This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Hosting Plugin for HiPanel |
||
4 | * |
||
5 | * @link https://github.com/hiqdev/hipanel-module-hosting |
||
6 | * @package hipanel-module-hosting |
||
7 | * @license BSD-3-Clause |
||
8 | * @copyright Copyright (c) 2015-2019, HiQDev (http://hiqdev.com/) |
||
9 | */ |
||
10 | |||
11 | namespace hipanel\modules\hosting\models; |
||
12 | |||
13 | use hipanel\helpers\StringHelper; |
||
14 | use hipanel\modules\hosting\models\query\AccountQuery; |
||
15 | use hipanel\modules\hosting\validators\LoginValidator; |
||
16 | use Yii; |
||
17 | |||
18 | /** |
||
19 | * Class Account |
||
20 | * @package hipanel\modules\hosting\models |
||
21 | * |
||
22 | * @property $values |
||
23 | */ |
||
24 | class Account extends \hipanel\base\Model |
||
25 | { |
||
26 | use \hipanel\base\ModelTrait; |
||
27 | |||
28 | public static $i18nDictionary = 'hipanel:hosting'; |
||
29 | |||
30 | const TYPE_SSH = 'user'; |
||
31 | const TYPE_FTP = 'ftponly'; |
||
32 | |||
33 | const STATE_OK = 'ok'; |
||
34 | const STATE_BLOCKED = 'blocked'; |
||
35 | const STATE_DELETED = 'deleted'; |
||
36 | |||
37 | public function init() |
||
38 | { |
||
39 | $this->on(static::EVENT_BEFORE_VALIDATE, [$this, 'onBeforeValidate']); |
||
40 | } |
||
41 | |||
42 | public function rules() |
||
43 | { |
||
44 | return [ |
||
45 | [['id', 'client_id', 'device_id', 'server_id', 'seller_id'], 'integer'], |
||
46 | [ |
||
47 | ['login', 'password', 'shell', 'client', 'path', 'home', 'device', 'server', 'seller', 'uid', 'gid'], |
||
48 | 'safe', |
||
49 | ], |
||
50 | [['type', 'type_label', 'state', 'state_label'], 'safe'], |
||
51 | [['ip', 'allowed_ips', 'objects_count', 'request_state', 'request_state_label'], 'safe'], |
||
52 | [['login', 'server', 'password', 'sshftp_ips', 'type'], 'safe', 'on' => ['create', 'create-ftponly']], |
||
53 | [['login', 'server', 'password', 'type'], 'required', 'on' => ['create', 'create-ftponly']], |
||
54 | [['account', 'path'], 'required', 'on' => ['create-ftponly']], |
||
55 | [['login'], 'required', 'on' => ['change-password']], |
||
56 | [['password'], 'required', 'on' => ['change-password']], |
||
57 | [ |
||
58 | ['password'], |
||
59 | 'compare', |
||
60 | 'compareAttribute' => 'login', |
||
61 | 'message' => Yii::t('hipanel', 'Password must not be equal to login'), |
||
62 | 'operator' => '!=', |
||
63 | 'on' => ['create', 'create-ftponly', 'update', 'change-password'], |
||
64 | ], |
||
65 | [['login'], LoginValidator::class, 'on' => ['create', 'create-ftponly', 'change-password']], |
||
66 | [ |
||
67 | ['login'], |
||
68 | 'in', |
||
69 | 'range' => ['root', 'toor'], |
||
70 | 'not' => true, |
||
71 | 'on' => ['create', 'create-ftponly'], |
||
72 | 'message' => Yii::t('hipanel:hosting', 'You can not use this login'), |
||
73 | ], |
||
74 | [ |
||
75 | ['sshftp_ips'], |
||
76 | 'filter', |
||
77 | 'filter' => function ($value) { |
||
78 | return StringHelper::explode($value); |
||
79 | }, |
||
80 | 'on' => ['create', 'create-ftponly', 'update', 'set-allowed-ips'], |
||
81 | ], |
||
82 | [ |
||
83 | ['sshftp_ips'], |
||
84 | 'each', |
||
85 | 'rule' => ['ip', 'negation' => true, 'subnet' => null], |
||
86 | 'on' => ['create', 'create-ftponly', 'update', 'set-allowed-ips'], |
||
87 | ], |
||
88 | [ |
||
89 | ['id'], |
||
90 | 'required', |
||
91 | 'on' => ['change-password', 'set-allowed-ips', 'set-mail-settings', 'set-system-settings', 'set-ghost-options', 'delete'], |
||
92 | ], |
||
93 | [['id'], 'canSetMailSettings', 'on' => ['set-mail-settings']], |
||
94 | [['path', 'gid', 'uid'], 'string', 'on' => ['set-system-settings']], |
||
95 | [['account', 'server'], 'required', 'on' => ['get-directories-list']], |
||
96 | [['type', 'comment'], 'required', 'on' => ['enable-block']], |
||
97 | [['comment'], 'safe', 'on' => ['disable-block']], |
||
98 | ]; |
||
99 | } |
||
100 | |||
101 | /** |
||
102 | * {@inheritdoc} |
||
103 | */ |
||
104 | public function attributeLabels() |
||
105 | { |
||
106 | return $this->mergeAttributeLabels([ |
||
107 | 'allowed_ips' => Yii::t('hipanel:hosting', 'Allowed IPs'), |
||
108 | 'sshftp_ips' => Yii::t('hipanel:hosting', 'IP to access on the server via SSH or FTP'), |
||
109 | 'path' => Yii::t('hipanel:hosting:account', 'Home directory'), |
||
110 | 'gid' => Yii::t('hipanel:hosting:account', 'Group'), |
||
111 | 'uid' => Yii::t('hipanel:hosting:account', 'ID'), |
||
112 | ]); |
||
113 | } |
||
114 | |||
115 | public function goodStates() |
||
116 | { |
||
117 | return [self::STATE_OK]; |
||
118 | } |
||
119 | |||
120 | public function getValues() |
||
121 | { |
||
122 | return $this->hasOne(AccountValues::class, ['id' => 'id']); |
||
123 | } |
||
124 | |||
125 | /** |
||
126 | * @return bool |
||
127 | */ |
||
128 | public function isOperable() |
||
129 | { |
||
130 | /// TODO: all is operable for admin |
||
131 | if (!in_array($this->state, $this->goodStates(), true)) { |
||
0 ignored issues
–
show
|
|||
132 | return false; |
||
133 | } |
||
134 | |||
135 | return true; |
||
136 | } |
||
137 | |||
138 | public function getSshFtpIpsList() |
||
139 | { |
||
140 | return implode(', ', empty($this->sshftp_ips) ? ['0.0.0.0/0'] : $this->sshftp_ips); |
||
0 ignored issues
–
show
The property
sshftp_ips does not exist on object<hipanel\modules\hosting\models\Account> . Since you implemented __get , maybe consider adding a @property annotation.
Since your code implements the magic getter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
If the property has read access only, you can use the @property-read annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
141 | } |
||
142 | |||
143 | public function getKnownTypes() |
||
144 | { |
||
145 | return [static::TYPE_FTP, static::TYPE_SSH]; |
||
146 | } |
||
147 | |||
148 | public function getIsBlocked() |
||
149 | { |
||
150 | return $this->state === self::STATE_BLOCKED; |
||
0 ignored issues
–
show
The property
state does not exist on object<hipanel\modules\hosting\models\Account> . Since you implemented __get , maybe consider adding a @property annotation.
Since your code implements the magic getter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
If the property has read access only, you can use the @property-read annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
151 | } |
||
152 | |||
153 | public function canSetMailSettings() |
||
154 | { |
||
155 | return $this->type === self::TYPE_SSH && Yii::$app->user->can('support'); |
||
0 ignored issues
–
show
The property
type does not exist on object<hipanel\modules\hosting\models\Account> . Since you implemented __get , maybe consider adding a @property annotation.
Since your code implements the magic getter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
If the property has read access only, you can use the @property-read annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
156 | } |
||
157 | |||
158 | public function scenarioActions() |
||
159 | { |
||
160 | return [ |
||
161 | 'set-allowed-ips' => 'set-allowed-IPs', |
||
162 | 'create-ftponly' => 'create', |
||
163 | ]; |
||
164 | } |
||
165 | |||
166 | public function onBeforeValidate() |
||
167 | { |
||
168 | if ($this->scenario === 'create') { |
||
169 | $this->type = static::TYPE_SSH; |
||
0 ignored issues
–
show
The property
type does not exist on object<hipanel\modules\hosting\models\Account> . Since you implemented __set , maybe consider adding a @property annotation.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
170 | } elseif ($this->scenario === 'create-ftponly') { |
||
171 | $this->type = static::TYPE_FTP; |
||
0 ignored issues
–
show
The property
type does not exist on object<hipanel\modules\hosting\models\Account> . Since you implemented __set , maybe consider adding a @property annotation.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
172 | } |
||
173 | |||
174 | return true; |
||
175 | } |
||
176 | |||
177 | /** |
||
178 | * {@inheritdoc} |
||
179 | * @return AccountQuery |
||
180 | */ |
||
181 | public static function find(array $options = []): AccountQuery |
||
182 | { |
||
183 | return new AccountQuery(get_called_class(), [ |
||
184 | 'options' => $options, |
||
185 | ]); |
||
186 | } |
||
187 | } |
||
188 |
Since your code implements the magic getter
_get
, this function will be called for any read access on an undefined variable. You can add the@property
annotation to your class or interface to document the existence of this variable.If the property has read access only, you can use the @property-read annotation instead.
Of course, you may also just have mistyped another name, in which case you should fix the error.
See also the PhpDoc documentation for @property.