TwigTpl::addFilter() - Code Metrics - Inspection of "move multilang here, as well as template manager" - eduvpn/vpn-lib-common - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( ee497f...cca939 )

by François

created 2017-03-16 11:47 UTC

TwigTpl::addFilter() A

↳ Parent: TwigTpl

Complexity

Conditions	1
Paths	1

Size

Total Lines	4
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
dl	0
loc	4
rs	10
c	0
b	0
f	0
cc	1
eloc	2
nc	1
nop	1

<?php
/**
 *  Copyright (C) 2016 SURFnet.
 *
 *  This program is free software: you can redistribute it and/or modify
 *  it under the terms of the GNU Affero General Public License as
 *  published by the Free Software Foundation, either version 3 of the
 *  License, or (at your option) any later version.
 *
 *  This program is distributed in the hope that it will be useful,
 *  but WITHOUT ANY WARRANTY; without even the implied warranty of
 *  MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 *  GNU Affero General Public License for more details.
 *
 *  You should have received a copy of the GNU Affero General Public License
 *  along with this program.  If not, see <http://www.gnu.org/licenses/>.
 */

namespace SURFnet\VPN\Common;

use RuntimeException;
use Twig_Environment;
use Twig_Extensions_Extension_I18n;
use Twig_Loader_Filesystem;
use Twig_SimpleFilter;

class TwigTpl implements TplInterface
{
    /** @var string */
    private $localeDir;

    /** @var Twig_Environment */
    private $twig;

    /** @var array */
    private $defaultVariables;

    /**
     * Create TwigTemplateManager.
     *
     * @param array  $templateDirs template directories to look in where later
     *                             paths override the earlier paths
     * @param string $cacheDir     the writable directory to store the cache

     */
    public function __construct(array $templateDirs, $localeDir, $cacheDir = null)
    {
        $existingTemplateDirs = [];
        foreach ($templateDirs as $templateDir) {
            if (false !== is_dir($templateDir)) {
                $existingTemplateDirs[] = $templateDir;
            }
        }
        $existingTemplateDirs = array_reverse($existingTemplateDirs);

        $environmentOptions = [
            'strict_variables' => true,
        ];

        if (null !== $cacheDir) {
            if (false === is_dir($cacheDir)) {
                if (false === @mkdir($cacheDir, 0700, true)) {
                    throw new RuntimeException('unable to create template cache directory');
                }
            }
            $environmentOptions['cache'] = $cacheDir;
        }
        $this->localeDir = $localeDir;
        $this->twig = new Twig_Environment(
            new Twig_Loader_Filesystem(
                $existingTemplateDirs
            ),
            $environmentOptions
        );

        $this->defaultVariables = [];
    }

    public function setDefault(array $templateVariables)
    {
        $this->defaultVariables = $templateVariables;
    }

    public function addDefault(array $templateVariables)
    {
        $this->defaultVariables = array_merge(
            $this->defaultVariables, $templateVariables
        );
    }

    public function setI18n($appName, $languageStr, $localeDir)
    {
        putenv(sprintf('LC_ALL=%s', $languageStr));
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}

        if (false === setlocale(LC_ALL, [$languageStr, sprintf('%s.UTF-8', $languageStr)])) {
            throw new RuntimeException(sprintf('unable to set locale "%s"', $languageStr));
        }

        if ($localeDir !== bindtextdomain($appName, $localeDir)) {
            throw new RuntimeException('unable to bind text domain');
        }

        if (!is_string(bind_textdomain_codeset($appName, 'UTF-8'))) {
            throw new RuntimeException('unable to bind text domain codeset');
        }

        if ($appName !== textdomain($appName)) {
            throw new RuntimeException('unable to set text domain');
        }

        $this->twig->addExtension(new Twig_Extensions_Extension_I18n());
    }

    public function addFilter(Twig_SimpleFilter $filter)
    {
        $this->twig->addFilter($filter);
    }

    /**
     * Render the template.
     *
     * @param string $templateName      the name of the template
     * @param array  $templateVariables the variables to be used in the
     *                                  template
     *
     * @return string the rendered template
     */
    public function render($templateName, array $templateVariables)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        // get the language
        $uiLanguage = 'en_US';
        if (array_key_exists('uiLanguage', $_COOKIE)) {
            if (array_key_exists('supportedLanguages', $this->defaultVariables)) {
                if (array_key_exists($_COOKIE['uiLanguage'], $this->defaultVariables['supportedLanguages'])) {
                    $uiLanguage = $_COOKIE['uiLanguage'];
                }
            }
        }

        $this->setI18n('VpnUserPortal', $uiLanguage, $this->localeDir);
        $templateVariables = array_merge($this->defaultVariables, $templateVariables);

        return $this->twig->render(
            sprintf(
                '%s.twig',
                $templateName
            ),
            $templateVariables
        );
    }
}


1			<?php
2			/**
3			* Copyright (C) 2016 SURFnet.
4			*
5			* This program is free software: you can redistribute it and/or modify
6			* it under the terms of the GNU Affero General Public License as
7			* published by the Free Software Foundation, either version 3 of the
8			* License, or (at your option) any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU Affero General Public License for more details.
14			*
15			* You should have received a copy of the GNU Affero General Public License
16			* along with this program. If not, see <http://www.gnu.org/licenses/>.
17			*/
18
19			namespace SURFnet\VPN\Common;
20
21			use RuntimeException;
22			use Twig_Environment;
23			use Twig_Extensions_Extension_I18n;
24			use Twig_Loader_Filesystem;
25			use Twig_SimpleFilter;
26
27			class TwigTpl implements TplInterface
28			{
29			/** @var string */
30			private $localeDir;
31
32			/** @var Twig_Environment */
33			private $twig;
34
35			/** @var array */
36			private $defaultVariables;
37
38			/**
39			* Create TwigTemplateManager.
40			*
41			* @param array $templateDirs template directories to look in where later
42			* paths override the earlier paths
43			* @param string $cacheDir the writable directory to store the cache
			0 ignored issues – show Documentation introduced 2017-03-16 11:50 UTC by Report Bug Copy Issue Report Should the type for parameter `$cacheDir` not be `string\|null`? This check looks for `@param` annotations where the type inferred by our type inference engine differs from the declared type. It makes a suggestion as to what type it considers more descriptive. Most often this is a case of a parameter that can be null in addition to its declared types. Loading history...
44			*/
45			public function __construct(array $templateDirs, $localeDir, $cacheDir = null)
46			{
47			$existingTemplateDirs = [];
48			foreach ($templateDirs as $templateDir) {
49			if (false !== is_dir($templateDir)) {
50			$existingTemplateDirs[] = $templateDir;
51			}
52			}
53			$existingTemplateDirs = array_reverse($existingTemplateDirs);
54
55			$environmentOptions = [
56			'strict_variables' => true,
57			];
58
59			if (null !== $cacheDir) {
60			if (false === is_dir($cacheDir)) {
61			if (false === @mkdir($cacheDir, 0700, true)) {
62			throw new RuntimeException('unable to create template cache directory');
63			}
64			}
65			$environmentOptions['cache'] = $cacheDir;
66			}
67			$this->localeDir = $localeDir;
68			$this->twig = new Twig_Environment(
69			new Twig_Loader_Filesystem(
70			$existingTemplateDirs
71			),
72			$environmentOptions
73			);
74
75			$this->defaultVariables = [];
76			}
77
78			public function setDefault(array $templateVariables)
79			{
80			$this->defaultVariables = $templateVariables;
81			}
82
83			public function addDefault(array $templateVariables)
84			{
85			$this->defaultVariables = array_merge(
86			$this->defaultVariables, $templateVariables
87			);
88			}
89
90			public function setI18n($appName, $languageStr, $localeDir)
91			{
92			putenv(sprintf('LC_ALL=%s', $languageStr));
			0 ignored issues – show Security Other Vulnerability introduced 2017-03-16 11:50 UTC by Report Bug Copy Issue Report `sprintf('LC_ALL=%s', $languageStr)` can contain request data and is used in security-relevant context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Read from `$_COOKIE,` and `$uiLanguage` is assigned in src/TwigTpl.php on line 134 `$uiLanguage` is passed to TwigTpl::setI18n() in src/TwigTpl.php on line 139 `$languageStr` is passed through sprintf() in src/TwigTpl.php on line 92 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
93
94			if (false === setlocale(LC_ALL, [$languageStr, sprintf('%s.UTF-8', $languageStr)])) {
95			throw new RuntimeException(sprintf('unable to set locale "%s"', $languageStr));
96			}
97
98			if ($localeDir !== bindtextdomain($appName, $localeDir)) {
99			throw new RuntimeException('unable to bind text domain');
100			}
101
102			if (!is_string(bind_textdomain_codeset($appName, 'UTF-8'))) {
103			throw new RuntimeException('unable to bind text domain codeset');
104			}
105
106			if ($appName !== textdomain($appName)) {
107			throw new RuntimeException('unable to set text domain');
108			}
109
110			$this->twig->addExtension(new Twig_Extensions_Extension_I18n());
111			}
112
113			public function addFilter(Twig_SimpleFilter $filter)
114			{
115			$this->twig->addFilter($filter);
116			}
117
118			/**
119			* Render the template.
120			*
121			* @param string $templateName the name of the template
122			* @param array $templateVariables the variables to be used in the
123			* template
124			*
125			* @return string the rendered template
126			*/
127			public function render($templateName, array $templateVariables)
			0 ignored issues – show Coding Style introduced 2017-03-16 11:50 UTC by Report Bug Copy Issue Report `render` uses the super-global variable `$_COOKIE` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
128			{
129			// get the language
130			$uiLanguage = 'en_US';
131			if (array_key_exists('uiLanguage', $_COOKIE)) {
132			if (array_key_exists('supportedLanguages', $this->defaultVariables)) {
133			if (array_key_exists($_COOKIE['uiLanguage'], $this->defaultVariables['supportedLanguages'])) {
134			$uiLanguage = $_COOKIE['uiLanguage'];
135			}
136			}
137			}
138
139			$this->setI18n('VpnUserPortal', $uiLanguage, $this->localeDir);
140			$templateVariables = array_merge($this->defaultVariables, $templateVariables);
141
142			return $this->twig->render(
143			sprintf(
144			'%s.twig',
145			$templateName
146			),
147			$templateVariables
148			);
149			}
150			}
151

eduvpn / vpn-lib-common

GitHub Access Token became invalid

Push — master ( ee497f...cca939 )

TwigTpl::addFilter() A

Complexity

Size

Duplication

Importance

1 path for user data to reach this point

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like