Issues in CsrfFilter.php - Fixed Issues - Inspection of "CamelCase namespaces + bug fixes" - lugnsk/micro - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 579af5...b29473 )

by Oleg

created 2016-02-08 20:56 UTC

micro/filter/CsrfFilter.php (5 issues)

Labels

Bug 5

Severity

Major 5

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php /** CsrfFilterMicro */

namespace Micro\filter;

/**
 * Class CsrfFilter
 *
 * @author Oleg Lunegov <[email protected]>
 * @link https://github.com/lugnsk/micro
 * @copyright Copyright &copy; 2013 Oleg Lunegov
 * @license /LICENSE
 * @package micro
 * @subpackage filter
 * @version 1.0
 * @since 1.0
 */
class CsrfFilter extends Filter
{
    /**
     * @inheritdoc
     */
    public function pre(array $params)
    {
        if ($this->container->request->server('REQUEST_METHOD') !== 'POST') {
interface SomeInterface { }
class SomeClass implements SomeInterface {
    public $a;
}

function someFunction(SomeInterface $object) {
    if ($object instanceof SomeClass) {
        $a = $object->a;
    }
}
            return true;
        }

        $postCSRF = $this->container->request->post('csrf');
interface SomeInterface { }
class SomeClass implements SomeInterface {
    public $a;
}

function someFunction(SomeInterface $object) {
    if ($object instanceof SomeClass) {
        $a = $object->a;
    }
}
        if (!$postCSRF) {
            $this->result = [
                'redirect' => !empty($rule['redirect']) ? $rule['redirect'] : null,
                'message' => !empty($rule['message']) ? $rule['message'] : 'Not allowed!'
            ];

            return false;
        }

        $csrf = $this->container->session->csrf;
interface SomeInterface { }
class SomeClass implements SomeInterface {
    public $a;
}

function someFunction(SomeInterface $object) {
    if ($object instanceof SomeClass) {
        $a = $object->a;
    }
}
        if (($key = in_array(md5($postCSRF), $csrf, true)) !== null) {
            unset($csrf[$key]);

            $this->container->session->csrf = $csrf;
interface SomeInterface { }
class SomeClass implements SomeInterface {
    public $a;
}

function someFunction(SomeInterface $object) {
    if ($object instanceof SomeClass) {
        $a = $object->a;
    }
}

            return true;
        }

        $this->result = [
            'redirect' => !empty($rule['redirect']) ? $rule['redirect'] : null,
            'message' => !empty($rule['message']) ? $rule['message'] : 'Bad request!'
        ];

        return false;
    }

    /**
     * @inheritdoc
     */
    public function post(array $params)
    {
        return preg_replace_callback(
            '/(<form[^>]*>)(.*?)(<\/form>)/m',
            array($this, 'insertProtect'),
            $params['data']
        );
    }

    /**
     * Insert CSRF protect into forms
     *
     * @access public
     *
     * @param array $matches Form
     *
     * @return string
     */
    public function insertProtect(array $matches = [])
    {
        $gen = md5(mt_rand());
        $s = $this->container->session;
interface SomeInterface { }
class SomeClass implements SomeInterface {
    public $a;
}

function someFunction(SomeInterface $object) {
    if ($object instanceof SomeClass) {
        $a = $object->a;
    }
}

        $s->csrf = array_merge(is_array($s->csrf) ? $s->csrf : [], [md5($gen)]);

        return $matches[1] . '<input type="hidden" name="csrf" value="' . $gen . '" />' . $matches[2] . $matches[3];
    }
}


1		<?php /** CsrfFilterMicro */
2
3		namespace Micro\filter;
4
5		/**
6		* Class CsrfFilter
7		*
8		* @author Oleg Lunegov <[email protected]>
9		* @link https://github.com/lugnsk/micro
10		* @copyright Copyright © 2013 Oleg Lunegov
11		* @license /LICENSE
12		* @package micro
13		* @subpackage filter
14		* @version 1.0
15		* @since 1.0
16		*/
17		class CsrfFilter extends Filter
18		{
19		/**
20		* @inheritdoc
21		*/
22		public function pre(array $params)
23		{
24		if ($this->container->request->server('REQUEST_METHOD') !== 'POST') {
		0 ignored issues – show Bug introduced 2015-11-21 13:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Accessing `request` on the interface `Micro\base\IContainer` suggest that you code against a concrete implementation. How about adding an `instanceof` check? If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes Adding an additional type check: interface SomeInterface { } class SomeClass implements SomeInterface { public $a; } function someFunction(SomeInterface $object) { if ($object instanceof SomeClass) { $a = $object->a; } } Changing the type hint: interface SomeInterface { } class SomeClass implements SomeInterface { public $a; } function someFunction(SomeClass $object) { $a = $object->a; } Loading history...
25		return true;
26		}
27
28		$postCSRF = $this->container->request->post('csrf');
		0 ignored issues – show Bug introduced 2015-11-21 13:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Accessing `request` on the interface `Micro\base\IContainer` suggest that you code against a concrete implementation. How about adding an `instanceof` check? If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes Adding an additional type check: interface SomeInterface { } class SomeClass implements SomeInterface { public $a; } function someFunction(SomeInterface $object) { if ($object instanceof SomeClass) { $a = $object->a; } } Changing the type hint: interface SomeInterface { } class SomeClass implements SomeInterface { public $a; } function someFunction(SomeClass $object) { $a = $object->a; } Loading history...
29	View Code Duplication	if (!$postCSRF) {
30		$this->result = [
31		'redirect' => !empty($rule['redirect']) ? $rule['redirect'] : null,
32		'message' => !empty($rule['message']) ? $rule['message'] : 'Not allowed!'
33		];
34
35		return false;
36		}
37
38		$csrf = $this->container->session->csrf;
		0 ignored issues – show Bug introduced 2015-11-21 13:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Accessing `session` on the interface `Micro\base\IContainer` suggest that you code against a concrete implementation. How about adding an `instanceof` check? If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes Adding an additional type check: interface SomeInterface { } class SomeClass implements SomeInterface { public $a; } function someFunction(SomeInterface $object) { if ($object instanceof SomeClass) { $a = $object->a; } } Changing the type hint: interface SomeInterface { } class SomeClass implements SomeInterface { public $a; } function someFunction(SomeClass $object) { $a = $object->a; } Loading history...
39		if (($key = in_array(md5($postCSRF), $csrf, true)) !== null) {
40		unset($csrf[$key]);
41
42		$this->container->session->csrf = $csrf;
		0 ignored issues – show Bug introduced 2015-11-21 13:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Accessing `session` on the interface `Micro\base\IContainer` suggest that you code against a concrete implementation. How about adding an `instanceof` check? If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes Adding an additional type check: interface SomeInterface { } class SomeClass implements SomeInterface { public $a; } function someFunction(SomeInterface $object) { if ($object instanceof SomeClass) { $a = $object->a; } } Changing the type hint: interface SomeInterface { } class SomeClass implements SomeInterface { public $a; } function someFunction(SomeClass $object) { $a = $object->a; } Loading history...
43
44		return true;
45		}
46
47		$this->result = [
48		'redirect' => !empty($rule['redirect']) ? $rule['redirect'] : null,
49		'message' => !empty($rule['message']) ? $rule['message'] : 'Bad request!'
50		];
51
52		return false;
53		}
54
55		/**
56		* @inheritdoc
57		*/
58		public function post(array $params)
59		{
60		return preg_replace_callback(
61		'/(<form[^>]>)(.?)(<\/form>)/m',
62		array($this, 'insertProtect'),
63		$params['data']
64		);
65		}
66
67		/**
68		* Insert CSRF protect into forms
69		*
70		* @access public
71		*
72		* @param array $matches Form
73		*
74		* @return string
75		*/
76		public function insertProtect(array $matches = [])
77		{
78		$gen = md5(mt_rand());
79		$s = $this->container->session;
		0 ignored issues – show Bug introduced 2015-11-21 13:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Accessing `session` on the interface `Micro\base\IContainer` suggest that you code against a concrete implementation. How about adding an `instanceof` check? If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes Adding an additional type check: interface SomeInterface { } class SomeClass implements SomeInterface { public $a; } function someFunction(SomeInterface $object) { if ($object instanceof SomeClass) { $a = $object->a; } } Changing the type hint: interface SomeInterface { } class SomeClass implements SomeInterface { public $a; } function someFunction(SomeClass $object) { $a = $object->a; } Loading history...
80
81		$s->csrf = array_merge(is_array($s->csrf) ? $s->csrf : [], [md5($gen)]);
82
83		return $matches[1] . '<input type="hidden" name="csrf" value="' . $gen . '" />' . $matches[2] . $matches[3];
84		}
85		}
86

lugnsk / micro

Push — master ( 579af5...b29473 )

micro/filter/CsrfFilter.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Duplication Side-by-Side

Filter issues like