1 | <?php |
||
2 | |||
3 | /* |
||
4 | * @copyright 2014 Mautic Contributors. All rights reserved |
||
5 | * @author Mautic |
||
6 | * |
||
7 | * @link http://mautic.org |
||
8 | * |
||
9 | * @license GNU/GPLv3 http://www.gnu.org/licenses/gpl-3.0.html |
||
10 | */ |
||
11 | |||
12 | namespace Mautic\FormBundle\Validator\Constraint; |
||
13 | |||
14 | use Mautic\CoreBundle\Helper\CoreParametersHelper; |
||
15 | use Symfony\Component\Validator\Constraint; |
||
16 | use Symfony\Component\Validator\ConstraintValidator; |
||
17 | |||
18 | class FileExtensionConstraintValidator extends ConstraintValidator |
||
19 | { |
||
20 | /** |
||
21 | * @var CoreParametersHelper |
||
22 | */ |
||
23 | private $coreParametersHelper; |
||
24 | |||
25 | public function __construct(CoreParametersHelper $coreParametersHelper) |
||
26 | { |
||
27 | $this->coreParametersHelper = $coreParametersHelper; |
||
28 | } |
||
29 | |||
30 | /** |
||
31 | * Checks if the passed value is valid. |
||
32 | * |
||
33 | * @param mixed $value The value that should be validated |
||
34 | * @param Constraint $constraint The constraint for the validation |
||
35 | */ |
||
36 | public function validate($value, Constraint $constraint) |
||
37 | { |
||
38 | if (!is_array($value)) { |
||
39 | $this->context->buildViolation($constraint->message) |
||
40 | ->setParameter('{{ forbidden }}', '') |
||
41 | ->addViolation(); |
||
42 | } |
||
43 | |||
44 | $blacklistedExtensions = $this->coreParametersHelper->get('blacklisted_extensions'); |
||
45 | $intersect = array_intersect($value, $blacklistedExtensions); |
||
46 | if ($intersect) { |
||
0 ignored issues
–
show
|
|||
47 | $this->context->buildViolation($constraint->message) |
||
48 | ->setParameter('{{ forbidden }}', implode(', ', $intersect)) |
||
49 | ->addViolation(); |
||
50 | } |
||
51 | } |
||
52 | } |
||
53 |
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.
Consider making the comparison explicit by using
empty(..)
or! empty(...)
instead.