This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Pimf |
||
4 | * |
||
5 | * @copyright Copyright (c) Gjero Krsteski (http://krsteski.de) |
||
6 | * @license http://opensource.org/licenses/MIT MIT |
||
7 | */ |
||
8 | |||
9 | namespace Pimf; |
||
10 | |||
11 | use Pimf\Session\Payload; |
||
12 | use Pimf\Session\Storages as Storage; |
||
13 | |||
14 | /** |
||
15 | * Using the session |
||
16 | * |
||
17 | * <code> |
||
18 | * |
||
19 | * // Retrieve the session instance and get an item |
||
20 | * Session::instance()->get('name'); |
||
21 | * |
||
22 | * // Retrieve the session instance and place an item in the session |
||
23 | * Session::instance()->put('name', 'Robin'); |
||
24 | * |
||
25 | * // Retrieve a value from the session |
||
26 | * $value = Session::get('name'); |
||
27 | * |
||
28 | * // Write a value to the session storage |
||
29 | * $value = Session::put('name', 'Robin'); |
||
30 | * |
||
31 | * // Equivalent statement using the "instance" method |
||
32 | * $value = Session::instance()->put('name', 'Robin'); |
||
33 | * |
||
34 | * </code> |
||
35 | * |
||
36 | * @package Pimf |
||
37 | * @author Gjero Krsteski <[email protected]> |
||
38 | * |
||
39 | * @method static save() |
||
40 | */ |
||
41 | class Session |
||
42 | { |
||
43 | /** |
||
44 | * The session singleton instance for the request. |
||
45 | * |
||
46 | * @var Payload |
||
47 | */ |
||
48 | public static $instance; |
||
49 | |||
50 | /** |
||
51 | * The string name of the CSRF token stored in the session. |
||
52 | * |
||
53 | * @var string |
||
54 | */ |
||
55 | const CSRF = 'csrf_token'; |
||
56 | |||
57 | /** |
||
58 | * Create the session payload and load the session. |
||
59 | * |
||
60 | * @return void |
||
61 | */ |
||
62 | public static function load() |
||
63 | { |
||
64 | $session = Config::get('session'); |
||
65 | |||
66 | static::start($session['storage']); |
||
67 | |||
68 | static::$instance->load(Cookie::get($session['cookie'])); |
||
69 | } |
||
70 | |||
71 | /** |
||
72 | * Create the session payload instance for the request. |
||
73 | * |
||
74 | * @param string $storage |
||
75 | * |
||
76 | * @return void |
||
77 | */ |
||
78 | public static function start($storage) |
||
79 | { |
||
80 | static::$instance = new Payload(static::factory($storage)); |
||
81 | } |
||
82 | |||
83 | /** |
||
84 | * Create a new session storage instance. |
||
85 | * |
||
86 | * @param string $storage |
||
87 | * |
||
88 | * @return Storage\Storage |
||
89 | * @throws \RuntimeException |
||
90 | */ |
||
91 | public static function factory($storage) |
||
92 | { |
||
93 | switch ($storage) { |
||
94 | case 'apc': |
||
95 | return new Storage\Apc(Cache::storage('apc')); |
||
0 ignored issues
–
show
|
|||
96 | |||
97 | case 'cookie': |
||
98 | return new Storage\Cookie(); |
||
99 | |||
100 | case 'file': |
||
101 | return new Storage\File(Config::get('session.storage_path')); |
||
102 | |||
103 | case 'pdo': |
||
104 | return new Storage\Pdo(Pdo\Factory::get(Config::get('session.database'))); |
||
105 | |||
106 | case 'memcached': |
||
107 | return new Storage\Memcached(Cache::storage('memcached')); |
||
0 ignored issues
–
show
It seems like
\Pimf\Cache::storage('memcached') targeting Pimf\Cache::storage() can also be of type object<Pimf\Cache\Storages\Apc> or object<Pimf\Cache\Storages\Dba> or object<Pimf\Cache\Storages\File> or object<Pimf\Cache\Storages\Memory> or object<Pimf\Cache\Storages\Pdo> or object<Pimf\Cache\Storages\Redis> or object<Pimf\Cache\Storages\Wincache> ; however, Pimf\Session\Storages\Memcached::__construct() does only seem to accept object<Pimf\Cache\Storages\Memcached> , maybe add an additional type check?
This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble.
Loading history...
|
|||
108 | |||
109 | case 'memory': |
||
110 | return new Storage\Memory(); |
||
111 | |||
112 | case 'redis': |
||
113 | return new Storage\Redis(Cache::storage('redis')); |
||
0 ignored issues
–
show
It seems like
\Pimf\Cache::storage('redis') targeting Pimf\Cache::storage() can also be of type object<Pimf\Cache\Storages\Apc> or object<Pimf\Cache\Storages\Dba> or object<Pimf\Cache\Storages\File> or object<Pimf\Cache\Storages\Memcached> or object<Pimf\Cache\Storages\Memory> or object<Pimf\Cache\Storages\Pdo> or object<Pimf\Cache\Storages\Wincache> ; however, Pimf\Session\Storages\Redis::__construct() does only seem to accept object<Pimf\Cache\Storages\Redis> , maybe add an additional type check?
This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble.
Loading history...
|
|||
114 | |||
115 | case 'dba': |
||
116 | return new Storage\Dba(Cache::storage('dba')); |
||
0 ignored issues
–
show
It seems like
\Pimf\Cache::storage('dba') targeting Pimf\Cache::storage() can also be of type object<Pimf\Cache\Storages\Apc> or object<Pimf\Cache\Storages\File> or object<Pimf\Cache\Storages\Memcached> or object<Pimf\Cache\Storages\Memory> or object<Pimf\Cache\Storages\Pdo> or object<Pimf\Cache\Storages\Redis> or object<Pimf\Cache\Storages\Wincache> ; however, Pimf\Session\Storages\Dba::__construct() does only seem to accept object<Pimf\Cache\Storages\Dba> , maybe add an additional type check?
This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble.
Loading history...
|
|||
117 | |||
118 | default: |
||
119 | throw new \RuntimeException("Session storage [$storage] is not supported."); |
||
120 | } |
||
121 | } |
||
122 | |||
123 | /** |
||
124 | * Retrieve the active session payload instance for the request. |
||
125 | * |
||
126 | * @return Payload |
||
127 | * @throws \RuntimeException |
||
128 | */ |
||
129 | public static function instance() |
||
130 | { |
||
131 | if (static::started()) { |
||
132 | return static::$instance; |
||
133 | } |
||
134 | |||
135 | throw new \RuntimeException("A storage must be set before using the session."); |
||
136 | } |
||
137 | |||
138 | /** |
||
139 | * Determine if session handling has been started for the request. |
||
140 | * |
||
141 | * @return bool |
||
142 | */ |
||
143 | public static function started() |
||
144 | { |
||
145 | return (static::$instance !== null); |
||
146 | } |
||
147 | |||
148 | /** |
||
149 | * Magic Method for calling the methods on the session singleton instance. |
||
150 | * |
||
151 | * @param $method |
||
152 | * @param $parameters |
||
153 | * |
||
154 | * @return mixed |
||
155 | */ |
||
156 | public static function __callStatic($method, $parameters) |
||
157 | { |
||
158 | return call_user_func_array( |
||
159 | array(static::instance(), $method), $parameters |
||
160 | ); |
||
161 | } |
||
162 | } |
||
163 |
This check looks at variables that are passed out again to other methods.
If the outgoing method call has stricter type requirements than the method itself, an issue is raised.
An additional type check may prevent trouble.