Issues in DecryptController.php (master) - Issues in master - lekoala/silverstripe-encrypt - Measure and Improve Code Quality continuously with Scrutinizer

Issues (84)

src/DecryptController.php (2 issues)

Severity

Unknown 2

<?php

namespace LeKoala\Encrypt;

use SilverStripe\Assets\File;
use SilverStripe\Security\Security;
use SilverStripe\Control\Controller;
use SilverStripe\Security\Permission;
use SilverStripe\Versioned\Versioned;
use SilverStripe\Control\HTTPResponse;

/**
 * Easily decrypt your files
 */
class DecryptController extends Controller
{
    /**
     * @return HTTPResponse|void
     */
    public function index()
    {
        $request = $this->getRequest();
        $ID = (int) $request->getVar("ID");
        $Hash = $request->getVar("Hash");

        if (!$ID || !$Hash) {
            return $this->httpError(404);
        }

        $sendDraft = $this->config()->send_draft;

        /** @var File|null $File */
        $File = File::get()->byID($ID);
        if (!$File && $sendDraft && class_exists(Versioned::class)) {

            /** @var File|null $File */
            $File = Versioned::get_one_by_stage(File::class, Versioned::DRAFT, "ID = " . $ID);
        }
        if (!$File) {

            return $this->httpError(404);
        }

        // Verify hash
        $FileHash = substr($File->File->Hash, 0, 10);
        if ($Hash != $FileHash && !Permission::check("CMS_ACCESS")) {
            return $this->httpError(404);
        }

        // Check protected
        $sendProtected = $this->config()->send_protected;
        $adminSendProtected = $this->config()->admin_send_protected;
        $currentUserID = Security::getCurrentUser()->ID ?? 0;
        $isOwner = $File->OwnerID === $currentUserID;
        if ($File->getVisibility() == "protected") {
            if (!$sendProtected && !$isOwner) {
                if ($adminSendProtected && Permission::check("CMS_ACCESS")) {
                    // We can proceed
                } else {
                    return $this->httpError(404);
                }
            }
        }

        EncryptHelper::sendDecryptedFile($File);
    }
}


1			<?php
2
3			namespace LeKoala\Encrypt;
4
5			use SilverStripe\Assets\File;
6			use SilverStripe\Security\Security;
7			use SilverStripe\Control\Controller;
8			use SilverStripe\Security\Permission;
9			use SilverStripe\Versioned\Versioned;
10			use SilverStripe\Control\HTTPResponse;
11
12			/**
13			* Easily decrypt your files
14			*/
15			class DecryptController extends Controller
16			{
17			/**
18			* @return HTTPResponse\|void
19			*/
20			public function index()
21			{
22			$request = $this->getRequest();
23			$ID = (int) $request->getVar("ID");
24			$Hash = $request->getVar("Hash");
25
26			if (!$ID \|\| !$Hash) {
27			return $this->httpError(404);
28			}
29
30			$sendDraft = $this->config()->send_draft;
31
32			/** @var File\|null $File */
33			$File = File::get()->byID($ID);
34			if (!$File && $sendDraft && class_exists(Versioned::class)) {
			0 ignored issues – show introduced 2021-08-31 19:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$File` is of type `SilverStripe\Assets\File`, thus it always evaluated to `true`. Loading history...
35			/** @var File\|null $File */
36			$File = Versioned::get_one_by_stage(File::class, Versioned::DRAFT, "ID = " . $ID);
37			}
38			if (!$File) {
			0 ignored issues – show introduced 2021-08-31 19:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$File` is of type `SilverStripe\Assets\File`, thus it always evaluated to `true`. Loading history...
39			return $this->httpError(404);
40			}
41
42			// Verify hash
43			$FileHash = substr($File->File->Hash, 0, 10);
44			if ($Hash != $FileHash && !Permission::check("CMS_ACCESS")) {
45			return $this->httpError(404);
46			}
47
48			// Check protected
49			$sendProtected = $this->config()->send_protected;
50			$adminSendProtected = $this->config()->admin_send_protected;
51			$currentUserID = Security::getCurrentUser()->ID ?? 0;
52			$isOwner = $File->OwnerID === $currentUserID;
53			if ($File->getVisibility() == "protected") {
54			if (!$sendProtected && !$isOwner) {
55			if ($adminSendProtected && Permission::check("CMS_ACCESS")) {
56			// We can proceed
57			} else {
58			return $this->httpError(404);
59			}
60			}
61			}
62
63			EncryptHelper::sendDecryptedFile($File);
64			}
65			}
66

lekoala / silverstripe-encrypt

Issues (84)

src/DecryptController.php (2 issues)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like