Issues in Validator.php (main) - Issues in main - fisharebest/webtrees - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2560)

app/Validator.php (3 issues)

Labels

Bug 2

Severity

<?php

/**
 * webtrees: online genealogy
 * Copyright (C) 2025 webtrees development team
 * This program is free software: you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation, either version 3 of the License, or
 * (at your option) any later version.
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 * You should have received a copy of the GNU General Public License
 * along with this program. If not, see <https://www.gnu.org/licenses/>.
 */

declare(strict_types=1);

namespace Fisharebest\Webtrees;

use Aura\Router\Route;
use Closure;
use Fisharebest\Webtrees\Contracts\UserInterface;
filter:
    dependency_paths: ["lib/*"]
use Fisharebest\Webtrees\Http\Exceptions\HttpBadRequestException;
use Psr\Http\Message\ServerRequestInterface;

use function array_reduce;
use function array_walk_recursive;
use function ctype_digit;
use function in_array;
use function is_array;
use function is_int;
use function is_string;
use function parse_url;
use function preg_match;
use function str_starts_with;
use function substr;

/**
 * Validate a parameter from an HTTP request
 */
class Validator
{
    /** @var array<int|string|Tree|UserInterface|array<int|string>> */
    private array $parameters;

    private ServerRequestInterface $request;

    /** @var array<Closure> */
    private array $rules = [];

    /**
     * @param array<int|string|Tree|UserInterface|array<int|string>> $parameters
     * @param ServerRequestInterface                                 $request
     * @param string                                                 $encoding
     */
    private function __construct(array $parameters, ServerRequestInterface $request, string $encoding)
    {
        if ($encoding === 'UTF-8') {
            // All keys and values must be valid UTF-8
            $check_utf8 = static function ($value, $key): void {
                if (is_string($key) && preg_match('//u', $key) !== 1) {
                    throw new HttpBadRequestException('Invalid UTF-8 characters in request');
                }
                if (is_string($value) && preg_match('//u', $value) !== 1) {
                    throw new HttpBadRequestException('Invalid UTF-8 characters in request');
                }
            };

            array_walk_recursive($parameters, $check_utf8);
        }

        $this->parameters = $parameters;
        $this->request    = $request;
    }

    /**
     * @param ServerRequestInterface $request
     *
     * @return self
     */
    public static function attributes(ServerRequestInterface $request): self
    {
        return new self($request->getAttributes(), $request, 'UTF-8');
    }

    /**
     * @param ServerRequestInterface $request
     *
     * @return self
     */
    public static function parsedBody(ServerRequestInterface $request): self
    {
        return new self((array) $request->getParsedBody(), $request, 'UTF-8');
    }

    /**
     * @param ServerRequestInterface $request
     *
     * @return self
     */
    public static function queryParams(ServerRequestInterface $request): self
    {
        return new self($request->getQueryParams(), $request, 'UTF-8');
    }

    /**
     * @param ServerRequestInterface $request
     *
     * @return self
     */
    public static function serverParams(ServerRequestInterface $request): self
    {
        // Headers should be ASCII.
        // However, we cannot enforce this as some servers add GEOIP headers with non-ASCII placenames.
        return new self($request->getServerParams(), $request, 'ASCII');
    }

    /**
     * @param int $minimum
     * @param int $maximum
     *
     * @return self
     */
    public function isBetween(int $minimum, int $maximum): self
    {
        $this->rules[] = static function (int|null $value) use ($minimum, $maximum): int|null {
            if (is_int($value) && $value >= $minimum && $value <= $maximum) {
                return $value;
            }

            return null;
        };

        return $this;
    }

    /**
     * @param array<int|string,int|string> $values
     *
     * @return self
     */
    public function isInArray(array $values): self
    {
        $this->rules[] = static fn (int|string|null $value): int|string|null => in_array($value, $values, true) ? $value : null;

        return $this;
    }

    /**
     * @param array<int|string,int|string> $values
     *
     * @return self
     */
    public function isInArrayKeys(array $values): self
    {
        return $this->isInArray(array_keys($values));
    }

    /**
     * @return self
     */
    public function isNotEmpty(): self
    {
        $this->rules[] = static fn (string|null $value): string|null => $value !== null && $value !== '' ? $value : null;

        return $this;
    }

    /**
     * @return self
     */
    public function isLocalUrl(): self
    {
        $base_url = $this->request->getAttribute('base_url', '');

        $this->rules[] = static function (string|null $value) use ($base_url): string|null {
            if ($value !== null) {
                $value_info    = parse_url($value);
                $base_url_info = parse_url($base_url);

                if (is_array($value_info) && is_array($base_url_info)) {

                    $scheme_ok = ($value_info['scheme'] ?? 'http') === ($base_url_info['scheme'] ?? 'http');
                    $host_ok   = ($value_info['host'] ?? '') === ($base_url_info['host'] ?? '');
                    $port_ok   = ($value_info['port'] ?? '') === ($base_url_info['port'] ?? '');
                    $user_ok   = ($value_info['user'] ?? '') === ($base_url_info['user'] ?? '');
                    $path_ok   = str_starts_with($value_info['path'] ?? '/', $base_url_info['path'] ?? '/');

                    if ($scheme_ok && $host_ok && $port_ok && $user_ok && $path_ok) {
                        return $value;
                    }
                }
            }

            return null;
        };

        return $this;
    }

    /**
     * @return self
     */
    public function isTag(): self
    {
        $this->rules[] = static function (string|null $value): string|null {
            if ($value !== null && preg_match('/^' . Gedcom::REGEX_TAG . '$/', $value) === 1) {
                return $value;
            }

            return null;
        };

        return $this;
    }

    /**
     * @return self
     */
    public function isXref(): self
    {
        $this->rules[] = static function ($value) {
            if (is_string($value) && preg_match('/^' . Gedcom::REGEX_XREF . '$/', $value) === 1) {
                return $value;
            }

            if (is_array($value)) {
                foreach ($value as $v) {
                    if (!is_string($v) || preg_match('/^' . Gedcom::REGEX_XREF . '$/', $v) !== 1) {
                        return null;
                    }
                }

                return $value;
            }

            return null;
        };

        return $this;
    }

    /**
     * @param string    $parameter
     * @param bool|null $default
     *
     * @return bool
     */
    public function boolean(string $parameter, bool|null $default = null): bool
    {
        $value = $this->parameters[$parameter] ?? null;

        if (in_array($value, ['1', 'on', true], true)) {
            return true;
        }

        if (in_array($value, ['0', '', false], true)) {
            return false;
        }

        if ($default === null) {
            throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
filter:
    dependency_paths: ["lib/*"]
        }

        return $default;
    }

    /**
     * @param string $parameter
     *
     * @return array<string>
     */
    public function array(string $parameter): array
    {
        $value = $this->parameters[$parameter] ?? null;

        if (!is_array($value) && $value !== null) {
            throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
        }

        $callback = static fn (array|null $value, Closure $rule): array|null => $rule($value);

        return array_reduce($this->rules, $callback, $value) ?? [];
    }

    /**
     * @param string   $parameter
     * @param float|null $default
     *
     * @return float
     */
    public function float(string $parameter, float|null $default = null): float
    {
        $value = $this->parameters[$parameter] ?? null;

        if (is_numeric($value)) {
            $value = (float) $value;
        } else {
            $value = null;
        }

        $callback = static fn (float|null $value, Closure $rule): float|null => $rule($value);

        $value = array_reduce($this->rules, $callback, $value) ?? $default;

        if ($value === null) {
            throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
        }

        return $value;
    }

    /**
     * @param string   $parameter
     * @param int|null $default
     *
     * @return int
     */
    public function integer(string $parameter, int|null $default = null): int
    {
        $value = $this->parameters[$parameter] ?? null;

        if (is_string($value)) {
            if (ctype_digit($value)) {
                $value = (int) $value;
            } elseif (str_starts_with($value, '-') && ctype_digit(substr($value, 1))) {
                $value = (int) $value;
            }
        }

        if (!is_int($value)) {
            $value = null;
        }

        $callback = static fn (int|null $value, Closure $rule): int|null => $rule($value);

        $value = array_reduce($this->rules, $callback, $value) ?? $default;

        if ($value === null) {
            throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
        }

        return $value;
    }

    /**
     * @param string $parameter
     *
     * @return Route
     */
    public function route(string $parameter = 'route'): Route
    {
        $value = $this->parameters[$parameter] ?? null;

        if ($value instanceof Route) {
            return $value;
        }

        throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
    }

    /**
     * @param string      $parameter
     * @param string|null $default
     *
     * @return string
     */
    public function string(string $parameter, string|null $default = null): string
    {
        $value = $this->parameters[$parameter] ?? null;

        if (!is_string($value)) {
            $value = null;
        }

        $callback = static fn (string|null $value, Closure $rule): string|null => $rule($value);

        $value =  array_reduce($this->rules, $callback, $value) ?? $default;

        if ($value === null) {
            throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
        }

        return $value;
    }

    /**
     * @param string $parameter
     *
     * @return Tree
     */
    public function tree(string $parameter = 'tree'): Tree
    {
        $value = $this->parameters[$parameter] ?? null;

        if ($value instanceof Tree) {
            return $value;
        }

        throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
    }

    public function treeOptional(string $parameter = 'tree'): Tree|null
    {
        $value = $this->parameters[$parameter] ?? null;

        if ($value === null || $value instanceof Tree) {
            return $value;
        }

        throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
    }

    public function user(string $parameter = 'user'): UserInterface
    {
        $value = $this->parameters[$parameter] ?? null;

        if ($value instanceof UserInterface) {
            return $value;
        }

        throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
    }
}


1			<?php
2
3			/**
4			* webtrees: online genealogy
5			* Copyright (C) 2025 webtrees development team
6			* This program is free software: you can redistribute it and/or modify
7			* it under the terms of the GNU General Public License as published by
8			* the Free Software Foundation, either version 3 of the License, or
9			* (at your option) any later version.
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU General Public License for more details.
14			* You should have received a copy of the GNU General Public License
15			* along with this program. If not, see <https://www.gnu.org/licenses/>.
16			*/
17
18			declare(strict_types=1);
19
20			namespace Fisharebest\Webtrees;
21
22			use Aura\Router\Route;
23			use Closure;
24			use Fisharebest\Webtrees\Contracts\UserInterface;
			0 ignored issues – show Bug introduced 2024-11-23 00:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `Fisharebest\Webtrees\Contracts\UserInterface` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
25			use Fisharebest\Webtrees\Http\Exceptions\HttpBadRequestException;
26			use Psr\Http\Message\ServerRequestInterface;
27
28			use function array_reduce;
29			use function array_walk_recursive;
30			use function ctype_digit;
31			use function in_array;
32			use function is_array;
33			use function is_int;
34			use function is_string;
35			use function parse_url;
36			use function preg_match;
37			use function str_starts_with;
38			use function substr;
39
40			/**
41			* Validate a parameter from an HTTP request
42			*/
43			class Validator
44			{
45			/** @var array<int\|string\|Tree\|UserInterface\|array<int\|string>> */
46			private array $parameters;
47
48			private ServerRequestInterface $request;
49
50			/** @var array<Closure> */
51			private array $rules = [];
52
53			/**
54			* @param array<int\|string\|Tree\|UserInterface\|array<int\|string>> $parameters
55			* @param ServerRequestInterface $request
56			* @param string $encoding
57			*/
58			private function __construct(array $parameters, ServerRequestInterface $request, string $encoding)
59			{
60			if ($encoding === 'UTF-8') {
61			// All keys and values must be valid UTF-8
62			$check_utf8 = static function ($value, $key): void {
63			if (is_string($key) && preg_match('//u', $key) !== 1) {
64			throw new HttpBadRequestException('Invalid UTF-8 characters in request');
65			}
66			if (is_string($value) && preg_match('//u', $value) !== 1) {
67			throw new HttpBadRequestException('Invalid UTF-8 characters in request');
68			}
69			};
70
71			array_walk_recursive($parameters, $check_utf8);
72			}
73
74			$this->parameters = $parameters;
75			$this->request = $request;
76			}
77
78			/**
79			* @param ServerRequestInterface $request
80			*
81			* @return self
82			*/
83			public static function attributes(ServerRequestInterface $request): self
84			{
85			return new self($request->getAttributes(), $request, 'UTF-8');
86			}
87
88			/**
89			* @param ServerRequestInterface $request
90			*
91			* @return self
92			*/
93			public static function parsedBody(ServerRequestInterface $request): self
94			{
95			return new self((array) $request->getParsedBody(), $request, 'UTF-8');
96			}
97
98			/**
99			* @param ServerRequestInterface $request
100			*
101			* @return self
102			*/
103			public static function queryParams(ServerRequestInterface $request): self
104			{
105			return new self($request->getQueryParams(), $request, 'UTF-8');
106			}
107
108			/**
109			* @param ServerRequestInterface $request
110			*
111			* @return self
112			*/
113			public static function serverParams(ServerRequestInterface $request): self
114			{
115			// Headers should be ASCII.
116			// However, we cannot enforce this as some servers add GEOIP headers with non-ASCII placenames.
117			return new self($request->getServerParams(), $request, 'ASCII');
118			}
119
120			/**
121			* @param int $minimum
122			* @param int $maximum
123			*
124			* @return self
125			*/
126			public function isBetween(int $minimum, int $maximum): self
127			{
128			$this->rules[] = static function (int\|null $value) use ($minimum, $maximum): int\|null {
129			if (is_int($value) && $value >= $minimum && $value <= $maximum) {
130			return $value;
131			}
132
133			return null;
134			};
135
136			return $this;
137			}
138
139			/**
140			* @param array<int\|string,int\|string> $values
141			*
142			* @return self
143			*/
144			public function isInArray(array $values): self
145			{
146			$this->rules[] = static fn (int\|string\|null $value): int\|string\|null => in_array($value, $values, true) ? $value : null;
147
148			return $this;
149			}
150
151			/**
152			* @param array<int\|string,int\|string> $values
153			*
154			* @return self
155			*/
156			public function isInArrayKeys(array $values): self
157			{
158			return $this->isInArray(array_keys($values));
159			}
160
161			/**
162			* @return self
163			*/
164			public function isNotEmpty(): self
165			{
166			$this->rules[] = static fn (string\|null $value): string\|null => $value !== null && $value !== '' ? $value : null;
167
168			return $this;
169			}
170
171			/**
172			* @return self
173			*/
174			public function isLocalUrl(): self
175			{
176			$base_url = $this->request->getAttribute('base_url', '');
177
178			$this->rules[] = static function (string\|null $value) use ($base_url): string\|null {
179			if ($value !== null) {
180			$value_info = parse_url($value);
181			$base_url_info = parse_url($base_url);
182
183			if (is_array($value_info) && is_array($base_url_info)) {
			0 ignored issues – show introduced 2022-04-01 11:44 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `is_array($base_url_info)` is always `true`. Loading history...
184			$scheme_ok = ($value_info['scheme'] ?? 'http') === ($base_url_info['scheme'] ?? 'http');
185			$host_ok = ($value_info['host'] ?? '') === ($base_url_info['host'] ?? '');
186			$port_ok = ($value_info['port'] ?? '') === ($base_url_info['port'] ?? '');
187			$user_ok = ($value_info['user'] ?? '') === ($base_url_info['user'] ?? '');
188			$path_ok = str_starts_with($value_info['path'] ?? '/', $base_url_info['path'] ?? '/');
189
190			if ($scheme_ok && $host_ok && $port_ok && $user_ok && $path_ok) {
191			return $value;
192			}
193			}
194			}
195
196			return null;
197			};
198
199			return $this;
200			}
201
202			/**
203			* @return self
204			*/
205			public function isTag(): self
206			{
207			$this->rules[] = static function (string\|null $value): string\|null {
208			if ($value !== null && preg_match('/^' . Gedcom::REGEX_TAG . '$/', $value) === 1) {
209			return $value;
210			}
211
212			return null;
213			};
214
215			return $this;
216			}
217
218			/**
219			* @return self
220			*/
221			public function isXref(): self
222			{
223			$this->rules[] = static function ($value) {
224			if (is_string($value) && preg_match('/^' . Gedcom::REGEX_XREF . '$/', $value) === 1) {
225			return $value;
226			}
227
228			if (is_array($value)) {
229			foreach ($value as $v) {
230			if (!is_string($v) \|\| preg_match('/^' . Gedcom::REGEX_XREF . '$/', $v) !== 1) {
231			return null;
232			}
233			}
234
235			return $value;
236			}
237
238			return null;
239			};
240
241			return $this;
242			}
243
244			/**
245			* @param string $parameter
246			* @param bool\|null $default
247			*
248			* @return bool
249			*/
250			public function boolean(string $parameter, bool\|null $default = null): bool
251			{
252			$value = $this->parameters[$parameter] ?? null;
253
254			if (in_array($value, ['1', 'on', true], true)) {
255			return true;
256			}
257
258			if (in_array($value, ['0', '', false], true)) {
259			return false;
260			}
261
262			if ($default === null) {
263			throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
			0 ignored issues – show Bug introduced 2024-11-23 00:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `Fisharebest\Webtrees\I18N` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
264			}
265
266			return $default;
267			}
268
269			/**
270			* @param string $parameter
271			*
272			* @return array<string>
273			*/
274			public function array(string $parameter): array
275			{
276			$value = $this->parameters[$parameter] ?? null;
277
278			if (!is_array($value) && $value !== null) {
279			throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
280			}
281
282			$callback = static fn (array\|null $value, Closure $rule): array\|null => $rule($value);
283
284			return array_reduce($this->rules, $callback, $value) ?? [];
285			}
286
287			/**
288			* @param string $parameter
289			* @param float\|null $default
290			*
291			* @return float
292			*/
293			public function float(string $parameter, float\|null $default = null): float
294			{
295			$value = $this->parameters[$parameter] ?? null;
296
297			if (is_numeric($value)) {
298			$value = (float) $value;
299			} else {
300			$value = null;
301			}
302
303			$callback = static fn (float\|null $value, Closure $rule): float\|null => $rule($value);
304
305			$value = array_reduce($this->rules, $callback, $value) ?? $default;
306
307			if ($value === null) {
308			throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
309			}
310
311			return $value;
312			}
313
314			/**
315			* @param string $parameter
316			* @param int\|null $default
317			*
318			* @return int
319			*/
320			public function integer(string $parameter, int\|null $default = null): int
321			{
322			$value = $this->parameters[$parameter] ?? null;
323
324			if (is_string($value)) {
325			if (ctype_digit($value)) {
326			$value = (int) $value;
327			} elseif (str_starts_with($value, '-') && ctype_digit(substr($value, 1))) {
328			$value = (int) $value;
329			}
330			}
331
332			if (!is_int($value)) {
333			$value = null;
334			}
335
336			$callback = static fn (int\|null $value, Closure $rule): int\|null => $rule($value);
337
338			$value = array_reduce($this->rules, $callback, $value) ?? $default;
339
340			if ($value === null) {
341			throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
342			}
343
344			return $value;
345			}
346
347			/**
348			* @param string $parameter
349			*
350			* @return Route
351			*/
352			public function route(string $parameter = 'route'): Route
353			{
354			$value = $this->parameters[$parameter] ?? null;
355
356			if ($value instanceof Route) {
357			return $value;
358			}
359
360			throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
361			}
362
363			/**
364			* @param string $parameter
365			* @param string\|null $default
366			*
367			* @return string
368			*/
369			public function string(string $parameter, string\|null $default = null): string
370			{
371			$value = $this->parameters[$parameter] ?? null;
372
373			if (!is_string($value)) {
374			$value = null;
375			}
376
377			$callback = static fn (string\|null $value, Closure $rule): string\|null => $rule($value);
378
379			$value = array_reduce($this->rules, $callback, $value) ?? $default;
380
381			if ($value === null) {
382			throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
383			}
384
385			return $value;
386			}
387
388			/**
389			* @param string $parameter
390			*
391			* @return Tree
392			*/
393			public function tree(string $parameter = 'tree'): Tree
394			{
395			$value = $this->parameters[$parameter] ?? null;
396
397			if ($value instanceof Tree) {
398			return $value;
399			}
400
401			throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
402			}
403
404			public function treeOptional(string $parameter = 'tree'): Tree\|null
405			{
406			$value = $this->parameters[$parameter] ?? null;
407
408			if ($value === null \|\| $value instanceof Tree) {
409			return $value;
410			}
411
412			throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
413			}
414
415			public function user(string $parameter = 'user'): UserInterface
416			{
417			$value = $this->parameters[$parameter] ?? null;
418
419			if ($value instanceof UserInterface) {
420			return $value;
421			}
422
423			throw new HttpBadRequestException(I18N::translate('The parameter “%s” is missing.', $parameter));
424			}
425			}
426

fisharebest / webtrees

Issues (2560)

app/Validator.php (3 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like