
        if (file_exists($path)) {
            require $path;
            $controllerClass = $request->package() . '\\Route_' . str_replace('/', '_', $request->route()) . '\\' . $request->method();

            /**
             * @var BaseController $controller
             */
            $controller = new $controllerClass($packageRoot, $request);
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}

            /**
             * Call handler.
             */
            $handler = $_POST['handler'] ?? $_GET['handler'] ?? 'index';
            $handler = str_replace('.', '', $handler);
            if (method_exists($controllerClass, $handler)) {
                $controller->$handler();
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
                $this->response = $controller->getResponse();
            }
        }
    }

    /**
     * Get object of Response.
     *
     * @return Response|null
     */
    public function getResponse()
    {
        return $this->response;
    }

    private $response;
}

Push — master ( 6088a1...4aa30c )

DefaultRoute::__construct() B

Complexity

Size

Duplication

General Strategies to prevent injection

General Strategies to prevent injection

1			<?php
2			/**
3			* @license MIT
4			* @author Igor Sorokin <[email protected]>
5			*/
6			namespace Dspbee\Core;
7
8			/**
9			* Base routing.
10			*
11			* Class DefaultRoute
12			* @package Dspbee\Core
13			*/
14			class DefaultRoute
15			{
16			/**
17			* DefaultRoute constructor.
18			*
19			* @param string $packageRoot
20			* @param Request $request
21			*/
22			public function __construct($packageRoot, Request $request)
23			{
24			$this->response = null;
25
26			$packageRoot = rtrim($packageRoot, '/');
27			$path = $packageRoot . '/Route/' . $request->route() . '/' . $request->method() . '.php';
28			if (file_exists($path)) {
29			require $path;
30			$controllerClass = $request->package() . '\\Route_' . str_replace('/', '_', $request->route()) . '\\' . $request->method();
31
32			/**
33			* @var BaseController $controller
34			*/
35			$controller = new $controllerClass($packageRoot, $request);
			0 ignored issues – show Security Code Execution introduced 2016-04-30 12:15 UTC by Report Bug Copy Issue Report `$controllerClass` can contain request data and is used in code execution context(s) leading to a potential security vulnerability. General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
36
37			/**
38			* Call handler.
39			*/
40			$handler = $_POST['handler'] ?? $_GET['handler'] ?? 'index';
41			$handler = str_replace('.', '', $handler);
42			if (method_exists($controllerClass, $handler)) {
43			$controller->$handler();
			0 ignored issues – show Security Code Execution introduced 2016-04-30 12:15 UTC by Report Bug Copy Issue Report `$handler` can contain request data and is used in code execution context(s) leading to a potential security vulnerability. General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
44			$this->response = $controller->getResponse();
45			}
46			}
47			}
48
49			/**
50			* Get object of Response.
51			*
52			* @return Response\|null
53			*/
54			public function getResponse()
55			{
56			return $this->response;
57			}
58
59			private $response;
60			}

dspbee / pivasic

Push — master ( 6088a1...4aa30c )

DefaultRoute::__construct() B

Complexity

Size

Duplication

General Strategies to prevent injection

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like