enwikipedia-acc / waca

includes/Background/Task/UserCreationTask.php

Indentation +9 added lines, -9 removed lines

@@ -14,14 +14,14 @@
 
 class UserCreationTask extends CreationTaskBase
 {
-    /**
-     * @return IMediaWikiClient
-     */
-    protected function getMediaWikiClient()
-    {
-        $oauth = new OAuthUserHelper($this->getTriggerUser(), $this->getDatabase(), $this->getOauthProtocolHelper(),
-            $this->getSiteConfiguration());
+	/**
+	 * @return IMediaWikiClient
+	 */
+	protected function getMediaWikiClient()
+	{
+		$oauth = new OAuthUserHelper($this->getTriggerUser(), $this->getDatabase(), $this->getOauthProtocolHelper(),
+			$this->getSiteConfiguration());
 
-        return $oauth;
-    }
+		return $oauth;
+	}
 }
\ No newline at end of file

includes/Background/Task/WelcomeUserTask.php

Indentation +69 added lines, -69 removed lines

@@ -20,73 +20,73 @@
 
 class WelcomeUserTask extends BackgroundTaskBase
 {
-    public static function enqueue(User $triggerUser, Request $request, PdoDatabase $database)
-    {
-        $job = new JobQueue();
-        $job->setDatabase($database);
-        $job->setTask(WelcomeUserTask::class);
-        $job->setRequest($request->getId());
-        $job->setTriggerUserId($triggerUser->getId());
-        $job->save();
-    }
-
-    public function execute()
-    {
-        $database = $this->getDatabase();
-        $request = $this->getRequest();
-        $user = $this->getTriggerUser();
-
-        if ($user->getWelcomeTemplate() === null) {
-            $this->markFailed('Welcome template not specified');
-
-            return;
-        }
-
-        /** @var WelcomeTemplate $template */
-        $template = WelcomeTemplate::getById($user->getWelcomeTemplate(), $database);
-
-        if ($template === false) {
-            $this->markFailed('Welcome template missing');
-
-            return;
-        }
-
-        $oauth = new OAuthUserHelper($user, $database, $this->getOauthProtocolHelper(),
-            $this->getSiteConfiguration());
-        $mediaWikiHelper = new MediaWikiHelper($oauth, $this->getSiteConfiguration());
-
-        if ($request->getStatus() !== RequestStatus::CLOSED) {
-            $this->markFailed('Request is currently open');
-
-            return;
-        }
-
-        if (!$mediaWikiHelper->checkAccountExists($request->getName())){
-            $this->markFailed('Account does not exist!');
-
-            return;
-        }
-
-        $this->performWelcome($template, $request, $mediaWikiHelper);
-        $this->markComplete();
-    }
-
-    /**
-     * Performs the welcome
-     *
-     * @param WelcomeTemplate $template
-     * @param Request         $request
-     * @param MediaWikiHelper $mediaWikiHelper
-     */
-    private function performWelcome(
-        WelcomeTemplate $template,
-        Request $request,
-        MediaWikiHelper $mediaWikiHelper
-    ) {
-        $templateText = $template->getBotCode();
-        $templateText = str_replace('$signature', '~~~~', $templateText);
-        $templateText = str_replace('$username', $request->getName(), $templateText);
-
-        $mediaWikiHelper->addTalkPageMessage($request->getName(), 'Welcome!', 'Welcoming user created through [[WP:ACC]]', $templateText);
-    }
+	public static function enqueue(User $triggerUser, Request $request, PdoDatabase $database)
+	{
+		$job = new JobQueue();
+		$job->setDatabase($database);
+		$job->setTask(WelcomeUserTask::class);
+		$job->setRequest($request->getId());
+		$job->setTriggerUserId($triggerUser->getId());
+		$job->save();
+	}
+
+	public function execute()
+	{
+		$database = $this->getDatabase();
+		$request = $this->getRequest();
+		$user = $this->getTriggerUser();
+
+		if ($user->getWelcomeTemplate() === null) {
+			$this->markFailed('Welcome template not specified');
+
+			return;
+		}
+
+		/** @var WelcomeTemplate $template */
+		$template = WelcomeTemplate::getById($user->getWelcomeTemplate(), $database);
+
+		if ($template === false) {
+			$this->markFailed('Welcome template missing');
+
+			return;
+		}
+
+		$oauth = new OAuthUserHelper($user, $database, $this->getOauthProtocolHelper(),
+			$this->getSiteConfiguration());
+		$mediaWikiHelper = new MediaWikiHelper($oauth, $this->getSiteConfiguration());
+
+		if ($request->getStatus() !== RequestStatus::CLOSED) {
+			$this->markFailed('Request is currently open');
+
+			return;
+		}
+
+		if (!$mediaWikiHelper->checkAccountExists($request->getName())){
+			$this->markFailed('Account does not exist!');
+
+			return;
+		}
+
+		$this->performWelcome($template, $request, $mediaWikiHelper);
+		$this->markComplete();
+	}
+
+	/**
+	 * Performs the welcome
+	 *
+	 * @param WelcomeTemplate $template
+	 * @param Request         $request
+	 * @param MediaWikiHelper $mediaWikiHelper
+	 */
+	private function performWelcome(
+		WelcomeTemplate $template,
+		Request $request,
+		MediaWikiHelper $mediaWikiHelper
+	) {
+		$templateText = $template->getBotCode();
+		$templateText = str_replace('$signature', '~~~~', $templateText);
+		$templateText = str_replace('$username', $request->getName(), $templateText);
+
+		$mediaWikiHelper->addTalkPageMessage($request->getName(), 'Welcome!', 'Welcoming user created through [[WP:ACC]]', $templateText);
+	}
 }
\ No newline at end of file

Spacing +1 added lines, -1 removed lines

@@ -61,7 +61,7 @@
             return;
         }
 
-        if (!$mediaWikiHelper->checkAccountExists($request->getName())){
+        if (!$mediaWikiHelper->checkAccountExists($request->getName())) {
             $this->markFailed('Account does not exist!');
 
             return;

Braces +1 added lines, -1 removed lines

@@ -61,7 +61,7 @@
             return;
         }
 
-        if (!$mediaWikiHelper->checkAccountExists($request->getName())){
+        if (!$mediaWikiHelper->checkAccountExists($request->getName())) {
             $this->markFailed('Account does not exist!');
 
             return;

includes/WebStart.php

Indentation +220 added lines, -220 removed lines

@@ -30,224 +30,224 @@
  */
 class WebStart extends ApplicationBase
 {
-    /**
-     * @var IRequestRouter $requestRouter The request router to use. Note that different entry points have different
-     *                                    routers and hence different URL mappings
-     */
-    private $requestRouter;
-    /**
-     * @var bool $isPublic Determines whether to use public interface objects or internal interface objects
-     */
-    private $isPublic = false;
-
-    /**
-     * WebStart constructor.
-     *
-     * @param SiteConfiguration $configuration The site configuration
-     * @param IRequestRouter    $router        The request router to use
-     */
-    public function __construct(SiteConfiguration $configuration, IRequestRouter $router)
-    {
-        parent::__construct($configuration);
-
-        $this->requestRouter = $router;
-    }
-
-    /**
-     * @param ITask             $page
-     * @param SiteConfiguration $siteConfiguration
-     * @param PdoDatabase       $database
-     * @param PdoDatabase       $notificationsDatabase
-     *
-     * @return void
-     */
-    protected function setupHelpers(
-        ITask $page,
-        SiteConfiguration $siteConfiguration,
-        PdoDatabase $database,
-        PdoDatabase $notificationsDatabase = null
-    ) {
-        parent::setupHelpers($page, $siteConfiguration, $database, $notificationsDatabase);
-
-        if ($page instanceof PageBase) {
-            $page->setTokenManager(new TokenManager());
-
-            if ($page instanceof InternalPageBase) {
-                $page->setTypeAheadHelper(new TypeAheadHelper());
-
-                $identificationVerifier = new IdentificationVerifier($page->getHttpHelper(), $siteConfiguration,
-                    $database);
-                $page->setIdentificationVerifier($identificationVerifier);
-
-                $page->setSecurityManager(new SecurityManager($identificationVerifier, new RoleConfiguration()));
-
-                if ($siteConfiguration->getTitleBlacklistEnabled()) {
-                    $page->setBlacklistHelper(new FakeBlacklistHelper());
-                }
-                else {
-                    $page->setBlacklistHelper(new BlacklistHelper($page->getHttpHelper(),
-                        $siteConfiguration->getMediawikiWebServiceEndpoint()));
-                }
-            }
-        }
-    }
-
-    /**
-     * Application entry point.
-     *
-     * Sets up the environment and runs the application, performing any global cleanup operations when done.
-     */
-    public function run()
-    {
-        try {
-            if ($this->setupEnvironment()) {
-                $this->main();
-            }
-        }
-        catch (EnvironmentException $ex) {
-            ob_end_clean();
-            print Offline::getOfflineMessage($this->isPublic(), $ex->getMessage());
-        }
-        catch (ReadableException $ex) {
-            ob_end_clean();
-            print $ex->getReadableError();
-        }
-        finally {
-            $this->cleanupEnvironment();
-        }
-    }
-
-    /**
-     * Environment setup
-     *
-     * This method initialises the tool environment. If the tool cannot be initialised correctly, it will return false
-     * and shut down prematurely.
-     *
-     * @return bool
-     * @throws EnvironmentException
-     */
-    protected function setupEnvironment()
-    {
-        // initialise global exception handler
-        set_exception_handler(array(ExceptionHandler::class, 'exceptionHandler'));
-        set_error_handler(array(ExceptionHandler::class, 'errorHandler'), E_RECOVERABLE_ERROR);
-
-        // start output buffering if necessary
-        if (ob_get_level() === 0) {
-            ob_start();
-        }
-
-        // initialise super-global providers
-        WebRequest::setGlobalStateProvider(new GlobalStateProvider());
-
-        if (Offline::isOffline()) {
-            print Offline::getOfflineMessage($this->isPublic());
-            ob_end_flush();
-
-            return false;
-        }
-
-        // Call parent setup
-        if (!parent::setupEnvironment()) {
-            return false;
-        }
-
-        // Start up sessions
-        Session::start();
-
-        // Check the user is allowed to be logged in still. This must be before we call any user-loading functions and
-        // get the current user cached.
-        // I'm not sure if this function call being here is particularly a good thing, but it's part of starting up a
-        // session I suppose.
-        $this->checkForceLogout();
-
-        // environment initialised!
-        return true;
-    }
-
-    /**
-     * Main application logic
-     */
-    protected function main()
-    {
-        // Get the right route for the request
-        $page = $this->requestRouter->route();
-
-        $siteConfiguration = $this->getConfiguration();
-        $database = PdoDatabase::getDatabaseConnection('acc');
-
-        if ($siteConfiguration->getIrcNotificationsEnabled()) {
-            $notificationsDatabase = PdoDatabase::getDatabaseConnection('notifications');
-        }
-        else {
-            // @todo federated table here?
-            $notificationsDatabase = $database;
-        }
-
-        $this->setupHelpers($page, $siteConfiguration, $database, $notificationsDatabase);
-
-        /* @todo Remove this global statement! It's here for User.php, which does far more than it should. */
-        global $oauthProtocolHelper;
-        $oauthProtocolHelper = $page->getOAuthProtocolHelper();
-
-        /* @todo Remove this global statement! It's here for Request.php, which does far more than it should. */
-        global $globalXffTrustProvider;
-        $globalXffTrustProvider = $page->getXffTrustProvider();
-
-        // run the route code for the request.
-        $page->execute();
-    }
-
-    /**
-     * Any cleanup tasks should go here
-     *
-     * Note that we need to be very careful here, as exceptions may have been thrown and handled.
-     * This should *only* be for cleaning up, no logic should go here.
-     */
-    protected function cleanupEnvironment()
-    {
-        // Clean up anything we splurged after sending the page.
-        if (ob_get_level() > 0) {
-            for ($i = ob_get_level(); $i > 0; $i--) {
-                ob_end_clean();
-            }
-        }
-    }
-
-    private function checkForceLogout()
-    {
-        $database = PdoDatabase::getDatabaseConnection('acc');
-
-        $sessionUserId = WebRequest::getSessionUserId();
-        iF ($sessionUserId === null) {
-            return;
-        }
-
-        // Note, User::getCurrent() caches it's result, which we *really* don't want to trigger.
-        $currentUser = User::getById($sessionUserId, $database);
-
-        if ($currentUser === false) {
-            // Umm... this user has a session cookie with a userId set, but no user exists...
-            Session::restart();
-
-            $currentUser = User::getCurrent($database);
-        }
-
-        if ($currentUser->getForceLogout()) {
-            Session::restart();
-
-            $currentUser->setForceLogout(false);
-            $currentUser->save();
-        }
-    }
-
-    public function isPublic()
-    {
-        return $this->isPublic;
-    }
-
-    public function setPublic($isPublic)
-    {
-        $this->isPublic = $isPublic;
-    }
+	/**
+	 * @var IRequestRouter $requestRouter The request router to use. Note that different entry points have different
+	 *                                    routers and hence different URL mappings
+	 */
+	private $requestRouter;
+	/**
+	 * @var bool $isPublic Determines whether to use public interface objects or internal interface objects
+	 */
+	private $isPublic = false;
+
+	/**
+	 * WebStart constructor.
+	 *
+	 * @param SiteConfiguration $configuration The site configuration
+	 * @param IRequestRouter    $router        The request router to use
+	 */
+	public function __construct(SiteConfiguration $configuration, IRequestRouter $router)
+	{
+		parent::__construct($configuration);
+
+		$this->requestRouter = $router;
+	}
+
+	/**
+	 * @param ITask             $page
+	 * @param SiteConfiguration $siteConfiguration
+	 * @param PdoDatabase       $database
+	 * @param PdoDatabase       $notificationsDatabase
+	 *
+	 * @return void
+	 */
+	protected function setupHelpers(
+		ITask $page,
+		SiteConfiguration $siteConfiguration,
+		PdoDatabase $database,
+		PdoDatabase $notificationsDatabase = null
+	) {
+		parent::setupHelpers($page, $siteConfiguration, $database, $notificationsDatabase);
+
+		if ($page instanceof PageBase) {
+			$page->setTokenManager(new TokenManager());
+
+			if ($page instanceof InternalPageBase) {
+				$page->setTypeAheadHelper(new TypeAheadHelper());
+
+				$identificationVerifier = new IdentificationVerifier($page->getHttpHelper(), $siteConfiguration,
+					$database);
+				$page->setIdentificationVerifier($identificationVerifier);
+
+				$page->setSecurityManager(new SecurityManager($identificationVerifier, new RoleConfiguration()));
+
+				if ($siteConfiguration->getTitleBlacklistEnabled()) {
+					$page->setBlacklistHelper(new FakeBlacklistHelper());
+				}
+				else {
+					$page->setBlacklistHelper(new BlacklistHelper($page->getHttpHelper(),
+						$siteConfiguration->getMediawikiWebServiceEndpoint()));
+				}
+			}
+		}
+	}
+
+	/**
+	 * Application entry point.
+	 *
+	 * Sets up the environment and runs the application, performing any global cleanup operations when done.
+	 */
+	public function run()
+	{
+		try {
+			if ($this->setupEnvironment()) {
+				$this->main();
+			}
+		}
+		catch (EnvironmentException $ex) {
+			ob_end_clean();
+			print Offline::getOfflineMessage($this->isPublic(), $ex->getMessage());
+		}
+		catch (ReadableException $ex) {
+			ob_end_clean();
+			print $ex->getReadableError();
+		}
+		finally {
+			$this->cleanupEnvironment();
+		}
+	}
+
+	/**
+	 * Environment setup
+	 *
+	 * This method initialises the tool environment. If the tool cannot be initialised correctly, it will return false
+	 * and shut down prematurely.
+	 *
+	 * @return bool
+	 * @throws EnvironmentException
+	 */
+	protected function setupEnvironment()
+	{
+		// initialise global exception handler
+		set_exception_handler(array(ExceptionHandler::class, 'exceptionHandler'));
+		set_error_handler(array(ExceptionHandler::class, 'errorHandler'), E_RECOVERABLE_ERROR);
+
+		// start output buffering if necessary
+		if (ob_get_level() === 0) {
+			ob_start();
+		}
+
+		// initialise super-global providers
+		WebRequest::setGlobalStateProvider(new GlobalStateProvider());
+
+		if (Offline::isOffline()) {
+			print Offline::getOfflineMessage($this->isPublic());
+			ob_end_flush();
+
+			return false;
+		}
+
+		// Call parent setup
+		if (!parent::setupEnvironment()) {
+			return false;
+		}
+
+		// Start up sessions
+		Session::start();
+
+		// Check the user is allowed to be logged in still. This must be before we call any user-loading functions and
+		// get the current user cached.
+		// I'm not sure if this function call being here is particularly a good thing, but it's part of starting up a
+		// session I suppose.
+		$this->checkForceLogout();
+
+		// environment initialised!
+		return true;
+	}
+
+	/**
+	 * Main application logic
+	 */
+	protected function main()
+	{
+		// Get the right route for the request
+		$page = $this->requestRouter->route();
+
+		$siteConfiguration = $this->getConfiguration();
+		$database = PdoDatabase::getDatabaseConnection('acc');
+
+		if ($siteConfiguration->getIrcNotificationsEnabled()) {
+			$notificationsDatabase = PdoDatabase::getDatabaseConnection('notifications');
+		}
+		else {
+			// @todo federated table here?
+			$notificationsDatabase = $database;
+		}
+
+		$this->setupHelpers($page, $siteConfiguration, $database, $notificationsDatabase);
+
+		/* @todo Remove this global statement! It's here for User.php, which does far more than it should. */
+		global $oauthProtocolHelper;
+		$oauthProtocolHelper = $page->getOAuthProtocolHelper();
+
+		/* @todo Remove this global statement! It's here for Request.php, which does far more than it should. */
+		global $globalXffTrustProvider;
+		$globalXffTrustProvider = $page->getXffTrustProvider();
+
+		// run the route code for the request.
+		$page->execute();
+	}
+
+	/**
+	 * Any cleanup tasks should go here
+	 *
+	 * Note that we need to be very careful here, as exceptions may have been thrown and handled.
+	 * This should *only* be for cleaning up, no logic should go here.
+	 */
+	protected function cleanupEnvironment()
+	{
+		// Clean up anything we splurged after sending the page.
+		if (ob_get_level() > 0) {
+			for ($i = ob_get_level(); $i > 0; $i--) {
+				ob_end_clean();
+			}
+		}
+	}
+
+	private function checkForceLogout()
+	{
+		$database = PdoDatabase::getDatabaseConnection('acc');
+
+		$sessionUserId = WebRequest::getSessionUserId();
+		iF ($sessionUserId === null) {
+			return;
+		}
+
+		// Note, User::getCurrent() caches it's result, which we *really* don't want to trigger.
+		$currentUser = User::getById($sessionUserId, $database);
+
+		if ($currentUser === false) {
+			// Umm... this user has a session cookie with a userId set, but no user exists...
+			Session::restart();
+
+			$currentUser = User::getCurrent($database);
+		}
+
+		if ($currentUser->getForceLogout()) {
+			Session::restart();
+
+			$currentUser->setForceLogout(false);
+			$currentUser->save();
+		}
+	}
+
+	public function isPublic()
+	{
+		return $this->isPublic;
+	}
+
+	public function setPublic($isPublic)
+	{
+		$this->isPublic = $isPublic;
+	}
 }

includes/ExceptionHandler.php

Indentation +89 added lines, -89 removed lines

@@ -13,22 +13,22 @@ 
 
 class ExceptionHandler
 {
-    /**
-     * Global exception handler
-     *
-     * Smarty would be nice to use, but it COULD BE smarty that throws the errors.
-     * Let's build something ourselves, and hope it works.
-     *
-     * @param $exception
-     *
-     * @category Security-Critical - has the potential to leak data when exception is thrown.
-     */
-    public static function exceptionHandler(Exception $exception)
-    {
-        /** @global $siteConfiguration SiteConfiguration */
-        global $siteConfiguration;
-
-        $errorDocument = <<<HTML
+	/**
+	 * Global exception handler
+	 *
+	 * Smarty would be nice to use, but it COULD BE smarty that throws the errors.
+	 * Let's build something ourselves, and hope it works.
+	 *
+	 * @param $exception
+	 *
+	 * @category Security-Critical - has the potential to leak data when exception is thrown.
+	 */
+	public static function exceptionHandler(Exception $exception)
+	{
+		/** @global $siteConfiguration SiteConfiguration */
+		global $siteConfiguration;
+
+		$errorDocument = <<<HTML
 <!DOCTYPE html>
 <html lang="en"><head>
 <meta charset="utf-8">
@@ -49,77 +49,77 @@ 
 </div></body></html>
 HTML;
 
-        $errorData = self::getExceptionData($exception);
-        $errorData['server'] = $_SERVER;
-        $errorData['get'] = $_GET;
-        $errorData['post'] = $_POST;
-
-        $state = serialize($errorData);
-        $errorId = sha1($state);
-
-        // Save the error for later analysis
-        file_put_contents($siteConfiguration->getErrorLog() . '/' . $errorId . '.log', $state);
-
-        // clear and discard any content that's been saved to the output buffer
-        if (ob_get_level() > 0) {
-            ob_end_clean();
-        }
-
-        // push error ID into the document.
-        $message = str_replace('$1$', $errorId, $errorDocument);
-
-        if ($siteConfiguration->getDebuggingTraceEnabled()) {
-            ob_start();
-            var_dump($errorData);
-            $textErrorData = ob_get_contents();
-            ob_end_clean();
-
-            $message = str_replace('$2$', $textErrorData, $message);
-        }
-        else {
-            $message = str_replace('$2$', "", $message);
-        }
-
-        // While we *shouldn't* have sent headers by now due to the output buffering, PHPUnit does weird things.
-        // This is "only" needed for the tests, but it's a good idea to wrap this anyway.
-        if (!headers_sent()) {
-            header('HTTP/1.1 500 Internal Server Error');
-        }
-
-        // output the document
-        print $message;
-    }
-
-    /**
-     * @param int    $errorSeverity The severity level of the exception.
-     * @param string $errorMessage  The Exception message to throw.
-     * @param string $errorFile     The filename where the exception is thrown.
-     * @param int    $errorLine     The line number where the exception is thrown.
-     *
-     * @throws ErrorException
-     */
-    public static function errorHandler($errorSeverity, $errorMessage, $errorFile, $errorLine)
-    {
-        // call into the main exception handler above
-        throw new ErrorException($errorMessage, 0, $errorSeverity, $errorFile, $errorLine);
-    }
-
-    /**
-     * @param Exception $exception
-     *
-     * @return null|array
-     */
-    public static function getExceptionData($exception)
-    {
-        if ($exception == null) {
-            return null;
-        }
-
-        return array(
-            'exception' => get_class($exception),
-            'message'   => $exception->getMessage(),
-            'stack'     => $exception->getTraceAsString(),
-            'previous'  => self::getExceptionData($exception->getPrevious()),
-        );
-    }
+		$errorData = self::getExceptionData($exception);
+		$errorData['server'] = $_SERVER;
+		$errorData['get'] = $_GET;
+		$errorData['post'] = $_POST;
+
+		$state = serialize($errorData);
+		$errorId = sha1($state);
+
+		// Save the error for later analysis
+		file_put_contents($siteConfiguration->getErrorLog() . '/' . $errorId . '.log', $state);
+
+		// clear and discard any content that's been saved to the output buffer
+		if (ob_get_level() > 0) {
+			ob_end_clean();
+		}
+
+		// push error ID into the document.
+		$message = str_replace('$1$', $errorId, $errorDocument);
+
+		if ($siteConfiguration->getDebuggingTraceEnabled()) {
+			ob_start();
+			var_dump($errorData);
+			$textErrorData = ob_get_contents();
+			ob_end_clean();
+
+			$message = str_replace('$2$', $textErrorData, $message);
+		}
+		else {
+			$message = str_replace('$2$', "", $message);
+		}
+
+		// While we *shouldn't* have sent headers by now due to the output buffering, PHPUnit does weird things.
+		// This is "only" needed for the tests, but it's a good idea to wrap this anyway.
+		if (!headers_sent()) {
+			header('HTTP/1.1 500 Internal Server Error');
+		}
+
+		// output the document
+		print $message;
+	}
+
+	/**
+	 * @param int    $errorSeverity The severity level of the exception.
+	 * @param string $errorMessage  The Exception message to throw.
+	 * @param string $errorFile     The filename where the exception is thrown.
+	 * @param int    $errorLine     The line number where the exception is thrown.
+	 *
+	 * @throws ErrorException
+	 */
+	public static function errorHandler($errorSeverity, $errorMessage, $errorFile, $errorLine)
+	{
+		// call into the main exception handler above
+		throw new ErrorException($errorMessage, 0, $errorSeverity, $errorFile, $errorLine);
+	}
+
+	/**
+	 * @param Exception $exception
+	 *
+	 * @return null|array
+	 */
+	public static function getExceptionData($exception)
+	{
+		if ($exception == null) {
+			return null;
+		}
+
+		return array(
+			'exception' => get_class($exception),
+			'message'   => $exception->getMessage(),
+			'stack'     => $exception->getTraceAsString(),
+			'previous'  => self::getExceptionData($exception->getPrevious()),
+		);
+	}
 }
\ No newline at end of file

includes/Fragments/NavigationMenuAccessControl.php

Indentation +39 added lines, -39 removed lines

@@ -25,48 +25,48 @@
 
 trait NavigationMenuAccessControl
 {
-    protected abstract function assign($name, $value);
+	protected abstract function assign($name, $value);
 
-    /**
-     * @return SecurityManager
-     */
-    protected abstract function getSecurityManager();
+	/**
+	 * @return SecurityManager
+	 */
+	protected abstract function getSecurityManager();
 
-    /**
-     * @param $currentUser
-     */
-    protected function setupNavMenuAccess($currentUser)
-    {
-        $this->assign('nav__canRequests', $this->getSecurityManager()
-                ->allows(PageMain::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
+	/**
+	 * @param $currentUser
+	 */
+	protected function setupNavMenuAccess($currentUser)
+	{
+		$this->assign('nav__canRequests', $this->getSecurityManager()
+				->allows(PageMain::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
 
-        $this->assign('nav__canLogs', $this->getSecurityManager()
-                ->allows(PageLog::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
-        $this->assign('nav__canUsers', $this->getSecurityManager()
-                ->allows(StatsUsers::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
-        $this->assign('nav__canSearch', $this->getSecurityManager()
-                ->allows(PageSearch::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
-        $this->assign('nav__canStats', $this->getSecurityManager()
-                ->allows(StatsMain::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
+		$this->assign('nav__canLogs', $this->getSecurityManager()
+				->allows(PageLog::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
+		$this->assign('nav__canUsers', $this->getSecurityManager()
+				->allows(StatsUsers::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
+		$this->assign('nav__canSearch', $this->getSecurityManager()
+				->allows(PageSearch::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
+		$this->assign('nav__canStats', $this->getSecurityManager()
+				->allows(StatsMain::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
 
-        $this->assign('nav__canBan', $this->getSecurityManager()
-                ->allows(PageBan::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
-        $this->assign('nav__canEmailMgmt', $this->getSecurityManager()
-                ->allows(PageEmailManagement::class, RoleConfiguration::MAIN,
-                    $currentUser) === SecurityManager::ALLOWED);
-        $this->assign('nav__canWelcomeMgmt', $this->getSecurityManager()
-                ->allows(PageWelcomeTemplateManagement::class, RoleConfiguration::MAIN,
-                    $currentUser) === SecurityManager::ALLOWED);
-        $this->assign('nav__canSiteNoticeMgmt', $this->getSecurityManager()
-                ->allows(PageSiteNotice::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
-        $this->assign('nav__canUserMgmt', $this->getSecurityManager()
-                ->allows(PageUserManagement::class, RoleConfiguration::MAIN,
-                    $currentUser) === SecurityManager::ALLOWED);
-        $this->assign('nav__canJobQueue', $this->getSecurityManager()
-                ->allows(PageJobQueue::class, RoleConfiguration::MAIN,
-                    $currentUser) === SecurityManager::ALLOWED);
+		$this->assign('nav__canBan', $this->getSecurityManager()
+				->allows(PageBan::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
+		$this->assign('nav__canEmailMgmt', $this->getSecurityManager()
+				->allows(PageEmailManagement::class, RoleConfiguration::MAIN,
+					$currentUser) === SecurityManager::ALLOWED);
+		$this->assign('nav__canWelcomeMgmt', $this->getSecurityManager()
+				->allows(PageWelcomeTemplateManagement::class, RoleConfiguration::MAIN,
+					$currentUser) === SecurityManager::ALLOWED);
+		$this->assign('nav__canSiteNoticeMgmt', $this->getSecurityManager()
+				->allows(PageSiteNotice::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
+		$this->assign('nav__canUserMgmt', $this->getSecurityManager()
+				->allows(PageUserManagement::class, RoleConfiguration::MAIN,
+					$currentUser) === SecurityManager::ALLOWED);
+		$this->assign('nav__canJobQueue', $this->getSecurityManager()
+				->allows(PageJobQueue::class, RoleConfiguration::MAIN,
+					$currentUser) === SecurityManager::ALLOWED);
 
-        $this->assign('nav__canViewRequest', $this->getSecurityManager()
-                ->allows(PageViewRequest::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
-    }
+		$this->assign('nav__canViewRequest', $this->getSecurityManager()
+				->allows(PageViewRequest::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
+	}
 }
\ No newline at end of file

includes/Fragments/TemplateOutput.php

Indentation +74 added lines, -74 removed lines

@@ -15,89 +15,89 @@
 
 trait TemplateOutput
 {
-    /** @var Smarty */
-    private $smarty;
-    /** @var string Extra JavaScript to include at the end of the page's execution */
-    private $tailScript;
+	/** @var Smarty */
+	private $smarty;
+	/** @var string Extra JavaScript to include at the end of the page's execution */
+	private $tailScript;
 
-    /**
-     * @return SiteConfiguration
-     */
-    protected abstract function getSiteConfiguration();
+	/**
+	 * @return SiteConfiguration
+	 */
+	protected abstract function getSiteConfiguration();
 
-    /**
-     * Include extra JavaScript at the end of the page's execution
-     *
-     * @param $script string JavaScript to include at the end of the page
-     */
-    final protected function setTailScript($script)
-    {
-        $this->tailScript = $script;
-    }
+	/**
+	 * Include extra JavaScript at the end of the page's execution
+	 *
+	 * @param $script string JavaScript to include at the end of the page
+	 */
+	final protected function setTailScript($script)
+	{
+		$this->tailScript = $script;
+	}
 
-    /**
-     * Assigns a Smarty variable
-     *
-     * @param  array|string $name  the template variable name(s)
-     * @param  mixed        $value the value to assign
-     */
-    final protected function assign($name, $value)
-    {
-        $this->smarty->assign($name, $value);
-    }
+	/**
+	 * Assigns a Smarty variable
+	 *
+	 * @param  array|string $name  the template variable name(s)
+	 * @param  mixed        $value the value to assign
+	 */
+	final protected function assign($name, $value)
+	{
+		$this->smarty->assign($name, $value);
+	}
 
-    /**
-     * Sets up the variables used by the main Smarty base template.
-     *
-     * This list is getting kinda long.
-     */
-    final protected function setUpSmarty()
-    {
-        $this->smarty = new Smarty();
-        $this->smarty->addPluginsDir($this->getSiteConfiguration()->getFilePath() . '/smarty-plugins');
+	/**
+	 * Sets up the variables used by the main Smarty base template.
+	 *
+	 * This list is getting kinda long.
+	 */
+	final protected function setUpSmarty()
+	{
+		$this->smarty = new Smarty();
+		$this->smarty->addPluginsDir($this->getSiteConfiguration()->getFilePath() . '/smarty-plugins');
 
-        $this->assign('currentUser', User::getCommunity());
-        $this->assign('loggedIn', false);
-        $this->assign('baseurl', $this->getSiteConfiguration()->getBaseUrl());
-        $this->assign('mediawikiScriptPath', $this->getSiteConfiguration()->getMediawikiScriptPath());
+		$this->assign('currentUser', User::getCommunity());
+		$this->assign('loggedIn', false);
+		$this->assign('baseurl', $this->getSiteConfiguration()->getBaseUrl());
+		$this->assign('mediawikiScriptPath', $this->getSiteConfiguration()->getMediawikiScriptPath());
 
-        $this->assign('siteNoticeText', '');
-        $this->assign('toolversion', Environment::getToolVersion());
+		$this->assign('siteNoticeText', '');
+		$this->assign('toolversion', Environment::getToolVersion());
 
-        // default these
-        $this->assign('onlineusers', array());
-        $this->assign('typeAheadBlock', '');
-        $this->assign('extraJs', array());
-        $this->assign('extraCss', array());
+		// default these
+		$this->assign('onlineusers', array());
+		$this->assign('typeAheadBlock', '');
+		$this->assign('extraJs', array());
+		$this->assign('extraCss', array());
 
-        // nav menu access control
-        $this->assign('nav__canRequests', false);
-        $this->assign('nav__canLogs', false);
-        $this->assign('nav__canUsers', false);
-        $this->assign('nav__canSearch', false);
-        $this->assign('nav__canStats', false);
-        $this->assign('nav__canBan', false);
-        $this->assign('nav__canEmailMgmt', false);
-        $this->assign('nav__canWelcomeMgmt', false);
-        $this->assign('nav__canSiteNoticeMgmt', false);
-        $this->assign('nav__canUserMgmt', false);
-        $this->assign('nav__canViewRequest', false);
-        $this->assign('nav__canJobQueue', false);
+		// nav menu access control
+		$this->assign('nav__canRequests', false);
+		$this->assign('nav__canLogs', false);
+		$this->assign('nav__canUsers', false);
+		$this->assign('nav__canSearch', false);
+		$this->assign('nav__canStats', false);
+		$this->assign('nav__canBan', false);
+		$this->assign('nav__canEmailMgmt', false);
+		$this->assign('nav__canWelcomeMgmt', false);
+		$this->assign('nav__canSiteNoticeMgmt', false);
+		$this->assign('nav__canUserMgmt', false);
+		$this->assign('nav__canViewRequest', false);
+		$this->assign('nav__canJobQueue', false);
 
-        $this->assign('page', $this);
-    }
+		$this->assign('page', $this);
+	}
 
-    /**
-     * Fetches a rendered Smarty template
-     *
-     * @param $template string Template file path, relative to /templates/
-     *
-     * @return string Templated HTML
-     */
-    final protected function fetchTemplate($template)
-    {
-        $this->assign("tailScript", $this->tailScript);
+	/**
+	 * Fetches a rendered Smarty template
+	 *
+	 * @param $template string Template file path, relative to /templates/
+	 *
+	 * @return string Templated HTML
+	 */
+	final protected function fetchTemplate($template)
+	{
+		$this->assign("tailScript", $this->tailScript);
 
-        return $this->smarty->fetch($template);
-    }
+		return $this->smarty->fetch($template);
+	}
 }

includes/Fragments/RequestData.php

Indentation +320 added lines, -320 removed lines

@@ -24,324 +24,324 @@
 
 trait RequestData
 {
-    /**
-     * @var array Array of IP address classed as 'private' by RFC1918.
-     */
-    protected static $rfc1918ips = array(
-        "10.0.0.0"    => "10.255.255.255",
-        "172.16.0.0"  => "172.31.255.255",
-        "192.168.0.0" => "192.168.255.255",
-        "169.254.0.0" => "169.254.255.255",
-        "127.0.0.0"   => "127.255.255.255",
-    );
-
-    /**
-     * Gets a request object
-     *
-     * @param PdoDatabase $database  The database connection
-     * @param int         $requestId The ID of the request to retrieve
-     *
-     * @return Request
-     * @throws ApplicationLogicException
-     */
-    protected function getRequest(PdoDatabase $database, $requestId)
-    {
-        if ($requestId === null) {
-            throw new ApplicationLogicException("No request specified");
-        }
-
-        $request = Request::getById($requestId, $database);
-        if ($request === false || !is_a($request, Request::class)) {
-            throw new ApplicationLogicException('Could not load the requested request!');
-        }
-
-        return $request;
-    }
-
-    /**
-     * Returns a value stating whether the user is allowed to see private data or not
-     *
-     * @param Request $request
-     * @param User    $currentUser
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    protected function isAllowedPrivateData(Request $request, User $currentUser)
-    {
-        // Test the main security barrier for private data access using SecurityManager
-        if ($this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData')) {
-            // Tool admins/check-users can always see private data
-            return true;
-        }
-
-        // reserving user is allowed to see the data
-        if ($currentUser->getId() === $request->getReserved()
-            && $request->getReserved() !== null
-            && $this->barrierTest('seePrivateDataWhenReserved', $currentUser, 'RequestData')
-        ) {
-            return true;
-        }
-
-        // user has the reveal hash
-        if (WebRequest::getString('hash') === $request->getRevealHash()
-            && $this->barrierTest('seePrivateDataWithHash', $currentUser, 'RequestData')
-        ) {
-            return true;
-        }
-
-        // nope. Not allowed.
-        return false;
-    }
-
-    /**
-     * Tests the security barrier for a specified action.
-     *
-     * Don't use within templates
-     *
-     * @param string      $action
-     *
-     * @param User        $user
-     * @param null|string $pageName
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    abstract protected function barrierTest($action, User $user, $pageName = null);
-
-    /**
-     * Gets the name of the route that has been passed from the request router.
-     * @return string
-     */
-    abstract protected function getRouteName();
-
-    /** @return SecurityManager */
-    abstract protected function getSecurityManager();
-
-    /**
-     * Sets the name of the template this page should display.
-     *
-     * @param string $name
-     */
-    abstract protected function setTemplate($name);
-
-    /** @return IXffTrustProvider */
-    abstract protected function getXffTrustProvider();
-
-    /** @return ILocationProvider */
-    abstract protected function getLocationProvider();
-
-    /** @return IRDnsProvider */
-    abstract protected function getRdnsProvider();
-
-    /**
-     * Assigns a Smarty variable
-     *
-     * @param  array|string $name  the template variable name(s)
-     * @param  mixed        $value the value to assign
-     */
-    abstract protected function assign($name, $value);
-
-    /**
-     * @param int         $requestReservationId
-     * @param PdoDatabase $database
-     * @param User        $currentUser
-     */
-    protected function setupReservationDetails($requestReservationId, PdoDatabase $database, User $currentUser)
-    {
-        $requestIsReserved = $requestReservationId !== null;
-        $this->assign('requestIsReserved', $requestIsReserved);
-        $this->assign('requestIsReservedByMe', false);
-
-        if ($requestIsReserved) {
-            $this->assign('requestReservedByName', User::getById($requestReservationId, $database)->getUsername());
-            $this->assign('requestReservedById', $requestReservationId);
-
-            if ($requestReservationId === $currentUser->getId()) {
-                $this->assign('requestIsReservedByMe', true);
-            }
-        }
-
-        $this->assign('canBreakReservation', $this->barrierTest('force', $currentUser, PageBreakReservation::class));
-    }
-
-    /**
-     * Adds private request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
-     *
-     * @param Request           $request
-     * @param User              $currentUser
-     * @param SiteConfiguration $configuration
-     *
-     * @param PdoDatabase       $database
-     */
-    protected function setupPrivateData(
-        $request,
-        User $currentUser,
-        SiteConfiguration $configuration,
-        PdoDatabase $database
-    ) {
-        $xffProvider = $this->getXffTrustProvider();
-
-        $relatedEmailRequests = RequestSearchHelper::get($database)
-            ->byEmailAddress($request->getEmail())
-            ->withConfirmedEmail()
-            ->excludingPurgedData($configuration)
-            ->excludingRequest($request->getId())
-            ->fetch();
-
-        $this->assign('requestEmail', $request->getEmail());
-        $emailDomain = explode("@", $request->getEmail())[1];
-        $this->assign("emailurl", $emailDomain);
-        $this->assign('requestRelatedEmailRequestsCount', count($relatedEmailRequests));
-        $this->assign('requestRelatedEmailRequests', $relatedEmailRequests);
-
-        $trustedIp = $xffProvider->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
-        $this->assign('requestTrustedIp', $trustedIp);
-        $this->assign('requestRealIp', $request->getIp());
-        $this->assign('requestForwardedIp', $request->getForwardedIp());
-
-        $trustedIpLocation = $this->getLocationProvider()->getIpLocation($trustedIp);
-        $this->assign('requestTrustedIpLocation', $trustedIpLocation);
-
-        $this->assign('requestHasForwardedIp', $request->getForwardedIp() !== null);
-
-        $relatedIpRequests = RequestSearchHelper::get($database)
-            ->byIp($trustedIp)
-            ->withConfirmedEmail()
-            ->excludingPurgedData($configuration)
-            ->excludingRequest($request->getId())
-            ->fetch();
-
-        $this->assign('requestRelatedIpRequestsCount', count($relatedIpRequests));
-        $this->assign('requestRelatedIpRequests', $relatedIpRequests);
-
-        $this->assign('showRevealLink', false);
-        if ($request->getReserved() === $currentUser->getId() ||
-            $this->barrierTest('alwaysSeeHash', $currentUser, 'RequestData')
-        ) {
-            $this->assign('showRevealLink', true);
-            $this->assign('revealHash', $request->getRevealHash());
-        }
-
-        $this->setupForwardedIpData($request);
-    }
-
-    /**
-     * Adds checkuser request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
-     *
-     * @param Request $request
-     */
-    protected function setupCheckUserData(Request $request)
-    {
-        $this->assign('requestUserAgent', $request->getUserAgent());
-    }
-
-    /**
-     * Sets up the basic data for this request, and adds it to Smarty
-     *
-     * @param Request           $request
-     * @param SiteConfiguration $config
-     */
-    protected function setupBasicData(Request $request, SiteConfiguration $config)
-    {
-        $this->assign('requestId', $request->getId());
-        $this->assign('updateVersion', $request->getUpdateVersion());
-        $this->assign('requestName', $request->getName());
-        $this->assign('requestDate', $request->getDate());
-        $this->assign('requestStatus', $request->getStatus());
-
-        $isClosed = !array_key_exists($request->getStatus(), $config->getRequestStates())
-            && $request->getStatus() !== RequestStatus::HOSPITAL;
-        $this->assign('requestIsClosed', $isClosed);
-    }
-
-    /**
-     * Sets up the forwarded IP data for this request and adds it to Smarty
-     *
-     * @param Request $request
-     */
-    protected function setupForwardedIpData(Request $request)
-    {
-        if ($request->getForwardedIp() !== null) {
-            $requestProxyData = array(); // Initialize array to store data to be output in Smarty template.
-            $proxyIndex = 0;
-
-            // Assuming [client] <=> [proxy1] <=> [proxy2] <=> [proxy3] <=> [us], we will see an XFF header of [client],
-            // [proxy1], [proxy2], and our actual IP will be [proxy3]
-            $proxies = explode(",", $request->getForwardedIp());
-            $proxies[] = $request->getIp();
-
-            // Origin is the supposed "client" IP.
-            $origin = $proxies[0];
-            $this->assign("forwardedOrigin", $origin);
-
-            // We step through the servers in reverse order, from closest to furthest
-            $proxies = array_reverse($proxies);
-
-            // By default, we have trust, because the first in the chain is now REMOTE_ADDR, which is hardest to spoof.
-            $trust = true;
-
-            /**
-             * @var int    $index     The zero-based index of the proxy.
-             * @var string $proxyData The proxy IP address (although possibly not!)
-             */
-            foreach ($proxies as $index => $proxyData) {
-                $proxyAddress = trim($proxyData);
-                $requestProxyData[$proxyIndex]['ip'] = $proxyAddress;
-
-                // get data on this IP.
-                $thisProxyIsTrusted = $this->getXffTrustProvider()->isTrusted($proxyAddress);
-
-                $proxyIsInPrivateRange = $this->getXffTrustProvider()
-                    ->ipInRange(self::$rfc1918ips, $proxyAddress);
-
-                if (!$proxyIsInPrivateRange) {
-                    $proxyReverseDns = $this->getRdnsProvider()->getReverseDNS($proxyAddress);
-                    $proxyLocation = $this->getLocationProvider()->getIpLocation($proxyAddress);
-                }
-                else {
-                    // this is going to fail, so why bother trying?
-                    $proxyReverseDns = false;
-                    $proxyLocation = false;
-                }
-
-                // current trust chain status BEFORE this link
-                $preLinkTrust = $trust;
-
-                // is *this* link trusted? Note, this will be true even if there is an untrusted link before this!
-                $requestProxyData[$proxyIndex]['trustedlink'] = $thisProxyIsTrusted;
-
-                // set the trust status of the chain to this point
-                $trust = $trust & $thisProxyIsTrusted;
-
-                // If this is the origin address, and the chain was trusted before this point, then we can trust
-                // the origin.
-                if ($preLinkTrust && $proxyAddress == $origin) {
-                    // if this is the origin, then we are at the last point in the chain.
-                    // @todo: this is probably the cause of some bugs when an IP appears twice - we're missing a check
-                    // to see if this is *really* the last in the chain, rather than just the same IP as it.
-                    $trust = true;
-                }
-
-                $requestProxyData[$proxyIndex]['trust'] = $trust;
-
-                $requestProxyData[$proxyIndex]['rdnsfailed'] = $proxyReverseDns === false;
-                $requestProxyData[$proxyIndex]['rdns'] = $proxyReverseDns;
-                $requestProxyData[$proxyIndex]['routable'] = !$proxyIsInPrivateRange;
-
-                $requestProxyData[$proxyIndex]['location'] = $proxyLocation;
-
-                if ($proxyReverseDns === $proxyAddress && $proxyIsInPrivateRange === false) {
-                    $requestProxyData[$proxyIndex]['rdns'] = null;
-                }
-
-                $showLinks = (!$trust || $proxyAddress == $origin) && !$proxyIsInPrivateRange;
-                $requestProxyData[$proxyIndex]['showlinks'] = $showLinks;
-
-                $proxyIndex++;
-            }
-
-            $this->assign("requestProxyData", $requestProxyData);
-        }
-    }
+	/**
+	 * @var array Array of IP address classed as 'private' by RFC1918.
+	 */
+	protected static $rfc1918ips = array(
+		"10.0.0.0"    => "10.255.255.255",
+		"172.16.0.0"  => "172.31.255.255",
+		"192.168.0.0" => "192.168.255.255",
+		"169.254.0.0" => "169.254.255.255",
+		"127.0.0.0"   => "127.255.255.255",
+	);
+
+	/**
+	 * Gets a request object
+	 *
+	 * @param PdoDatabase $database  The database connection
+	 * @param int         $requestId The ID of the request to retrieve
+	 *
+	 * @return Request
+	 * @throws ApplicationLogicException
+	 */
+	protected function getRequest(PdoDatabase $database, $requestId)
+	{
+		if ($requestId === null) {
+			throw new ApplicationLogicException("No request specified");
+		}
+
+		$request = Request::getById($requestId, $database);
+		if ($request === false || !is_a($request, Request::class)) {
+			throw new ApplicationLogicException('Could not load the requested request!');
+		}
+
+		return $request;
+	}
+
+	/**
+	 * Returns a value stating whether the user is allowed to see private data or not
+	 *
+	 * @param Request $request
+	 * @param User    $currentUser
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	protected function isAllowedPrivateData(Request $request, User $currentUser)
+	{
+		// Test the main security barrier for private data access using SecurityManager
+		if ($this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData')) {
+			// Tool admins/check-users can always see private data
+			return true;
+		}
+
+		// reserving user is allowed to see the data
+		if ($currentUser->getId() === $request->getReserved()
+			&& $request->getReserved() !== null
+			&& $this->barrierTest('seePrivateDataWhenReserved', $currentUser, 'RequestData')
+		) {
+			return true;
+		}
+
+		// user has the reveal hash
+		if (WebRequest::getString('hash') === $request->getRevealHash()
+			&& $this->barrierTest('seePrivateDataWithHash', $currentUser, 'RequestData')
+		) {
+			return true;
+		}
+
+		// nope. Not allowed.
+		return false;
+	}
+
+	/**
+	 * Tests the security barrier for a specified action.
+	 *
+	 * Don't use within templates
+	 *
+	 * @param string      $action
+	 *
+	 * @param User        $user
+	 * @param null|string $pageName
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	abstract protected function barrierTest($action, User $user, $pageName = null);
+
+	/**
+	 * Gets the name of the route that has been passed from the request router.
+	 * @return string
+	 */
+	abstract protected function getRouteName();
+
+	/** @return SecurityManager */
+	abstract protected function getSecurityManager();
+
+	/**
+	 * Sets the name of the template this page should display.
+	 *
+	 * @param string $name
+	 */
+	abstract protected function setTemplate($name);
+
+	/** @return IXffTrustProvider */
+	abstract protected function getXffTrustProvider();
+
+	/** @return ILocationProvider */
+	abstract protected function getLocationProvider();
+
+	/** @return IRDnsProvider */
+	abstract protected function getRdnsProvider();
+
+	/**
+	 * Assigns a Smarty variable
+	 *
+	 * @param  array|string $name  the template variable name(s)
+	 * @param  mixed        $value the value to assign
+	 */
+	abstract protected function assign($name, $value);
+
+	/**
+	 * @param int         $requestReservationId
+	 * @param PdoDatabase $database
+	 * @param User        $currentUser
+	 */
+	protected function setupReservationDetails($requestReservationId, PdoDatabase $database, User $currentUser)
+	{
+		$requestIsReserved = $requestReservationId !== null;
+		$this->assign('requestIsReserved', $requestIsReserved);
+		$this->assign('requestIsReservedByMe', false);
+
+		if ($requestIsReserved) {
+			$this->assign('requestReservedByName', User::getById($requestReservationId, $database)->getUsername());
+			$this->assign('requestReservedById', $requestReservationId);
+
+			if ($requestReservationId === $currentUser->getId()) {
+				$this->assign('requestIsReservedByMe', true);
+			}
+		}
+
+		$this->assign('canBreakReservation', $this->barrierTest('force', $currentUser, PageBreakReservation::class));
+	}
+
+	/**
+	 * Adds private request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
+	 *
+	 * @param Request           $request
+	 * @param User              $currentUser
+	 * @param SiteConfiguration $configuration
+	 *
+	 * @param PdoDatabase       $database
+	 */
+	protected function setupPrivateData(
+		$request,
+		User $currentUser,
+		SiteConfiguration $configuration,
+		PdoDatabase $database
+	) {
+		$xffProvider = $this->getXffTrustProvider();
+
+		$relatedEmailRequests = RequestSearchHelper::get($database)
+			->byEmailAddress($request->getEmail())
+			->withConfirmedEmail()
+			->excludingPurgedData($configuration)
+			->excludingRequest($request->getId())
+			->fetch();
+
+		$this->assign('requestEmail', $request->getEmail());
+		$emailDomain = explode("@", $request->getEmail())[1];
+		$this->assign("emailurl", $emailDomain);
+		$this->assign('requestRelatedEmailRequestsCount', count($relatedEmailRequests));
+		$this->assign('requestRelatedEmailRequests', $relatedEmailRequests);
+
+		$trustedIp = $xffProvider->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
+		$this->assign('requestTrustedIp', $trustedIp);
+		$this->assign('requestRealIp', $request->getIp());
+		$this->assign('requestForwardedIp', $request->getForwardedIp());
+
+		$trustedIpLocation = $this->getLocationProvider()->getIpLocation($trustedIp);
+		$this->assign('requestTrustedIpLocation', $trustedIpLocation);
+
+		$this->assign('requestHasForwardedIp', $request->getForwardedIp() !== null);
+
+		$relatedIpRequests = RequestSearchHelper::get($database)
+			->byIp($trustedIp)
+			->withConfirmedEmail()
+			->excludingPurgedData($configuration)
+			->excludingRequest($request->getId())
+			->fetch();
+
+		$this->assign('requestRelatedIpRequestsCount', count($relatedIpRequests));
+		$this->assign('requestRelatedIpRequests', $relatedIpRequests);
+
+		$this->assign('showRevealLink', false);
+		if ($request->getReserved() === $currentUser->getId() ||
+			$this->barrierTest('alwaysSeeHash', $currentUser, 'RequestData')
+		) {
+			$this->assign('showRevealLink', true);
+			$this->assign('revealHash', $request->getRevealHash());
+		}
+
+		$this->setupForwardedIpData($request);
+	}
+
+	/**
+	 * Adds checkuser request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
+	 *
+	 * @param Request $request
+	 */
+	protected function setupCheckUserData(Request $request)
+	{
+		$this->assign('requestUserAgent', $request->getUserAgent());
+	}
+
+	/**
+	 * Sets up the basic data for this request, and adds it to Smarty
+	 *
+	 * @param Request           $request
+	 * @param SiteConfiguration $config
+	 */
+	protected function setupBasicData(Request $request, SiteConfiguration $config)
+	{
+		$this->assign('requestId', $request->getId());
+		$this->assign('updateVersion', $request->getUpdateVersion());
+		$this->assign('requestName', $request->getName());
+		$this->assign('requestDate', $request->getDate());
+		$this->assign('requestStatus', $request->getStatus());
+
+		$isClosed = !array_key_exists($request->getStatus(), $config->getRequestStates())
+			&& $request->getStatus() !== RequestStatus::HOSPITAL;
+		$this->assign('requestIsClosed', $isClosed);
+	}
+
+	/**
+	 * Sets up the forwarded IP data for this request and adds it to Smarty
+	 *
+	 * @param Request $request
+	 */
+	protected function setupForwardedIpData(Request $request)
+	{
+		if ($request->getForwardedIp() !== null) {
+			$requestProxyData = array(); // Initialize array to store data to be output in Smarty template.
+			$proxyIndex = 0;
+
+			// Assuming [client] <=> [proxy1] <=> [proxy2] <=> [proxy3] <=> [us], we will see an XFF header of [client],
+			// [proxy1], [proxy2], and our actual IP will be [proxy3]
+			$proxies = explode(",", $request->getForwardedIp());
+			$proxies[] = $request->getIp();
+
+			// Origin is the supposed "client" IP.
+			$origin = $proxies[0];
+			$this->assign("forwardedOrigin", $origin);
+
+			// We step through the servers in reverse order, from closest to furthest
+			$proxies = array_reverse($proxies);
+
+			// By default, we have trust, because the first in the chain is now REMOTE_ADDR, which is hardest to spoof.
+			$trust = true;
+
+			/**
+			 * @var int    $index     The zero-based index of the proxy.
+			 * @var string $proxyData The proxy IP address (although possibly not!)
+			 */
+			foreach ($proxies as $index => $proxyData) {
+				$proxyAddress = trim($proxyData);
+				$requestProxyData[$proxyIndex]['ip'] = $proxyAddress;
+
+				// get data on this IP.
+				$thisProxyIsTrusted = $this->getXffTrustProvider()->isTrusted($proxyAddress);
+
+				$proxyIsInPrivateRange = $this->getXffTrustProvider()
+					->ipInRange(self::$rfc1918ips, $proxyAddress);
+
+				if (!$proxyIsInPrivateRange) {
+					$proxyReverseDns = $this->getRdnsProvider()->getReverseDNS($proxyAddress);
+					$proxyLocation = $this->getLocationProvider()->getIpLocation($proxyAddress);
+				}
+				else {
+					// this is going to fail, so why bother trying?
+					$proxyReverseDns = false;
+					$proxyLocation = false;
+				}
+
+				// current trust chain status BEFORE this link
+				$preLinkTrust = $trust;
+
+				// is *this* link trusted? Note, this will be true even if there is an untrusted link before this!
+				$requestProxyData[$proxyIndex]['trustedlink'] = $thisProxyIsTrusted;
+
+				// set the trust status of the chain to this point
+				$trust = $trust & $thisProxyIsTrusted;
+
+				// If this is the origin address, and the chain was trusted before this point, then we can trust
+				// the origin.
+				if ($preLinkTrust && $proxyAddress == $origin) {
+					// if this is the origin, then we are at the last point in the chain.
+					// @todo: this is probably the cause of some bugs when an IP appears twice - we're missing a check
+					// to see if this is *really* the last in the chain, rather than just the same IP as it.
+					$trust = true;
+				}
+
+				$requestProxyData[$proxyIndex]['trust'] = $trust;
+
+				$requestProxyData[$proxyIndex]['rdnsfailed'] = $proxyReverseDns === false;
+				$requestProxyData[$proxyIndex]['rdns'] = $proxyReverseDns;
+				$requestProxyData[$proxyIndex]['routable'] = !$proxyIsInPrivateRange;
+
+				$requestProxyData[$proxyIndex]['location'] = $proxyLocation;
+
+				if ($proxyReverseDns === $proxyAddress && $proxyIsInPrivateRange === false) {
+					$requestProxyData[$proxyIndex]['rdns'] = null;
+				}
+
+				$showLinks = (!$trust || $proxyAddress == $origin) && !$proxyIsInPrivateRange;
+				$requestProxyData[$proxyIndex]['showlinks'] = $showLinks;
+
+				$proxyIndex++;
+			}
+
+			$this->assign("requestProxyData", $requestProxyData);
+		}
+	}
 }

includes/Router/OAuthRequestRouter.php

Indentation +5 added lines, -5 removed lines

@@ -17,9 +17,9 @@
  */
 class OAuthRequestRouter extends RequestRouter
 {
-    protected function getRouteFromPath($pathInfo)
-    {
-        // Hardcode the route for this entry point
-        return array(PageOAuthCallback::class, 'authorise');
-    }
+	protected function getRouteFromPath($pathInfo)
+	{
+		// Hardcode the route for this entry point
+		return array(PageOAuthCallback::class, 'authorise');
+	}
 }
\ No newline at end of file

includes/Tasks/PagedInternalPageBase.php

Indentation +93 added lines, -93 removed lines

@@ -13,97 +13,97 @@
 
 abstract class PagedInternalPageBase extends InternalPageBase
 {
-    /** @var SearchHelperBase */
-    private $searchHelper;
-    private $page;
-    private $limit;
-
-    /**
-     * Sets up the pager with the current page, current limit, and total number of records.
-     *
-     * @param int   $count
-     * @param array $formParameters
-     */
-    protected function setupPageData($count, $formParameters)
-    {
-        $page = $this->page;
-        $limit = $this->limit;
-
-        // The number of pages on the pager to show. Must be odd
-        $pageLimit = 9;
-
-        $pageData = array(
-            // Can the user go to the previous page?
-            'canprev'   => $page != 1,
-            // Can the user go to the next page?
-            'cannext'   => ($page * $limit) < $count,
-            // Maximum page number
-            'maxpage'   => ceil($count / $limit),
-            // Limit to the number of pages to display
-            'pagelimit' => $pageLimit,
-        );
-
-        // number of pages either side of the current to show
-        $pageMargin = (($pageLimit - 1) / 2);
-
-        // Calculate the number of pages either side to show - this is for situations like:
-        //  [1]  [2] [[3]] [4]  [5]  [6]  [7]  [8]  [9] - where you can't just use the page margin calculated
-        $pageData['lowpage'] = max(1, $page - $pageMargin);
-        $pageData['hipage'] = min($pageData['maxpage'], $page + $pageMargin);
-        $pageCount = ($pageData['hipage'] - $pageData['lowpage']) + 1;
-
-        if ($pageCount < $pageLimit) {
-            if ($pageData['lowpage'] == 1 && $pageData['hipage'] < $pageData['maxpage']) {
-                $pageData['hipage'] = min($pageLimit, $pageData['maxpage']);
-            }
-            elseif ($pageData['lowpage'] > 1 && $pageData['hipage'] == $pageData['maxpage']) {
-                $pageData['lowpage'] = max(1, $pageData['maxpage'] - $pageLimit + 1);
-            }
-        }
-
-        // Put the range of pages into the page data
-        $pageData['pages'] = range($pageData['lowpage'], $pageData['hipage']);
-
-        $this->assign("pagedata", $pageData);
-
-        $this->assign("limit", $limit);
-        $this->assign("page", $page);
-
-        $this->setupFormParameters($formParameters);
-    }
-
-    protected function setSearchHelper(SearchHelperBase $searchHelper)
-    {
-        $this->searchHelper = $searchHelper;
-    }
-
-    protected function setupLimits()
-    {
-        $limit = WebRequest::getInt('limit');
-        if ($limit === null) {
-            $limit = 100;
-        }
-
-        $page = WebRequest::getInt('page');
-        if ($page === null) {
-            $page = 1;
-        }
-
-        $offset = ($page - 1) * $limit;
-
-        $this->searchHelper->limit($limit, $offset);
-
-        $this->page = $page;
-        $this->limit = $limit;
-    }
-
-    private function setupFormParameters($formParameters)
-    {
-        $formParameters['limit'] = $this->limit;
-        $this->assign('searchParamsUrl', http_build_query($formParameters, '', '&amp;'));
-
-        foreach ($formParameters as $key => $value)  {
-            $this->assign($key, $value);
-        }
-    }
+	/** @var SearchHelperBase */
+	private $searchHelper;
+	private $page;
+	private $limit;
+
+	/**
+	 * Sets up the pager with the current page, current limit, and total number of records.
+	 *
+	 * @param int   $count
+	 * @param array $formParameters
+	 */
+	protected function setupPageData($count, $formParameters)
+	{
+		$page = $this->page;
+		$limit = $this->limit;
+
+		// The number of pages on the pager to show. Must be odd
+		$pageLimit = 9;
+
+		$pageData = array(
+			// Can the user go to the previous page?
+			'canprev'   => $page != 1,
+			// Can the user go to the next page?
+			'cannext'   => ($page * $limit) < $count,
+			// Maximum page number
+			'maxpage'   => ceil($count / $limit),
+			// Limit to the number of pages to display
+			'pagelimit' => $pageLimit,
+		);
+
+		// number of pages either side of the current to show
+		$pageMargin = (($pageLimit - 1) / 2);
+
+		// Calculate the number of pages either side to show - this is for situations like:
+		//  [1]  [2] [[3]] [4]  [5]  [6]  [7]  [8]  [9] - where you can't just use the page margin calculated
+		$pageData['lowpage'] = max(1, $page - $pageMargin);
+		$pageData['hipage'] = min($pageData['maxpage'], $page + $pageMargin);
+		$pageCount = ($pageData['hipage'] - $pageData['lowpage']) + 1;
+
+		if ($pageCount < $pageLimit) {
+			if ($pageData['lowpage'] == 1 && $pageData['hipage'] < $pageData['maxpage']) {
+				$pageData['hipage'] = min($pageLimit, $pageData['maxpage']);
+			}
+			elseif ($pageData['lowpage'] > 1 && $pageData['hipage'] == $pageData['maxpage']) {
+				$pageData['lowpage'] = max(1, $pageData['maxpage'] - $pageLimit + 1);
+			}
+		}
+
+		// Put the range of pages into the page data
+		$pageData['pages'] = range($pageData['lowpage'], $pageData['hipage']);
+
+		$this->assign("pagedata", $pageData);
+
+		$this->assign("limit", $limit);
+		$this->assign("page", $page);
+
+		$this->setupFormParameters($formParameters);
+	}
+
+	protected function setSearchHelper(SearchHelperBase $searchHelper)
+	{
+		$this->searchHelper = $searchHelper;
+	}
+
+	protected function setupLimits()
+	{
+		$limit = WebRequest::getInt('limit');
+		if ($limit === null) {
+			$limit = 100;
+		}
+
+		$page = WebRequest::getInt('page');
+		if ($page === null) {
+			$page = 1;
+		}
+
+		$offset = ($page - 1) * $limit;
+
+		$this->searchHelper->limit($limit, $offset);
+
+		$this->page = $page;
+		$this->limit = $limit;
+	}
+
+	private function setupFormParameters($formParameters)
+	{
+		$formParameters['limit'] = $this->limit;
+		$this->assign('searchParamsUrl', http_build_query($formParameters, '', '&amp;'));
+
+		foreach ($formParameters as $key => $value)  {
+			$this->assign($key, $value);
+		}
+	}
 }
\ No newline at end of file

Spacing +1 added lines, -1 removed lines

@@ -102,7 +102,7 @@
         $formParameters['limit'] = $this->limit;
         $this->assign('searchParamsUrl', http_build_query($formParameters, '', '&'));
 
-        foreach ($formParameters as $key => $value)  {
+        foreach ($formParameters as $key => $value) {
             $this->assign($key, $value);
         }
     }

Braces +1 added lines, -1 removed lines

@@ -102,7 +102,7 @@
         $formParameters['limit'] = $this->limit;
         $this->assign('searchParamsUrl', http_build_query($formParameters, '', '&'));
 
-        foreach ($formParameters as $key => $value)  {
+        foreach ($formParameters as $key => $value) {
             $this->assign($key, $value);
         }
     }