This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace NotificationChannels\HipChat; |
||
4 | |||
5 | use GuzzleHttp\Psr7\Request; |
||
6 | use GuzzleHttp\Client as HttpClient; |
||
7 | use GuzzleHttp\Psr7\MultipartStream; |
||
8 | use function GuzzleHttp\Psr7\stream_for; |
||
9 | use function GuzzleHttp\Psr7\modify_request; |
||
10 | |||
11 | class HipChat |
||
12 | { |
||
13 | /** |
||
14 | * @var string |
||
15 | */ |
||
16 | protected $token; |
||
17 | |||
18 | /** |
||
19 | * @var HttpClient |
||
20 | */ |
||
21 | protected $http; |
||
22 | |||
23 | /** |
||
24 | * @var string |
||
25 | */ |
||
26 | protected $url; |
||
27 | |||
28 | /** |
||
29 | * @var string |
||
30 | */ |
||
31 | protected $room; |
||
32 | |||
33 | /** |
||
34 | * Create a new instance. |
||
35 | * |
||
36 | * @param HttpClient $http |
||
37 | * @param string $token |
||
38 | * @param string|null $url |
||
39 | */ |
||
40 | public function __construct(HttpClient $http, $url, $token, $room) |
||
41 | { |
||
42 | $this->http = $http; |
||
43 | $this->url = rtrim($url ?: 'https://api.hipchat.com', '/'); |
||
44 | $this->token = $token; |
||
45 | $this->room = $room; |
||
46 | } |
||
47 | |||
48 | /** |
||
49 | * Returns default room id or name. |
||
50 | * |
||
51 | * @return string |
||
52 | */ |
||
53 | public function room() |
||
54 | { |
||
55 | return $this->room; |
||
56 | } |
||
57 | |||
58 | /** |
||
59 | * Returns HipChat base url. |
||
60 | * |
||
61 | * @return string |
||
62 | */ |
||
63 | public function url() |
||
64 | { |
||
65 | return $this->url; |
||
66 | } |
||
67 | |||
68 | /** |
||
69 | * Send a message. |
||
70 | * |
||
71 | * @param string|int $to |
||
72 | * @param array $message |
||
73 | * @return \Psr\Http\Message\ResponseInterface |
||
74 | */ |
||
75 | public function sendMessage($to, $message) |
||
76 | { |
||
77 | $url = $this->url.'/v2/room/'.urlencode($to).'/notification'; |
||
78 | |||
79 | return $this->post($url, [ |
||
80 | 'headers' => $this->getHeaders(), |
||
81 | 'json' => $message, |
||
82 | ]); |
||
83 | } |
||
84 | |||
85 | /** |
||
86 | * Share a file. |
||
87 | * |
||
88 | * @param string|int $to |
||
89 | * @param array $file |
||
90 | * @return \Psr\Http\Message\ResponseInterface |
||
91 | */ |
||
92 | public function shareFile($to, $file) |
||
93 | { |
||
94 | $parts[] = [ |
||
0 ignored issues
–
show
|
|||
95 | 'headers' => [ |
||
96 | 'Content-Type' => $file['file_type'] ?: 'application/octet-stream', |
||
97 | ], |
||
98 | 'name' => 'file', |
||
99 | 'contents' => stream_for($file['content']), |
||
100 | 'filename' => $file['filename'] ?: 'untitled', |
||
101 | ]; |
||
102 | |||
103 | if (! str_empty($file['message'])) { |
||
104 | $parts[] = [ |
||
105 | 'headers' => [ |
||
106 | 'Content-Type' => 'application/json', |
||
107 | ], |
||
108 | 'name' => 'metadata', |
||
109 | 'contents' => json_encode(['message' => $file['message']]), |
||
110 | ]; |
||
111 | } |
||
112 | |||
113 | $url = $this->url.'/v2/room/'.urlencode($to).'/share/file'; |
||
114 | |||
115 | return $this->postMultipartRelated($url, [ |
||
116 | 'headers' => $this->getHeaders(), |
||
117 | 'multipart' => $parts, |
||
118 | ]); |
||
119 | } |
||
120 | |||
121 | /** |
||
122 | * Make a simple post request. |
||
123 | * |
||
124 | * @param string $url |
||
125 | * @param array $options |
||
126 | * @return \Psr\Http\Message\ResponseInterface |
||
127 | */ |
||
128 | protected function post($url, $options) |
||
129 | { |
||
130 | return $this->http->post($url, $options); |
||
131 | } |
||
132 | |||
133 | /** |
||
134 | * Make a multipart/related request. |
||
135 | * Unfortunately Guzzle doesn't support multipart/related requests out of the box. |
||
136 | * |
||
137 | * @param $url |
||
138 | * @param $options |
||
139 | * @return \Psr\Http\Message\ResponseInterface |
||
140 | */ |
||
141 | protected function postMultipartRelated($url, $options) |
||
142 | { |
||
143 | $headers = isset($options['headers']) ? $options['headers'] : []; |
||
144 | |||
145 | $body = new MultipartStream($options['multipart']); |
||
146 | |||
147 | $version = isset($options['version']) ? $options['version'] : '1.1'; |
||
148 | |||
149 | $request = new Request('POST', $url, $headers, $body, $version); |
||
150 | |||
151 | $changeContentType['set_headers']['Content-Type'] = 'multipart/related; boundary='.$request->getBody()->getBoundary(); |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$changeContentType was never initialized. Although not strictly required by PHP, it is generally a good practice to add $changeContentType = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.
Loading history...
|
|||
152 | |||
153 | $request = modify_request($request, $changeContentType); |
||
154 | |||
155 | return $this->http->send($request); |
||
156 | } |
||
157 | |||
158 | /** |
||
159 | * Get common request headers. |
||
160 | * |
||
161 | * @return array |
||
162 | */ |
||
163 | protected function getHeaders() |
||
164 | { |
||
165 | return [ |
||
166 | 'Authorization' => 'Bearer '.$this->token, |
||
167 | ]; |
||
168 | } |
||
169 | } |
||
170 |
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code.
Let’s take a look at an example:
As you can see in this example, the array
$myArray
is initialized the first time when the foreach loop is entered. You can also see that the value of thebar
key is only written conditionally; thus, its value might result from a previous iteration.This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop.