enwikipedia-acc / waca

includes/Fragments/RequestData.php

Doc Comments +1 added lines, -1 removed lines

@@ -129,7 +129,7 @@
     /**
      * Assigns a Smarty variable
      *
-     * @param  array|string $name  the template variable name(s)
+     * @param  string $name  the template variable name(s)
      * @param  mixed        $value the value to assign
      */
     abstract protected function assign($name, $value);

Indentation +320 added lines, -320 removed lines

@@ -24,324 +24,324 @@
 
 trait RequestData
 {
-    /**
-     * @var array Array of IP address classed as 'private' by RFC1918.
-     */
-    protected static $rfc1918ips = array(
-        "10.0.0.0"    => "10.255.255.255",
-        "172.16.0.0"  => "172.31.255.255",
-        "192.168.0.0" => "192.168.255.255",
-        "169.254.0.0" => "169.254.255.255",
-        "127.0.0.0"   => "127.255.255.255",
-    );
-
-    /**
-     * Gets a request object
-     *
-     * @param PdoDatabase $database  The database connection
-     * @param int         $requestId The ID of the request to retrieve
-     *
-     * @return Request
-     * @throws ApplicationLogicException
-     */
-    protected function getRequest(PdoDatabase $database, $requestId)
-    {
-        if ($requestId === null) {
-            throw new ApplicationLogicException("No request specified");
-        }
-
-        $request = Request::getById($requestId, $database);
-        if ($request === false || !is_a($request, Request::class)) {
-            throw new ApplicationLogicException('Could not load the requested request!');
-        }
-
-        return $request;
-    }
-
-    /**
-     * Returns a value stating whether the user is allowed to see private data or not
-     *
-     * @param Request $request
-     * @param User    $currentUser
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    protected function isAllowedPrivateData(Request $request, User $currentUser)
-    {
-        // Test the main security barrier for private data access using SecurityManager
-        if ($this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData')) {
-            // Tool admins/check-users can always see private data
-            return true;
-        }
-
-        // reserving user is allowed to see the data
-        if ($currentUser->getId() === $request->getReserved()
-            && $request->getReserved() !== null
-            && $this->barrierTest('seePrivateDataWhenReserved', $currentUser, 'RequestData')
-        ) {
-            return true;
-        }
-
-        // user has the reveal hash
-        if (WebRequest::getString('hash') === $request->getRevealHash()
-            && $this->barrierTest('seePrivateDataWithHash', $currentUser, 'RequestData')
-        ) {
-            return true;
-        }
-
-        // nope. Not allowed.
-        return false;
-    }
-
-    /**
-     * Tests the security barrier for a specified action.
-     *
-     * Don't use within templates
-     *
-     * @param string      $action
-     *
-     * @param User        $user
-     * @param null|string $pageName
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    abstract protected function barrierTest($action, User $user, $pageName = null);
-
-    /**
-     * Gets the name of the route that has been passed from the request router.
-     * @return string
-     */
-    abstract protected function getRouteName();
-
-    /** @return SecurityManager */
-    abstract protected function getSecurityManager();
-
-    /**
-     * Sets the name of the template this page should display.
-     *
-     * @param string $name
-     */
-    abstract protected function setTemplate($name);
-
-    /** @return IXffTrustProvider */
-    abstract protected function getXffTrustProvider();
-
-    /** @return ILocationProvider */
-    abstract protected function getLocationProvider();
-
-    /** @return IRDnsProvider */
-    abstract protected function getRdnsProvider();
-
-    /**
-     * Assigns a Smarty variable
-     *
-     * @param  array|string $name  the template variable name(s)
-     * @param  mixed        $value the value to assign
-     */
-    abstract protected function assign($name, $value);
-
-    /**
-     * @param int         $requestReservationId
-     * @param PdoDatabase $database
-     * @param User        $currentUser
-     */
-    protected function setupReservationDetails($requestReservationId, PdoDatabase $database, User $currentUser)
-    {
-        $requestIsReserved = $requestReservationId !== null;
-        $this->assign('requestIsReserved', $requestIsReserved);
-        $this->assign('requestIsReservedByMe', false);
-
-        if ($requestIsReserved) {
-            $this->assign('requestReservedByName', User::getById($requestReservationId, $database)->getUsername());
-            $this->assign('requestReservedById', $requestReservationId);
-
-            if ($requestReservationId === $currentUser->getId()) {
-                $this->assign('requestIsReservedByMe', true);
-            }
-        }
-
-        $this->assign('canBreakReservation', $this->barrierTest('force', $currentUser, PageBreakReservation::class));
-    }
-
-    /**
-     * Adds private request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
-     *
-     * @param Request           $request
-     * @param User              $currentUser
-     * @param SiteConfiguration $configuration
-     *
-     * @param PdoDatabase       $database
-     */
-    protected function setupPrivateData(
-        $request,
-        User $currentUser,
-        SiteConfiguration $configuration,
-        PdoDatabase $database
-    ) {
-        $xffProvider = $this->getXffTrustProvider();
-
-        $relatedEmailRequests = RequestSearchHelper::get($database)
-            ->byEmailAddress($request->getEmail())
-            ->withConfirmedEmail()
-            ->excludingPurgedData($configuration)
-            ->excludingRequest($request->getId())
-            ->fetch();
-
-        $this->assign('requestEmail', $request->getEmail());
-        $emailDomain = explode("@", $request->getEmail())[1];
-        $this->assign("emailurl", $emailDomain);
-        $this->assign('requestRelatedEmailRequestsCount', count($relatedEmailRequests));
-        $this->assign('requestRelatedEmailRequests', $relatedEmailRequests);
-
-        $trustedIp = $xffProvider->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
-        $this->assign('requestTrustedIp', $trustedIp);
-        $this->assign('requestRealIp', $request->getIp());
-        $this->assign('requestForwardedIp', $request->getForwardedIp());
-
-        $trustedIpLocation = $this->getLocationProvider()->getIpLocation($trustedIp);
-        $this->assign('requestTrustedIpLocation', $trustedIpLocation);
-
-        $this->assign('requestHasForwardedIp', $request->getForwardedIp() !== null);
-
-        $relatedIpRequests = RequestSearchHelper::get($database)
-            ->byIp($trustedIp)
-            ->withConfirmedEmail()
-            ->excludingPurgedData($configuration)
-            ->excludingRequest($request->getId())
-            ->fetch();
-
-        $this->assign('requestRelatedIpRequestsCount', count($relatedIpRequests));
-        $this->assign('requestRelatedIpRequests', $relatedIpRequests);
-
-        $this->assign('showRevealLink', false);
-        if ($request->getReserved() === $currentUser->getId() ||
-            $this->barrierTest('alwaysSeeHash', $currentUser, 'RequestData')
-        ) {
-            $this->assign('showRevealLink', true);
-            $this->assign('revealHash', $request->getRevealHash());
-        }
-
-        $this->setupForwardedIpData($request);
-    }
-
-    /**
-     * Adds checkuser request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
-     *
-     * @param Request $request
-     */
-    protected function setupCheckUserData(Request $request)
-    {
-        $this->assign('requestUserAgent', $request->getUserAgent());
-    }
-
-    /**
-     * Sets up the basic data for this request, and adds it to Smarty
-     *
-     * @param Request           $request
-     * @param SiteConfiguration $config
-     */
-    protected function setupBasicData(Request $request, SiteConfiguration $config)
-    {
-        $this->assign('requestId', $request->getId());
-        $this->assign('updateVersion', $request->getUpdateVersion());
-        $this->assign('requestName', $request->getName());
-        $this->assign('requestDate', $request->getDate());
-        $this->assign('requestStatus', $request->getStatus());
-
-        $isClosed = !array_key_exists($request->getStatus(), $config->getRequestStates())
-            && $request->getStatus() !== RequestStatus::HOSPITAL;
-        $this->assign('requestIsClosed', $isClosed);
-    }
-
-    /**
-     * Sets up the forwarded IP data for this request and adds it to Smarty
-     *
-     * @param Request $request
-     */
-    protected function setupForwardedIpData(Request $request)
-    {
-        if ($request->getForwardedIp() !== null) {
-            $requestProxyData = array(); // Initialize array to store data to be output in Smarty template.
-            $proxyIndex = 0;
-
-            // Assuming [client] <=> [proxy1] <=> [proxy2] <=> [proxy3] <=> [us], we will see an XFF header of [client],
-            // [proxy1], [proxy2], and our actual IP will be [proxy3]
-            $proxies = explode(",", $request->getForwardedIp());
-            $proxies[] = $request->getIp();
-
-            // Origin is the supposed "client" IP.
-            $origin = $proxies[0];
-            $this->assign("forwardedOrigin", $origin);
-
-            // We step through the servers in reverse order, from closest to furthest
-            $proxies = array_reverse($proxies);
-
-            // By default, we have trust, because the first in the chain is now REMOTE_ADDR, which is hardest to spoof.
-            $trust = true;
-
-            /**
-             * @var int    $index     The zero-based index of the proxy.
-             * @var string $proxyData The proxy IP address (although possibly not!)
-             */
-            foreach ($proxies as $index => $proxyData) {
-                $proxyAddress = trim($proxyData);
-                $requestProxyData[$proxyIndex]['ip'] = $proxyAddress;
-
-                // get data on this IP.
-                $thisProxyIsTrusted = $this->getXffTrustProvider()->isTrusted($proxyAddress);
-
-                $proxyIsInPrivateRange = $this->getXffTrustProvider()
-                    ->ipInRange(self::$rfc1918ips, $proxyAddress);
-
-                if (!$proxyIsInPrivateRange) {
-                    $proxyReverseDns = $this->getRdnsProvider()->getReverseDNS($proxyAddress);
-                    $proxyLocation = $this->getLocationProvider()->getIpLocation($proxyAddress);
-                }
-                else {
-                    // this is going to fail, so why bother trying?
-                    $proxyReverseDns = false;
-                    $proxyLocation = false;
-                }
-
-                // current trust chain status BEFORE this link
-                $preLinkTrust = $trust;
-
-                // is *this* link trusted? Note, this will be true even if there is an untrusted link before this!
-                $requestProxyData[$proxyIndex]['trustedlink'] = $thisProxyIsTrusted;
-
-                // set the trust status of the chain to this point
-                $trust = $trust & $thisProxyIsTrusted;
-
-                // If this is the origin address, and the chain was trusted before this point, then we can trust
-                // the origin.
-                if ($preLinkTrust && $proxyAddress == $origin) {
-                    // if this is the origin, then we are at the last point in the chain.
-                    // @todo: this is probably the cause of some bugs when an IP appears twice - we're missing a check
-                    // to see if this is *really* the last in the chain, rather than just the same IP as it.
-                    $trust = true;
-                }
-
-                $requestProxyData[$proxyIndex]['trust'] = $trust;
-
-                $requestProxyData[$proxyIndex]['rdnsfailed'] = $proxyReverseDns === false;
-                $requestProxyData[$proxyIndex]['rdns'] = $proxyReverseDns;
-                $requestProxyData[$proxyIndex]['routable'] = !$proxyIsInPrivateRange;
-
-                $requestProxyData[$proxyIndex]['location'] = $proxyLocation;
-
-                if ($proxyReverseDns === $proxyAddress && $proxyIsInPrivateRange === false) {
-                    $requestProxyData[$proxyIndex]['rdns'] = null;
-                }
-
-                $showLinks = (!$trust || $proxyAddress == $origin) && !$proxyIsInPrivateRange;
-                $requestProxyData[$proxyIndex]['showlinks'] = $showLinks;
-
-                $proxyIndex++;
-            }
-
-            $this->assign("requestProxyData", $requestProxyData);
-        }
-    }
+	/**
+	 * @var array Array of IP address classed as 'private' by RFC1918.
+	 */
+	protected static $rfc1918ips = array(
+		"10.0.0.0"    => "10.255.255.255",
+		"172.16.0.0"  => "172.31.255.255",
+		"192.168.0.0" => "192.168.255.255",
+		"169.254.0.0" => "169.254.255.255",
+		"127.0.0.0"   => "127.255.255.255",
+	);
+
+	/**
+	 * Gets a request object
+	 *
+	 * @param PdoDatabase $database  The database connection
+	 * @param int         $requestId The ID of the request to retrieve
+	 *
+	 * @return Request
+	 * @throws ApplicationLogicException
+	 */
+	protected function getRequest(PdoDatabase $database, $requestId)
+	{
+		if ($requestId === null) {
+			throw new ApplicationLogicException("No request specified");
+		}
+
+		$request = Request::getById($requestId, $database);
+		if ($request === false || !is_a($request, Request::class)) {
+			throw new ApplicationLogicException('Could not load the requested request!');
+		}
+
+		return $request;
+	}
+
+	/**
+	 * Returns a value stating whether the user is allowed to see private data or not
+	 *
+	 * @param Request $request
+	 * @param User    $currentUser
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	protected function isAllowedPrivateData(Request $request, User $currentUser)
+	{
+		// Test the main security barrier for private data access using SecurityManager
+		if ($this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData')) {
+			// Tool admins/check-users can always see private data
+			return true;
+		}
+
+		// reserving user is allowed to see the data
+		if ($currentUser->getId() === $request->getReserved()
+			&& $request->getReserved() !== null
+			&& $this->barrierTest('seePrivateDataWhenReserved', $currentUser, 'RequestData')
+		) {
+			return true;
+		}
+
+		// user has the reveal hash
+		if (WebRequest::getString('hash') === $request->getRevealHash()
+			&& $this->barrierTest('seePrivateDataWithHash', $currentUser, 'RequestData')
+		) {
+			return true;
+		}
+
+		// nope. Not allowed.
+		return false;
+	}
+
+	/**
+	 * Tests the security barrier for a specified action.
+	 *
+	 * Don't use within templates
+	 *
+	 * @param string      $action
+	 *
+	 * @param User        $user
+	 * @param null|string $pageName
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	abstract protected function barrierTest($action, User $user, $pageName = null);
+
+	/**
+	 * Gets the name of the route that has been passed from the request router.
+	 * @return string
+	 */
+	abstract protected function getRouteName();
+
+	/** @return SecurityManager */
+	abstract protected function getSecurityManager();
+
+	/**
+	 * Sets the name of the template this page should display.
+	 *
+	 * @param string $name
+	 */
+	abstract protected function setTemplate($name);
+
+	/** @return IXffTrustProvider */
+	abstract protected function getXffTrustProvider();
+
+	/** @return ILocationProvider */
+	abstract protected function getLocationProvider();
+
+	/** @return IRDnsProvider */
+	abstract protected function getRdnsProvider();
+
+	/**
+	 * Assigns a Smarty variable
+	 *
+	 * @param  array|string $name  the template variable name(s)
+	 * @param  mixed        $value the value to assign
+	 */
+	abstract protected function assign($name, $value);
+
+	/**
+	 * @param int         $requestReservationId
+	 * @param PdoDatabase $database
+	 * @param User        $currentUser
+	 */
+	protected function setupReservationDetails($requestReservationId, PdoDatabase $database, User $currentUser)
+	{
+		$requestIsReserved = $requestReservationId !== null;
+		$this->assign('requestIsReserved', $requestIsReserved);
+		$this->assign('requestIsReservedByMe', false);
+
+		if ($requestIsReserved) {
+			$this->assign('requestReservedByName', User::getById($requestReservationId, $database)->getUsername());
+			$this->assign('requestReservedById', $requestReservationId);
+
+			if ($requestReservationId === $currentUser->getId()) {
+				$this->assign('requestIsReservedByMe', true);
+			}
+		}
+
+		$this->assign('canBreakReservation', $this->barrierTest('force', $currentUser, PageBreakReservation::class));
+	}
+
+	/**
+	 * Adds private request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
+	 *
+	 * @param Request           $request
+	 * @param User              $currentUser
+	 * @param SiteConfiguration $configuration
+	 *
+	 * @param PdoDatabase       $database
+	 */
+	protected function setupPrivateData(
+		$request,
+		User $currentUser,
+		SiteConfiguration $configuration,
+		PdoDatabase $database
+	) {
+		$xffProvider = $this->getXffTrustProvider();
+
+		$relatedEmailRequests = RequestSearchHelper::get($database)
+			->byEmailAddress($request->getEmail())
+			->withConfirmedEmail()
+			->excludingPurgedData($configuration)
+			->excludingRequest($request->getId())
+			->fetch();
+
+		$this->assign('requestEmail', $request->getEmail());
+		$emailDomain = explode("@", $request->getEmail())[1];
+		$this->assign("emailurl", $emailDomain);
+		$this->assign('requestRelatedEmailRequestsCount', count($relatedEmailRequests));
+		$this->assign('requestRelatedEmailRequests', $relatedEmailRequests);
+
+		$trustedIp = $xffProvider->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
+		$this->assign('requestTrustedIp', $trustedIp);
+		$this->assign('requestRealIp', $request->getIp());
+		$this->assign('requestForwardedIp', $request->getForwardedIp());
+
+		$trustedIpLocation = $this->getLocationProvider()->getIpLocation($trustedIp);
+		$this->assign('requestTrustedIpLocation', $trustedIpLocation);
+
+		$this->assign('requestHasForwardedIp', $request->getForwardedIp() !== null);
+
+		$relatedIpRequests = RequestSearchHelper::get($database)
+			->byIp($trustedIp)
+			->withConfirmedEmail()
+			->excludingPurgedData($configuration)
+			->excludingRequest($request->getId())
+			->fetch();
+
+		$this->assign('requestRelatedIpRequestsCount', count($relatedIpRequests));
+		$this->assign('requestRelatedIpRequests', $relatedIpRequests);
+
+		$this->assign('showRevealLink', false);
+		if ($request->getReserved() === $currentUser->getId() ||
+			$this->barrierTest('alwaysSeeHash', $currentUser, 'RequestData')
+		) {
+			$this->assign('showRevealLink', true);
+			$this->assign('revealHash', $request->getRevealHash());
+		}
+
+		$this->setupForwardedIpData($request);
+	}
+
+	/**
+	 * Adds checkuser request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
+	 *
+	 * @param Request $request
+	 */
+	protected function setupCheckUserData(Request $request)
+	{
+		$this->assign('requestUserAgent', $request->getUserAgent());
+	}
+
+	/**
+	 * Sets up the basic data for this request, and adds it to Smarty
+	 *
+	 * @param Request           $request
+	 * @param SiteConfiguration $config
+	 */
+	protected function setupBasicData(Request $request, SiteConfiguration $config)
+	{
+		$this->assign('requestId', $request->getId());
+		$this->assign('updateVersion', $request->getUpdateVersion());
+		$this->assign('requestName', $request->getName());
+		$this->assign('requestDate', $request->getDate());
+		$this->assign('requestStatus', $request->getStatus());
+
+		$isClosed = !array_key_exists($request->getStatus(), $config->getRequestStates())
+			&& $request->getStatus() !== RequestStatus::HOSPITAL;
+		$this->assign('requestIsClosed', $isClosed);
+	}
+
+	/**
+	 * Sets up the forwarded IP data for this request and adds it to Smarty
+	 *
+	 * @param Request $request
+	 */
+	protected function setupForwardedIpData(Request $request)
+	{
+		if ($request->getForwardedIp() !== null) {
+			$requestProxyData = array(); // Initialize array to store data to be output in Smarty template.
+			$proxyIndex = 0;
+
+			// Assuming [client] <=> [proxy1] <=> [proxy2] <=> [proxy3] <=> [us], we will see an XFF header of [client],
+			// [proxy1], [proxy2], and our actual IP will be [proxy3]
+			$proxies = explode(",", $request->getForwardedIp());
+			$proxies[] = $request->getIp();
+
+			// Origin is the supposed "client" IP.
+			$origin = $proxies[0];
+			$this->assign("forwardedOrigin", $origin);
+
+			// We step through the servers in reverse order, from closest to furthest
+			$proxies = array_reverse($proxies);
+
+			// By default, we have trust, because the first in the chain is now REMOTE_ADDR, which is hardest to spoof.
+			$trust = true;
+
+			/**
+			 * @var int    $index     The zero-based index of the proxy.
+			 * @var string $proxyData The proxy IP address (although possibly not!)
+			 */
+			foreach ($proxies as $index => $proxyData) {
+				$proxyAddress = trim($proxyData);
+				$requestProxyData[$proxyIndex]['ip'] = $proxyAddress;
+
+				// get data on this IP.
+				$thisProxyIsTrusted = $this->getXffTrustProvider()->isTrusted($proxyAddress);
+
+				$proxyIsInPrivateRange = $this->getXffTrustProvider()
+					->ipInRange(self::$rfc1918ips, $proxyAddress);
+
+				if (!$proxyIsInPrivateRange) {
+					$proxyReverseDns = $this->getRdnsProvider()->getReverseDNS($proxyAddress);
+					$proxyLocation = $this->getLocationProvider()->getIpLocation($proxyAddress);
+				}
+				else {
+					// this is going to fail, so why bother trying?
+					$proxyReverseDns = false;
+					$proxyLocation = false;
+				}
+
+				// current trust chain status BEFORE this link
+				$preLinkTrust = $trust;
+
+				// is *this* link trusted? Note, this will be true even if there is an untrusted link before this!
+				$requestProxyData[$proxyIndex]['trustedlink'] = $thisProxyIsTrusted;
+
+				// set the trust status of the chain to this point
+				$trust = $trust & $thisProxyIsTrusted;
+
+				// If this is the origin address, and the chain was trusted before this point, then we can trust
+				// the origin.
+				if ($preLinkTrust && $proxyAddress == $origin) {
+					// if this is the origin, then we are at the last point in the chain.
+					// @todo: this is probably the cause of some bugs when an IP appears twice - we're missing a check
+					// to see if this is *really* the last in the chain, rather than just the same IP as it.
+					$trust = true;
+				}
+
+				$requestProxyData[$proxyIndex]['trust'] = $trust;
+
+				$requestProxyData[$proxyIndex]['rdnsfailed'] = $proxyReverseDns === false;
+				$requestProxyData[$proxyIndex]['rdns'] = $proxyReverseDns;
+				$requestProxyData[$proxyIndex]['routable'] = !$proxyIsInPrivateRange;
+
+				$requestProxyData[$proxyIndex]['location'] = $proxyLocation;
+
+				if ($proxyReverseDns === $proxyAddress && $proxyIsInPrivateRange === false) {
+					$requestProxyData[$proxyIndex]['rdns'] = null;
+				}
+
+				$showLinks = (!$trust || $proxyAddress == $origin) && !$proxyIsInPrivateRange;
+				$requestProxyData[$proxyIndex]['showlinks'] = $showLinks;
+
+				$proxyIndex++;
+			}
+
+			$this->assign("requestProxyData", $requestProxyData);
+		}
+	}
 }

includes/Router/PublicRequestRouter.php

Doc Comments +1 added lines, -1 removed lines

@@ -47,7 +47,7 @@
     /**
      * Gets the default route if no explicit route is requested.
      *
-     * @return callable
+     * @return string[]
      */
     protected function getDefaultRoute()
     {

Indentation +37 added lines, -37 removed lines

@@ -15,42 +15,42 @@
 
 class PublicRequestRouter extends RequestRouter
 {
-    /**
-     * Gets the route map to be used by this request router.
-     *
-     * @return array
-     */
-    protected function getRouteMap()
-    {
-        return array(
-            // Page showing a message stating the request has been submitted to our internal queues
-            'requestSubmitted'          =>
-                array(
-                    'class'   => PageRequestSubmitted::class,
-                    'actions' => array(),
-                ),
-            // Page showing a message stating that email confirmation is required to continue
-            'emailConfirmationRequired' =>
-                array(
-                    'class'   => PageEmailConfirmationRequired::class,
-                    'actions' => array(),
-                ),
-            // Action page which handles email confirmation
-            'confirmEmail'              =>
-                array(
-                    'class'   => PageConfirmEmail::class,
-                    'actions' => array(),
-                ),
-        );
-    }
+	/**
+	 * Gets the route map to be used by this request router.
+	 *
+	 * @return array
+	 */
+	protected function getRouteMap()
+	{
+		return array(
+			// Page showing a message stating the request has been submitted to our internal queues
+			'requestSubmitted'          =>
+				array(
+					'class'   => PageRequestSubmitted::class,
+					'actions' => array(),
+				),
+			// Page showing a message stating that email confirmation is required to continue
+			'emailConfirmationRequired' =>
+				array(
+					'class'   => PageEmailConfirmationRequired::class,
+					'actions' => array(),
+				),
+			// Action page which handles email confirmation
+			'confirmEmail'              =>
+				array(
+					'class'   => PageConfirmEmail::class,
+					'actions' => array(),
+				),
+		);
+	}
 
-    /**
-     * Gets the default route if no explicit route is requested.
-     *
-     * @return callable
-     */
-    protected function getDefaultRoute()
-    {
-        return array(PageRequestAccount::class, 'main');
-    }
+	/**
+	 * Gets the default route if no explicit route is requested.
+	 *
+	 * @return callable
+	 */
+	protected function getDefaultRoute()
+	{
+		return array(PageRequestAccount::class, 'main');
+	}
 }
\ No newline at end of file

includes/Router/RequestRouter.php

Doc Comments +1 added lines, -1 removed lines

@@ -435,7 +435,7 @@
     }
 
     /**
-     * @return callable
+     * @return string[]
      */
     protected function getDefaultRoute()
     {

Spacing +1 added lines, -1 removed lines

@@ -358,7 +358,7 @@
         $routeMap = $this->routePathSegments($classSegment, $requestedAction);
 
         if ($routeMap[0] === Page404::class) {
-            $routeMap = $this->routeSinglePathSegment($classSegment . '/' . $requestedAction);
+            $routeMap = $this->routeSinglePathSegment($classSegment.'/'.$requestedAction);
         }
 
         return $routeMap;

Unused Use Statements +13 added lines, -13 removed lines

@@ -15,30 +15,20 @@ 
 use Waca\Pages\PageEmailManagement;
 use Waca\Pages\PageExpandedRequestList;
 use Waca\Pages\PageJobQueue;
-use Waca\Pages\RequestAction\PageCreateRequest;
-use Waca\Pages\UserAuth\Login\PageOtpLogin;
-use Waca\Pages\UserAuth\Login\PagePasswordLogin;
-use Waca\Pages\UserAuth\Login\PageU2FLogin;
-use Waca\Pages\UserAuth\PageChangePassword;
-use Waca\Pages\UserAuth\PageForgotPassword;
 use Waca\Pages\PageLog;
-use Waca\Pages\UserAuth\PageLogout;
 use Waca\Pages\PageMain;
-use Waca\Pages\UserAuth\MultiFactor\PageMultiFactor;
-use Waca\Pages\UserAuth\PageOAuth;
-use Waca\Pages\UserAuth\PageOAuthCallback;
-use Waca\Pages\UserAuth\PagePreferences;
-use Waca\Pages\Registration\PageRegisterStandard;
-use Waca\Pages\Registration\PageRegisterOption;
 use Waca\Pages\PageSearch;
 use Waca\Pages\PageSiteNotice;
 use Waca\Pages\PageTeam;
 use Waca\Pages\PageUserManagement;
 use Waca\Pages\PageViewRequest;
 use Waca\Pages\PageWelcomeTemplateManagement;
+use Waca\Pages\Registration\PageRegisterOption;
+use Waca\Pages\Registration\PageRegisterStandard;
 use Waca\Pages\RequestAction\PageBreakReservation;
 use Waca\Pages\RequestAction\PageCloseRequest;
 use Waca\Pages\RequestAction\PageComment;
+use Waca\Pages\RequestAction\PageCreateRequest;
 use Waca\Pages\RequestAction\PageCustomClose;
 use Waca\Pages\RequestAction\PageDeferRequest;
 use Waca\Pages\RequestAction\PageDropRequest;
@@ -52,6 +42,16 @@ 
 use Waca\Pages\Statistics\StatsTemplateStats;
 use Waca\Pages\Statistics\StatsTopCreators;
 use Waca\Pages\Statistics\StatsUsers;
+use Waca\Pages\UserAuth\Login\PageOtpLogin;
+use Waca\Pages\UserAuth\Login\PagePasswordLogin;
+use Waca\Pages\UserAuth\Login\PageU2FLogin;
+use Waca\Pages\UserAuth\MultiFactor\PageMultiFactor;
+use Waca\Pages\UserAuth\PageChangePassword;
+use Waca\Pages\UserAuth\PageForgotPassword;
+use Waca\Pages\UserAuth\PageLogout;
+use Waca\Pages\UserAuth\PageOAuth;
+use Waca\Pages\UserAuth\PageOAuthCallback;
+use Waca\Pages\UserAuth\PagePreferences;
 use Waca\Tasks\IRoutedTask;
 use Waca\WebRequest;
 

Indentation +434 added lines, -434 removed lines

@@ -62,438 +62,438 @@
  */
 class RequestRouter implements IRequestRouter
 {
-    /**
-     * This is the core routing table for the application. The basic idea is:
-     *
-     *      array(
-     *          "foo" =>
-     *              array(
-     *                  "class"   => PageFoo::class,
-     *                  "actions" => array("bar", "other")
-     *              ),
-     * );
-     *
-     * Things to note:
-     *     - If no page is requested, we go to PageMain. PageMain can't have actions defined.
-     *
-     *     - If a page is defined and requested, but no action is requested, go to that page's main() method
-     *     - If a page is defined and requested, and an action is defined and requested, go to that action's method.
-     *     - If a page is defined and requested, and an action NOT defined and requested, go to Page404 and it's main()
-     *       method.
-     *     - If a page is NOT defined and requested, go to Page404 and it's main() method.
-     *
-     *     - Query parameters are ignored.
-     *
-     * The key point here is request routing with validation that this is allowed, before we start hitting the
-     * filesystem through the AutoLoader, and opening random files. Also, so that we validate the action requested
-     * before we start calling random methods through the web UI.
-     *
-     * Examples:
-     * /internal.php                => returns instance of PageMain, routed to main()
-     * /internal.php?query          => returns instance of PageMain, routed to main()
-     * /internal.php/foo            => returns instance of PageFoo, routed to main()
-     * /internal.php/foo?query      => returns instance of PageFoo, routed to main()
-     * /internal.php/foo/bar        => returns instance of PageFoo, routed to bar()
-     * /internal.php/foo/bar?query  => returns instance of PageFoo, routed to bar()
-     * /internal.php/foo/baz        => returns instance of Page404, routed to main()
-     * /internal.php/foo/baz?query  => returns instance of Page404, routed to main()
-     * /internal.php/bar            => returns instance of Page404, routed to main()
-     * /internal.php/bar?query      => returns instance of Page404, routed to main()
-     * /internal.php/bar/baz        => returns instance of Page404, routed to main()
-     * /internal.php/bar/baz?query  => returns instance of Page404, routed to main()
-     *
-     * Take care when changing this - a lot of places rely on the array key for redirects and other links. If you need
-     * to change the key, then you'll likely have to update a lot of files.
-     *
-     * @var array
-     */
-    private $routeMap = array(
-
-        //////////////////////////////////////////////////////////////////////////////////////////////////
-        // Login and registration
-        'logout'                      =>
-            array(
-                'class'   => PageLogout::class,
-                'actions' => array(),
-            ),
-        'login'                       =>
-            array(
-                'class'   => PagePasswordLogin::class,
-                'actions' => array(),
-            ),
-        'login/otp'                   =>
-            array(
-                'class'   => PageOtpLogin::class,
-                'actions' => array(),
-            ),
-        'login/u2f'                   =>
-            array(
-                'class'   => PageU2FLogin::class,
-                'actions' => array(),
-            ),
-        'forgotPassword'              =>
-            array(
-                'class'   => PageForgotPassword::class,
-                'actions' => array('reset'),
-            ),
-        'register'                    =>
-            array(
-                'class'   => PageRegisterOption::class,
-                'actions' => array(),
-            ),
-        'register/standard'           =>
-            array(
-                'class'   => PageRegisterStandard::class,
-                'actions' => array('done'),
-            ),
-
-        //////////////////////////////////////////////////////////////////////////////////////////////////
-        // Discovery
-        'search'                      =>
-            array(
-                'class'   => PageSearch::class,
-                'actions' => array(),
-            ),
-        'logs'                        =>
-            array(
-                'class'   => PageLog::class,
-                'actions' => array(),
-            ),
-
-        //////////////////////////////////////////////////////////////////////////////////////////////////
-        // Administration
-        'bans'                        =>
-            array(
-                'class'   => PageBan::class,
-                'actions' => array('set', 'remove'),
-            ),
-        'userManagement'              =>
-            array(
-                'class'   => PageUserManagement::class,
-                'actions' => array(
-                    'approve',
-                    'decline',
-                    'rename',
-                    'editUser',
-                    'suspend',
-                    'editRoles',
-                ),
-            ),
-        'siteNotice'                  =>
-            array(
-                'class'   => PageSiteNotice::class,
-                'actions' => array(),
-            ),
-        'emailManagement'             =>
-            array(
-                'class'   => PageEmailManagement::class,
-                'actions' => array('create', 'edit', 'view'),
-            ),
-        'jobQueue'                    =>
-            array(
-                'class'   => PageJobQueue::class,
-                'actions' => array('acknowledge', 'requeue', 'view', 'all'),
-            ),
-
-        //////////////////////////////////////////////////////////////////////////////////////////////////
-        // Personal preferences
-        'preferences'                 =>
-            array(
-                'class'   => PagePreferences::class,
-                'actions' => array(),
-            ),
-        'changePassword'              =>
-            array(
-                'class'   => PageChangePassword::class,
-                'actions' => array(),
-            ),
-        'multiFactor'                 =>
-            array(
-                'class'   => PageMultiFactor::class,
-                'actions' => array(
-                    'scratch',
-                    'enableYubikeyOtp',
-                    'disableYubikeyOtp',
-                    'enableTotp',
-                    'disableTotp',
-                    'enableU2F',
-                    'disableU2F',
-                ),
-            ),
-        'oauth'                       =>
-            array(
-                'class'   => PageOAuth::class,
-                'actions' => array('detach', 'attach'),
-            ),
-        'oauth/callback'              =>
-            array(
-                'class'   => PageOAuthCallback::class,
-                'actions' => array('authorise', 'create'),
-            ),
-
-        //////////////////////////////////////////////////////////////////////////////////////////////////
-        // Welcomer configuration
-        'welcomeTemplates'            =>
-            array(
-                'class'   => PageWelcomeTemplateManagement::class,
-                'actions' => array('select', 'edit', 'delete', 'add', 'view'),
-            ),
-
-        //////////////////////////////////////////////////////////////////////////////////////////////////
-        // Statistics
-        'statistics'                  =>
-            array(
-                'class'   => StatsMain::class,
-                'actions' => array(),
-            ),
-        'statistics/fastCloses'       =>
-            array(
-                'class'   => StatsFastCloses::class,
-                'actions' => array(),
-            ),
-        'statistics/inactiveUsers'    =>
-            array(
-                'class'   => StatsInactiveUsers::class,
-                'actions' => array(),
-            ),
-        'statistics/monthlyStats'     =>
-            array(
-                'class'   => StatsMonthlyStats::class,
-                'actions' => array(),
-            ),
-        'statistics/reservedRequests' =>
-            array(
-                'class'   => StatsReservedRequests::class,
-                'actions' => array(),
-            ),
-        'statistics/templateStats'    =>
-            array(
-                'class'   => StatsTemplateStats::class,
-                'actions' => array(),
-            ),
-        'statistics/topCreators'      =>
-            array(
-                'class'   => StatsTopCreators::class,
-                'actions' => array(),
-            ),
-        'statistics/users'            =>
-            array(
-                'class'   => StatsUsers::class,
-                'actions' => array('detail'),
-            ),
-
-        //////////////////////////////////////////////////////////////////////////////////////////////////
-        // Zoom page
-        'viewRequest'                 =>
-            array(
-                'class'   => PageViewRequest::class,
-                'actions' => array(),
-            ),
-        'viewRequest/reserve'         =>
-            array(
-                'class'   => PageReservation::class,
-                'actions' => array(),
-            ),
-        'viewRequest/breakReserve'    =>
-            array(
-                'class'   => PageBreakReservation::class,
-                'actions' => array(),
-            ),
-        'viewRequest/defer'           =>
-            array(
-                'class'   => PageDeferRequest::class,
-                'actions' => array(),
-            ),
-        'viewRequest/comment'         =>
-            array(
-                'class'   => PageComment::class,
-                'actions' => array(),
-            ),
-        'viewRequest/sendToUser'      =>
-            array(
-                'class'   => PageSendToUser::class,
-                'actions' => array(),
-            ),
-        'viewRequest/close'           =>
-            array(
-                'class'   => PageCloseRequest::class,
-                'actions' => array(),
-            ),
-        'viewRequest/create'          =>
-            array(
-                'class'   => PageCreateRequest::class,
-                'actions' => array(),
-            ),
-        'viewRequest/drop'            =>
-            array(
-                'class'   => PageDropRequest::class,
-                'actions' => array(),
-            ),
-        'viewRequest/custom'          =>
-            array(
-                'class'   => PageCustomClose::class,
-                'actions' => array(),
-            ),
-        'editComment'                 =>
-            array(
-                'class'   => PageEditComment::class,
-                'actions' => array(),
-            ),
-
-        //////////////////////////////////////////////////////////////////////////////////////////////////
-        // Misc stuff
-        'team'                        =>
-            array(
-                'class'   => PageTeam::class,
-                'actions' => array(),
-            ),
-        'requestList'                 =>
-            array(
-                'class'   => PageExpandedRequestList::class,
-                'actions' => array(),
-            ),
-    );
-
-    /**
-     * @return IRoutedTask
-     * @throws Exception
-     */
-    final public function route()
-    {
-        $pathInfo = WebRequest::pathInfo();
-
-        list($pageClass, $action) = $this->getRouteFromPath($pathInfo);
-
-        /** @var IRoutedTask $page */
-        $page = new $pageClass();
-
-        // Dynamic creation, so we've got to be careful here. We can't use built-in language type protection, so
-        // let's use our own.
-        if (!($page instanceof IRoutedTask)) {
-            throw new Exception('Expected a page, but this is not a page.');
-        }
-
-        // OK, I'm happy at this point that we know we're running a page, and we know it's probably what we want if it
-        // inherits PageBase and has been created from the routing map.
-        $page->setRoute($action);
-
-        return $page;
-    }
-
-    /**
-     * @param $pathInfo
-     *
-     * @return array
-     */
-    protected function getRouteFromPath($pathInfo)
-    {
-        if (count($pathInfo) === 0) {
-            // No pathInfo, so no page to load. Load the main page.
-            return $this->getDefaultRoute();
-        }
-        elseif (count($pathInfo) === 1) {
-            // Exactly one path info segment, it's got to be a page.
-            $classSegment = $pathInfo[0];
-
-            return $this->routeSinglePathSegment($classSegment);
-        }
-
-        // OK, we have two or more segments now.
-        if (count($pathInfo) > 2) {
-            // Let's handle more than two, and collapse it down into two.
-            $requestedAction = array_pop($pathInfo);
-            $classSegment = implode('/', $pathInfo);
-        }
-        else {
-            // Two path info segments.
-            $classSegment = $pathInfo[0];
-            $requestedAction = $pathInfo[1];
-        }
-
-        $routeMap = $this->routePathSegments($classSegment, $requestedAction);
-
-        if ($routeMap[0] === Page404::class) {
-            $routeMap = $this->routeSinglePathSegment($classSegment . '/' . $requestedAction);
-        }
-
-        return $routeMap;
-    }
-
-    /**
-     * @param $classSegment
-     *
-     * @return array
-     */
-    final protected function routeSinglePathSegment($classSegment)
-    {
-        $routeMap = $this->getRouteMap();
-        if (array_key_exists($classSegment, $routeMap)) {
-            // Route exists, but we don't have an action in path info, so default to main.
-            $pageClass = $routeMap[$classSegment]['class'];
-            $action = 'main';
-
-            return array($pageClass, $action);
-        }
-        else {
-            // Doesn't exist in map. Fall back to 404
-            $pageClass = Page404::class;
-            $action = "main";
-
-            return array($pageClass, $action);
-        }
-    }
-
-    /**
-     * @param $classSegment
-     * @param $requestedAction
-     *
-     * @return array
-     */
-    final protected function routePathSegments($classSegment, $requestedAction)
-    {
-        $routeMap = $this->getRouteMap();
-        if (array_key_exists($classSegment, $routeMap)) {
-            // Route exists, but we don't have an action in path info, so default to main.
-
-            if (isset($routeMap[$classSegment]['actions'])
-                && array_search($requestedAction, $routeMap[$classSegment]['actions']) !== false
-            ) {
-                // Action exists in allowed action list. Allow both the page and the action
-                $pageClass = $routeMap[$classSegment]['class'];
-                $action = $requestedAction;
-
-                return array($pageClass, $action);
-            }
-            else {
-                // Valid page, invalid action. 404 our way out.
-                $pageClass = Page404::class;
-                $action = 'main';
-
-                return array($pageClass, $action);
-            }
-        }
-        else {
-            // Class doesn't exist in map. Fall back to 404
-            $pageClass = Page404::class;
-            $action = 'main';
-
-            return array($pageClass, $action);
-        }
-    }
-
-    /**
-     * @return array
-     */
-    protected function getRouteMap()
-    {
-        return $this->routeMap;
-    }
-
-    /**
-     * @return callable
-     */
-    protected function getDefaultRoute()
-    {
-        return array(PageMain::class, "main");
-    }
+	/**
+	 * This is the core routing table for the application. The basic idea is:
+	 *
+	 *      array(
+	 *          "foo" =>
+	 *              array(
+	 *                  "class"   => PageFoo::class,
+	 *                  "actions" => array("bar", "other")
+	 *              ),
+	 * );
+	 *
+	 * Things to note:
+	 *     - If no page is requested, we go to PageMain. PageMain can't have actions defined.
+	 *
+	 *     - If a page is defined and requested, but no action is requested, go to that page's main() method
+	 *     - If a page is defined and requested, and an action is defined and requested, go to that action's method.
+	 *     - If a page is defined and requested, and an action NOT defined and requested, go to Page404 and it's main()
+	 *       method.
+	 *     - If a page is NOT defined and requested, go to Page404 and it's main() method.
+	 *
+	 *     - Query parameters are ignored.
+	 *
+	 * The key point here is request routing with validation that this is allowed, before we start hitting the
+	 * filesystem through the AutoLoader, and opening random files. Also, so that we validate the action requested
+	 * before we start calling random methods through the web UI.
+	 *
+	 * Examples:
+	 * /internal.php                => returns instance of PageMain, routed to main()
+	 * /internal.php?query          => returns instance of PageMain, routed to main()
+	 * /internal.php/foo            => returns instance of PageFoo, routed to main()
+	 * /internal.php/foo?query      => returns instance of PageFoo, routed to main()
+	 * /internal.php/foo/bar        => returns instance of PageFoo, routed to bar()
+	 * /internal.php/foo/bar?query  => returns instance of PageFoo, routed to bar()
+	 * /internal.php/foo/baz        => returns instance of Page404, routed to main()
+	 * /internal.php/foo/baz?query  => returns instance of Page404, routed to main()
+	 * /internal.php/bar            => returns instance of Page404, routed to main()
+	 * /internal.php/bar?query      => returns instance of Page404, routed to main()
+	 * /internal.php/bar/baz        => returns instance of Page404, routed to main()
+	 * /internal.php/bar/baz?query  => returns instance of Page404, routed to main()
+	 *
+	 * Take care when changing this - a lot of places rely on the array key for redirects and other links. If you need
+	 * to change the key, then you'll likely have to update a lot of files.
+	 *
+	 * @var array
+	 */
+	private $routeMap = array(
+
+		//////////////////////////////////////////////////////////////////////////////////////////////////
+		// Login and registration
+		'logout'                      =>
+			array(
+				'class'   => PageLogout::class,
+				'actions' => array(),
+			),
+		'login'                       =>
+			array(
+				'class'   => PagePasswordLogin::class,
+				'actions' => array(),
+			),
+		'login/otp'                   =>
+			array(
+				'class'   => PageOtpLogin::class,
+				'actions' => array(),
+			),
+		'login/u2f'                   =>
+			array(
+				'class'   => PageU2FLogin::class,
+				'actions' => array(),
+			),
+		'forgotPassword'              =>
+			array(
+				'class'   => PageForgotPassword::class,
+				'actions' => array('reset'),
+			),
+		'register'                    =>
+			array(
+				'class'   => PageRegisterOption::class,
+				'actions' => array(),
+			),
+		'register/standard'           =>
+			array(
+				'class'   => PageRegisterStandard::class,
+				'actions' => array('done'),
+			),
+
+		//////////////////////////////////////////////////////////////////////////////////////////////////
+		// Discovery
+		'search'                      =>
+			array(
+				'class'   => PageSearch::class,
+				'actions' => array(),
+			),
+		'logs'                        =>
+			array(
+				'class'   => PageLog::class,
+				'actions' => array(),
+			),
+
+		//////////////////////////////////////////////////////////////////////////////////////////////////
+		// Administration
+		'bans'                        =>
+			array(
+				'class'   => PageBan::class,
+				'actions' => array('set', 'remove'),
+			),
+		'userManagement'              =>
+			array(
+				'class'   => PageUserManagement::class,
+				'actions' => array(
+					'approve',
+					'decline',
+					'rename',
+					'editUser',
+					'suspend',
+					'editRoles',
+				),
+			),
+		'siteNotice'                  =>
+			array(
+				'class'   => PageSiteNotice::class,
+				'actions' => array(),
+			),
+		'emailManagement'             =>
+			array(
+				'class'   => PageEmailManagement::class,
+				'actions' => array('create', 'edit', 'view'),
+			),
+		'jobQueue'                    =>
+			array(
+				'class'   => PageJobQueue::class,
+				'actions' => array('acknowledge', 'requeue', 'view', 'all'),
+			),
+
+		//////////////////////////////////////////////////////////////////////////////////////////////////
+		// Personal preferences
+		'preferences'                 =>
+			array(
+				'class'   => PagePreferences::class,
+				'actions' => array(),
+			),
+		'changePassword'              =>
+			array(
+				'class'   => PageChangePassword::class,
+				'actions' => array(),
+			),
+		'multiFactor'                 =>
+			array(
+				'class'   => PageMultiFactor::class,
+				'actions' => array(
+					'scratch',
+					'enableYubikeyOtp',
+					'disableYubikeyOtp',
+					'enableTotp',
+					'disableTotp',
+					'enableU2F',
+					'disableU2F',
+				),
+			),
+		'oauth'                       =>
+			array(
+				'class'   => PageOAuth::class,
+				'actions' => array('detach', 'attach'),
+			),
+		'oauth/callback'              =>
+			array(
+				'class'   => PageOAuthCallback::class,
+				'actions' => array('authorise', 'create'),
+			),
+
+		//////////////////////////////////////////////////////////////////////////////////////////////////
+		// Welcomer configuration
+		'welcomeTemplates'            =>
+			array(
+				'class'   => PageWelcomeTemplateManagement::class,
+				'actions' => array('select', 'edit', 'delete', 'add', 'view'),
+			),
+
+		//////////////////////////////////////////////////////////////////////////////////////////////////
+		// Statistics
+		'statistics'                  =>
+			array(
+				'class'   => StatsMain::class,
+				'actions' => array(),
+			),
+		'statistics/fastCloses'       =>
+			array(
+				'class'   => StatsFastCloses::class,
+				'actions' => array(),
+			),
+		'statistics/inactiveUsers'    =>
+			array(
+				'class'   => StatsInactiveUsers::class,
+				'actions' => array(),
+			),
+		'statistics/monthlyStats'     =>
+			array(
+				'class'   => StatsMonthlyStats::class,
+				'actions' => array(),
+			),
+		'statistics/reservedRequests' =>
+			array(
+				'class'   => StatsReservedRequests::class,
+				'actions' => array(),
+			),
+		'statistics/templateStats'    =>
+			array(
+				'class'   => StatsTemplateStats::class,
+				'actions' => array(),
+			),
+		'statistics/topCreators'      =>
+			array(
+				'class'   => StatsTopCreators::class,
+				'actions' => array(),
+			),
+		'statistics/users'            =>
+			array(
+				'class'   => StatsUsers::class,
+				'actions' => array('detail'),
+			),
+
+		//////////////////////////////////////////////////////////////////////////////////////////////////
+		// Zoom page
+		'viewRequest'                 =>
+			array(
+				'class'   => PageViewRequest::class,
+				'actions' => array(),
+			),
+		'viewRequest/reserve'         =>
+			array(
+				'class'   => PageReservation::class,
+				'actions' => array(),
+			),
+		'viewRequest/breakReserve'    =>
+			array(
+				'class'   => PageBreakReservation::class,
+				'actions' => array(),
+			),
+		'viewRequest/defer'           =>
+			array(
+				'class'   => PageDeferRequest::class,
+				'actions' => array(),
+			),
+		'viewRequest/comment'         =>
+			array(
+				'class'   => PageComment::class,
+				'actions' => array(),
+			),
+		'viewRequest/sendToUser'      =>
+			array(
+				'class'   => PageSendToUser::class,
+				'actions' => array(),
+			),
+		'viewRequest/close'           =>
+			array(
+				'class'   => PageCloseRequest::class,
+				'actions' => array(),
+			),
+		'viewRequest/create'          =>
+			array(
+				'class'   => PageCreateRequest::class,
+				'actions' => array(),
+			),
+		'viewRequest/drop'            =>
+			array(
+				'class'   => PageDropRequest::class,
+				'actions' => array(),
+			),
+		'viewRequest/custom'          =>
+			array(
+				'class'   => PageCustomClose::class,
+				'actions' => array(),
+			),
+		'editComment'                 =>
+			array(
+				'class'   => PageEditComment::class,
+				'actions' => array(),
+			),
+
+		//////////////////////////////////////////////////////////////////////////////////////////////////
+		// Misc stuff
+		'team'                        =>
+			array(
+				'class'   => PageTeam::class,
+				'actions' => array(),
+			),
+		'requestList'                 =>
+			array(
+				'class'   => PageExpandedRequestList::class,
+				'actions' => array(),
+			),
+	);
+
+	/**
+	 * @return IRoutedTask
+	 * @throws Exception
+	 */
+	final public function route()
+	{
+		$pathInfo = WebRequest::pathInfo();
+
+		list($pageClass, $action) = $this->getRouteFromPath($pathInfo);
+
+		/** @var IRoutedTask $page */
+		$page = new $pageClass();
+
+		// Dynamic creation, so we've got to be careful here. We can't use built-in language type protection, so
+		// let's use our own.
+		if (!($page instanceof IRoutedTask)) {
+			throw new Exception('Expected a page, but this is not a page.');
+		}
+
+		// OK, I'm happy at this point that we know we're running a page, and we know it's probably what we want if it
+		// inherits PageBase and has been created from the routing map.
+		$page->setRoute($action);
+
+		return $page;
+	}
+
+	/**
+	 * @param $pathInfo
+	 *
+	 * @return array
+	 */
+	protected function getRouteFromPath($pathInfo)
+	{
+		if (count($pathInfo) === 0) {
+			// No pathInfo, so no page to load. Load the main page.
+			return $this->getDefaultRoute();
+		}
+		elseif (count($pathInfo) === 1) {
+			// Exactly one path info segment, it's got to be a page.
+			$classSegment = $pathInfo[0];
+
+			return $this->routeSinglePathSegment($classSegment);
+		}
+
+		// OK, we have two or more segments now.
+		if (count($pathInfo) > 2) {
+			// Let's handle more than two, and collapse it down into two.
+			$requestedAction = array_pop($pathInfo);
+			$classSegment = implode('/', $pathInfo);
+		}
+		else {
+			// Two path info segments.
+			$classSegment = $pathInfo[0];
+			$requestedAction = $pathInfo[1];
+		}
+
+		$routeMap = $this->routePathSegments($classSegment, $requestedAction);
+
+		if ($routeMap[0] === Page404::class) {
+			$routeMap = $this->routeSinglePathSegment($classSegment . '/' . $requestedAction);
+		}
+
+		return $routeMap;
+	}
+
+	/**
+	 * @param $classSegment
+	 *
+	 * @return array
+	 */
+	final protected function routeSinglePathSegment($classSegment)
+	{
+		$routeMap = $this->getRouteMap();
+		if (array_key_exists($classSegment, $routeMap)) {
+			// Route exists, but we don't have an action in path info, so default to main.
+			$pageClass = $routeMap[$classSegment]['class'];
+			$action = 'main';
+
+			return array($pageClass, $action);
+		}
+		else {
+			// Doesn't exist in map. Fall back to 404
+			$pageClass = Page404::class;
+			$action = "main";
+
+			return array($pageClass, $action);
+		}
+	}
+
+	/**
+	 * @param $classSegment
+	 * @param $requestedAction
+	 *
+	 * @return array
+	 */
+	final protected function routePathSegments($classSegment, $requestedAction)
+	{
+		$routeMap = $this->getRouteMap();
+		if (array_key_exists($classSegment, $routeMap)) {
+			// Route exists, but we don't have an action in path info, so default to main.
+
+			if (isset($routeMap[$classSegment]['actions'])
+				&& array_search($requestedAction, $routeMap[$classSegment]['actions']) !== false
+			) {
+				// Action exists in allowed action list. Allow both the page and the action
+				$pageClass = $routeMap[$classSegment]['class'];
+				$action = $requestedAction;
+
+				return array($pageClass, $action);
+			}
+			else {
+				// Valid page, invalid action. 404 our way out.
+				$pageClass = Page404::class;
+				$action = 'main';
+
+				return array($pageClass, $action);
+			}
+		}
+		else {
+			// Class doesn't exist in map. Fall back to 404
+			$pageClass = Page404::class;
+			$action = 'main';
+
+			return array($pageClass, $action);
+		}
+	}
+
+	/**
+	 * @return array
+	 */
+	protected function getRouteMap()
+	{
+		return $this->routeMap;
+	}
+
+	/**
+	 * @return callable
+	 */
+	protected function getDefaultRoute()
+	{
+		return array(PageMain::class, "main");
+	}
 }

includes/Tasks/IRoutedTask.php

Indentation +16 added lines, -16 removed lines

@@ -12,21 +12,21 @@
 
 interface IRoutedTask extends ITask
 {
-    /**
-     * Sets the route the request will take. Only should be called from the request router.
-     *
-     * @param $routeName string
-     *
-     * @return void
-     *
-     * @throws Exception
-     * @category Security-Critical
-     */
-    public function setRoute($routeName);
+	/**
+	 * Sets the route the request will take. Only should be called from the request router.
+	 *
+	 * @param $routeName string
+	 *
+	 * @return void
+	 *
+	 * @throws Exception
+	 * @category Security-Critical
+	 */
+	public function setRoute($routeName);
 
-    /**
-     * Gets the name of the route that has been passed from the request router.
-     * @return string
-     */
-    public function getRouteName();
+	/**
+	 * Gets the name of the route that has been passed from the request router.
+	 * @return string
+	 */
+	public function getRouteName();
 }
\ No newline at end of file

includes/Tasks/ApiPageBase.php

Indentation +93 added lines, -93 removed lines

@@ -16,97 +16,97 @@
 
 abstract class ApiPageBase extends TaskBase implements IRoutedTask, IApiAction
 {
-    /**
-     * API result document
-     * @var DOMDocument
-     */
-    protected $document;
-
-    public function __construct()
-    {
-        $this->document = new DOMDocument('1.0');
-    }
-
-    final public function execute()
-    {
-        $this->main();
-    }
-
-    /**
-     * @param string $routeName
-     */
-    public function setRoute($routeName)
-    {
-        // no-op
-    }
-
-    /**
-     * @return string
-     */
-    public function getRouteName()
-    {
-        return 'main';
-    }
-
-    /**
-     * Main function for this page, when no specific actions are called.
-     *
-     * @throws ApiException
-     * @return void
-     */
-    final protected function main()
-    {
-        if (headers_sent()) {
-            throw new ApiException('Headers have already been sent - this indicates a bug in the application!');
-        }
-
-        header("Content-Type: text/xml");
-
-        // javascript access control
-        $httpOrigin = WebRequest::origin();
-
-        if ($httpOrigin !== null) {
-            $CORSallowed = $this->getSiteConfiguration()->getCrossOriginResourceSharingHosts();
-
-            if (in_array($httpOrigin, $CORSallowed)) {
-                header("Access-Control-Allow-Origin: " . $httpOrigin);
-            }
-        }
-
-        $responseData = $this->runApiPage();
-
-        ob_end_clean();
-        print($responseData);
-        ob_start();
-    }
-
-    /**
-     * Method that runs API action
-     *
-     * @param DOMElement $apiDocument
-     *
-     * @return DOMElement
-     */
-    abstract public function executeApiAction(DOMElement $apiDocument);
-
-    /**
-     * @return string
-     */
-    final public function runApiPage()
-    {
-        $apiDocument = $this->document->createElement("api");
-
-        try {
-            $apiDocument = $this->executeApiAction($apiDocument);
-        }
-        catch (ApiException $ex) {
-            $exception = $this->document->createElement("error");
-            $exception->setAttribute("message", $ex->getMessage());
-            $apiDocument->appendChild($exception);
-        }
-
-        $this->document->appendChild($apiDocument);
-
-        return $this->document->saveXML();
-    }
+	/**
+	 * API result document
+	 * @var DOMDocument
+	 */
+	protected $document;
+
+	public function __construct()
+	{
+		$this->document = new DOMDocument('1.0');
+	}
+
+	final public function execute()
+	{
+		$this->main();
+	}
+
+	/**
+	 * @param string $routeName
+	 */
+	public function setRoute($routeName)
+	{
+		// no-op
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getRouteName()
+	{
+		return 'main';
+	}
+
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 *
+	 * @throws ApiException
+	 * @return void
+	 */
+	final protected function main()
+	{
+		if (headers_sent()) {
+			throw new ApiException('Headers have already been sent - this indicates a bug in the application!');
+		}
+
+		header("Content-Type: text/xml");
+
+		// javascript access control
+		$httpOrigin = WebRequest::origin();
+
+		if ($httpOrigin !== null) {
+			$CORSallowed = $this->getSiteConfiguration()->getCrossOriginResourceSharingHosts();
+
+			if (in_array($httpOrigin, $CORSallowed)) {
+				header("Access-Control-Allow-Origin: " . $httpOrigin);
+			}
+		}
+
+		$responseData = $this->runApiPage();
+
+		ob_end_clean();
+		print($responseData);
+		ob_start();
+	}
+
+	/**
+	 * Method that runs API action
+	 *
+	 * @param DOMElement $apiDocument
+	 *
+	 * @return DOMElement
+	 */
+	abstract public function executeApiAction(DOMElement $apiDocument);
+
+	/**
+	 * @return string
+	 */
+	final public function runApiPage()
+	{
+		$apiDocument = $this->document->createElement("api");
+
+		try {
+			$apiDocument = $this->executeApiAction($apiDocument);
+		}
+		catch (ApiException $ex) {
+			$exception = $this->document->createElement("error");
+			$exception->setAttribute("message", $ex->getMessage());
+			$apiDocument->appendChild($exception);
+		}
+
+		$this->document->appendChild($apiDocument);
+
+		return $this->document->saveXML();
+	}
 }
\ No newline at end of file

Spacing +1 added lines, -1 removed lines

@@ -69,7 +69,7 @@
             $CORSallowed = $this->getSiteConfiguration()->getCrossOriginResourceSharingHosts();
 
             if (in_array($httpOrigin, $CORSallowed)) {
-                header("Access-Control-Allow-Origin: " . $httpOrigin);
+                header("Access-Control-Allow-Origin: ".$httpOrigin);
             }
         }
 

includes/Tasks/PublicInterfacePageBase.php

Indentation +15 added lines, -15 removed lines

@@ -10,21 +10,21 @@
 
 abstract class PublicInterfacePageBase extends PageBase
 {
-    /**
-     * PublicInterfaceInternalPageBase constructor.
-     */
-    public function __construct()
-    {
-        $this->template = 'publicbase.tpl';
-    }
+	/**
+	 * PublicInterfaceInternalPageBase constructor.
+	 */
+	public function __construct()
+	{
+		$this->template = 'publicbase.tpl';
+	}
 
-    final public function execute()
-    {
-        parent::execute();
-    }
+	final public function execute()
+	{
+		parent::execute();
+	}
 
-    final public function finalisePage()
-    {
-        parent::finalisePage();
-    }
+	final public function finalisePage()
+	{
+		parent::finalisePage();
+	}
 }
\ No newline at end of file

includes/DataObject.php

Indentation +120 added lines, -120 removed lines

@@ -23,124 +23,124 @@
  */
 abstract class DataObject
 {
-    /** @var int ID of the object */
-    protected $id = null;
-    /** @var int update version for optimistic locking */
-    protected $updateversion = 0;
-    /**
-     * @var PdoDatabase
-     */
-    protected $dbObject;
-
-    /**
-     * Retrieves a data object by it's row ID.
-     *
-     * @param int         $id
-     * @param PdoDatabase $database
-     *
-     * @return DataObject|false
-     */
-    public static function getById($id, PdoDatabase $database)
-    {
-        $array = explode('\\', get_called_class());
-        $realClassName = strtolower(end($array));
-
-        $statement = $database->prepare("SELECT * FROM {$realClassName} WHERE id = :id LIMIT 1;");
-        $statement->bindValue(":id", $id);
-
-        $statement->execute();
-
-        $resultObject = $statement->fetchObject(get_called_class());
-
-        if ($resultObject != false) {
-            $resultObject->setDatabase($database);
-        }
-
-        return $resultObject;
-    }
-
-    public function setDatabase(PdoDatabase $db)
-    {
-        $this->dbObject = $db;
-    }
-
-    /**
-     * Gets the database associated with this data object.
-     * @return PdoDatabase
-     */
-    public function getDatabase()
-    {
-        return $this->dbObject;
-    }
-
-    /**
-     * Saves a data object to the database, either updating or inserting a record.
-     *
-     * @return void
-     */
-    abstract public function save();
-
-    /**
-     * Retrieves the ID attribute
-     */
-    public function getId()
-    {
-        return (int)$this->id;
-    }
-
-    /**
-     * Deletes the object from the database
-     */
-    public function delete()
-    {
-        if ($this->id === null) {
-            // wtf?
-            return;
-        }
-
-        $array = explode('\\', get_called_class());
-        $realClassName = strtolower(end($array));
-
-        $deleteQuery = "DELETE FROM {$realClassName} WHERE id = :id AND updateversion = :updateversion LIMIT 1;";
-        $statement = $this->dbObject->prepare($deleteQuery);
-
-        $statement->bindValue(":id", $this->id);
-        $statement->bindValue(":updateversion", $this->updateversion);
-        $statement->execute();
-
-        if ($statement->rowCount() !== 1) {
-            throw new OptimisticLockFailedException();
-        }
-
-        $this->id = null;
-    }
-
-    /**
-     * @return int
-     */
-    public function getUpdateVersion()
-    {
-        return $this->updateversion;
-    }
-
-    /**
-     * Sets the update version.
-     *
-     * You should never call this to change the value of the update version. You should only call it when passing user
-     * input through.
-     *
-     * @param int $updateVersion
-     */
-    public function setUpdateVersion($updateVersion)
-    {
-        $this->updateversion = $updateVersion;
-    }
-
-    /**
-     * @return bool
-     */
-    public function isNew()
-    {
-        return $this->id === null;
-    }
+	/** @var int ID of the object */
+	protected $id = null;
+	/** @var int update version for optimistic locking */
+	protected $updateversion = 0;
+	/**
+	 * @var PdoDatabase
+	 */
+	protected $dbObject;
+
+	/**
+	 * Retrieves a data object by it's row ID.
+	 *
+	 * @param int         $id
+	 * @param PdoDatabase $database
+	 *
+	 * @return DataObject|false
+	 */
+	public static function getById($id, PdoDatabase $database)
+	{
+		$array = explode('\\', get_called_class());
+		$realClassName = strtolower(end($array));
+
+		$statement = $database->prepare("SELECT * FROM {$realClassName} WHERE id = :id LIMIT 1;");
+		$statement->bindValue(":id", $id);
+
+		$statement->execute();
+
+		$resultObject = $statement->fetchObject(get_called_class());
+
+		if ($resultObject != false) {
+			$resultObject->setDatabase($database);
+		}
+
+		return $resultObject;
+	}
+
+	public function setDatabase(PdoDatabase $db)
+	{
+		$this->dbObject = $db;
+	}
+
+	/**
+	 * Gets the database associated with this data object.
+	 * @return PdoDatabase
+	 */
+	public function getDatabase()
+	{
+		return $this->dbObject;
+	}
+
+	/**
+	 * Saves a data object to the database, either updating or inserting a record.
+	 *
+	 * @return void
+	 */
+	abstract public function save();
+
+	/**
+	 * Retrieves the ID attribute
+	 */
+	public function getId()
+	{
+		return (int)$this->id;
+	}
+
+	/**
+	 * Deletes the object from the database
+	 */
+	public function delete()
+	{
+		if ($this->id === null) {
+			// wtf?
+			return;
+		}
+
+		$array = explode('\\', get_called_class());
+		$realClassName = strtolower(end($array));
+
+		$deleteQuery = "DELETE FROM {$realClassName} WHERE id = :id AND updateversion = :updateversion LIMIT 1;";
+		$statement = $this->dbObject->prepare($deleteQuery);
+
+		$statement->bindValue(":id", $this->id);
+		$statement->bindValue(":updateversion", $this->updateversion);
+		$statement->execute();
+
+		if ($statement->rowCount() !== 1) {
+			throw new OptimisticLockFailedException();
+		}
+
+		$this->id = null;
+	}
+
+	/**
+	 * @return int
+	 */
+	public function getUpdateVersion()
+	{
+		return $this->updateversion;
+	}
+
+	/**
+	 * Sets the update version.
+	 *
+	 * You should never call this to change the value of the update version. You should only call it when passing user
+	 * input through.
+	 *
+	 * @param int $updateVersion
+	 */
+	public function setUpdateVersion($updateVersion)
+	{
+		$this->updateversion = $updateVersion;
+	}
+
+	/**
+	 * @return bool
+	 */
+	public function isNew()
+	{
+		return $this->id === null;
+	}
 }

includes/Offline.php

Indentation +43 added lines, -43 removed lines

@@ -15,55 +15,55 @@
  */
 class Offline
 {
-    /**
-     * Determines if the tool is offline
-     * @return bool
-     */
-    public static function isOffline()
-    {
-        global $dontUseDb;
+	/**
+	 * Determines if the tool is offline
+	 * @return bool
+	 */
+	public static function isOffline()
+	{
+		global $dontUseDb;
 
-        return (bool)$dontUseDb;
-    }
+		return (bool)$dontUseDb;
+	}
 
-    /**
-     * Gets the offline message
-     *
-     * @param bool $external
-     * @param null $message
-     *
-     * @return string
-     */
-    public static function getOfflineMessage($external, $message = null)
-    {
-        global $dontUseDbCulprit, $dontUseDbReason, $baseurl;
+	/**
+	 * Gets the offline message
+	 *
+	 * @param bool $external
+	 * @param null $message
+	 *
+	 * @return string
+	 */
+	public static function getOfflineMessage($external, $message = null)
+	{
+		global $dontUseDbCulprit, $dontUseDbReason, $baseurl;
 
-        $smarty = new Smarty();
-        $smarty->assign("baseurl", $baseurl);
-        $smarty->assign("toolversion", Environment::getToolVersion());
+		$smarty = new Smarty();
+		$smarty->assign("baseurl", $baseurl);
+		$smarty->assign("toolversion", Environment::getToolVersion());
 
-        if (!headers_sent()) {
-            header("HTTP/1.1 503 Service Unavailable");
-        }
+		if (!headers_sent()) {
+			header("HTTP/1.1 503 Service Unavailable");
+		}
 
-        if ($external) {
-            return $smarty->fetch("offline/external.tpl");
-        }
-        else {
-            $hideCulprit = true;
+		if ($external) {
+			return $smarty->fetch("offline/external.tpl");
+		}
+		else {
+			$hideCulprit = true;
 
-            // Use the provided message if possible
-            if ($message === null) {
-                $hideCulprit = false;
-                $message = $dontUseDbReason;
-            }
+			// Use the provided message if possible
+			if ($message === null) {
+				$hideCulprit = false;
+				$message = $dontUseDbReason;
+			}
 
-            $smarty->assign("hideCulprit", $hideCulprit);
-            $smarty->assign("dontUseDbCulprit", $dontUseDbCulprit);
-            $smarty->assign("dontUseDbReason", $message);
-            $smarty->assign("alerts", array());
+			$smarty->assign("hideCulprit", $hideCulprit);
+			$smarty->assign("dontUseDbCulprit", $dontUseDbCulprit);
+			$smarty->assign("dontUseDbReason", $message);
+			$smarty->assign("alerts", array());
 
-            return $smarty->fetch("offline/internal.tpl");
-        }
-    }
+			return $smarty->fetch("offline/internal.tpl");
+		}
+	}
 }

includes/Pages/PageTeam.php

Spacing +1 added lines, -1 removed lines

@@ -19,7 +19,7 @@
      */
     protected function main()
     {
-        $path = $this->getSiteConfiguration()->getFilePath() . '/team.json';
+        $path = $this->getSiteConfiguration()->getFilePath().'/team.json';
         $json = file_get_contents($path);
 
         $teamData = json_decode($json, true);

Indentation +23 added lines, -23 removed lines

@@ -12,31 +12,31 @@
 
 class PageTeam extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     */
-    protected function main()
-    {
-        $path = $this->getSiteConfiguration()->getFilePath() . '/team.json';
-        $json = file_get_contents($path);
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 */
+	protected function main()
+	{
+		$path = $this->getSiteConfiguration()->getFilePath() . '/team.json';
+		$json = file_get_contents($path);
 
-        $teamData = json_decode($json, true);
+		$teamData = json_decode($json, true);
 
-        $active = array();
-        $inactive = array();
+		$active = array();
+		$inactive = array();
 
-        foreach ($teamData as $name => $item) {
-            if (count($item['Role']) == 0) {
-                $inactive[$name] = $item;
-            }
-            else {
-                $active[$name] = $item;
-            }
-        }
+		foreach ($teamData as $name => $item) {
+			if (count($item['Role']) == 0) {
+				$inactive[$name] = $item;
+			}
+			else {
+				$active[$name] = $item;
+			}
+		}
 
-        $this->assign('developer', $active);
-        $this->assign('inactiveDeveloper', $inactive);
-        $this->setTemplate('team/team.tpl');
-    }
+		$this->assign('developer', $active);
+		$this->assign('inactiveDeveloper', $inactive);
+		$this->setTemplate('team/team.tpl');
+	}
 }