This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * @package Fuel\Common |
||
4 | * @version 2.0 |
||
5 | * @author Fuel Development Team |
||
6 | * @license MIT License |
||
7 | * @copyright 2010 - 2015 Fuel Development Team |
||
8 | * @link http://fuelphp.com |
||
9 | */ |
||
10 | |||
11 | namespace Fuel\Common; |
||
12 | |||
13 | /** |
||
14 | * Cookie class, encapsulation of a browser cookie |
||
15 | * |
||
16 | * @package Fuel\Common |
||
17 | * |
||
18 | * @since 2.0 |
||
19 | */ |
||
20 | class SetcookieWrapper |
||
21 | { |
||
22 | /** |
||
23 | * wrapper for the setcookie() function, for testability reasons |
||
24 | * |
||
25 | * @codeCoverageIgnore |
||
26 | */ |
||
27 | public function setcookie($name, $value, $expire = 0, $path = null, $domain = null, $secure = false, $httponly = false) |
||
28 | { |
||
29 | return setcookie($name, $value, $expire, $path, $domain, $secure, $httponly); |
||
30 | } |
||
31 | } |
||
32 | |||
33 | /** |
||
34 | * Cookie class, encapsulation of a browser cookie |
||
35 | * |
||
36 | * @package Fuel\Common |
||
37 | * |
||
38 | * @since 2.0 |
||
39 | */ |
||
40 | class Cookie |
||
41 | { |
||
42 | /** |
||
43 | * @var string The name of this cookie |
||
44 | */ |
||
45 | protected $name = null; |
||
46 | |||
47 | /** |
||
48 | * @var string The value of this cookie |
||
49 | */ |
||
50 | protected $value = null; |
||
51 | |||
52 | /** |
||
53 | * @var array Cookie class configuration defaults |
||
54 | */ |
||
55 | protected $config = array( |
||
56 | 'expiration' => 0, // int, Cookie expiration |
||
57 | 'path' => '/', // string, Cookie path |
||
58 | 'domain' => null, // string, Cookie domain |
||
59 | 'secure' => false, // bool, Send only over HTTPS |
||
60 | 'http_only' => false, // only accessible via HTTP client-side |
||
61 | ); |
||
62 | |||
63 | /** |
||
64 | * @var bool Is this a new cookie, or one that was send to the server? |
||
65 | */ |
||
66 | protected $isNew = true; |
||
67 | |||
68 | /** |
||
69 | * @var bool Wether or not we want to delete this cookie |
||
70 | */ |
||
71 | protected $isDeleted = false; |
||
72 | |||
73 | /** |
||
74 | * @var bool Wether or not this cookie was already sent to the browser |
||
75 | */ |
||
76 | protected $isSent = false; |
||
77 | |||
78 | /** |
||
79 | * @var CookieWrapper wrapper around the setcookie() function for testability |
||
80 | */ |
||
81 | protected $wrapper; |
||
82 | |||
83 | /** |
||
84 | * Create a new cookie object, optionally load an existing cookie value |
||
85 | * |
||
86 | * @param string $name Name of this cookie |
||
87 | * @param array $config Configuration for this cookie |
||
88 | * @param string $value Initial value to be set for this cookie |
||
89 | * @pararm SetcookieWrapper $wrapper So we can inject a custom wrapper for unit testing |
||
90 | */ |
||
91 | public function __construct($name, Array $config = array(), $value = null, $wrapper = null) |
||
92 | { |
||
93 | // store the name and value passed |
||
94 | $this->name = $name; |
||
95 | $this->value = $value; |
||
96 | |||
97 | // merge the config |
||
98 | $this->config = array_merge($this->config, $config); |
||
99 | |||
100 | // and if set flag this object as used |
||
101 | $this->isNew = ($value === null); |
||
102 | |||
103 | // create a wrapper instance if none was passed |
||
104 | if (empty($wrapper)) |
||
105 | { |
||
106 | $this->wrapper = new SetcookieWrapper(); |
||
0 ignored issues
–
show
|
|||
107 | } |
||
108 | else |
||
109 | { |
||
110 | $this->wrapper = $wrapper; |
||
111 | } |
||
112 | } |
||
113 | |||
114 | /** |
||
115 | * Magic getter/setter methods |
||
116 | * |
||
117 | * @throws InvalidArgumentException if a setter is called without a value |
||
118 | */ |
||
119 | public function __call($method, $arguments) |
||
120 | { |
||
121 | if (substr($method, 0,3) === 'get') |
||
122 | { |
||
123 | if (isset($this->config[$var = strtolower(substr($method, 3))])) |
||
124 | { |
||
125 | return $this->config[$var]; |
||
126 | } |
||
127 | elseif ($var == 'name') |
||
128 | { |
||
129 | return $this->name; |
||
130 | } |
||
131 | elseif ($var == 'value') |
||
132 | { |
||
133 | return $this->value; |
||
134 | } |
||
135 | } |
||
136 | elseif (substr($method, 0,3) === 'set') |
||
137 | { |
||
138 | if (empty($arguments)) |
||
139 | { |
||
140 | throw new \InvalidArgumentException($method.' is missing required parameter $value'); |
||
141 | } |
||
142 | |||
143 | if (isset($this->config[$var = strtolower(substr($method, 3))])) |
||
144 | { |
||
145 | $this->config[$var] = $arguments[0]; |
||
146 | } |
||
147 | elseif ($var == 'value') |
||
148 | { |
||
149 | if ($this->isSent) |
||
150 | { |
||
151 | throw new \RuntimeException('Cookie "'.$this->name.'" has already been send to the browser, no point updating it'); |
||
152 | } |
||
153 | |||
154 | $this->value = (string) $arguments[0]; |
||
155 | |||
156 | // reset to new state |
||
157 | $this->isNew = true; |
||
158 | $this->isDeleted = false; |
||
159 | $this->isSent = false; |
||
160 | } |
||
161 | } |
||
162 | |||
163 | return null; |
||
164 | } |
||
165 | |||
166 | /** |
||
167 | * Delete this Cookie |
||
168 | * |
||
169 | * @return bool |
||
170 | */ |
||
171 | public function delete() |
||
172 | { |
||
173 | $this->isDeleted = true; |
||
174 | return $this->isDeleted; |
||
175 | } |
||
176 | |||
177 | /** |
||
178 | * Send this cookie to the client |
||
179 | * |
||
180 | * @return bool |
||
181 | * |
||
182 | * @since 2.0.0 |
||
183 | */ |
||
184 | public function send() |
||
185 | { |
||
186 | $result = true; |
||
187 | |||
188 | if ($this->isNew) |
||
189 | { |
||
190 | // make this cookie as used |
||
191 | $this->isNew = false; |
||
192 | |||
193 | // set the cookie |
||
194 | $result = $this->wrapper->setcookie($this->name, $this->value, $this->config['expiration'], $this->config['path'], $this->config['domain'], $this->config['secure'], $this->config['http_only']); |
||
195 | |||
196 | // mark the cookie as sent |
||
197 | if ($result) |
||
198 | { |
||
199 | $this->isSent = true; |
||
200 | } |
||
201 | } |
||
202 | elseif ($this->isDeleted) |
||
203 | { |
||
204 | // delete the cookie by nullifying and expiring it |
||
205 | $result = $this->wrapper->setcookie($this->name, null, -86400, $this->config['path'], $this->config['domain'], $this->config['secure'], $this->config['http_only']); |
||
206 | |||
207 | // mark the cookie as sent |
||
208 | if ($result) |
||
209 | { |
||
210 | $this->isSent = true; |
||
211 | } |
||
212 | } |
||
213 | |||
214 | return $result; |
||
215 | } |
||
216 | |||
217 | /** |
||
218 | * Return the state of this Cookie object |
||
219 | */ |
||
220 | public function isNew() |
||
221 | { |
||
222 | return $this->isNew; |
||
223 | } |
||
224 | |||
225 | /** |
||
226 | * Return the state of this Cookie object |
||
227 | */ |
||
228 | public function isSent() |
||
229 | { |
||
230 | return $this->isSent; |
||
231 | } |
||
232 | |||
233 | /** |
||
234 | * Return the state of this Cookie object |
||
235 | */ |
||
236 | public function isDeleted() |
||
237 | { |
||
238 | return $this->isDeleted; |
||
239 | } |
||
240 | |||
241 | } |
||
242 |
Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property.
Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property..