enwikipedia-acc / waca

includes/Pages/PageSearch.php

<?php
/******************************************************************************
 * Wikipedia Account Creation Assistance tool                                 *
 * ACC Development Team. Please see team.json for a list of contributors.     *
 *                                                                            *
 * This is free and unencumbered software released into the public domain.    *
 * Please see LICENSE.md for the full licencing statement.                    *
 ******************************************************************************/

namespace Waca\Pages;

use Waca\DataObjects\Request;
use Waca\DataObjects\User;
use Waca\Exceptions\AccessDeniedException;
use Waca\Exceptions\ApplicationLogicException;
use Waca\Fragments\RequestListData;
use Waca\Helpers\SearchHelpers\RequestSearchHelper;
use Waca\SessionAlert;
use Waca\Tasks\PagedInternalPageBase;
use Waca\WebRequest;

class PageSearch extends PagedInternalPageBase
{
    use RequestListData;

    /**
     * Main function for this page, when no specific actions are called.
     */
    protected function main()
    {
        $this->setHtmlTitle('Search');

        $database = $this->getDatabase();
        $currentUser = User::getCurrent($database);

        $this->assign('canSearchByComment', $this->barrierTest('byComment', $currentUser));
        $this->assign('canSearchByEmail', $this->barrierTest('byEmail', $currentUser));
        $this->assign('canSearchByIp', $this->barrierTest('byIp', $currentUser));
        $this->assign('canSearchByName', $this->barrierTest('byName', $currentUser));
        $this->assign('canSeeNonConfirmed', $this->barrierTest('allowNonConfirmed', $currentUser));

        $this->setTemplate('search/main.tpl');

        // Dual-mode page
        if (WebRequest::getString('type') !== null) {
            $searchType = WebRequest::getString('type');
            $searchTerm = WebRequest::getString('term');

            $excludeNonConfirmed = true;
            if ($this->barrierTest('allowNonConfirmed', $currentUser)) {
                $excludeNonConfirmed = WebRequest::getBoolean('excludeNonConfirmed');
            }

            $formParameters = [
                'term' => $searchTerm,
                'type' => $searchType,
            ];

            if ($excludeNonConfirmed) {
                $formParameters['excludeNonConfirmed'] = true;
            }

            // FIXME: domains
            $requestSearch = RequestSearchHelper::get($database, 1);
            $this->setSearchHelper($requestSearch);
            $this->setupLimits();

            $validationError = "";
            if (!$this->validateSearchParameters($searchType, $searchTerm, $validationError)) {
                SessionAlert::error($validationError, "Search error");

                $this->setupPageData(0, $formParameters);
                $this->assign('hasResultset', false);

                return;
            }

            // searchType known to be sane from the validate step above
            if (!$this->barrierTest('by' . ucfirst($searchType), User::getCurrent($this->getDatabase()))) {

It seems like $searchType can also be of type null; however, parameter $string of ucfirst() does only seem to accept string, maybe add an additional type check?

                // only accessible by url munging, don't care about the UX
                throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager());
            }

            if ($excludeNonConfirmed) {
                $requestSearch->withConfirmedEmail();
            }

            switch ($searchType) {
                case 'name':
                    $this->getNameSearchResults($requestSearch, $searchTerm);

It seems like $searchTerm can also be of type null; however, parameter $searchTerm of Waca\Pages\PageSearch::getNameSearchResults() does only seem to accept string, maybe add an additional type check?

                    break;
                case 'email':
                    $this->getEmailSearchResults($requestSearch, $searchTerm);

It seems like $searchTerm can also be of type null; however, parameter $searchTerm of Waca\Pages\PageSearch::getEmailSearchResults() does only seem to accept string, maybe add an additional type check?

                    break;
                case 'ip':
                    $this->getIpSearchResults($requestSearch, $searchTerm);

It seems like $searchTerm can also be of type null; however, parameter $searchTerm of Waca\Pages\PageSearch::getIpSearchResults() does only seem to accept string, maybe add an additional type check?

                    break;
                case 'comment':
                    $this->getCommentSearchResults($requestSearch, $searchTerm);

It seems like $searchTerm can also be of type null; however, parameter $searchTerm of Waca\Pages\PageSearch::getCommentSearchResults() does only seem to accept string, maybe add an additional type check?

                    break;
            }

            /** @var Request[] $results */
            $results = $requestSearch->getRecordCount($count)->fetch();
            $this->setupPageData($count, $formParameters);

            // deal with results
            $this->assign('requests', $this->prepareRequestData($results));
            $this->assign('resultCount', count($results));
            $this->assign('hasResultset', true);

            list($defaultSort, $defaultSortDirection) = WebRequest::requestListDefaultSort();
            $this->assign('defaultSort', $defaultSort);
            $this->assign('defaultSortDirection', $defaultSortDirection);
        }
        else {
            $this->assign('type', 'name');
            $this->assign('hasResultset', false);
            $this->assign('limit', 50);
            $this->assign('excludeNonConfirmed', true);
        }
    }

    /**
     * Gets search results by name
     *
     * @param RequestSearchHelper $searchHelper
     * @param string              $searchTerm
     */
    private function getNameSearchResults(RequestSearchHelper $searchHelper, string $searchTerm)
    {
        $padded = '%' . $searchTerm . '%';
        $searchHelper->byName($padded);
    }

    /**
     * Gets search results by comment
     *
     * @param RequestSearchHelper $searchHelper
     * @param string              $searchTerm
     */
    private function getCommentSearchResults(RequestSearchHelper $searchHelper, string $searchTerm)
    {
        $padded = '%' . $searchTerm . '%';
        $searchHelper->byComment($padded);

        $currentUser = User::getCurrent($this->getDatabase());
        $commentSecurity = ['requester', 'user'];

        if ($this->barrierTest('seeRestrictedComments', $currentUser, 'RequestData')) {
            $commentSecurity[] = 'admin';
        }

        if ($this->barrierTest('seeCheckuserComments', $currentUser, 'RequestData')) {
            $commentSecurity[] = 'checkuser';
        }

        $searchHelper->byCommentSecurity($commentSecurity);
    }

    /**
     * Gets search results by email
     *
     * @param RequestSearchHelper $searchHelper
     * @param string              $searchTerm
     *
     * @throws ApplicationLogicException
     */
    private function getEmailSearchResults(RequestSearchHelper $searchHelper, string $searchTerm)
    {
        if ($searchTerm === "@") {
            throw new ApplicationLogicException('The search term "@" is not valid for email address searches!');
        }

        $padded = '%' . $searchTerm . '%';

        $searchHelper->byEmailAddress($padded)->excludingPurgedData($this->getSiteConfiguration());
    }

    /**
     * Gets search results by IP address or XFF IP address
     *
     * @param RequestSearchHelper $searchHelper
     * @param string              $searchTerm
     */
    private function getIpSearchResults(RequestSearchHelper $searchHelper, string $searchTerm)
    {
        $searchHelper
            ->byIp($searchTerm)
            ->excludingPurgedData($this->getSiteConfiguration());
    }

    /**
     * @param string $searchType
     * @param string $searchTerm
     *
     * @param string $errorMessage
     *
     * @return bool true if parameters are valid
     */
    protected function validateSearchParameters($searchType, $searchTerm, &$errorMessage)
    {
        if (!in_array($searchType, array('name', 'email', 'ip', 'comment'))) {
            $errorMessage = 'Unknown search type';

            return false;
        }

        if ($searchTerm === '%' || $searchTerm === '' || $searchTerm === null) {
            $errorMessage = 'No search term specified entered';

            return false;
        }

        $errorMessage = "";

        return true;
    }
}