DatabaseSessionHandler::write() - Code Metrics - Inspection of "Don't store sessions for health probes" - gctools-outilsgc/gcconnex - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Pull Request — master (#2323)

by Ilia

created 2020-10-26 20:55 UTC

DatabaseSessionHandler::write() B

↳ Parent: DatabaseSessionHandler

Complexity

Conditions	6
Paths	5

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	42

Importance

Changes

Metric	Value
cc	6
nc	5
nop	2
dl	0
loc	23
ccs	0
cts	16
cp	0
crap	42
rs	8.9297
c	0
b	0
f	0

<?php
namespace Elgg\Http;

/**
 * Database session handler
 *
 * @access private
 * 
 * @package    Elgg.Core
 * @subpackage Http
 */
class DatabaseSessionHandler implements \SessionHandlerInterface {

	/** @var \Elgg\Database $db */
	protected $db;

	/**
	 * Constructor
	 *
	 * @param \Elgg\Database $db The database
	 */
	public function __construct(\Elgg\Database $db) {
		$this->db = $db;
	}

	/**
	 * {@inheritDoc}
	 */
	public function open($save_path, $name) {
		return true;
	}

	/**
	 * {@inheritDoc}
	 */
	public function read($session_id) {
		
		$id = sanitize_string($session_id);
		$query = "SELECT * FROM {$this->db->getTablePrefix()}users_sessions WHERE session='$id'";
		$result = $this->db->getDataRow($query);
		if ($result) {

			return (string) $result->data;
		} else {
			return false;
class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}
		}
	}

	/**
	 * {@inheritDoc}
	 */
	public function write($session_id, $session_data) {
		$id = sanitize_string($session_id);
		$time = time();
		$sess_data_sanitised = sanitize_string($session_data);
		
		// do not persist a session for health probes
		if (strstr(strtolower($_SERVER['HTTP_USER_AGENT']), 'kube-probe') !== false && $_SERVER["REQUEST_URI"] == '/splash')
			return true;
		if ($_SERVER["REQUEST_URI"] == '/')
			return true;
		if (strstr(strtolower($_SERVER['HTTP_USER_AGENT']), 'solr-crawler') !== false)
			return true;

		$query = "REPLACE INTO {$this->db->getTablePrefix()}users_sessions
			(session, ts, data) VALUES
			('$id', '$time', '$sess_data_sanitised')";

		if ($this->db->insertData($query) !== false) {
			return true;
		} else {
			return false;
		}
	}

	/**
	 * {@inheritDoc}
	 */
	public function close() {
		return true;
	}

	/**
	 * {@inheritDoc}
	 */
	public function destroy($session_id) {
		
		$id = sanitize_string($session_id);
		$query = "DELETE FROM {$this->db->getTablePrefix()}users_sessions WHERE session='$id'";
		return (bool) $this->db->deleteData($query);
	}

	/**
	 * {@inheritDoc}
	 */
	public function gc($max_lifetime) {
		
		$life = time() - $max_lifetime;
		$query = "DELETE FROM {$this->db->getTablePrefix()}users_sessions WHERE ts < '$life'";
		return (bool) $this->db->deleteData($query);
	}
}


1			<?php
2			namespace Elgg\Http;
3
4			/**
5			* Database session handler
6			*
7			* @access private
8			*
9			* @package Elgg.Core
10			* @subpackage Http
11			*/
12			class DatabaseSessionHandler implements \SessionHandlerInterface {
13
14			/** @var \Elgg\Database $db */
15			protected $db;
16
17			/**
18			* Constructor
19			*
20			* @param \Elgg\Database $db The database
21			*/
22			public function __construct(\Elgg\Database $db) {
23			$this->db = $db;
24			}
25
26			/**
27			* {@inheritDoc}
28			*/
29			public function open($save_path, $name) {
30			return true;
31			}
32
33			/**
34			* {@inheritDoc}
35			*/
36			public function read($session_id) {
37
38			$id = sanitize_string($session_id);
39			$query = "SELECT * FROM {$this->db->getTablePrefix()}users_sessions WHERE session='$id'";
40			$result = $this->db->getDataRow($query);
41			if ($result) {
			0 ignored issues – show Bug Best Practice introduced 2017-09-27 16:16 UTC by Report Bug Copy Issue Report The expression `$result` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
42			return (string) $result->data;
43			} else {
44			return false;
			0 ignored issues – show Bug Best Practice introduced 2017-09-27 16:16 UTC by Report Bug Copy Issue Report The return type of `return false;` (`false`) is incompatible with the return type declared by the interface `SessionHandlerInterface::read` of type `string`. If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author { private $name; public function __construct($name) { $this->name = $name; } public function getName() { return $this->name; } } abstract class Post { public function getAuthor() { return 'Johannes'; } } class BlogPost extends Post { public function getAuthor() { return new Author('Johannes'); } } class ForumPost extends Post { /* ... */ } function my_function(Post $post) { echo strtoupper($post->getAuthor()); } Our function `my_function` expects a `Post` object, and outputs the author of the post. The base class `Post` returns a simple string and outputting a simple string will work just fine. However, the child class `BlogPost` which is a sub-type of `Post` instead decided to return an `object`, and is therefore violating the SOLID principles. If a `BlogPost` were passed to `my_function`, PHP would not complain, but ultimately fail when executing the `strtoupper` call in its body. Loading history...
45			}
46			}
47
48			/**
49			* {@inheritDoc}
50			*/
51			public function write($session_id, $session_data) {
52			$id = sanitize_string($session_id);
53			$time = time();
54			$sess_data_sanitised = sanitize_string($session_data);
55
56			// do not persist a session for health probes
57			if (strstr(strtolower($_SERVER['HTTP_USER_AGENT']), 'kube-probe') !== false && $_SERVER["REQUEST_URI"] == '/splash')
58			return true;
59			if ($_SERVER["REQUEST_URI"] == '/')
60			return true;
61			if (strstr(strtolower($_SERVER['HTTP_USER_AGENT']), 'solr-crawler') !== false)
62			return true;
63
64			$query = "REPLACE INTO {$this->db->getTablePrefix()}users_sessions
65			(session, ts, data) VALUES
66			('$id', '$time', '$sess_data_sanitised')";
67
68			if ($this->db->insertData($query) !== false) {
69			return true;
70			} else {
71			return false;
72			}
73			}
74
75			/**
76			* {@inheritDoc}
77			*/
78			public function close() {
79			return true;
80			}
81
82			/**
83			* {@inheritDoc}
84			*/
85			public function destroy($session_id) {
86
87			$id = sanitize_string($session_id);
88			$query = "DELETE FROM {$this->db->getTablePrefix()}users_sessions WHERE session='$id'";
89			return (bool) $this->db->deleteData($query);
90			}
91
92			/**
93			* {@inheritDoc}
94			*/
95			public function gc($max_lifetime) {
96
97			$life = time() - $max_lifetime;
98			$query = "DELETE FROM {$this->db->getTablePrefix()}users_sessions WHERE ts < '$life'";
99			return (bool) $this->db->deleteData($query);
100			}
101			}
102

gctools-outilsgc / gcconnex

Pull Request — master (#2323)

DatabaseSessionHandler::write() B

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like