This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Pimf |
||
4 | * |
||
5 | * @copyright Copyright (c) Gjero Krsteski (http://krsteski.de) |
||
6 | * @license http://opensource.org/licenses/MIT MIT |
||
7 | */ |
||
8 | namespace Pimf; |
||
9 | |||
10 | /** |
||
11 | * Request Manager - for controlled access to the global state of the world. |
||
12 | * |
||
13 | * @package Pimf |
||
14 | * @author Gjero Krsteski <[email protected]> |
||
15 | */ |
||
16 | class Request |
||
17 | { |
||
18 | /** |
||
19 | * @var Param |
||
20 | */ |
||
21 | public static $postData; |
||
22 | |||
23 | /** |
||
24 | * @var Param |
||
25 | */ |
||
26 | public static $getData; |
||
27 | |||
28 | /** |
||
29 | * @var Param |
||
30 | */ |
||
31 | public static $cookieData; |
||
32 | |||
33 | /** |
||
34 | * @var Param |
||
35 | */ |
||
36 | public static $cliData; |
||
37 | |||
38 | /** |
||
39 | * @var Util\Uploaded |
||
40 | */ |
||
41 | public static $filesData; |
||
42 | |||
43 | /** |
||
44 | * @var Environment |
||
45 | */ |
||
46 | public $env; |
||
47 | |||
48 | /** |
||
49 | * The request HTTP method send by the client-browser. |
||
50 | * |
||
51 | * @var null|string |
||
52 | */ |
||
53 | protected $method = null; |
||
54 | |||
55 | /** |
||
56 | * @param array $getData |
||
57 | * @param array $postData |
||
58 | * @param array $cookieData |
||
59 | * @param array $cliData |
||
60 | * @param array $filesData |
||
61 | * @param \Pimf\Environment $env |
||
62 | */ |
||
63 | public function __construct( |
||
64 | array $getData, |
||
65 | array $postData = array(), |
||
66 | array $cookieData = array(), |
||
67 | array $cliData = array(), |
||
68 | array $filesData = array(), |
||
69 | \Pimf\Environment $env |
||
70 | ) { |
||
71 | |||
72 | static::$getData = new Param($getData); |
||
73 | static::$postData = new Param($postData); |
||
74 | static::$cookieData = new Param($cookieData); |
||
75 | static::$cliData = new Param($cliData); |
||
76 | static::$filesData = Util\Uploaded\Factory::get($filesData); |
||
77 | |||
78 | $this->env = $env; |
||
79 | $this->method = '' . strtoupper($env->REQUEST_METHOD); |
||
80 | } |
||
81 | |||
82 | /** |
||
83 | * For fetching body/params sent via PUT|DELETE|PATCH Http method. |
||
84 | * |
||
85 | * @param bool $asResource |
||
86 | * |
||
87 | * @return Param|resource|boolean |
||
88 | */ |
||
89 | public function streamInput($asResource = false) |
||
90 | { |
||
91 | if (0 === strpos($this->env->getRequestHeader('CONTENT_TYPE'), 'application/x-www-form-urlencoded') |
||
92 | && in_array($this->env->data()->get('REQUEST_METHOD', 'GET'), array('PUT', 'DELETE', 'PATCH')) |
||
93 | ) { |
||
94 | |||
95 | if ($asResource === true) { |
||
96 | return $this->getContent($asResource); |
||
97 | } |
||
98 | |||
99 | $body = array(); |
||
100 | parse_str($this->getContent(), $body); |
||
101 | |||
102 | return new Param($body); |
||
0 ignored issues
–
show
|
|||
103 | } |
||
104 | |||
105 | return false; |
||
106 | } |
||
107 | |||
108 | /** |
||
109 | * HTTP GET variables. |
||
110 | * |
||
111 | * @return Param |
||
112 | */ |
||
113 | public function fromGet() |
||
114 | { |
||
115 | return static::$getData; |
||
116 | } |
||
117 | |||
118 | /** |
||
119 | * CLI arguments passed to script. |
||
120 | * |
||
121 | * @return Param |
||
122 | */ |
||
123 | public function fromCli() |
||
124 | { |
||
125 | return static::$cliData; |
||
126 | } |
||
127 | |||
128 | /** |
||
129 | * HTTP POST variables. |
||
130 | * |
||
131 | * @return Param |
||
132 | */ |
||
133 | public function fromPost() |
||
134 | { |
||
135 | return static::$postData; |
||
136 | } |
||
137 | |||
138 | /** |
||
139 | * HTTP Cookies. |
||
140 | * |
||
141 | * @return Param |
||
142 | */ |
||
143 | public function fromCookie() |
||
144 | { |
||
145 | return static::$cookieData; |
||
146 | } |
||
147 | |||
148 | /** |
||
149 | * Strip slashes from string or array |
||
150 | * |
||
151 | * @param $rawData |
||
152 | * |
||
153 | * @return array|string |
||
154 | */ |
||
155 | public static function stripSlashes($rawData) |
||
156 | { |
||
157 | return is_array($rawData) |
||
158 | ? array_map( |
||
159 | function ($value) { |
||
160 | return \Pimf\Request::stripSlashes($value); |
||
161 | }, |
||
162 | $rawData |
||
163 | ) |
||
164 | : stripslashes($rawData); |
||
165 | } |
||
166 | |||
167 | /** |
||
168 | * @param bool $asResource |
||
169 | * |
||
170 | * @return resource|string |
||
171 | * @throws \LogicException When using the resource twice times. |
||
172 | */ |
||
173 | public function getContent($asResource = false) |
||
174 | { |
||
175 | static $content; |
||
176 | |||
177 | if (false === $content || (true === $asResource && null !== $content)) { |
||
178 | throw new \LogicException('resource can only be returned once'); |
||
179 | } |
||
180 | |||
181 | if (true === $asResource) { |
||
182 | $content = false; |
||
183 | |||
184 | return fopen('php://input', 'rb'); |
||
185 | } |
||
186 | |||
187 | if (null === $content) { |
||
188 | $content = file_get_contents('php://input'); |
||
189 | } |
||
190 | |||
191 | return $content; |
||
192 | } |
||
193 | |||
194 | /** |
||
195 | * The request method send by the client-browser. |
||
196 | * |
||
197 | * @return null|string |
||
198 | */ |
||
199 | public function getMethod() |
||
200 | { |
||
201 | return $this->method; |
||
202 | } |
||
203 | } |
||
204 |
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check:
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.