Inspection of "Smarty 5 compat: Pass in value of time() to ban te..." - mdaniels5757/waca - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — smarty5 ( 853ee4...d2daf7 )

by Simon

created 2025-05-11 22:36 UTC

Status

Indentation +152 added lines, -152 removed lines patch added patch discarded remove patch

@@ -35,156 +35,156 @@
 block discarded – undo
  */
 class PageCreateRequest extends RequestActionBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @return void
-     * @throws AccessDeniedException
-     * @throws ApplicationLogicException
-     */
-    protected function main()
-    {
-        $this->checkPosted();
-
-        $database = $this->getDatabase();
-
-        $request = $this->getRequest($database);
-        $template = $this->getTemplate($database);
-        $creationMode = $this->getCreationMode();
-        $user = User::getCurrent($database);
-        $preferencesManager = PreferenceManager::getForCurrent($database);
-
-        $secMgr = $this->getSecurityManager();
-        if ($secMgr->allows('RequestCreation', PreferenceManager::CREATION_BOT, $user) !== ISecurityManager::ALLOWED
-            && $creationMode === 'bot'
-        ) {
-            throw new AccessDeniedException($secMgr, $this->getDomainAccessManager());
-        }
-        elseif ($secMgr->allows('RequestCreation', PreferenceManager::CREATION_OAUTH, $user) !== ISecurityManager::ALLOWED
-            && $creationMode === 'oauth'
-        ) {
-            throw new AccessDeniedException($secMgr, $this->getDomainAccessManager());
-        }
-
-        if ($request->getEmailSent()) {
-            throw new ApplicationLogicException('This requester has already had an email sent to them. Please fall back to manual creation or a custom close');
-        }
-
-        $request->setStatus(RequestStatus::JOBQUEUE);
-        $request->setReserved(null);
-        $request->save();
-
-        Logger::enqueuedJobQueue($database, $request);
-
-        $creationTaskId = $this->enqueueCreationTask($creationMode, $request, $template, $user, $database);
-
-        $welcomeTemplate = $preferencesManager->getPreference(PreferenceManager::PREF_WELCOMETEMPLATE);
-        if ($welcomeTemplate !== null && !WebRequest::postBoolean('skipAutoWelcome')) {
-            $this->enqueueWelcomeTask($request, $creationTaskId, $user, $database);
-        }
-
-        $this->getNotificationHelper()->requestCloseQueued($request, $template->getName());
-
-        SessionAlert::success("Request {$request->getId()} has been queued for autocreation");
-
-        $this->redirect();
-    }
-
-    protected function getCreationMode()
-    {
-        $creationMode = WebRequest::postString('mode');
-        if ($creationMode !== 'oauth' && $creationMode !== 'bot') {
-            throw new ApplicationLogicException('Unknown creation mode');
-        }
-
-        return $creationMode;
-    }
-
-    /**
-     * @param PdoDatabase $database
-     *
-     * @return EmailTemplate
-     * @throws ApplicationLogicException
-     */
-    protected function getTemplate(PdoDatabase $database)
-    {
-        $templateId = WebRequest::postInt('template');
-        if ($templateId === null) {
-            throw new ApplicationLogicException('No template specified');
-        }
-
-        /** @var EmailTemplate $template */
-        $template = EmailTemplate::getById($templateId, $database);
-        if ($template === false || !$template->getActive()) {
-            throw new ApplicationLogicException('Invalid or inactive template specified');
-        }
-
-        if ($template->getDefaultAction() !== EmailTemplate::ACTION_CREATED) {
-            throw new ApplicationLogicException('Specified template is not a creation template!');
-        }
-
-        return $template;
-    }
-
-    /**
-     * @param PdoDatabase $database
-     *
-     * @return Request
-     * @throws ApplicationLogicException
-     */
-    protected function getRequest(PdoDatabase $database)
-    {
-        $request = parent::getRequest($database);
-
-        if ($request->getStatus() == RequestStatus::CLOSED) {
-            throw new ApplicationLogicException('Request is already closed');
-        }
-
-        return $request;
-    }
-
-    /**
-     * @param               $creationMode
-     * @param Request       $request
-     * @param EmailTemplate $template
-     * @param User          $user
-     *
-     * @param PdoDatabase   $database
-     *
-     * @return int
-     * @throws ApplicationLogicException
-     */
-    protected function enqueueCreationTask(
-        $creationMode,
-        Request $request,
-        EmailTemplate $template,
-        User $user,
-        PdoDatabase $database
-    ) {
-        $creationTaskClass = null;
-
-        if ($creationMode == "oauth") {
-            $creationTaskClass = UserCreationTask::class;
-        }
-
-        if ($creationMode == "bot") {
-            $creationTaskClass = BotCreationTask::class;
-        }
-
-        if ($creationTaskClass === null) {
-            throw new ApplicationLogicException('Cannot determine creation mode');
-        }
-
-        $creationTask = new JobQueue();
-        $creationTask->setDomain(1); // FIXME: domains!
-        $creationTask->setTask($creationTaskClass);
-        $creationTask->setRequest($request->getId());
-        $creationTask->setEmailTemplate($template->getId());
-        $creationTask->setTriggerUserId($user->getId());
-        $creationTask->setDatabase($database);
-        $creationTask->save();
-
-        $creationTaskId = $creationTask->getId();
-
-        return $creationTaskId;
-    }
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @return void
+	 * @throws AccessDeniedException
+	 * @throws ApplicationLogicException
+	 */
+	protected function main()
+	{
+		$this->checkPosted();
+
+		$database = $this->getDatabase();
+
+		$request = $this->getRequest($database);
+		$template = $this->getTemplate($database);
+		$creationMode = $this->getCreationMode();
+		$user = User::getCurrent($database);
+		$preferencesManager = PreferenceManager::getForCurrent($database);
+
+		$secMgr = $this->getSecurityManager();
+		if ($secMgr->allows('RequestCreation', PreferenceManager::CREATION_BOT, $user) !== ISecurityManager::ALLOWED
+			&& $creationMode === 'bot'
+		) {
+			throw new AccessDeniedException($secMgr, $this->getDomainAccessManager());
+		}
+		elseif ($secMgr->allows('RequestCreation', PreferenceManager::CREATION_OAUTH, $user) !== ISecurityManager::ALLOWED
+			&& $creationMode === 'oauth'
+		) {
+			throw new AccessDeniedException($secMgr, $this->getDomainAccessManager());
+		}
+
+		if ($request->getEmailSent()) {
+			throw new ApplicationLogicException('This requester has already had an email sent to them. Please fall back to manual creation or a custom close');
+		}
+
+		$request->setStatus(RequestStatus::JOBQUEUE);
+		$request->setReserved(null);
+		$request->save();
+
+		Logger::enqueuedJobQueue($database, $request);
+
+		$creationTaskId = $this->enqueueCreationTask($creationMode, $request, $template, $user, $database);
+
+		$welcomeTemplate = $preferencesManager->getPreference(PreferenceManager::PREF_WELCOMETEMPLATE);
+		if ($welcomeTemplate !== null && !WebRequest::postBoolean('skipAutoWelcome')) {
+			$this->enqueueWelcomeTask($request, $creationTaskId, $user, $database);
+		}
+
+		$this->getNotificationHelper()->requestCloseQueued($request, $template->getName());
+
+		SessionAlert::success("Request {$request->getId()} has been queued for autocreation");
+
+		$this->redirect();
+	}
+
+	protected function getCreationMode()
+	{
+		$creationMode = WebRequest::postString('mode');
+		if ($creationMode !== 'oauth' && $creationMode !== 'bot') {
+			throw new ApplicationLogicException('Unknown creation mode');
+		}
+
+		return $creationMode;
+	}
+
+	/**
+	 * @param PdoDatabase $database
+	 *
+	 * @return EmailTemplate
+	 * @throws ApplicationLogicException
+	 */
+	protected function getTemplate(PdoDatabase $database)
+	{
+		$templateId = WebRequest::postInt('template');
+		if ($templateId === null) {
+			throw new ApplicationLogicException('No template specified');
+		}
+
+		/** @var EmailTemplate $template */
+		$template = EmailTemplate::getById($templateId, $database);
+		if ($template === false || !$template->getActive()) {
+			throw new ApplicationLogicException('Invalid or inactive template specified');
+		}
+
+		if ($template->getDefaultAction() !== EmailTemplate::ACTION_CREATED) {
+			throw new ApplicationLogicException('Specified template is not a creation template!');
+		}
+
+		return $template;
+	}
+
+	/**
+	 * @param PdoDatabase $database
+	 *
+	 * @return Request
+	 * @throws ApplicationLogicException
+	 */
+	protected function getRequest(PdoDatabase $database)
+	{
+		$request = parent::getRequest($database);
+
+		if ($request->getStatus() == RequestStatus::CLOSED) {
+			throw new ApplicationLogicException('Request is already closed');
+		}
+
+		return $request;
+	}
+
+	/**
+	 * @param               $creationMode
+	 * @param Request       $request
+	 * @param EmailTemplate $template
+	 * @param User          $user
+	 *
+	 * @param PdoDatabase   $database
+	 *
+	 * @return int
+	 * @throws ApplicationLogicException
+	 */
+	protected function enqueueCreationTask(
+		$creationMode,
+		Request $request,
+		EmailTemplate $template,
+		User $user,
+		PdoDatabase $database
+	) {
+		$creationTaskClass = null;
+
+		if ($creationMode == "oauth") {
+			$creationTaskClass = UserCreationTask::class;
+		}
+
+		if ($creationMode == "bot") {
+			$creationTaskClass = BotCreationTask::class;
+		}
+
+		if ($creationTaskClass === null) {
+			throw new ApplicationLogicException('Cannot determine creation mode');
+		}
+
+		$creationTask = new JobQueue();
+		$creationTask->setDomain(1); // FIXME: domains!
+		$creationTask->setTask($creationTaskClass);
+		$creationTask->setRequest($request->getId());
+		$creationTask->setEmailTemplate($template->getId());
+		$creationTask->setTriggerUserId($user->getId());
+		$creationTask->setDatabase($database);
+		$creationTask->save();
+
+		$creationTaskId = $creationTask->getId();
+
+		return $creationTaskId;
+	}
 }

Please login to merge, or discard this patch.

includes/Pages/PageListFlaggedComments.php 1 patch

Indentation +108 added lines, -108 removed lines patch added patch discarded remove patch

@@ -18,112 +18,112 @@
 block discarded – undo
 
 class PageListFlaggedComments extends InternalPageBase
 {
-    /**
-     * @inheritDoc
-     */
-    protected function main()
-    {
-        $this->setHtmlTitle('Flagged comments');
-        $this->setTemplate('flagged-comments.tpl');
-
-        $database = $this->getDatabase();
-        $this->assignCSRFToken();
-
-        /** @var Comment[] $commentObjects */
-        $commentObjects = Comment::getFlaggedComments($database, 1); // FIXME: domains
-        $comments = [];
-
-        $currentUser = User::getCurrent($database);
-
-        $seeRestrictedComments = $this->barrierTest('seeRestrictedComments', $currentUser, 'RequestData');
-        $seeCheckuserComments = $this->barrierTest('seeCheckuserComments', $currentUser, 'RequestData');
-        $alwaysSeePrivateData = $this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData');
-
-        foreach ($commentObjects as $object) {
-            $data = [
-                'visibility'    => $object->getVisibility(),
-                'hidden'        => false,
-                'hiddenText'    => false,
-            ];
-
-            if (!$alwaysSeePrivateData) {
-                // tl;dr: This is a stupid configuration, but let's account for it anyway.
-                //
-                // Flagged comments are treated as private data. If you don't have the privilege
-                // RequestData::alwaysSeePrivateData, then we can't show you the content of the comments here.
-                // This page is forced to degrade into basically a list of requests, seriously hampering the usefulness
-                // of this page. Still, we need to handle the case where we have access to this page, but not access
-                // to private data.
-                // At the time of writing, this case does not exist in the current role configuration, but for the role
-                // configuration to be free of assumptions, we need this code.
-
-                /** @var Request $request */
-                $request = Request::getById($object->getRequest(), $database);
-
-                if ($request->getReserved() === $currentUser->getId()) {
-                    $data['hiddenText'] = false;
-                }
-                else {
-                    $data['hiddenText'] = true;
-                }
-            }
-
-            if ($object->getVisibility() == 'requester' || $object->getVisibility() == 'user') {
-                $data['hidden'] = false;
-            }
-            elseif ($object->getVisibility() == 'admin') {
-                if ($seeRestrictedComments) {
-                    $data['hidden'] = false;
-                }
-                else {
-                    $data['hidden'] = true;
-                }
-            }
-            elseif ($object->getVisibility() == 'checkuser') {
-                if ($seeCheckuserComments) {
-                    $data['hidden'] = false;
-                }
-                else {
-                    $data['hidden'] = true;
-                }
-            }
-
-            $this->copyCommentData($object, $data, $database);
-
-            $comments[] = $data;
-        }
-
-        $this->assign('comments', $comments);
-        $this->assign('seeRestrictedComments', $seeRestrictedComments);
-        $this->assign('seeCheckuserComments', $seeCheckuserComments);
-
-        $this->assign('editOthersComments', $this->barrierTest('editOthers', $currentUser, PageEditComment::class));
-        $this->assign('editComments', $this->barrierTest(RoleConfigurationBase::MAIN, $currentUser, PageEditComment::class));
-        $this->assign('canUnflag', $this->barrierTest('unflag', $currentUser, PageFlagComment::class) && $this->barrierTest(RoleConfigurationBase::MAIN, $currentUser, PageFlagComment::class));
-    }
-
-    private function copyCommentData(Comment $object, array &$data, PdoDatabase $database): void
-    {
-        if ($data['hidden']) {
-            // All details hidden, so don't copy anything.
-            return;
-        }
-
-        /** @var Request $request */
-        $request = Request::getById($object->getRequest(), $database);
-
-        if (!$data['hiddenText']) {
-            // Comment text is hidden, but presence of the comment is visible.
-            $data['comment'] = $object->getComment();
-        }
-
-        $data['id'] = $object->getId();
-        $data['updateversion'] = $object->getUpdateVersion();
-        $data['time'] = $object->getTime();
-        $data['requestid'] = $object->getRequest();
-        $data['request'] = $request->getName();
-        $data['requeststatus'] = $request->getStatus();
-        $data['userid'] = $object->getUser();
-        $data['user'] = User::getById($object->getUser(), $database)->getUsername();
-    }
+	/**
+	 * @inheritDoc
+	 */
+	protected function main()
+	{
+		$this->setHtmlTitle('Flagged comments');
+		$this->setTemplate('flagged-comments.tpl');
+
+		$database = $this->getDatabase();
+		$this->assignCSRFToken();
+
+		/** @var Comment[] $commentObjects */
+		$commentObjects = Comment::getFlaggedComments($database, 1); // FIXME: domains
+		$comments = [];
+
+		$currentUser = User::getCurrent($database);
+
+		$seeRestrictedComments = $this->barrierTest('seeRestrictedComments', $currentUser, 'RequestData');
+		$seeCheckuserComments = $this->barrierTest('seeCheckuserComments', $currentUser, 'RequestData');
+		$alwaysSeePrivateData = $this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData');
+
+		foreach ($commentObjects as $object) {
+			$data = [
+				'visibility'    => $object->getVisibility(),
+				'hidden'        => false,
+				'hiddenText'    => false,
+			];
+
+			if (!$alwaysSeePrivateData) {
+				// tl;dr: This is a stupid configuration, but let's account for it anyway.
+				//
+				// Flagged comments are treated as private data. If you don't have the privilege
+				// RequestData::alwaysSeePrivateData, then we can't show you the content of the comments here.
+				// This page is forced to degrade into basically a list of requests, seriously hampering the usefulness
+				// of this page. Still, we need to handle the case where we have access to this page, but not access
+				// to private data.
+				// At the time of writing, this case does not exist in the current role configuration, but for the role
+				// configuration to be free of assumptions, we need this code.
+
+				/** @var Request $request */
+				$request = Request::getById($object->getRequest(), $database);
+
+				if ($request->getReserved() === $currentUser->getId()) {
+					$data['hiddenText'] = false;
+				}
+				else {
+					$data['hiddenText'] = true;
+				}
+			}
+
+			if ($object->getVisibility() == 'requester' || $object->getVisibility() == 'user') {
+				$data['hidden'] = false;
+			}
+			elseif ($object->getVisibility() == 'admin') {
+				if ($seeRestrictedComments) {
+					$data['hidden'] = false;
+				}
+				else {
+					$data['hidden'] = true;
+				}
+			}
+			elseif ($object->getVisibility() == 'checkuser') {
+				if ($seeCheckuserComments) {
+					$data['hidden'] = false;
+				}
+				else {
+					$data['hidden'] = true;
+				}
+			}
+
+			$this->copyCommentData($object, $data, $database);
+
+			$comments[] = $data;
+		}
+
+		$this->assign('comments', $comments);
+		$this->assign('seeRestrictedComments', $seeRestrictedComments);
+		$this->assign('seeCheckuserComments', $seeCheckuserComments);
+
+		$this->assign('editOthersComments', $this->barrierTest('editOthers', $currentUser, PageEditComment::class));
+		$this->assign('editComments', $this->barrierTest(RoleConfigurationBase::MAIN, $currentUser, PageEditComment::class));
+		$this->assign('canUnflag', $this->barrierTest('unflag', $currentUser, PageFlagComment::class) && $this->barrierTest(RoleConfigurationBase::MAIN, $currentUser, PageFlagComment::class));
+	}
+
+	private function copyCommentData(Comment $object, array &$data, PdoDatabase $database): void
+	{
+		if ($data['hidden']) {
+			// All details hidden, so don't copy anything.
+			return;
+		}
+
+		/** @var Request $request */
+		$request = Request::getById($object->getRequest(), $database);
+
+		if (!$data['hiddenText']) {
+			// Comment text is hidden, but presence of the comment is visible.
+			$data['comment'] = $object->getComment();
+		}
+
+		$data['id'] = $object->getId();
+		$data['updateversion'] = $object->getUpdateVersion();
+		$data['time'] = $object->getTime();
+		$data['requestid'] = $object->getRequest();
+		$data['request'] = $request->getName();
+		$data['requeststatus'] = $request->getStatus();
+		$data['userid'] = $object->getUser();
+		$data['user'] = User::getById($object->getUser(), $database)->getUsername();
+	}
 }
\ No newline at end of file

Please login to merge, or discard this patch.

includes/SiteConfiguration.php 1 patch

Indentation +1110 added lines, -1110 removed lines patch added patch discarded remove patch

@@ -18,1114 +18,1114 @@
 block discarded – undo
  */
 class SiteConfiguration
 {
-    private $baseUrl = 'https://accounts.wmflabs.org';
-    private $filePath = __DIR__ . '/..';
-    private $schemaVersion = 51;
-    private $debuggingTraceEnabled = false;
-    private $debuggingCssBreakpointsEnabled = false;
-    private $dataClearIp = '127.0.0.1';
-    private $dataClearEmail = '[email protected]';
-    private $dataClearInterval = '15 DAY';
-    private $forceIdentification = true;
-    private $identificationCacheExpiry = '1 DAY';
-    private $metaWikimediaWebServiceEndpoint = 'https://meta.wikimedia.org/w/api.php';
-    private $enforceOAuth = false;
-    private $emailConfirmationEnabled = true;
-    private $emailConfirmationExpiryDays = 7;
-    private $miserModeLimit = 25;
-    private $squidList = array();
-    private $useStrictTransportSecurity = false;
-    private $userAgent = 'Wikipedia-ACC Tool/0.1 (+https://accounts.wmflabs.org/internal.php/team)';
-    private $curlDisableVerifyPeer = false;
-    private $useOAuthSignup = true;
-    private $oauthConsumerToken;
-    /** @var array */
-    private $oauthLegacyConsumerTokens;
-    private $oauthConsumerSecret;
-    private $oauthIdentityGraceTime = '24 hours';
-    private $oauthMediaWikiCanonicalServer = 'https://en.wikipedia.org';
-    private $xffTrustedHostsFile = '../TrustedXFF/trusted-hosts.txt';
-    private $crossOriginResourceSharingHosts = array(
-        "https://en.wikipedia.org",
-        "https://meta.wikimedia.org",
-    );
-    private $ircNotificationsEnabled = true;
-    private $ircNotificationsInstance = 'Development';
-    private $errorLog = 'errorlog';
-    private $titleBlacklistEnabled = false;
-    /** @var null|string $locationProviderApiKey */
-    private $locationProviderApiKey = null;
-    private $torExitPaths = array();
-    private $creationBotUsername = '';
-    private $creationBotPassword = '';
-    private $curlCookieJar = __DIR__ . '/../../cookies.txt';
-    private $yubicoApiId = 0;
-    private $yubicoApiKey = "";
-    private $totpEncryptionKey = "1234";
-    private $identificationNoticeboardPage = 'Access to nonpublic personal data policy/Noticeboard';
-    private $identificationNoticeboardWebserviceEndpoint = 'https://meta.wikimedia.org/w/api.php';
-    private $registrationAllowed = true;
-    private $cspReportUri = null;
-    private $resourceCacheEpoch = 1;
-    private $commonEmailDomains = ['gmail.com', 'hotmail.com', 'outlook.com'];
-    private $banMaxIpBlockRange = [4 => 20, 6 => 48];
-    private $banMaxIpRange = [4 => 16, 6 => 32];
-    private $jobQueueBatchSize = 10;
-    private $amqpConfiguration = ['host' => 'localhost', 'port' => 5672, 'user' => 'guest', 'password' => 'guest', 'vhost' => '/', 'exchange' => '', 'tls' => false];
-    private $emailSender = '[email protected]';
-    private $acceptClientHints = [];
-    private string $cookiePath = '/';
-    private string $cookieSessionName = 'ACC';
-    private array $offline = ['offline' => false, 'reason' => '', 'culprit' => ''];
-    private array $databaseConfig = [
-        'datasource' => 'mysql:host=localhost;dbname=waca',
-        'username' => 'waca',
-        'password' => 'waca'
-    ];
-    private string $privacyStatementPath = '';
-
-    /**
-     * Gets the base URL of the tool
-     *
-     * If the internal page of the tool is at http://localhost/path/internal.php, this would be set to
-     * http://localhost/path
-     * @return string
-     */
-    public function getBaseUrl()
-    {
-        return $this->baseUrl;
-    }
-
-    /**
-     * @param string $baseUrl
-     *
-     * @return SiteConfiguration
-     */
-    public function setBaseUrl($baseUrl)
-    {
-        $this->baseUrl = $baseUrl;
-
-        return $this;
-    }
-
-    /**
-     * Path on disk to the directory containing the tool's code
-     * @return string
-     */
-    public function getFilePath()
-    {
-        return $this->filePath;
-    }
-
-    /**
-     * @param string $filePath
-     *
-     * @return SiteConfiguration
-     */
-    public function setFilePath($filePath)
-    {
-        $this->filePath = $filePath;
-
-        return $this;
-    }
-
-    /**
-     * @return int
-     */
-    public function getSchemaVersion()
-    {
-        return $this->schemaVersion;
-    }
-
-    /**
-     * @param int $schemaVersion
-     *
-     * @return SiteConfiguration
-     */
-    public function setSchemaVersion($schemaVersion)
-    {
-        $this->schemaVersion = $schemaVersion;
-
-        return $this;
-    }
-
-    /**
-     * @return mixed
-     */
-    public function getDebuggingTraceEnabled()
-    {
-        return $this->debuggingTraceEnabled;
-    }
-
-    /**
-     * @param mixed $debuggingTraceEnabled
-     *
-     * @return SiteConfiguration
-     */
-    public function setDebuggingTraceEnabled($debuggingTraceEnabled)
-    {
-        $this->debuggingTraceEnabled = $debuggingTraceEnabled;
-
-        return $this;
-    }
-
-    public function getDebuggingCssBreakpointsEnabled() : bool
-    {
-        return $this->debuggingCssBreakpointsEnabled;
-    }
-
-    public function setDebuggingCssBreakpointsEnabled(bool $debuggingCssBreakpointsEnabled) : SiteConfiguration
-    {
-        $this->debuggingCssBreakpointsEnabled = $debuggingCssBreakpointsEnabled;
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getDataClearIp()
-    {
-        return $this->dataClearIp;
-    }
-
-    /**
-     * @param string $dataClearIp
-     *
-     * @return SiteConfiguration
-     */
-    public function setDataClearIp($dataClearIp)
-    {
-        $this->dataClearIp = $dataClearIp;
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getDataClearEmail()
-    {
-        return $this->dataClearEmail;
-    }
-
-    /**
-     * @param string $dataClearEmail
-     *
-     * @return SiteConfiguration
-     */
-    public function setDataClearEmail($dataClearEmail)
-    {
-        $this->dataClearEmail = $dataClearEmail;
-
-        return $this;
-    }
-
-    /**
-     * @return boolean
-     */
-    public function getForceIdentification()
-    {
-        return $this->forceIdentification;
-    }
-
-    /**
-     * @param boolean $forceIdentification
-     *
-     * @return SiteConfiguration
-     */
-    public function setForceIdentification($forceIdentification)
-    {
-        $this->forceIdentification = $forceIdentification;
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getIdentificationCacheExpiry()
-    {
-        return $this->identificationCacheExpiry;
-    }
-
-    /**
-     * @param string $identificationCacheExpiry
-     *
-     * @return SiteConfiguration
-     */
-    public function setIdentificationCacheExpiry($identificationCacheExpiry)
-    {
-        $this->identificationCacheExpiry = $identificationCacheExpiry;
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getMetaWikimediaWebServiceEndpoint()
-    {
-        return $this->metaWikimediaWebServiceEndpoint;
-    }
-
-    /**
-     * @param string $metaWikimediaWebServiceEndpoint
-     *
-     * @return SiteConfiguration
-     */
-    public function setMetaWikimediaWebServiceEndpoint($metaWikimediaWebServiceEndpoint)
-    {
-        $this->metaWikimediaWebServiceEndpoint = $metaWikimediaWebServiceEndpoint;
-
-        return $this;
-    }
-
-    /**
-     * @return boolean
-     */
-    public function getEnforceOAuth()
-    {
-        return $this->enforceOAuth;
-    }
-
-    /**
-     * @param boolean $enforceOAuth
-     *
-     * @return SiteConfiguration
-     */
-    public function setEnforceOAuth($enforceOAuth)
-    {
-        $this->enforceOAuth = $enforceOAuth;
-
-        return $this;
-    }
-
-    /**
-     * @return boolean
-     */
-    public function getEmailConfirmationEnabled()
-    {
-        return $this->emailConfirmationEnabled;
-    }
-
-    /**
-     * @param boolean $emailConfirmationEnabled
-     *
-     * @return $this
-     */
-    public function setEmailConfirmationEnabled($emailConfirmationEnabled)
-    {
-        $this->emailConfirmationEnabled = $emailConfirmationEnabled;
-
-        return $this;
-    }
-
-    /**
-     * @return int
-     */
-    public function getMiserModeLimit()
-    {
-        return $this->miserModeLimit;
-    }
-
-    /**
-     * @param int $miserModeLimit
-     *
-     * @return SiteConfiguration
-     */
-    public function setMiserModeLimit($miserModeLimit)
-    {
-        $this->miserModeLimit = $miserModeLimit;
-
-        return $this;
-    }
-
-    /**
-     * @return array
-     */
-    public function getSquidList()
-    {
-        return $this->squidList;
-    }
-
-    /**
-     * @param array $squidList
-     *
-     * @return SiteConfiguration
-     */
-    public function setSquidList($squidList)
-    {
-        $this->squidList = $squidList;
-
-        return $this;
-    }
-
-    /**
-     * @return boolean
-     */
-    public function getUseStrictTransportSecurity()
-    {
-        return $this->useStrictTransportSecurity;
-    }
-
-    /**
-     * @param boolean $useStrictTransportSecurity
-     *
-     * @return SiteConfiguration
-     */
-    public function setUseStrictTransportSecurity($useStrictTransportSecurity)
-    {
-        $this->useStrictTransportSecurity = $useStrictTransportSecurity;
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getUserAgent()
-    {
-        return $this->userAgent;
-    }
-
-    /**
-     * @param string $userAgent
-     *
-     * @return SiteConfiguration
-     */
-    public function setUserAgent($userAgent)
-    {
-        $this->userAgent = $userAgent;
-
-        return $this;
-    }
-
-    /**
-     * @return boolean
-     */
-    public function getCurlDisableVerifyPeer()
-    {
-        return $this->curlDisableVerifyPeer;
-    }
-
-    /**
-     * @param boolean $curlDisableVerifyPeer
-     *
-     * @return SiteConfiguration
-     */
-    public function setCurlDisableVerifyPeer($curlDisableVerifyPeer)
-    {
-        $this->curlDisableVerifyPeer = $curlDisableVerifyPeer;
-
-        return $this;
-    }
-
-    /**
-     * @return boolean
-     */
-    public function getUseOAuthSignup()
-    {
-        return $this->useOAuthSignup;
-    }
-
-    /**
-     * @param boolean $useOAuthSignup
-     *
-     * @return SiteConfiguration
-     */
-    public function setUseOAuthSignup($useOAuthSignup)
-    {
-        $this->useOAuthSignup = $useOAuthSignup;
-
-        return $this;
-    }
-
-    /**
-     * @return mixed
-     */
-    public function getOAuthConsumerToken()
-    {
-        return $this->oauthConsumerToken;
-    }
-
-    /**
-     * @param mixed $oauthConsumerToken
-     *
-     * @return SiteConfiguration
-     */
-    public function setOAuthConsumerToken($oauthConsumerToken)
-    {
-        $this->oauthConsumerToken = $oauthConsumerToken;
-
-        return $this;
-    }
-
-    /**
-     * @return mixed
-     */
-    public function getOAuthConsumerSecret()
-    {
-        return $this->oauthConsumerSecret;
-    }
-
-    /**
-     * @param mixed $oauthConsumerSecret
-     *
-     * @return SiteConfiguration
-     */
-    public function setOAuthConsumerSecret($oauthConsumerSecret)
-    {
-        $this->oauthConsumerSecret = $oauthConsumerSecret;
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getDataClearInterval()
-    {
-        return $this->dataClearInterval;
-    }
-
-    /**
-     * @param string $dataClearInterval
-     *
-     * @return SiteConfiguration
-     */
-    public function setDataClearInterval($dataClearInterval)
-    {
-        $this->dataClearInterval = $dataClearInterval;
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getXffTrustedHostsFile()
-    {
-        return $this->xffTrustedHostsFile;
-    }
-
-    /**
-     * @param string $xffTrustedHostsFile
-     *
-     * @return SiteConfiguration
-     */
-    public function setXffTrustedHostsFile($xffTrustedHostsFile)
-    {
-        $this->xffTrustedHostsFile = $xffTrustedHostsFile;
-
-        return $this;
-    }
-
-    /**
-     * @return array
-     */
-    public function getCrossOriginResourceSharingHosts()
-    {
-        return $this->crossOriginResourceSharingHosts;
-    }
-
-    /**
-     * @param array $crossOriginResourceSharingHosts
-     *
-     * @return SiteConfiguration
-     */
-    public function setCrossOriginResourceSharingHosts($crossOriginResourceSharingHosts)
-    {
-        $this->crossOriginResourceSharingHosts = $crossOriginResourceSharingHosts;
-
-        return $this;
-    }
-
-    /**
-     * @return boolean
-     */
-    public function getIrcNotificationsEnabled()
-    {
-        return $this->ircNotificationsEnabled;
-    }
-
-    /**
-     * @param boolean $ircNotificationsEnabled
-     *
-     * @return SiteConfiguration
-     */
-    public function setIrcNotificationsEnabled($ircNotificationsEnabled)
-    {
-        $this->ircNotificationsEnabled = $ircNotificationsEnabled;
-
-        return $this;
-    }
-
-    /**
-     * @param string $errorLog
-     *
-     * @return SiteConfiguration
-     */
-    public function setErrorLog($errorLog)
-    {
-        $this->errorLog = $errorLog;
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getErrorLog()
-    {
-        return $this->errorLog;
-    }
-
-    /**
-     * @param int $emailConfirmationExpiryDays
-     *
-     * @return SiteConfiguration
-     */
-    public function setEmailConfirmationExpiryDays($emailConfirmationExpiryDays)
-    {
-        $this->emailConfirmationExpiryDays = $emailConfirmationExpiryDays;
-
-        return $this;
-    }
-
-    /**
-     * @return int
-     */
-    public function getEmailConfirmationExpiryDays()
-    {
-        return $this->emailConfirmationExpiryDays;
-    }
-
-    /**
-     * @param string $ircNotificationsInstance
-     *
-     * @return SiteConfiguration
-     */
-    public function setIrcNotificationsInstance($ircNotificationsInstance)
-    {
-        $this->ircNotificationsInstance = $ircNotificationsInstance;
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getIrcNotificationsInstance()
-    {
-        return $this->ircNotificationsInstance;
-    }
-
-    /**
-     * @param boolean $titleBlacklistEnabled
-     *
-     * @return SiteConfiguration
-     */
-    public function setTitleBlacklistEnabled($titleBlacklistEnabled)
-    {
-        $this->titleBlacklistEnabled = $titleBlacklistEnabled;
-
-        return $this;
-    }
-
-    /**
-     * @return boolean
-     */
-    public function getTitleBlacklistEnabled()
-    {
-        return $this->titleBlacklistEnabled;
-    }
-
-    /**
-     * @param string|null $locationProviderApiKey
-     *
-     * @return SiteConfiguration
-     */
-    public function setLocationProviderApiKey($locationProviderApiKey)
-    {
-        $this->locationProviderApiKey = $locationProviderApiKey;
-
-        return $this;
-    }
-
-    /**
-     * @return null|string
-     */
-    public function getLocationProviderApiKey()
-    {
-        return $this->locationProviderApiKey;
-    }
-
-    /**
-     * @param array $torExitPaths
-     *
-     * @return SiteConfiguration
-     */
-    public function setTorExitPaths($torExitPaths)
-    {
-        $this->torExitPaths = $torExitPaths;
-
-        return $this;
-    }
-
-    /**
-     * @return array
-     */
-    public function getTorExitPaths()
-    {
-        return $this->torExitPaths;
-    }
-
-    /**
-     * @param string $oauthIdentityGraceTime
-     *
-     * @return SiteConfiguration
-     */
-    public function setOauthIdentityGraceTime($oauthIdentityGraceTime)
-    {
-        $this->oauthIdentityGraceTime = $oauthIdentityGraceTime;
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getOauthIdentityGraceTime()
-    {
-        return $this->oauthIdentityGraceTime;
-    }
-
-    /**
-     * @param string $oauthMediaWikiCanonicalServer
-     *
-     * @return SiteConfiguration
-     */
-    public function setOauthMediaWikiCanonicalServer($oauthMediaWikiCanonicalServer)
-    {
-        $this->oauthMediaWikiCanonicalServer = $oauthMediaWikiCanonicalServer;
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getOauthMediaWikiCanonicalServer()
-    {
-        return $this->oauthMediaWikiCanonicalServer;
-    }
-
-    /**
-     * @param string $creationBotUsername
-     *
-     * @return SiteConfiguration
-     */
-    public function setCreationBotUsername($creationBotUsername)
-    {
-        $this->creationBotUsername = $creationBotUsername;
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getCreationBotUsername()
-    {
-        return $this->creationBotUsername;
-    }
-
-    /**
-     * @param string $creationBotPassword
-     *
-     * @return SiteConfiguration
-     */
-    public function setCreationBotPassword($creationBotPassword)
-    {
-        $this->creationBotPassword = $creationBotPassword;
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getCreationBotPassword()
-    {
-        return $this->creationBotPassword;
-    }
-
-    /**
-     * @param string|null $curlCookieJar
-     *
-     * @return SiteConfiguration
-     */
-    public function setCurlCookieJar($curlCookieJar)
-    {
-        $this->curlCookieJar = $curlCookieJar;
-
-        return $this;
-    }
-
-    /**
-     * @return string|null
-     */
-    public function getCurlCookieJar()
-    {
-        return $this->curlCookieJar;
-    }
-
-    public function getYubicoApiId()
-    {
-        return $this->yubicoApiId;
-    }
-
-    public function setYubicoApiId($id)
-    {
-        $this->yubicoApiId = $id;
-
-        return $this;
-    }
-
-    public function getYubicoApiKey()
-    {
-        return $this->yubicoApiKey;
-    }
-
-    public function setYubicoApiKey($key)
-    {
-        $this->yubicoApiKey = $key;
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getTotpEncryptionKey()
-    {
-        return $this->totpEncryptionKey;
-    }
-
-    /**
-     * @param string $totpEncryptionKey
-     *
-     * @return SiteConfiguration
-     */
-    public function setTotpEncryptionKey($totpEncryptionKey)
-    {
-        $this->totpEncryptionKey = $totpEncryptionKey;
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getIdentificationNoticeboardPage()
-    {
-        return $this->identificationNoticeboardPage;
-    }
-
-    /**
-     * @param string $identificationNoticeboardPage
-     *
-     * @return SiteConfiguration
-     */
-    public function setIdentificationNoticeboardPage($identificationNoticeboardPage)
-    {
-        $this->identificationNoticeboardPage = $identificationNoticeboardPage;
-
-        return $this;
-    }
-
-    public function setIdentificationNoticeboardWebserviceEndpoint(string $identificationNoticeboardWebserviceEndpoint
-    ): SiteConfiguration {
-        $this->identificationNoticeboardWebserviceEndpoint = $identificationNoticeboardWebserviceEndpoint;
-
-        return $this;
-    }
-
-    public function getIdentificationNoticeboardWebserviceEndpoint(): string
-    {
-        return $this->identificationNoticeboardWebserviceEndpoint;
-    }
-
-    public function isRegistrationAllowed(): bool
-    {
-        return $this->registrationAllowed;
-    }
-
-    public function setRegistrationAllowed(bool $registrationAllowed): SiteConfiguration
-    {
-        $this->registrationAllowed = $registrationAllowed;
-
-        return $this;
-    }
-
-    /**
-     * @return string|null
-     */
-    public function getCspReportUri()
-    {
-        return $this->cspReportUri;
-    }
-
-    /**
-     * @param string|null $cspReportUri
-     *
-     * @return SiteConfiguration
-     */
-    public function setCspReportUri($cspReportUri)
-    {
-        $this->cspReportUri = $cspReportUri;
-
-        return $this;
-    }
-
-    /**
-     * @return int
-     */
-    public function getResourceCacheEpoch(): int
-    {
-        return $this->resourceCacheEpoch;
-    }
-
-    /**
-     * @param int $resourceCacheEpoch
-     *
-     * @return SiteConfiguration
-     */
-    public function setResourceCacheEpoch(int $resourceCacheEpoch): SiteConfiguration
-    {
-        $this->resourceCacheEpoch = $resourceCacheEpoch;
-
-        return $this;
-    }
-
-    /**
-     * @return array
-     */
-    public function getCommonEmailDomains(): array
-    {
-        return $this->commonEmailDomains;
-    }
-
-    /**
-     * @param array $commonEmailDomains
-     *
-     * @return SiteConfiguration
-     */
-    public function setCommonEmailDomains(array $commonEmailDomains): SiteConfiguration
-    {
-        $this->commonEmailDomains = $commonEmailDomains;
-
-        return $this;
-    }
-
-    /**
-     * @param int[] $banMaxIpBlockRange
-     *
-     * @return SiteConfiguration
-     */
-    public function setBanMaxIpBlockRange(array $banMaxIpBlockRange): SiteConfiguration
-    {
-        $this->banMaxIpBlockRange = $banMaxIpBlockRange;
-
-        return $this;
-    }
-
-    /**
-     * @return int[]
-     */
-    public function getBanMaxIpBlockRange(): array
-    {
-        return $this->banMaxIpBlockRange;
-    }
-
-    /**
-     * @param int[] $banMaxIpRange
-     *
-     * @return SiteConfiguration
-     */
-    public function setBanMaxIpRange(array $banMaxIpRange): SiteConfiguration
-    {
-        $this->banMaxIpRange = $banMaxIpRange;
-
-        return $this;
-    }
-
-    /**
-     * @return int[]
-     */
-    public function getBanMaxIpRange(): array
-    {
-        return $this->banMaxIpRange;
-    }
-
-    /**
-     * @param array $oauthLegacyConsumerTokens
-     *
-     * @return SiteConfiguration
-     */
-    public function setOauthLegacyConsumerTokens(array $oauthLegacyConsumerTokens): SiteConfiguration
-    {
-        $this->oauthLegacyConsumerTokens = $oauthLegacyConsumerTokens;
-
-        return $this;
-    }
-
-    /**
-     * @return array
-     */
-    public function getOauthLegacyConsumerTokens(): array
-    {
-        return $this->oauthLegacyConsumerTokens;
-    }
-
-    /**
-     * @return int
-     */
-    public function getJobQueueBatchSize(): int
-    {
-        return $this->jobQueueBatchSize;
-    }
-
-    /**
-     * @param int $jobQueueBatchSize
-     *
-     * @return SiteConfiguration
-     */
-    public function setJobQueueBatchSize(int $jobQueueBatchSize): SiteConfiguration
-    {
-        $this->jobQueueBatchSize = $jobQueueBatchSize;
-
-        return $this;
-    }
-
-    /**
-     * @return array
-     */
-    public function getAmqpConfiguration(): array
-    {
-        return $this->amqpConfiguration;
-    }
-
-    /**
-     * @param array $amqpConfiguration
-     *
-     * @return SiteConfiguration
-     */
-    public function setAmqpConfiguration(array $amqpConfiguration): SiteConfiguration
-    {
-        $this->amqpConfiguration = $amqpConfiguration;
-
-        return $this;
-    }
-
-    /**
-     * @return string
-     */
-    public function getEmailSender(): string
-    {
-        return $this->emailSender;
-    }
-
-    /**
-     * @param string $emailSender
-     *
-     * @return SiteConfiguration
-     */
-    public function setEmailSender(string $emailSender): SiteConfiguration
-    {
-        $this->emailSender = $emailSender;
-
-        return $this;
-    }
-
-    /**
-     * @param array $acceptClientHints
-     *
-     * @return SiteConfiguration
-     */
-    public function setAcceptClientHints(array $acceptClientHints): SiteConfiguration
-    {
-        $this->acceptClientHints = $acceptClientHints;
-
-        return $this;
-    }
-
-    /**
-     * @return array
-     */
-    public function getAcceptClientHints(): array
-    {
-        return $this->acceptClientHints;
-    }
-
-    public function setCookiePath(string $cookiePath): SiteConfiguration
-    {
-        $this->cookiePath = $cookiePath;
-
-        return $this;
-    }
-
-    public function getCookiePath(): string
-    {
-        return $this->cookiePath;
-    }
-
-    public function setCookieSessionName(string $cookieSessionName): SiteConfiguration
-    {
-        $this->cookieSessionName = $cookieSessionName;
-
-        return $this;
-    }
-
-    public function getCookieSessionName(): string
-    {
-        return $this->cookieSessionName;
-    }
-
-    public function setOffline(array $offline): SiteConfiguration
-    {
-        $this->offline = $offline;
-
-        return $this;
-    }
-
-    public function getOffline(): array
-    {
-        return $this->offline;
-    }
-
-    public function setDatabaseConfig(array $databaseConfig): SiteConfiguration
-    {
-        $this->databaseConfig = $databaseConfig;
-
-        return $this;
-    }
-
-    public function getDatabaseConfig(): array
-    {
-        return $this->databaseConfig;
-    }
-
-    public function getPrivacyStatementPath(): string
-    {
-        return $this->privacyStatementPath;
-    }
-
-    public function setPrivacyStatementPath(string $privacyStatementPath): SiteConfiguration
-    {
-        $this->privacyStatementPath = $privacyStatementPath;
-
-        return $this;
-    }
+	private $baseUrl = 'https://accounts.wmflabs.org';
+	private $filePath = __DIR__ . '/..';
+	private $schemaVersion = 51;
+	private $debuggingTraceEnabled = false;
+	private $debuggingCssBreakpointsEnabled = false;
+	private $dataClearIp = '127.0.0.1';
+	private $dataClearEmail = '[email protected]';
+	private $dataClearInterval = '15 DAY';
+	private $forceIdentification = true;
+	private $identificationCacheExpiry = '1 DAY';
+	private $metaWikimediaWebServiceEndpoint = 'https://meta.wikimedia.org/w/api.php';
+	private $enforceOAuth = false;
+	private $emailConfirmationEnabled = true;
+	private $emailConfirmationExpiryDays = 7;
+	private $miserModeLimit = 25;
+	private $squidList = array();
+	private $useStrictTransportSecurity = false;
+	private $userAgent = 'Wikipedia-ACC Tool/0.1 (+https://accounts.wmflabs.org/internal.php/team)';
+	private $curlDisableVerifyPeer = false;
+	private $useOAuthSignup = true;
+	private $oauthConsumerToken;
+	/** @var array */
+	private $oauthLegacyConsumerTokens;
+	private $oauthConsumerSecret;
+	private $oauthIdentityGraceTime = '24 hours';
+	private $oauthMediaWikiCanonicalServer = 'https://en.wikipedia.org';
+	private $xffTrustedHostsFile = '../TrustedXFF/trusted-hosts.txt';
+	private $crossOriginResourceSharingHosts = array(
+		"https://en.wikipedia.org",
+		"https://meta.wikimedia.org",
+	);
+	private $ircNotificationsEnabled = true;
+	private $ircNotificationsInstance = 'Development';
+	private $errorLog = 'errorlog';
+	private $titleBlacklistEnabled = false;
+	/** @var null|string $locationProviderApiKey */
+	private $locationProviderApiKey = null;
+	private $torExitPaths = array();
+	private $creationBotUsername = '';
+	private $creationBotPassword = '';
+	private $curlCookieJar = __DIR__ . '/../../cookies.txt';
+	private $yubicoApiId = 0;
+	private $yubicoApiKey = "";
+	private $totpEncryptionKey = "1234";
+	private $identificationNoticeboardPage = 'Access to nonpublic personal data policy/Noticeboard';
+	private $identificationNoticeboardWebserviceEndpoint = 'https://meta.wikimedia.org/w/api.php';
+	private $registrationAllowed = true;
+	private $cspReportUri = null;
+	private $resourceCacheEpoch = 1;
+	private $commonEmailDomains = ['gmail.com', 'hotmail.com', 'outlook.com'];
+	private $banMaxIpBlockRange = [4 => 20, 6 => 48];
+	private $banMaxIpRange = [4 => 16, 6 => 32];
+	private $jobQueueBatchSize = 10;
+	private $amqpConfiguration = ['host' => 'localhost', 'port' => 5672, 'user' => 'guest', 'password' => 'guest', 'vhost' => '/', 'exchange' => '', 'tls' => false];
+	private $emailSender = '[email protected]';
+	private $acceptClientHints = [];
+	private string $cookiePath = '/';
+	private string $cookieSessionName = 'ACC';
+	private array $offline = ['offline' => false, 'reason' => '', 'culprit' => ''];
+	private array $databaseConfig = [
+		'datasource' => 'mysql:host=localhost;dbname=waca',
+		'username' => 'waca',
+		'password' => 'waca'
+	];
+	private string $privacyStatementPath = '';
+
+	/**
+	 * Gets the base URL of the tool
+	 *
+	 * If the internal page of the tool is at http://localhost/path/internal.php, this would be set to
+	 * http://localhost/path
+	 * @return string
+	 */
+	public function getBaseUrl()
+	{
+		return $this->baseUrl;
+	}
+
+	/**
+	 * @param string $baseUrl
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setBaseUrl($baseUrl)
+	{
+		$this->baseUrl = $baseUrl;
+
+		return $this;
+	}
+
+	/**
+	 * Path on disk to the directory containing the tool's code
+	 * @return string
+	 */
+	public function getFilePath()
+	{
+		return $this->filePath;
+	}
+
+	/**
+	 * @param string $filePath
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setFilePath($filePath)
+	{
+		$this->filePath = $filePath;
+
+		return $this;
+	}
+
+	/**
+	 * @return int
+	 */
+	public function getSchemaVersion()
+	{
+		return $this->schemaVersion;
+	}
+
+	/**
+	 * @param int $schemaVersion
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setSchemaVersion($schemaVersion)
+	{
+		$this->schemaVersion = $schemaVersion;
+
+		return $this;
+	}
+
+	/**
+	 * @return mixed
+	 */
+	public function getDebuggingTraceEnabled()
+	{
+		return $this->debuggingTraceEnabled;
+	}
+
+	/**
+	 * @param mixed $debuggingTraceEnabled
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setDebuggingTraceEnabled($debuggingTraceEnabled)
+	{
+		$this->debuggingTraceEnabled = $debuggingTraceEnabled;
+
+		return $this;
+	}
+
+	public function getDebuggingCssBreakpointsEnabled() : bool
+	{
+		return $this->debuggingCssBreakpointsEnabled;
+	}
+
+	public function setDebuggingCssBreakpointsEnabled(bool $debuggingCssBreakpointsEnabled) : SiteConfiguration
+	{
+		$this->debuggingCssBreakpointsEnabled = $debuggingCssBreakpointsEnabled;
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getDataClearIp()
+	{
+		return $this->dataClearIp;
+	}
+
+	/**
+	 * @param string $dataClearIp
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setDataClearIp($dataClearIp)
+	{
+		$this->dataClearIp = $dataClearIp;
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getDataClearEmail()
+	{
+		return $this->dataClearEmail;
+	}
+
+	/**
+	 * @param string $dataClearEmail
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setDataClearEmail($dataClearEmail)
+	{
+		$this->dataClearEmail = $dataClearEmail;
+
+		return $this;
+	}
+
+	/**
+	 * @return boolean
+	 */
+	public function getForceIdentification()
+	{
+		return $this->forceIdentification;
+	}
+
+	/**
+	 * @param boolean $forceIdentification
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setForceIdentification($forceIdentification)
+	{
+		$this->forceIdentification = $forceIdentification;
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getIdentificationCacheExpiry()
+	{
+		return $this->identificationCacheExpiry;
+	}
+
+	/**
+	 * @param string $identificationCacheExpiry
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setIdentificationCacheExpiry($identificationCacheExpiry)
+	{
+		$this->identificationCacheExpiry = $identificationCacheExpiry;
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getMetaWikimediaWebServiceEndpoint()
+	{
+		return $this->metaWikimediaWebServiceEndpoint;
+	}
+
+	/**
+	 * @param string $metaWikimediaWebServiceEndpoint
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setMetaWikimediaWebServiceEndpoint($metaWikimediaWebServiceEndpoint)
+	{
+		$this->metaWikimediaWebServiceEndpoint = $metaWikimediaWebServiceEndpoint;
+
+		return $this;
+	}
+
+	/**
+	 * @return boolean
+	 */
+	public function getEnforceOAuth()
+	{
+		return $this->enforceOAuth;
+	}
+
+	/**
+	 * @param boolean $enforceOAuth
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setEnforceOAuth($enforceOAuth)
+	{
+		$this->enforceOAuth = $enforceOAuth;
+
+		return $this;
+	}
+
+	/**
+	 * @return boolean
+	 */
+	public function getEmailConfirmationEnabled()
+	{
+		return $this->emailConfirmationEnabled;
+	}
+
+	/**
+	 * @param boolean $emailConfirmationEnabled
+	 *
+	 * @return $this
+	 */
+	public function setEmailConfirmationEnabled($emailConfirmationEnabled)
+	{
+		$this->emailConfirmationEnabled = $emailConfirmationEnabled;
+
+		return $this;
+	}
+
+	/**
+	 * @return int
+	 */
+	public function getMiserModeLimit()
+	{
+		return $this->miserModeLimit;
+	}
+
+	/**
+	 * @param int $miserModeLimit
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setMiserModeLimit($miserModeLimit)
+	{
+		$this->miserModeLimit = $miserModeLimit;
+
+		return $this;
+	}
+
+	/**
+	 * @return array
+	 */
+	public function getSquidList()
+	{
+		return $this->squidList;
+	}
+
+	/**
+	 * @param array $squidList
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setSquidList($squidList)
+	{
+		$this->squidList = $squidList;
+
+		return $this;
+	}
+
+	/**
+	 * @return boolean
+	 */
+	public function getUseStrictTransportSecurity()
+	{
+		return $this->useStrictTransportSecurity;
+	}
+
+	/**
+	 * @param boolean $useStrictTransportSecurity
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setUseStrictTransportSecurity($useStrictTransportSecurity)
+	{
+		$this->useStrictTransportSecurity = $useStrictTransportSecurity;
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getUserAgent()
+	{
+		return $this->userAgent;
+	}
+
+	/**
+	 * @param string $userAgent
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setUserAgent($userAgent)
+	{
+		$this->userAgent = $userAgent;
+
+		return $this;
+	}
+
+	/**
+	 * @return boolean
+	 */
+	public function getCurlDisableVerifyPeer()
+	{
+		return $this->curlDisableVerifyPeer;
+	}
+
+	/**
+	 * @param boolean $curlDisableVerifyPeer
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setCurlDisableVerifyPeer($curlDisableVerifyPeer)
+	{
+		$this->curlDisableVerifyPeer = $curlDisableVerifyPeer;
+
+		return $this;
+	}
+
+	/**
+	 * @return boolean
+	 */
+	public function getUseOAuthSignup()
+	{
+		return $this->useOAuthSignup;
+	}
+
+	/**
+	 * @param boolean $useOAuthSignup
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setUseOAuthSignup($useOAuthSignup)
+	{
+		$this->useOAuthSignup = $useOAuthSignup;
+
+		return $this;
+	}
+
+	/**
+	 * @return mixed
+	 */
+	public function getOAuthConsumerToken()
+	{
+		return $this->oauthConsumerToken;
+	}
+
+	/**
+	 * @param mixed $oauthConsumerToken
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setOAuthConsumerToken($oauthConsumerToken)
+	{
+		$this->oauthConsumerToken = $oauthConsumerToken;
+
+		return $this;
+	}
+
+	/**
+	 * @return mixed
+	 */
+	public function getOAuthConsumerSecret()
+	{
+		return $this->oauthConsumerSecret;
+	}
+
+	/**
+	 * @param mixed $oauthConsumerSecret
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setOAuthConsumerSecret($oauthConsumerSecret)
+	{
+		$this->oauthConsumerSecret = $oauthConsumerSecret;
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getDataClearInterval()
+	{
+		return $this->dataClearInterval;
+	}
+
+	/**
+	 * @param string $dataClearInterval
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setDataClearInterval($dataClearInterval)
+	{
+		$this->dataClearInterval = $dataClearInterval;
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getXffTrustedHostsFile()
+	{
+		return $this->xffTrustedHostsFile;
+	}
+
+	/**
+	 * @param string $xffTrustedHostsFile
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setXffTrustedHostsFile($xffTrustedHostsFile)
+	{
+		$this->xffTrustedHostsFile = $xffTrustedHostsFile;
+
+		return $this;
+	}
+
+	/**
+	 * @return array
+	 */
+	public function getCrossOriginResourceSharingHosts()
+	{
+		return $this->crossOriginResourceSharingHosts;
+	}
+
+	/**
+	 * @param array $crossOriginResourceSharingHosts
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setCrossOriginResourceSharingHosts($crossOriginResourceSharingHosts)
+	{
+		$this->crossOriginResourceSharingHosts = $crossOriginResourceSharingHosts;
+
+		return $this;
+	}
+
+	/**
+	 * @return boolean
+	 */
+	public function getIrcNotificationsEnabled()
+	{
+		return $this->ircNotificationsEnabled;
+	}
+
+	/**
+	 * @param boolean $ircNotificationsEnabled
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setIrcNotificationsEnabled($ircNotificationsEnabled)
+	{
+		$this->ircNotificationsEnabled = $ircNotificationsEnabled;
+
+		return $this;
+	}
+
+	/**
+	 * @param string $errorLog
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setErrorLog($errorLog)
+	{
+		$this->errorLog = $errorLog;
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getErrorLog()
+	{
+		return $this->errorLog;
+	}
+
+	/**
+	 * @param int $emailConfirmationExpiryDays
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setEmailConfirmationExpiryDays($emailConfirmationExpiryDays)
+	{
+		$this->emailConfirmationExpiryDays = $emailConfirmationExpiryDays;
+
+		return $this;
+	}
+
+	/**
+	 * @return int
+	 */
+	public function getEmailConfirmationExpiryDays()
+	{
+		return $this->emailConfirmationExpiryDays;
+	}
+
+	/**
+	 * @param string $ircNotificationsInstance
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setIrcNotificationsInstance($ircNotificationsInstance)
+	{
+		$this->ircNotificationsInstance = $ircNotificationsInstance;
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getIrcNotificationsInstance()
+	{
+		return $this->ircNotificationsInstance;
+	}
+
+	/**
+	 * @param boolean $titleBlacklistEnabled
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setTitleBlacklistEnabled($titleBlacklistEnabled)
+	{
+		$this->titleBlacklistEnabled = $titleBlacklistEnabled;
+
+		return $this;
+	}
+
+	/**
+	 * @return boolean
+	 */
+	public function getTitleBlacklistEnabled()
+	{
+		return $this->titleBlacklistEnabled;
+	}
+
+	/**
+	 * @param string|null $locationProviderApiKey
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setLocationProviderApiKey($locationProviderApiKey)
+	{
+		$this->locationProviderApiKey = $locationProviderApiKey;
+
+		return $this;
+	}
+
+	/**
+	 * @return null|string
+	 */
+	public function getLocationProviderApiKey()
+	{
+		return $this->locationProviderApiKey;
+	}
+
+	/**
+	 * @param array $torExitPaths
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setTorExitPaths($torExitPaths)
+	{
+		$this->torExitPaths = $torExitPaths;
+
+		return $this;
+	}
+
+	/**
+	 * @return array
+	 */
+	public function getTorExitPaths()
+	{
+		return $this->torExitPaths;
+	}
+
+	/**
+	 * @param string $oauthIdentityGraceTime
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setOauthIdentityGraceTime($oauthIdentityGraceTime)
+	{
+		$this->oauthIdentityGraceTime = $oauthIdentityGraceTime;
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getOauthIdentityGraceTime()
+	{
+		return $this->oauthIdentityGraceTime;
+	}
+
+	/**
+	 * @param string $oauthMediaWikiCanonicalServer
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setOauthMediaWikiCanonicalServer($oauthMediaWikiCanonicalServer)
+	{
+		$this->oauthMediaWikiCanonicalServer = $oauthMediaWikiCanonicalServer;
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getOauthMediaWikiCanonicalServer()
+	{
+		return $this->oauthMediaWikiCanonicalServer;
+	}
+
+	/**
+	 * @param string $creationBotUsername
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setCreationBotUsername($creationBotUsername)
+	{
+		$this->creationBotUsername = $creationBotUsername;
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getCreationBotUsername()
+	{
+		return $this->creationBotUsername;
+	}
+
+	/**
+	 * @param string $creationBotPassword
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setCreationBotPassword($creationBotPassword)
+	{
+		$this->creationBotPassword = $creationBotPassword;
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getCreationBotPassword()
+	{
+		return $this->creationBotPassword;
+	}
+
+	/**
+	 * @param string|null $curlCookieJar
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setCurlCookieJar($curlCookieJar)
+	{
+		$this->curlCookieJar = $curlCookieJar;
+
+		return $this;
+	}
+
+	/**
+	 * @return string|null
+	 */
+	public function getCurlCookieJar()
+	{
+		return $this->curlCookieJar;
+	}
+
+	public function getYubicoApiId()
+	{
+		return $this->yubicoApiId;
+	}
+
+	public function setYubicoApiId($id)
+	{
+		$this->yubicoApiId = $id;
+
+		return $this;
+	}
+
+	public function getYubicoApiKey()
+	{
+		return $this->yubicoApiKey;
+	}
+
+	public function setYubicoApiKey($key)
+	{
+		$this->yubicoApiKey = $key;
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getTotpEncryptionKey()
+	{
+		return $this->totpEncryptionKey;
+	}
+
+	/**
+	 * @param string $totpEncryptionKey
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setTotpEncryptionKey($totpEncryptionKey)
+	{
+		$this->totpEncryptionKey = $totpEncryptionKey;
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getIdentificationNoticeboardPage()
+	{
+		return $this->identificationNoticeboardPage;
+	}
+
+	/**
+	 * @param string $identificationNoticeboardPage
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setIdentificationNoticeboardPage($identificationNoticeboardPage)
+	{
+		$this->identificationNoticeboardPage = $identificationNoticeboardPage;
+
+		return $this;
+	}
+
+	public function setIdentificationNoticeboardWebserviceEndpoint(string $identificationNoticeboardWebserviceEndpoint
+	): SiteConfiguration {
+		$this->identificationNoticeboardWebserviceEndpoint = $identificationNoticeboardWebserviceEndpoint;
+
+		return $this;
+	}
+
+	public function getIdentificationNoticeboardWebserviceEndpoint(): string
+	{
+		return $this->identificationNoticeboardWebserviceEndpoint;
+	}
+
+	public function isRegistrationAllowed(): bool
+	{
+		return $this->registrationAllowed;
+	}
+
+	public function setRegistrationAllowed(bool $registrationAllowed): SiteConfiguration
+	{
+		$this->registrationAllowed = $registrationAllowed;
+
+		return $this;
+	}
+
+	/**
+	 * @return string|null
+	 */
+	public function getCspReportUri()
+	{
+		return $this->cspReportUri;
+	}
+
+	/**
+	 * @param string|null $cspReportUri
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setCspReportUri($cspReportUri)
+	{
+		$this->cspReportUri = $cspReportUri;
+
+		return $this;
+	}
+
+	/**
+	 * @return int
+	 */
+	public function getResourceCacheEpoch(): int
+	{
+		return $this->resourceCacheEpoch;
+	}
+
+	/**
+	 * @param int $resourceCacheEpoch
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setResourceCacheEpoch(int $resourceCacheEpoch): SiteConfiguration
+	{
+		$this->resourceCacheEpoch = $resourceCacheEpoch;
+
+		return $this;
+	}
+
+	/**
+	 * @return array
+	 */
+	public function getCommonEmailDomains(): array
+	{
+		return $this->commonEmailDomains;
+	}
+
+	/**
+	 * @param array $commonEmailDomains
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setCommonEmailDomains(array $commonEmailDomains): SiteConfiguration
+	{
+		$this->commonEmailDomains = $commonEmailDomains;
+
+		return $this;
+	}
+
+	/**
+	 * @param int[] $banMaxIpBlockRange
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setBanMaxIpBlockRange(array $banMaxIpBlockRange): SiteConfiguration
+	{
+		$this->banMaxIpBlockRange = $banMaxIpBlockRange;
+
+		return $this;
+	}
+
+	/**
+	 * @return int[]
+	 */
+	public function getBanMaxIpBlockRange(): array
+	{
+		return $this->banMaxIpBlockRange;
+	}
+
+	/**
+	 * @param int[] $banMaxIpRange
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setBanMaxIpRange(array $banMaxIpRange): SiteConfiguration
+	{
+		$this->banMaxIpRange = $banMaxIpRange;
+
+		return $this;
+	}
+
+	/**
+	 * @return int[]
+	 */
+	public function getBanMaxIpRange(): array
+	{
+		return $this->banMaxIpRange;
+	}
+
+	/**
+	 * @param array $oauthLegacyConsumerTokens
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setOauthLegacyConsumerTokens(array $oauthLegacyConsumerTokens): SiteConfiguration
+	{
+		$this->oauthLegacyConsumerTokens = $oauthLegacyConsumerTokens;
+
+		return $this;
+	}
+
+	/**
+	 * @return array
+	 */
+	public function getOauthLegacyConsumerTokens(): array
+	{
+		return $this->oauthLegacyConsumerTokens;
+	}
+
+	/**
+	 * @return int
+	 */
+	public function getJobQueueBatchSize(): int
+	{
+		return $this->jobQueueBatchSize;
+	}
+
+	/**
+	 * @param int $jobQueueBatchSize
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setJobQueueBatchSize(int $jobQueueBatchSize): SiteConfiguration
+	{
+		$this->jobQueueBatchSize = $jobQueueBatchSize;
+
+		return $this;
+	}
+
+	/**
+	 * @return array
+	 */
+	public function getAmqpConfiguration(): array
+	{
+		return $this->amqpConfiguration;
+	}
+
+	/**
+	 * @param array $amqpConfiguration
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setAmqpConfiguration(array $amqpConfiguration): SiteConfiguration
+	{
+		$this->amqpConfiguration = $amqpConfiguration;
+
+		return $this;
+	}
+
+	/**
+	 * @return string
+	 */
+	public function getEmailSender(): string
+	{
+		return $this->emailSender;
+	}
+
+	/**
+	 * @param string $emailSender
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setEmailSender(string $emailSender): SiteConfiguration
+	{
+		$this->emailSender = $emailSender;
+
+		return $this;
+	}
+
+	/**
+	 * @param array $acceptClientHints
+	 *
+	 * @return SiteConfiguration
+	 */
+	public function setAcceptClientHints(array $acceptClientHints): SiteConfiguration
+	{
+		$this->acceptClientHints = $acceptClientHints;
+
+		return $this;
+	}
+
+	/**
+	 * @return array
+	 */
+	public function getAcceptClientHints(): array
+	{
+		return $this->acceptClientHints;
+	}
+
+	public function setCookiePath(string $cookiePath): SiteConfiguration
+	{
+		$this->cookiePath = $cookiePath;
+
+		return $this;
+	}
+
+	public function getCookiePath(): string
+	{
+		return $this->cookiePath;
+	}
+
+	public function setCookieSessionName(string $cookieSessionName): SiteConfiguration
+	{
+		$this->cookieSessionName = $cookieSessionName;
+
+		return $this;
+	}
+
+	public function getCookieSessionName(): string
+	{
+		return $this->cookieSessionName;
+	}
+
+	public function setOffline(array $offline): SiteConfiguration
+	{
+		$this->offline = $offline;
+
+		return $this;
+	}
+
+	public function getOffline(): array
+	{
+		return $this->offline;
+	}
+
+	public function setDatabaseConfig(array $databaseConfig): SiteConfiguration
+	{
+		$this->databaseConfig = $databaseConfig;
+
+		return $this;
+	}
+
+	public function getDatabaseConfig(): array
+	{
+		return $this->databaseConfig;
+	}
+
+	public function getPrivacyStatementPath(): string
+	{
+		return $this->privacyStatementPath;
+	}
+
+	public function setPrivacyStatementPath(string $privacyStatementPath): SiteConfiguration
+	{
+		$this->privacyStatementPath = $privacyStatementPath;
+
+		return $this;
+	}
 }

Please login to merge, or discard this patch.

includes/Fragments/TemplateOutput.php 1 patch

Indentation +125 added lines, -125 removed lines patch added patch discarded remove patch

@@ -18,129 +18,129 @@
 block discarded – undo
 
 trait TemplateOutput
 {
-    /** @var Smarty */
-    private $smarty;
-
-    /**
-     * @param string $pluginsDir
-     *
-     * @return void
-     * @throws Exception
-     */
-    private function loadPlugins(string $pluginsDir): void
-    {
-        /** @var DirectoryIterator $file */
-        foreach (new DirectoryIterator($pluginsDir) as $file) {
-            if ($file->isDot()) {
-                continue;
-            }
-
-            if ($file->getExtension() != 'php') {
-                continue;
-            }
-
-            require_once $file->getPathname();
-
-            list($type, $name) = explode('.', $file->getBasename('.php'), 2);
-
-            switch ($type) {
-                case 'modifier':
-                    $this->smarty->registerPlugin(Smarty::PLUGIN_MODIFIER, $name, 'smarty_modifier_' . $name);
-                    break;
-                case 'function':
-                    $this->smarty->registerPlugin(Smarty::PLUGIN_FUNCTION, $name, 'smarty_function_' . $name);
-                    break;
-            }
-        }
-    }
-
-    /**
-     * @return SiteConfiguration
-     */
-    protected abstract function getSiteConfiguration();
-
-    /**
-     * Assigns a Smarty variable
-     *
-     * @param  array|string $name  the template variable name(s)
-     * @param  mixed        $value the value to assign
-     */
-    final protected function assign($name, $value)
-    {
-        $this->smarty->assign($name, $value);
-    }
-
-    /**
-     * Sets up the variables used by the main Smarty base template.
-     *
-     * This list is getting kinda long.
-     * @throws Exception
-     */
-    final protected function setUpSmarty()
-    {
-        $this->smarty = new Smarty();
-        $pluginsDir = $this->getSiteConfiguration()->getFilePath() . '/smarty-plugins';
-
-        // Dynamically load all plugins in the plugins directory
-        $this->loadPlugins($pluginsDir);
-
-        $this->assign('currentUser', User::getCommunity());
-        $this->assign('skin', 'auto');
-        $this->assign('currentDomain', null);
-        $this->assign('loggedIn', false);
-        $this->assign('baseurl', $this->getSiteConfiguration()->getBaseUrl());
-        $this->assign('resourceCacheEpoch', $this->getSiteConfiguration()->getResourceCacheEpoch());
-
-        $this->assign('siteNoticeText', '');
-        $this->assign('siteNoticeVersion', 0);
-        $this->assign('siteNoticeState', 'd-none');
-        $this->assign('toolversion', Environment::getToolVersion());
-
-        // default these
-        $this->assign('onlineusers', array());
-        $this->assign('typeAheadBlock', '');
-        $this->assign('extraJs', array());
-
-        // nav menu access control
-        $this->assign('nav__canRequests', false);
-        $this->assign('nav__canLogs', false);
-        $this->assign('nav__canUsers', false);
-        $this->assign('nav__canSearch', false);
-        $this->assign('nav__canStats', false);
-        $this->assign('nav__canBan', false);
-        $this->assign('nav__canEmailMgmt', false);
-        $this->assign('nav__canWelcomeMgmt', false);
-        $this->assign('nav__canSiteNoticeMgmt', false);
-        $this->assign('nav__canUserMgmt', false);
-        $this->assign('nav__canViewRequest', false);
-        $this->assign('nav__canJobQueue', false);
-        $this->assign('nav__canFlaggedComments', false);
-        $this->assign('nav__canDomainMgmt', false);
-        $this->assign('nav__canQueueMgmt', false);
-        $this->assign('nav__canFormMgmt', false);
-        $this->assign('nav__canErrorLog', false);
-
-        // Navigation badges for concern areas.
-        $this->assign("nav__numAdmin", 0);
-        $this->assign("nav__numFlaggedComments", 0);
-        $this->assign("nav__numJobQueueFailed", 0);
-
-        // debug helpers
-        $this->assign('showDebugCssBreakpoints', $this->getSiteConfiguration()->getDebuggingCssBreakpointsEnabled());
-
-        $this->assign('page', $this);
-    }
-
-    /**
-     * Fetches a rendered Smarty template
-     *
-     * @param $template string Template file path, relative to /templates/
-     *
-     * @return string Templated HTML
-     * @throws Exception
-     */
-    final protected function fetchTemplate($template)
-    {
-        return $this->smarty->fetch($template);
-    }
+	/** @var Smarty */
+	private $smarty;
+
+	/**
+	 * @param string $pluginsDir
+	 *
+	 * @return void
+	 * @throws Exception
+	 */
+	private function loadPlugins(string $pluginsDir): void
+	{
+		/** @var DirectoryIterator $file */
+		foreach (new DirectoryIterator($pluginsDir) as $file) {
+			if ($file->isDot()) {
+				continue;
+			}
+
+			if ($file->getExtension() != 'php') {
+				continue;
+			}
+
+			require_once $file->getPathname();
+
+			list($type, $name) = explode('.', $file->getBasename('.php'), 2);
+
+			switch ($type) {
+				case 'modifier':
+					$this->smarty->registerPlugin(Smarty::PLUGIN_MODIFIER, $name, 'smarty_modifier_' . $name);
+					break;
+				case 'function':
+					$this->smarty->registerPlugin(Smarty::PLUGIN_FUNCTION, $name, 'smarty_function_' . $name);
+					break;
+			}
+		}
+	}
+
+	/**
+	 * @return SiteConfiguration
+	 */
+	protected abstract function getSiteConfiguration();
+
+	/**
+	 * Assigns a Smarty variable
+	 *
+	 * @param  array|string $name  the template variable name(s)
+	 * @param  mixed        $value the value to assign
+	 */
+	final protected function assign($name, $value)
+	{
+		$this->smarty->assign($name, $value);
+	}
+
+	/**
+	 * Sets up the variables used by the main Smarty base template.
+	 *
+	 * This list is getting kinda long.
+	 * @throws Exception
+	 */
+	final protected function setUpSmarty()
+	{
+		$this->smarty = new Smarty();
+		$pluginsDir = $this->getSiteConfiguration()->getFilePath() . '/smarty-plugins';
+
+		// Dynamically load all plugins in the plugins directory
+		$this->loadPlugins($pluginsDir);
+
+		$this->assign('currentUser', User::getCommunity());
+		$this->assign('skin', 'auto');
+		$this->assign('currentDomain', null);
+		$this->assign('loggedIn', false);
+		$this->assign('baseurl', $this->getSiteConfiguration()->getBaseUrl());
+		$this->assign('resourceCacheEpoch', $this->getSiteConfiguration()->getResourceCacheEpoch());
+
+		$this->assign('siteNoticeText', '');
+		$this->assign('siteNoticeVersion', 0);
+		$this->assign('siteNoticeState', 'd-none');
+		$this->assign('toolversion', Environment::getToolVersion());
+
+		// default these
+		$this->assign('onlineusers', array());
+		$this->assign('typeAheadBlock', '');
+		$this->assign('extraJs', array());
+
+		// nav menu access control
+		$this->assign('nav__canRequests', false);
+		$this->assign('nav__canLogs', false);
+		$this->assign('nav__canUsers', false);
+		$this->assign('nav__canSearch', false);
+		$this->assign('nav__canStats', false);
+		$this->assign('nav__canBan', false);
+		$this->assign('nav__canEmailMgmt', false);
+		$this->assign('nav__canWelcomeMgmt', false);
+		$this->assign('nav__canSiteNoticeMgmt', false);
+		$this->assign('nav__canUserMgmt', false);
+		$this->assign('nav__canViewRequest', false);
+		$this->assign('nav__canJobQueue', false);
+		$this->assign('nav__canFlaggedComments', false);
+		$this->assign('nav__canDomainMgmt', false);
+		$this->assign('nav__canQueueMgmt', false);
+		$this->assign('nav__canFormMgmt', false);
+		$this->assign('nav__canErrorLog', false);
+
+		// Navigation badges for concern areas.
+		$this->assign("nav__numAdmin", 0);
+		$this->assign("nav__numFlaggedComments", 0);
+		$this->assign("nav__numJobQueueFailed", 0);
+
+		// debug helpers
+		$this->assign('showDebugCssBreakpoints', $this->getSiteConfiguration()->getDebuggingCssBreakpointsEnabled());
+
+		$this->assign('page', $this);
+	}
+
+	/**
+	 * Fetches a rendered Smarty template
+	 *
+	 * @param $template string Template file path, relative to /templates/
+	 *
+	 * @return string Templated HTML
+	 * @throws Exception
+	 */
+	final protected function fetchTemplate($template)
+	{
+		return $this->smarty->fetch($template);
+	}
 }

Please login to merge, or discard this patch.

includes/Security/RoleConfigurationBase.php 1 patch

Indentation +131 added lines, -131 removed lines patch added patch discarded remove patch

@@ -10,135 +10,135 @@
 block discarded – undo
 
 abstract class RoleConfigurationBase
 {
-    const ACCESS_ALLOW = 1;
-    const ACCESS_DENY = -1;
-    const ACCESS_DEFAULT = 0;
-    const MAIN = 'main';
-    const ALL = '*';
-
-    protected array $roleConfig;
-    protected array $identificationExempt;
-
-    protected function __construct(array $roleConfig, array $identificationExempt)
-    {
-        $this->roleConfig = $roleConfig;
-        $this->identificationExempt = $identificationExempt;
-    }
-
-    /**
-     * Takes an array of role names and flattens the values to a single
-     * resultant role configuration.
-     *
-     * @param string[] $activeRoles
-     * @category Security-Critical
-     */
-    public function getResultantRole(array $activeRoles): array
-    {
-        $result = array();
-
-        $roleConfig = $this->getApplicableRoles($activeRoles);
-
-        // Iterate over every page in every role
-        foreach ($roleConfig as $role) {
-            foreach ($role as $page => $pageRights) {
-                // Create holder in result for this page
-                if (!isset($result[$page])) {
-                    $result[$page] = array();
-                }
-
-                foreach ($pageRights as $action => $permission) {
-                    // Deny takes precedence, so if it's set, don't change it.
-                    if (isset($result[$page][$action])) {
-                        if ($result[$page][$action] === RoleConfigurationBase::ACCESS_DENY) {
-                            continue;
-                        }
-                    }
-
-                    if ($permission === RoleConfigurationBase::ACCESS_DEFAULT) {
-                        // Configured to do precisely nothing.
-                        continue;
-                    }
-
-                    $result[$page][$action] = $permission;
-                }
-            }
-        }
-
-        return $result;
-    }
-
-    /**
-     * Returns a set of all roles which are available to be set.
-     *
-     * Hidden roles and implicit roles are excluded.
-     */
-    public function getAvailableRoles(): array
-    {
-        // remove the implicit roles
-        $possible = array_diff(array_keys($this->roleConfig), array('public', 'loggedIn', 'user'));
-
-        $actual = array();
-
-        foreach ($possible as $role) {
-            if (!isset($this->roleConfig[$role]['_hidden'])) {
-                $actual[$role] = array(
-                    'description' => $this->roleConfig[$role]['_description'],
-                    'editableBy'  => $this->roleConfig[$role]['_editableBy'],
-                    'globalOnly'  => isset($this->roleConfig[$role]['_globalOnly']) && $this->roleConfig[$role]['_globalOnly'],
-                );
-            }
-        }
-
-        return $actual;
-    }
-
-    /**
-     * Returns a boolean for whether the provided role requires identification
-     * before being used by a user.
-     *
-     * @category Security-Critical
-     */
-    public function roleNeedsIdentification(string $role): bool
-    {
-        if (in_array($role, $this->identificationExempt)) {
-            return false;
-        }
-
-        return true;
-    }
-
-    /**
-     * Takes an array of role names, and returns all the relevant roles for that
-     * set, including any child roles found recursively.
-     *
-     * @param array $roles The names of roles to start searching with
-     */
-    private function getApplicableRoles(array $roles): array
-    {
-        $available = array();
-
-        foreach ($roles as $role) {
-            if (!isset($this->roleConfig[$role])) {
-                // wat
-                continue;
-            }
-
-            $available[$role] = $this->roleConfig[$role];
-
-            if (isset($available[$role]['_childRoles'])) {
-                $childRoles = $this->getApplicableRoles($available[$role]['_childRoles']);
-                $available = array_merge($available, $childRoles);
-
-                unset($available[$role]['_childRoles']);
-            }
-
-            foreach (array('_hidden', '_editableBy', '_description', '_globalOnly') as $item) {
-                if (isset($available[$role][$item])) {
-                    unset($available[$role][$item]);
-                }
-            }
-        }
-
-        return $available;
-    }
+	const ACCESS_ALLOW = 1;
+	const ACCESS_DENY = -1;
+	const ACCESS_DEFAULT = 0;
+	const MAIN = 'main';
+	const ALL = '*';
+
+	protected array $roleConfig;
+	protected array $identificationExempt;
+
+	protected function __construct(array $roleConfig, array $identificationExempt)
+	{
+		$this->roleConfig = $roleConfig;
+		$this->identificationExempt = $identificationExempt;
+	}
+
+	/**
+	 * Takes an array of role names and flattens the values to a single
+	 * resultant role configuration.
+	 *
+	 * @param string[] $activeRoles
+	 * @category Security-Critical
+	 */
+	public function getResultantRole(array $activeRoles): array
+	{
+		$result = array();
+
+		$roleConfig = $this->getApplicableRoles($activeRoles);
+
+		// Iterate over every page in every role
+		foreach ($roleConfig as $role) {
+			foreach ($role as $page => $pageRights) {
+				// Create holder in result for this page
+				if (!isset($result[$page])) {
+					$result[$page] = array();
+				}
+
+				foreach ($pageRights as $action => $permission) {
+					// Deny takes precedence, so if it's set, don't change it.
+					if (isset($result[$page][$action])) {
+						if ($result[$page][$action] === RoleConfigurationBase::ACCESS_DENY) {
+							continue;
+						}
+					}
+
+					if ($permission === RoleConfigurationBase::ACCESS_DEFAULT) {
+						// Configured to do precisely nothing.
+						continue;
+					}
+
+					$result[$page][$action] = $permission;
+				}
+			}
+		}
+
+		return $result;
+	}
+
+	/**
+	 * Returns a set of all roles which are available to be set.
+	 *
+	 * Hidden roles and implicit roles are excluded.
+	 */
+	public function getAvailableRoles(): array
+	{
+		// remove the implicit roles
+		$possible = array_diff(array_keys($this->roleConfig), array('public', 'loggedIn', 'user'));
+
+		$actual = array();
+
+		foreach ($possible as $role) {
+			if (!isset($this->roleConfig[$role]['_hidden'])) {
+				$actual[$role] = array(
+					'description' => $this->roleConfig[$role]['_description'],
+					'editableBy'  => $this->roleConfig[$role]['_editableBy'],
+					'globalOnly'  => isset($this->roleConfig[$role]['_globalOnly']) && $this->roleConfig[$role]['_globalOnly'],
+				);
+			}
+		}
+
+		return $actual;
+	}
+
+	/**
+	 * Returns a boolean for whether the provided role requires identification
+	 * before being used by a user.
+	 *
+	 * @category Security-Critical
+	 */
+	public function roleNeedsIdentification(string $role): bool
+	{
+		if (in_array($role, $this->identificationExempt)) {
+			return false;
+		}
+
+		return true;
+	}
+
+	/**
+	 * Takes an array of role names, and returns all the relevant roles for that
+	 * set, including any child roles found recursively.
+	 *
+	 * @param array $roles The names of roles to start searching with
+	 */
+	private function getApplicableRoles(array $roles): array
+	{
+		$available = array();
+
+		foreach ($roles as $role) {
+			if (!isset($this->roleConfig[$role])) {
+				// wat
+				continue;
+			}
+
+			$available[$role] = $this->roleConfig[$role];
+
+			if (isset($available[$role]['_childRoles'])) {
+				$childRoles = $this->getApplicableRoles($available[$role]['_childRoles']);
+				$available = array_merge($available, $childRoles);
+
+				unset($available[$role]['_childRoles']);
+			}
+
+			foreach (array('_hidden', '_editableBy', '_description', '_globalOnly') as $item) {
+				if (isset($available[$role][$item])) {
+					unset($available[$role][$item]);
+				}
+			}
+		}
+
+		return $available;
+	}
 }
\ No newline at end of file

Please login to merge, or discard this patch.

includes/ExceptionHandler.php 1 patch

Indentation +118 added lines, -118 removed lines patch added patch discarded remove patch

@@ -14,22 +14,22 @@  discard block
 block discarded – undo
 
 class ExceptionHandler
 {
-    /**
-     * Global exception handler
-     *
-     * Smarty would be nice to use, but it COULD BE smarty that throws the errors.
-     * Let's build something ourselves, and hope it works.
-     *
-     * @param $exception
-     *
-     * @category Security-Critical - has the potential to leak data when exception is thrown.
-     */
-    public static function exceptionHandler(Throwable $exception)
-    {
-        /** @global $siteConfiguration SiteConfiguration */
-        global $siteConfiguration;
-
-        $errorDocument = <<<HTML
+	/**
+	 * Global exception handler
+	 *
+	 * Smarty would be nice to use, but it COULD BE smarty that throws the errors.
+	 * Let's build something ourselves, and hope it works.
+	 *
+	 * @param $exception
+	 *
+	 * @category Security-Critical - has the potential to leak data when exception is thrown.
+	 */
+	public static function exceptionHandler(Throwable $exception)
+	{
+		/** @global $siteConfiguration SiteConfiguration */
+		global $siteConfiguration;
+
+		$errorDocument = <<<HTML
 <!DOCTYPE html>
 <html lang="en"><head>
 <meta charset="utf-8">
@@ -49,106 +49,106 @@  discard block
 block discarded – undo
 </div></body></html>
 HTML;
 
-        list($errorData, $errorId) = self::logExceptionToDisk($exception, $siteConfiguration, true);
-
-        error_log('Unhandled ' . get_class($exception) . ': ' . $exception->getMessage());
-
-        // clear and discard any content that's been saved to the output buffer
-        if (ob_get_level() > 0) {
-            ob_end_clean();
-        }
-
-        // push error ID into the document.
-        $message = str_replace('$1$', $errorId, $errorDocument);
-
-        if ($siteConfiguration->getDebuggingTraceEnabled()) {
-            ob_start();
-            var_dump($errorData);
-            $textErrorData = ob_get_contents();
-            ob_end_clean();
-
-            $message = str_replace('$2$', $textErrorData, $message);
-        }
-        else {
-            $message = str_replace('$2$', "", $message);
-        }
-
-        // While we *shouldn't* have sent headers by now due to the output buffering, PHPUnit does weird things.
-        // This is "only" needed for the tests, but it's a good idea to wrap this anyway.
-        if (!headers_sent()) {
-            header('HTTP/1.1 500 Internal Server Error');
-        }
-
-        // output the document
-        print $message;
-    }
-
-    /**
-     * @param int    $errorSeverity The severity level of the exception.
-     * @param string $errorMessage  The Exception message to throw.
-     * @param string $errorFile     The filename where the exception is thrown.
-     * @param int    $errorLine     The line number where the exception is thrown.
-     *
-     * @throws ErrorException
-     */
-    public static function errorHandler($errorSeverity, $errorMessage, $errorFile, $errorLine)
-    {
-        // call into the main exception handler above
-        throw new ErrorException($errorMessage, 0, $errorSeverity, $errorFile, $errorLine);
-    }
-
-    /**
-     * @param Throwable $exception
-     *
-     * @return null|array
-     */
-    public static function getExceptionData($exception)
-    {
-        if ($exception == null) {
-            return null;
-        }
-
-        $array = array(
-            'exception' => get_class($exception),
-            'message'   => $exception->getMessage(),
-            'stack'     => $exception->getTraceAsString(),
-        );
-
-        $array['previous'] = self::getExceptionData($exception->getPrevious());
-
-        return $array;
-    }
-
-    public static function logExceptionToDisk(
-        Throwable $exception,
-        SiteConfiguration $siteConfiguration,
-        bool $fromGlobalHandler = false
-    ): array {
-        $errorData = self::getExceptionData($exception);
-        $errorData['server'] = $_SERVER;
-        $errorData['get'] = $_GET;
-        $errorData['post'] = $_POST;
-
-        $redactions = ['password', 'newpassword', 'newpasswordconfirm', 'otp'];
-        foreach ($redactions as $redaction) {
-            if (isset($errorData['post'][$redaction])) {
-                $errorData['post'][$redaction] = '<redacted>';
-            }
-        }
-
-        if ($fromGlobalHandler) {
-            $errorData['globalHandler'] = true;
-        }
-        else {
-            $errorData['globalHandler'] = false;
-        }
-
-        $state = serialize($errorData);
-        $errorId = sha1($state);
-
-        // Save the error for later analysis
-        file_put_contents($siteConfiguration->getErrorLog() . '/' . $errorId . '.log', $state);
-
-        return array($errorData, $errorId);
-    }
+		list($errorData, $errorId) = self::logExceptionToDisk($exception, $siteConfiguration, true);
+
+		error_log('Unhandled ' . get_class($exception) . ': ' . $exception->getMessage());
+
+		// clear and discard any content that's been saved to the output buffer
+		if (ob_get_level() > 0) {
+			ob_end_clean();
+		}
+
+		// push error ID into the document.
+		$message = str_replace('$1$', $errorId, $errorDocument);
+
+		if ($siteConfiguration->getDebuggingTraceEnabled()) {
+			ob_start();
+			var_dump($errorData);
+			$textErrorData = ob_get_contents();
+			ob_end_clean();
+
+			$message = str_replace('$2$', $textErrorData, $message);
+		}
+		else {
+			$message = str_replace('$2$', "", $message);
+		}
+
+		// While we *shouldn't* have sent headers by now due to the output buffering, PHPUnit does weird things.
+		// This is "only" needed for the tests, but it's a good idea to wrap this anyway.
+		if (!headers_sent()) {
+			header('HTTP/1.1 500 Internal Server Error');
+		}
+
+		// output the document
+		print $message;
+	}
+
+	/**
+	 * @param int    $errorSeverity The severity level of the exception.
+	 * @param string $errorMessage  The Exception message to throw.
+	 * @param string $errorFile     The filename where the exception is thrown.
+	 * @param int    $errorLine     The line number where the exception is thrown.
+	 *
+	 * @throws ErrorException
+	 */
+	public static function errorHandler($errorSeverity, $errorMessage, $errorFile, $errorLine)
+	{
+		// call into the main exception handler above
+		throw new ErrorException($errorMessage, 0, $errorSeverity, $errorFile, $errorLine);
+	}
+
+	/**
+	 * @param Throwable $exception
+	 *
+	 * @return null|array
+	 */
+	public static function getExceptionData($exception)
+	{
+		if ($exception == null) {
+			return null;
+		}
+
+		$array = array(
+			'exception' => get_class($exception),
+			'message'   => $exception->getMessage(),
+			'stack'     => $exception->getTraceAsString(),
+		);
+
+		$array['previous'] = self::getExceptionData($exception->getPrevious());
+
+		return $array;
+	}
+
+	public static function logExceptionToDisk(
+		Throwable $exception,
+		SiteConfiguration $siteConfiguration,
+		bool $fromGlobalHandler = false
+	): array {
+		$errorData = self::getExceptionData($exception);
+		$errorData['server'] = $_SERVER;
+		$errorData['get'] = $_GET;
+		$errorData['post'] = $_POST;
+
+		$redactions = ['password', 'newpassword', 'newpasswordconfirm', 'otp'];
+		foreach ($redactions as $redaction) {
+			if (isset($errorData['post'][$redaction])) {
+				$errorData['post'][$redaction] = '<redacted>';
+			}
+		}
+
+		if ($fromGlobalHandler) {
+			$errorData['globalHandler'] = true;
+		}
+		else {
+			$errorData['globalHandler'] = false;
+		}
+
+		$state = serialize($errorData);
+		$errorId = sha1($state);
+
+		// Save the error for later analysis
+		file_put_contents($siteConfiguration->getErrorLog() . '/' . $errorId . '.log', $state);
+
+		return array($errorData, $errorId);
+	}
 }

Please login to merge, or discard this patch.

includes/Pages/PageBan.php 1 patch

Indentation +659 added lines, -659 removed lines patch added patch discarded remove patch

@@ -27,665 +27,665 @@
 block discarded – undo
 
 class PageBan extends InternalPageBase
 {
-    /**
-     * Main function for this page, when no specific actions are called.
-     */
-    protected function main(): void
-    {
-        $this->assignCSRFToken();
-        $this->setHtmlTitle('Bans');
-
-        $database = $this->getDatabase();
-        $currentDomain = Domain::getCurrent($database);
-        $bans = Ban::getActiveBans($database, $currentDomain->getId());
-
-        $this->setupBanList($bans);
-
-        $this->assign('isFiltered', false);
-        $this->assign('currentUnixTime', time());
-        $this->setTemplate('bans/main.tpl');
-    }
-
-    protected function show(): void
-    {
-        $this->assignCSRFToken();
-        $this->setHtmlTitle('Bans');
-
-        $rawIdList = WebRequest::getString('id');
-        if ($rawIdList === null) {
-            $this->redirect('bans');
-
-            return;
-        }
-
-        $idList = explode(',', $rawIdList);
-
-        $database = $this->getDatabase();
-        $currentDomain = Domain::getCurrent($database);
-        $bans = Ban::getByIdList($idList, $database, $currentDomain->getId());
-
-        $this->setupBanList($bans);
-        $this->assign('isFiltered', true);
-        $this->assign('currentUnixTime', time());
-        $this->setTemplate('bans/main.tpl');
-    }
-
-    /**
-     * Entry point for the ban set action
-     * @throws SmartyException
-     * @throws Exception
-     */
-    protected function set(): void
-    {
-        $this->setHtmlTitle('Bans');
-
-        // dual-mode action
-        if (WebRequest::wasPosted()) {
-            try {
-                $this->handlePostMethodForSetBan();
-            }
-            catch (ApplicationLogicException $ex) {
-                SessionAlert::error($ex->getMessage());
-                $this->redirect("bans", "set");
-            }
-        }
-        else {
-            $this->handleGetMethodForSetBan();
-
-            $user = User::getCurrent($this->getDatabase());
-            $banType = WebRequest::getString('type');
-            $banRequest = WebRequest::getInt('request');
-
-            // if the parameters are null, skip loading a request.
-            if ($banType !== null && $banRequest !== null && $banRequest !== 0) {
-                $this->preloadFormForRequest($banRequest, $banType, $user);
-            }
-        }
-    }
-
-    protected function replace(): void
-    {
-        $this->setHtmlTitle('Bans');
-
-        $database = $this->getDatabase();
-        $domain = Domain::getCurrent($database);
-
-        // dual-mode action
-        if (WebRequest::wasPosted()) {
-            try {
-                $originalBanId = WebRequest::postInt('replaceBanId');
-                $originalBanUpdateVersion = WebRequest::postInt('replaceBanUpdateVersion');
-
-                $originalBan = Ban::getActiveId($originalBanId, $database, $domain->getId());
-
-                if ($originalBan === false) {
-                    throw new ApplicationLogicException("The specified ban is not currently active, or doesn't exist.");
-                }
-
-                // Discard original ban; we're replacing it.
-                $originalBan->setUpdateVersion($originalBanUpdateVersion);
-                $originalBan->setActive(false);
-                $originalBan->save();
-
-                Logger::banReplaced($database, $originalBan);
-
-                // Proceed as normal to save the new ban.
-                $this->handlePostMethodForSetBan();
-            }
-            catch (ApplicationLogicException $ex) {
-                $database->rollback();
-                SessionAlert::error($ex->getMessage());
-                $this->redirect("bans", "set");
-            }
-        }
-        else {
-            $this->handleGetMethodForSetBan();
-
-            $user = User::getCurrent($database);
-            $originalBanId = WebRequest::getString('id');
-
-            $originalBan = Ban::getActiveId($originalBanId, $database, $domain->getId());
-
-            if ($originalBan === false) {
-                throw new ApplicationLogicException("The specified ban is not currently active, or doesn't exist.");
-            }
-
-            if ($originalBan->getName() !== null) {
-                if (!$this->barrierTest('name', $user, 'BanType')) {
-                    SessionAlert::error("You are not allowed to set this type of ban.");
-                    $this->redirect("bans", "set");
-                    return;
-                }
-
-                $this->assign('banName', $originalBan->getName());
-            }
-
-            if ($originalBan->getEmail() !== null) {
-                if (!$this->barrierTest('email', $user, 'BanType')) {
-                    SessionAlert::error("You are not allowed to set this type of ban.");
-                    $this->redirect("bans", "set");
-                    return;
-                }
-
-                $this->assign('banEmail', $originalBan->getEmail());
-            }
-
-            if ($originalBan->getUseragent() !== null) {
-                if (!$this->barrierTest('useragent', $user, 'BanType')) {
-                    SessionAlert::error("You are not allowed to set this type of ban.");
-                    $this->redirect("bans", "set");
-                    return;
-                }
-
-                $this->assign('banUseragent', $originalBan->getUseragent());
-            }
-
-            if ($originalBan->getIp() !== null) {
-                if (!$this->barrierTest('ip', $user, 'BanType')) {
-                    SessionAlert::error("You are not allowed to set this type of ban.");
-                    $this->redirect("bans", "set");
-                    return;
-                }
-
-                $this->assign('banIP', $originalBan->getIp() . '/' . $originalBan->getIpMask());
-            }
-
-            $banIsGlobal = $originalBan->getDomain() === null;
-            if ($banIsGlobal) {
-                if (!$this->barrierTest('global', $user, 'BanType')) {
-                    SessionAlert::error("You are not allowed to set this type of ban.");
-                    $this->redirect("bans", "set");
-                    return;
-                }
-            }
-
-            if (!$this->barrierTest($originalBan->getVisibility(), $user, 'BanVisibility')) {
-                SessionAlert::error("You are not allowed to set this type of ban.");
-                $this->redirect("bans", "set");
-                return;
-            }
-
-            $this->assign('banGlobal', $banIsGlobal);
-            $this->assign('banVisibility', $originalBan->getVisibility());
-
-            if ($originalBan->getDuration() !== null) {
-                $this->assign('banDuration', date('c', $originalBan->getDuration()));
-            }
-
-            $this->assign('banReason', $originalBan->getReason());
-            $this->assign('banAction', $originalBan->getAction());
-            $this->assign('banQueue', $originalBan->getTargetQueue());
-
-            $this->assign('replaceBanId', $originalBan->getId());
-            $this->assign('replaceBanUpdateVersion', $originalBan->getUpdateVersion());
-        }
-    }
-
-    /**
-     * Entry point for the ban remove action
-     *
-     * @throws AccessDeniedException
-     * @throws ApplicationLogicException
-     * @throws SmartyException
-     */
-    protected function remove(): void
-    {
-        $this->setHtmlTitle('Bans');
-
-        $ban = $this->getBanForUnban();
-
-        $banHelper = new BanHelper($this->getDatabase(), $this->getXffTrustProvider(), $this->getSecurityManager());
-        if (!$banHelper->canUnban($ban)) {
-            // triggered when a user tries to unban a ban they can't see the entirety of.
-            // there's no UI way to get to this, so a raw exception is fine.
-            throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager());
-        }
-
-        // dual mode
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $unbanReason = WebRequest::postString('unbanreason');
-
-            if ($unbanReason === null || trim($unbanReason) === "") {
-                SessionAlert::error('No unban reason specified');
-                $this->redirect("bans", "remove", array('id' => $ban->getId()));
-            }
-
-            // set optimistic locking from delete form page load
-            $updateVersion = WebRequest::postInt('updateversion');
-            $ban->setUpdateVersion($updateVersion);
-
-            $database = $this->getDatabase();
-            $ban->setActive(false);
-            $ban->save();
-
-            Logger::unbanned($database, $ban, $unbanReason);
-
-            SessionAlert::quick('Disabled ban.');
-            $this->getNotificationHelper()->unbanned($ban, $unbanReason);
-
-            $this->redirect('bans');
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->assign('ban', $ban);
-            $this->setTemplate('bans/unban.tpl');
-        }
-    }
-
-    /**
-     * Retrieves the requested ban duration from the WebRequest
-     *
-     * @throws ApplicationLogicException
-     */
-    private function getBanDuration(): ?int
-    {
-        $duration = WebRequest::postString('duration');
-        if ($duration === "other") {
-            $duration = strtotime(WebRequest::postString('otherduration'));
-
-            if (!$duration) {
-                throw new ApplicationLogicException('Invalid ban time');
-            }
-            elseif (time() > $duration) {
-                throw new ApplicationLogicException('Ban time has already expired!');
-            }
-
-            return $duration;
-        }
-        elseif ($duration === "-1") {
-            return null;
-        }
-        else {
-            return WebRequest::postInt('duration') + time();
-        }
-    }
-
-    /**
-     * Handles the POST method on the set action
-     *
-     * @throws ApplicationLogicException
-     * @throws Exception
-     */
-    private function handlePostMethodForSetBan()
-    {
-        $this->validateCSRFToken();
-        $database = $this->getDatabase();
-        $user = User::getCurrent($database);
-        $currentDomain = Domain::getCurrent($database);
-
-        // Checks whether there is a reason entered for ban.
-        $reason = WebRequest::postString('banreason');
-        if ($reason === null || trim($reason) === "") {
-            throw new ApplicationLogicException('You must specify a ban reason');
-        }
-
-        // ban targets
-        list($targetName, $targetIp, $targetEmail, $targetUseragent) = $this->getRawBanTargets($user);
-
-        $visibility = $this->getBanVisibility();
-
-        // Validate ban duration
-        $duration = $this->getBanDuration();
-
-        $action = WebRequest::postString('banAction') ?? Ban::ACTION_NONE;
-
-        $global = WebRequest::postBoolean('banGlobal');
-        if (!$this->barrierTest('global', $user, 'BanType')) {
-            $global = false;
-        }
-
-        if ($action === Ban::ACTION_DEFER && $global) {
-            throw new ApplicationLogicException("Cannot set a global ban in defer-to-queue mode.");
-        }
-
-        // handle CIDR ranges
-        $targetMask = null;
-        if ($targetIp !== null) {
-            list($targetIp, $targetMask) = $this->splitCidrRange($targetIp);
-            $this->validateIpBan($targetIp, $targetMask, $user, $action);
-        }
-
-        $banHelper = new BanHelper($this->getDatabase(), $this->getXffTrustProvider(), $this->getSecurityManager());
-
-        $bansByTarget = $banHelper->getBansByTarget(
-            $targetName,
-            $targetEmail,
-            $targetIp,
-            $targetMask,
-            $targetUseragent,
-            $currentDomain->getId());
-
-        if (count($bansByTarget) > 0) {
-            throw new ApplicationLogicException('This target is already banned!');
-        }
-
-        $ban = new Ban();
-        $ban->setDatabase($database);
-        $ban->setActive(true);
-
-        $ban->setName($targetName);
-        $ban->setIp($targetIp, $targetMask);
-        $ban->setEmail($targetEmail);
-        $ban->setUseragent($targetUseragent);
-
-        $ban->setUser($user->getId());
-        $ban->setReason($reason);
-        $ban->setDuration($duration);
-        $ban->setVisibility($visibility);
-
-        $ban->setDomain($global ? null : $currentDomain->getId());
-
-        $ban->setAction($action);
-        if ($ban->getAction() === Ban::ACTION_DEFER) {
-            //FIXME: domains
-            $queue = RequestQueue::getByApiName($database, WebRequest::postString('banActionTarget'), 1);
-            if ($queue === false) {
-                throw new ApplicationLogicException("Unknown target queue");
-            }
-
-            if (!$queue->isEnabled()) {
-                throw new ApplicationLogicException("Target queue is not enabled");
-            }
-
-            $ban->setTargetQueue($queue->getId());
-        }
-
-        $ban->save();
-
-        Logger::banned($database, $ban, $reason);
-
-        $this->getNotificationHelper()->banned($ban);
-        SessionAlert::quick('Ban has been set.');
-
-        $this->redirect('bans');
-    }
-
-    /**
-     * Handles the GET method on the set action
-     * @throws Exception
-     */
-    private function handleGetMethodForSetBan()
-    {
-        $this->setTemplate('bans/banform.tpl');
-        $this->assignCSRFToken();
-
-        $this->assign('maxIpRange', $this->getSiteConfiguration()->getBanMaxIpRange());
-        $this->assign('maxIpBlockRange', $this->getSiteConfiguration()->getBanMaxIpBlockRange());
-
-        $this->assign('banVisibility', 'user');
-        $this->assign('banGlobal', false);
-        $this->assign('banQueue', false);
-        $this->assign('banAction', Ban::ACTION_BLOCK);
-        $this->assign('banDuration', '');
-        $this->assign('banReason', '');
-
-        $this->assign('banEmail', '');
-        $this->assign('banIP', '');
-        $this->assign('banName', '');
-        $this->assign('banUseragent', '');
-
-        $this->assign('replaceBanId', null);
-
-
-
-        $database = $this->getDatabase();
-
-        $user = User::getCurrent($database);
-        $this->setupSecurity($user);
-
-        $queues = RequestQueue::getEnabledQueues($database);
-
-        $this->assign('requestQueues', $queues);
-    }
-
-    /**
-     * Finds the Ban object referenced in the WebRequest if it is valid
-     *
-     * @return Ban
-     * @throws ApplicationLogicException
-     */
-    private function getBanForUnban(): Ban
-    {
-        $banId = WebRequest::getInt('id');
-        if ($banId === null || $banId === 0) {
-            throw new ApplicationLogicException("The ban ID appears to be missing. This is probably a bug.");
-        }
-
-        $database = $this->getDatabase();
-        $this->setupSecurity(User::getCurrent($database));
-        $currentDomain = Domain::getCurrent($database);
-        $ban = Ban::getActiveId($banId, $database, $currentDomain->getId());
-
-        if ($ban === false) {
-            throw new ApplicationLogicException("The specified ban is not currently active, or doesn't exist.");
-        }
-
-        return $ban;
-    }
-
-    /**
-     * Sets up Smarty variables for access control
-     */
-    private function setupSecurity(User $user): void
-    {
-        $this->assign('canSeeIpBan', $this->barrierTest('ip', $user, 'BanType'));
-        $this->assign('canSeeNameBan', $this->barrierTest('name', $user, 'BanType'));
-        $this->assign('canSeeEmailBan', $this->barrierTest('email', $user, 'BanType'));
-        $this->assign('canSeeUseragentBan', $this->barrierTest('useragent', $user, 'BanType'));
-
-        $this->assign('canGlobalBan', $this->barrierTest('global', $user, 'BanType'));
-
-        $this->assign('canSeeUserVisibility', $this->barrierTest('user', $user, 'BanVisibility'));
-        $this->assign('canSeeAdminVisibility', $this->barrierTest('admin', $user, 'BanVisibility'));
-        $this->assign('canSeeCheckuserVisibility', $this->barrierTest('checkuser', $user, 'BanVisibility'));
-    }
-
-    /**
-     * Validates that the provided IP is acceptable for a ban of this type
-     *
-     * @param string $targetIp   IP address
-     * @param int    $targetMask CIDR prefix length
-     * @param User   $user       User performing the ban
-     * @param string $action     Ban action to take
-     *
-     * @throws ApplicationLogicException
-     */
-    private function validateIpBan(string $targetIp, int $targetMask, User $user, string $action): void
-    {
-        // validate this is an IP
-        if (!filter_var($targetIp, FILTER_VALIDATE_IP)) {
-            throw new ApplicationLogicException("Not a valid IP address");
-        }
-
-        $canLargeIpBan = $this->barrierTest('ip-largerange', $user, 'BanType');
-        $maxIpBlockRange = $this->getSiteConfiguration()->getBanMaxIpBlockRange();
-        $maxIpRange = $this->getSiteConfiguration()->getBanMaxIpRange();
-
-        // validate CIDR ranges
-        if (filter_var($targetIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
-            if ($targetMask < 0 || $targetMask > 128) {
-                throw new ApplicationLogicException("CIDR mask out of range for IPv6");
-            }
-
-            // prevent setting the ban if:
-            //  * the user isn't allowed to set large bans, AND
-            //  * the ban is a drop or a block (preventing human review of the request), AND
-            //  * the mask is too wide-reaching
-            if (!$canLargeIpBan && ($action == Ban::ACTION_BLOCK || $action == Ban::ACTION_DROP) && $targetMask < $maxIpBlockRange[6]) {
-                throw new ApplicationLogicException("The requested IP range for this ban is too wide for the block/drop action.");
-            }
-
-            if (!$canLargeIpBan && $targetMask < $maxIpRange[6]) {
-                throw new ApplicationLogicException("The requested IP range for this ban is too wide.");
-            }
-        }
-
-        if (filter_var($targetIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
-            if ($targetMask < 0 || $targetMask > 32) {
-                throw new ApplicationLogicException("CIDR mask out of range for IPv4");
-            }
-
-            if (!$canLargeIpBan && ($action == Ban::ACTION_BLOCK || $action == Ban::ACTION_DROP) && $targetMask < $maxIpBlockRange[4]) {
-                throw new ApplicationLogicException("The IP range for this ban is too wide for the block/drop action.");
-            }
-
-            if (!$canLargeIpBan && $targetMask < $maxIpRange[4]) {
-                throw new ApplicationLogicException("The requested IP range for this ban is too wide.");
-            }
-        }
-
-        $squidIpList = $this->getSiteConfiguration()->getSquidList();
-        if (in_array($targetIp, $squidIpList)) {
-            throw new ApplicationLogicException("This IP address is on the protected list of proxies, and cannot be banned.");
-        }
-    }
-
-    /**
-     * Configures a ban list template for display
-     *
-     * @param Ban[] $bans
-     */
-    private function setupBanList(array $bans): void
-    {
-        $userIds = array_map(fn(Ban $entry) => $entry->getUser(), $bans);
-        $userList = UserSearchHelper::get($this->getDatabase())->inIds($userIds)->fetchMap('username');
-
-        $domainIds = array_filter(array_unique(array_map(fn(Ban $entry) => $entry->getDomain(), $bans)));
-        $domains = [];
-        foreach ($domainIds as $d) {
-            if ($d === null) {
-                continue;
-            }
-            $domains[$d] = Domain::getById($d, $this->getDatabase());
-        }
-
-        $this->assign('domains', $domains);
-
-        $user = User::getCurrent($this->getDatabase());
-        $this->assign('canSet', $this->barrierTest('set', $user));
-        $this->assign('canRemove', $this->barrierTest('remove', $user));
-
-        $this->setupSecurity($user);
-
-        $this->assign('usernames', $userList);
-        $this->assign('activebans', $bans);
-
-        $banHelper = new BanHelper($this->getDatabase(), $this->getXffTrustProvider(), $this->getSecurityManager());
-        $this->assign('banHelper', $banHelper);
-    }
-
-    /**
-     * Converts a plain IP or CIDR mask into an IP and a CIDR suffix
-     *
-     * @param string $targetIp IP or CIDR range
-     *
-     * @return array
-     */
-    private function splitCidrRange(string $targetIp): array
-    {
-        if (strpos($targetIp, '/') !== false) {
-            $ipParts = explode('/', $targetIp, 2);
-            $targetIp = $ipParts[0];
-            $targetMask = (int)$ipParts[1];
-        }
-        else {
-            // Default the CIDR range based on the IP type
-            $targetMask = filter_var($targetIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) ? 128 : 32;
-        }
-
-        return array($targetIp, $targetMask);
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 */
+	protected function main(): void
+	{
+		$this->assignCSRFToken();
+		$this->setHtmlTitle('Bans');
+
+		$database = $this->getDatabase();
+		$currentDomain = Domain::getCurrent($database);
+		$bans = Ban::getActiveBans($database, $currentDomain->getId());
+
+		$this->setupBanList($bans);
+
+		$this->assign('isFiltered', false);
+		$this->assign('currentUnixTime', time());
+		$this->setTemplate('bans/main.tpl');
+	}
+
+	protected function show(): void
+	{
+		$this->assignCSRFToken();
+		$this->setHtmlTitle('Bans');
+
+		$rawIdList = WebRequest::getString('id');
+		if ($rawIdList === null) {
+			$this->redirect('bans');
+
+			return;
+		}
+
+		$idList = explode(',', $rawIdList);
+
+		$database = $this->getDatabase();
+		$currentDomain = Domain::getCurrent($database);
+		$bans = Ban::getByIdList($idList, $database, $currentDomain->getId());
+
+		$this->setupBanList($bans);
+		$this->assign('isFiltered', true);
+		$this->assign('currentUnixTime', time());
+		$this->setTemplate('bans/main.tpl');
+	}
+
+	/**
+	 * Entry point for the ban set action
+	 * @throws SmartyException
+	 * @throws Exception
+	 */
+	protected function set(): void
+	{
+		$this->setHtmlTitle('Bans');
+
+		// dual-mode action
+		if (WebRequest::wasPosted()) {
+			try {
+				$this->handlePostMethodForSetBan();
+			}
+			catch (ApplicationLogicException $ex) {
+				SessionAlert::error($ex->getMessage());
+				$this->redirect("bans", "set");
+			}
+		}
+		else {
+			$this->handleGetMethodForSetBan();
+
+			$user = User::getCurrent($this->getDatabase());
+			$banType = WebRequest::getString('type');
+			$banRequest = WebRequest::getInt('request');
+
+			// if the parameters are null, skip loading a request.
+			if ($banType !== null && $banRequest !== null && $banRequest !== 0) {
+				$this->preloadFormForRequest($banRequest, $banType, $user);
+			}
+		}
+	}
+
+	protected function replace(): void
+	{
+		$this->setHtmlTitle('Bans');
+
+		$database = $this->getDatabase();
+		$domain = Domain::getCurrent($database);
+
+		// dual-mode action
+		if (WebRequest::wasPosted()) {
+			try {
+				$originalBanId = WebRequest::postInt('replaceBanId');
+				$originalBanUpdateVersion = WebRequest::postInt('replaceBanUpdateVersion');
+
+				$originalBan = Ban::getActiveId($originalBanId, $database, $domain->getId());
+
+				if ($originalBan === false) {
+					throw new ApplicationLogicException("The specified ban is not currently active, or doesn't exist.");
+				}
+
+				// Discard original ban; we're replacing it.
+				$originalBan->setUpdateVersion($originalBanUpdateVersion);
+				$originalBan->setActive(false);
+				$originalBan->save();
+
+				Logger::banReplaced($database, $originalBan);
+
+				// Proceed as normal to save the new ban.
+				$this->handlePostMethodForSetBan();
+			}
+			catch (ApplicationLogicException $ex) {
+				$database->rollback();
+				SessionAlert::error($ex->getMessage());
+				$this->redirect("bans", "set");
+			}
+		}
+		else {
+			$this->handleGetMethodForSetBan();
+
+			$user = User::getCurrent($database);
+			$originalBanId = WebRequest::getString('id');
+
+			$originalBan = Ban::getActiveId($originalBanId, $database, $domain->getId());
+
+			if ($originalBan === false) {
+				throw new ApplicationLogicException("The specified ban is not currently active, or doesn't exist.");
+			}
+
+			if ($originalBan->getName() !== null) {
+				if (!$this->barrierTest('name', $user, 'BanType')) {
+					SessionAlert::error("You are not allowed to set this type of ban.");
+					$this->redirect("bans", "set");
+					return;
+				}
+
+				$this->assign('banName', $originalBan->getName());
+			}
+
+			if ($originalBan->getEmail() !== null) {
+				if (!$this->barrierTest('email', $user, 'BanType')) {
+					SessionAlert::error("You are not allowed to set this type of ban.");
+					$this->redirect("bans", "set");
+					return;
+				}
+
+				$this->assign('banEmail', $originalBan->getEmail());
+			}
+
+			if ($originalBan->getUseragent() !== null) {
+				if (!$this->barrierTest('useragent', $user, 'BanType')) {
+					SessionAlert::error("You are not allowed to set this type of ban.");
+					$this->redirect("bans", "set");
+					return;
+				}
+
+				$this->assign('banUseragent', $originalBan->getUseragent());
+			}
+
+			if ($originalBan->getIp() !== null) {
+				if (!$this->barrierTest('ip', $user, 'BanType')) {
+					SessionAlert::error("You are not allowed to set this type of ban.");
+					$this->redirect("bans", "set");
+					return;
+				}
+
+				$this->assign('banIP', $originalBan->getIp() . '/' . $originalBan->getIpMask());
+			}
+
+			$banIsGlobal = $originalBan->getDomain() === null;
+			if ($banIsGlobal) {
+				if (!$this->barrierTest('global', $user, 'BanType')) {
+					SessionAlert::error("You are not allowed to set this type of ban.");
+					$this->redirect("bans", "set");
+					return;
+				}
+			}
+
+			if (!$this->barrierTest($originalBan->getVisibility(), $user, 'BanVisibility')) {
+				SessionAlert::error("You are not allowed to set this type of ban.");
+				$this->redirect("bans", "set");
+				return;
+			}
+
+			$this->assign('banGlobal', $banIsGlobal);
+			$this->assign('banVisibility', $originalBan->getVisibility());
+
+			if ($originalBan->getDuration() !== null) {
+				$this->assign('banDuration', date('c', $originalBan->getDuration()));
+			}
+
+			$this->assign('banReason', $originalBan->getReason());
+			$this->assign('banAction', $originalBan->getAction());
+			$this->assign('banQueue', $originalBan->getTargetQueue());
+
+			$this->assign('replaceBanId', $originalBan->getId());
+			$this->assign('replaceBanUpdateVersion', $originalBan->getUpdateVersion());
+		}
+	}
+
+	/**
+	 * Entry point for the ban remove action
+	 *
+	 * @throws AccessDeniedException
+	 * @throws ApplicationLogicException
+	 * @throws SmartyException
+	 */
+	protected function remove(): void
+	{
+		$this->setHtmlTitle('Bans');
+
+		$ban = $this->getBanForUnban();
+
+		$banHelper = new BanHelper($this->getDatabase(), $this->getXffTrustProvider(), $this->getSecurityManager());
+		if (!$banHelper->canUnban($ban)) {
+			// triggered when a user tries to unban a ban they can't see the entirety of.
+			// there's no UI way to get to this, so a raw exception is fine.
+			throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager());
+		}
+
+		// dual mode
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$unbanReason = WebRequest::postString('unbanreason');
+
+			if ($unbanReason === null || trim($unbanReason) === "") {
+				SessionAlert::error('No unban reason specified');
+				$this->redirect("bans", "remove", array('id' => $ban->getId()));
+			}
+
+			// set optimistic locking from delete form page load
+			$updateVersion = WebRequest::postInt('updateversion');
+			$ban->setUpdateVersion($updateVersion);
+
+			$database = $this->getDatabase();
+			$ban->setActive(false);
+			$ban->save();
+
+			Logger::unbanned($database, $ban, $unbanReason);
+
+			SessionAlert::quick('Disabled ban.');
+			$this->getNotificationHelper()->unbanned($ban, $unbanReason);
+
+			$this->redirect('bans');
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->assign('ban', $ban);
+			$this->setTemplate('bans/unban.tpl');
+		}
+	}
+
+	/**
+	 * Retrieves the requested ban duration from the WebRequest
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function getBanDuration(): ?int
+	{
+		$duration = WebRequest::postString('duration');
+		if ($duration === "other") {
+			$duration = strtotime(WebRequest::postString('otherduration'));
+
+			if (!$duration) {
+				throw new ApplicationLogicException('Invalid ban time');
+			}
+			elseif (time() > $duration) {
+				throw new ApplicationLogicException('Ban time has already expired!');
+			}
+
+			return $duration;
+		}
+		elseif ($duration === "-1") {
+			return null;
+		}
+		else {
+			return WebRequest::postInt('duration') + time();
+		}
+	}
+
+	/**
+	 * Handles the POST method on the set action
+	 *
+	 * @throws ApplicationLogicException
+	 * @throws Exception
+	 */
+	private function handlePostMethodForSetBan()
+	{
+		$this->validateCSRFToken();
+		$database = $this->getDatabase();
+		$user = User::getCurrent($database);
+		$currentDomain = Domain::getCurrent($database);
+
+		// Checks whether there is a reason entered for ban.
+		$reason = WebRequest::postString('banreason');
+		if ($reason === null || trim($reason) === "") {
+			throw new ApplicationLogicException('You must specify a ban reason');
+		}
+
+		// ban targets
+		list($targetName, $targetIp, $targetEmail, $targetUseragent) = $this->getRawBanTargets($user);
+
+		$visibility = $this->getBanVisibility();
+
+		// Validate ban duration
+		$duration = $this->getBanDuration();
+
+		$action = WebRequest::postString('banAction') ?? Ban::ACTION_NONE;
+
+		$global = WebRequest::postBoolean('banGlobal');
+		if (!$this->barrierTest('global', $user, 'BanType')) {
+			$global = false;
+		}
+
+		if ($action === Ban::ACTION_DEFER && $global) {
+			throw new ApplicationLogicException("Cannot set a global ban in defer-to-queue mode.");
+		}
+
+		// handle CIDR ranges
+		$targetMask = null;
+		if ($targetIp !== null) {
+			list($targetIp, $targetMask) = $this->splitCidrRange($targetIp);
+			$this->validateIpBan($targetIp, $targetMask, $user, $action);
+		}
+
+		$banHelper = new BanHelper($this->getDatabase(), $this->getXffTrustProvider(), $this->getSecurityManager());
+
+		$bansByTarget = $banHelper->getBansByTarget(
+			$targetName,
+			$targetEmail,
+			$targetIp,
+			$targetMask,
+			$targetUseragent,
+			$currentDomain->getId());
+
+		if (count($bansByTarget) > 0) {
+			throw new ApplicationLogicException('This target is already banned!');
+		}
+
+		$ban = new Ban();
+		$ban->setDatabase($database);
+		$ban->setActive(true);
+
+		$ban->setName($targetName);
+		$ban->setIp($targetIp, $targetMask);
+		$ban->setEmail($targetEmail);
+		$ban->setUseragent($targetUseragent);
+
+		$ban->setUser($user->getId());
+		$ban->setReason($reason);
+		$ban->setDuration($duration);
+		$ban->setVisibility($visibility);
+
+		$ban->setDomain($global ? null : $currentDomain->getId());
+
+		$ban->setAction($action);
+		if ($ban->getAction() === Ban::ACTION_DEFER) {
+			//FIXME: domains
+			$queue = RequestQueue::getByApiName($database, WebRequest::postString('banActionTarget'), 1);
+			if ($queue === false) {
+				throw new ApplicationLogicException("Unknown target queue");
+			}
+
+			if (!$queue->isEnabled()) {
+				throw new ApplicationLogicException("Target queue is not enabled");
+			}
+
+			$ban->setTargetQueue($queue->getId());
+		}
+
+		$ban->save();
+
+		Logger::banned($database, $ban, $reason);
+
+		$this->getNotificationHelper()->banned($ban);
+		SessionAlert::quick('Ban has been set.');
+
+		$this->redirect('bans');
+	}
+
+	/**
+	 * Handles the GET method on the set action
+	 * @throws Exception
+	 */
+	private function handleGetMethodForSetBan()
+	{
+		$this->setTemplate('bans/banform.tpl');
+		$this->assignCSRFToken();
+
+		$this->assign('maxIpRange', $this->getSiteConfiguration()->getBanMaxIpRange());
+		$this->assign('maxIpBlockRange', $this->getSiteConfiguration()->getBanMaxIpBlockRange());
+
+		$this->assign('banVisibility', 'user');
+		$this->assign('banGlobal', false);
+		$this->assign('banQueue', false);
+		$this->assign('banAction', Ban::ACTION_BLOCK);
+		$this->assign('banDuration', '');
+		$this->assign('banReason', '');
+
+		$this->assign('banEmail', '');
+		$this->assign('banIP', '');
+		$this->assign('banName', '');
+		$this->assign('banUseragent', '');
+
+		$this->assign('replaceBanId', null);
+
+
+
+		$database = $this->getDatabase();
+
+		$user = User::getCurrent($database);
+		$this->setupSecurity($user);
+
+		$queues = RequestQueue::getEnabledQueues($database);
+
+		$this->assign('requestQueues', $queues);
+	}
+
+	/**
+	 * Finds the Ban object referenced in the WebRequest if it is valid
+	 *
+	 * @return Ban
+	 * @throws ApplicationLogicException
+	 */
+	private function getBanForUnban(): Ban
+	{
+		$banId = WebRequest::getInt('id');
+		if ($banId === null || $banId === 0) {
+			throw new ApplicationLogicException("The ban ID appears to be missing. This is probably a bug.");
+		}
+
+		$database = $this->getDatabase();
+		$this->setupSecurity(User::getCurrent($database));
+		$currentDomain = Domain::getCurrent($database);
+		$ban = Ban::getActiveId($banId, $database, $currentDomain->getId());
+
+		if ($ban === false) {
+			throw new ApplicationLogicException("The specified ban is not currently active, or doesn't exist.");
+		}
+
+		return $ban;
+	}
+
+	/**
+	 * Sets up Smarty variables for access control
+	 */
+	private function setupSecurity(User $user): void
+	{
+		$this->assign('canSeeIpBan', $this->barrierTest('ip', $user, 'BanType'));
+		$this->assign('canSeeNameBan', $this->barrierTest('name', $user, 'BanType'));
+		$this->assign('canSeeEmailBan', $this->barrierTest('email', $user, 'BanType'));
+		$this->assign('canSeeUseragentBan', $this->barrierTest('useragent', $user, 'BanType'));
+
+		$this->assign('canGlobalBan', $this->barrierTest('global', $user, 'BanType'));
+
+		$this->assign('canSeeUserVisibility', $this->barrierTest('user', $user, 'BanVisibility'));
+		$this->assign('canSeeAdminVisibility', $this->barrierTest('admin', $user, 'BanVisibility'));
+		$this->assign('canSeeCheckuserVisibility', $this->barrierTest('checkuser', $user, 'BanVisibility'));
+	}
+
+	/**
+	 * Validates that the provided IP is acceptable for a ban of this type
+	 *
+	 * @param string $targetIp   IP address
+	 * @param int    $targetMask CIDR prefix length
+	 * @param User   $user       User performing the ban
+	 * @param string $action     Ban action to take
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function validateIpBan(string $targetIp, int $targetMask, User $user, string $action): void
+	{
+		// validate this is an IP
+		if (!filter_var($targetIp, FILTER_VALIDATE_IP)) {
+			throw new ApplicationLogicException("Not a valid IP address");
+		}
+
+		$canLargeIpBan = $this->barrierTest('ip-largerange', $user, 'BanType');
+		$maxIpBlockRange = $this->getSiteConfiguration()->getBanMaxIpBlockRange();
+		$maxIpRange = $this->getSiteConfiguration()->getBanMaxIpRange();
+
+		// validate CIDR ranges
+		if (filter_var($targetIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6)) {
+			if ($targetMask < 0 || $targetMask > 128) {
+				throw new ApplicationLogicException("CIDR mask out of range for IPv6");
+			}
+
+			// prevent setting the ban if:
+			//  * the user isn't allowed to set large bans, AND
+			//  * the ban is a drop or a block (preventing human review of the request), AND
+			//  * the mask is too wide-reaching
+			if (!$canLargeIpBan && ($action == Ban::ACTION_BLOCK || $action == Ban::ACTION_DROP) && $targetMask < $maxIpBlockRange[6]) {
+				throw new ApplicationLogicException("The requested IP range for this ban is too wide for the block/drop action.");
+			}
+
+			if (!$canLargeIpBan && $targetMask < $maxIpRange[6]) {
+				throw new ApplicationLogicException("The requested IP range for this ban is too wide.");
+			}
+		}
+
+		if (filter_var($targetIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV4)) {
+			if ($targetMask < 0 || $targetMask > 32) {
+				throw new ApplicationLogicException("CIDR mask out of range for IPv4");
+			}
+
+			if (!$canLargeIpBan && ($action == Ban::ACTION_BLOCK || $action == Ban::ACTION_DROP) && $targetMask < $maxIpBlockRange[4]) {
+				throw new ApplicationLogicException("The IP range for this ban is too wide for the block/drop action.");
+			}
+
+			if (!$canLargeIpBan && $targetMask < $maxIpRange[4]) {
+				throw new ApplicationLogicException("The requested IP range for this ban is too wide.");
+			}
+		}
+
+		$squidIpList = $this->getSiteConfiguration()->getSquidList();
+		if (in_array($targetIp, $squidIpList)) {
+			throw new ApplicationLogicException("This IP address is on the protected list of proxies, and cannot be banned.");
+		}
+	}
+
+	/**
+	 * Configures a ban list template for display
+	 *
+	 * @param Ban[] $bans
+	 */
+	private function setupBanList(array $bans): void
+	{
+		$userIds = array_map(fn(Ban $entry) => $entry->getUser(), $bans);
+		$userList = UserSearchHelper::get($this->getDatabase())->inIds($userIds)->fetchMap('username');
+
+		$domainIds = array_filter(array_unique(array_map(fn(Ban $entry) => $entry->getDomain(), $bans)));
+		$domains = [];
+		foreach ($domainIds as $d) {
+			if ($d === null) {
+				continue;
+			}
+			$domains[$d] = Domain::getById($d, $this->getDatabase());
+		}
+
+		$this->assign('domains', $domains);
+
+		$user = User::getCurrent($this->getDatabase());
+		$this->assign('canSet', $this->barrierTest('set', $user));
+		$this->assign('canRemove', $this->barrierTest('remove', $user));
+
+		$this->setupSecurity($user);
+
+		$this->assign('usernames', $userList);
+		$this->assign('activebans', $bans);
+
+		$banHelper = new BanHelper($this->getDatabase(), $this->getXffTrustProvider(), $this->getSecurityManager());
+		$this->assign('banHelper', $banHelper);
+	}
+
+	/**
+	 * Converts a plain IP or CIDR mask into an IP and a CIDR suffix
+	 *
+	 * @param string $targetIp IP or CIDR range
+	 *
+	 * @return array
+	 */
+	private function splitCidrRange(string $targetIp): array
+	{
+		if (strpos($targetIp, '/') !== false) {
+			$ipParts = explode('/', $targetIp, 2);
+			$targetIp = $ipParts[0];
+			$targetMask = (int)$ipParts[1];
+		}
+		else {
+			// Default the CIDR range based on the IP type
+			$targetMask = filter_var($targetIp, FILTER_VALIDATE_IP, FILTER_FLAG_IPV6) ? 128 : 32;
+		}
+
+		return array($targetIp, $targetMask);
 }
 
-    /**
-     * Returns the validated ban visibility from WebRequest
-     *
-     * @throws ApplicationLogicException
-     */
-    private function getBanVisibility(): string
-    {
-        $visibility = WebRequest::postString('banVisibility');
-        if ($visibility !== 'user' && $visibility !== 'admin' && $visibility !== 'checkuser') {
-            throw new ApplicationLogicException('Invalid ban visibility');
-        }
-
-        return $visibility;
-    }
-
-    /**
-     * Returns array of [username, ip, email, ua] as ban targets from WebRequest,
-     * filtered for whether the user is allowed to set bans including those types.
-     *
-     * @return string[]
-     * @throws ApplicationLogicException
-     */
-    private function getRawBanTargets(User $user): array
-    {
-        $targetName = WebRequest::postString('banName');
-        $targetIp = WebRequest::postString('banIP');
-        $targetEmail = WebRequest::postString('banEmail');
-        $targetUseragent = WebRequest::postString('banUseragent');
-
-        // check the user is allowed to use provided targets
-        if (!$this->barrierTest('name', $user, 'BanType')) {
-            $targetName = null;
-        }
-        if (!$this->barrierTest('ip', $user, 'BanType')) {
-            $targetIp = null;
-        }
-        if (!$this->barrierTest('email', $user, 'BanType')) {
-            $targetEmail = null;
-        }
-        if (!$this->barrierTest('useragent', $user, 'BanType')) {
-            $targetUseragent = null;
-        }
-
-        // Checks whether there is a target entered to ban.
-        if ($targetName === null && $targetIp === null && $targetEmail === null && $targetUseragent === null) {
-            throw new ApplicationLogicException('You must specify a target to be banned');
-        }
-
-        return array($targetName, $targetIp, $targetEmail, $targetUseragent);
-    }
-
-    private function preloadFormForRequest(int $banRequest, string $banType, User $user): void
-    {
-        $database = $this->getDatabase();
-
-        // Attempt to resolve the correct target
-        /** @var Request|false $request */
-        $request = Request::getById($banRequest, $database);
-        if ($request === false) {
-            $this->assign('bantarget', '');
-
-            return;
-        }
-
-        switch ($banType) {
-            case 'EMail':
-                if ($this->barrierTest('email', $user, 'BanType')) {
-                    $this->assign('banEmail', $request->getEmail());
-                }
-                break;
-            case 'IP':
-                if ($this->barrierTest('ip', $user, 'BanType')) {
-                    $trustedIp = $this->getXffTrustProvider()->getTrustedClientIp(
-                        $request->getIp(),
-                        $request->getForwardedIp());
-
-                    $this->assign('banIP', $trustedIp);
-                }
-                break;
-            case 'Name':
-                if ($this->barrierTest('name', $user, 'BanType')) {
-                    $this->assign('banName', $request->getName());
-                }
-                break;
-            case 'UA':
-                if ($this->barrierTest('useragent', $user, 'BanType')) {
-                    $this->assign('banUseragent', $request->getEmail());
-                }
-                break;
-        }
-    }
+	/**
+	 * Returns the validated ban visibility from WebRequest
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	private function getBanVisibility(): string
+	{
+		$visibility = WebRequest::postString('banVisibility');
+		if ($visibility !== 'user' && $visibility !== 'admin' && $visibility !== 'checkuser') {
+			throw new ApplicationLogicException('Invalid ban visibility');
+		}
+
+		return $visibility;
+	}
+
+	/**
+	 * Returns array of [username, ip, email, ua] as ban targets from WebRequest,
+	 * filtered for whether the user is allowed to set bans including those types.
+	 *
+	 * @return string[]
+	 * @throws ApplicationLogicException
+	 */
+	private function getRawBanTargets(User $user): array
+	{
+		$targetName = WebRequest::postString('banName');
+		$targetIp = WebRequest::postString('banIP');
+		$targetEmail = WebRequest::postString('banEmail');
+		$targetUseragent = WebRequest::postString('banUseragent');
+
+		// check the user is allowed to use provided targets
+		if (!$this->barrierTest('name', $user, 'BanType')) {
+			$targetName = null;
+		}
+		if (!$this->barrierTest('ip', $user, 'BanType')) {
+			$targetIp = null;
+		}
+		if (!$this->barrierTest('email', $user, 'BanType')) {
+			$targetEmail = null;
+		}
+		if (!$this->barrierTest('useragent', $user, 'BanType')) {
+			$targetUseragent = null;
+		}
+
+		// Checks whether there is a target entered to ban.
+		if ($targetName === null && $targetIp === null && $targetEmail === null && $targetUseragent === null) {
+			throw new ApplicationLogicException('You must specify a target to be banned');
+		}
+
+		return array($targetName, $targetIp, $targetEmail, $targetUseragent);
+	}
+
+	private function preloadFormForRequest(int $banRequest, string $banType, User $user): void
+	{
+		$database = $this->getDatabase();
+
+		// Attempt to resolve the correct target
+		/** @var Request|false $request */
+		$request = Request::getById($banRequest, $database);
+		if ($request === false) {
+			$this->assign('bantarget', '');
+
+			return;
+		}
+
+		switch ($banType) {
+			case 'EMail':
+				if ($this->barrierTest('email', $user, 'BanType')) {
+					$this->assign('banEmail', $request->getEmail());
+				}
+				break;
+			case 'IP':
+				if ($this->barrierTest('ip', $user, 'BanType')) {
+					$trustedIp = $this->getXffTrustProvider()->getTrustedClientIp(
+						$request->getIp(),
+						$request->getForwardedIp());
+
+					$this->assign('banIP', $trustedIp);
+				}
+				break;
+			case 'Name':
+				if ($this->barrierTest('name', $user, 'BanType')) {
+					$this->assign('banName', $request->getName());
+				}
+				break;
+			case 'UA':
+				if ($this->barrierTest('useragent', $user, 'BanType')) {
+					$this->assign('banUseragent', $request->getEmail());
+				}
+				break;
+		}
+	}
 }

Please login to merge, or discard this patch.

		@@ -35,156 +35,156 @@
		block discarded – undo
35	35	*/
36	36	class PageCreateRequest extends RequestActionBase
37	37	{
38		- /**
39		- * Main function for this page, when no specific actions are called.
40		- * @return void
41		- * @throws AccessDeniedException
42		- * @throws ApplicationLogicException
43		- */
44		- protected function main()
45		- {
46		- $this->checkPosted();
47		-
48		- $database = $this->getDatabase();
49		-
50		- $request = $this->getRequest($database);
51		- $template = $this->getTemplate($database);
52		- $creationMode = $this->getCreationMode();
53		- $user = User::getCurrent($database);
54		- $preferencesManager = PreferenceManager::getForCurrent($database);
55		-
56		- $secMgr = $this->getSecurityManager();
57		- if ($secMgr->allows('RequestCreation', PreferenceManager::CREATION_BOT, $user) !== ISecurityManager::ALLOWED
58		- && $creationMode === 'bot'
59		- ) {
60		- throw new AccessDeniedException($secMgr, $this->getDomainAccessManager());
61		- }
62		- elseif ($secMgr->allows('RequestCreation', PreferenceManager::CREATION_OAUTH, $user) !== ISecurityManager::ALLOWED
63		- && $creationMode === 'oauth'
64		- ) {
65		- throw new AccessDeniedException($secMgr, $this->getDomainAccessManager());
66		- }
67		-
68		- if ($request->getEmailSent()) {
69		- throw new ApplicationLogicException('This requester has already had an email sent to them. Please fall back to manual creation or a custom close');
70		- }
71		-
72		- $request->setStatus(RequestStatus::JOBQUEUE);
73		- $request->setReserved(null);
74		- $request->save();
75		-
76		- Logger::enqueuedJobQueue($database, $request);
77		-
78		- $creationTaskId = $this->enqueueCreationTask($creationMode, $request, $template, $user, $database);
79		-
80		- $welcomeTemplate = $preferencesManager->getPreference(PreferenceManager::PREF_WELCOMETEMPLATE);
81		- if ($welcomeTemplate !== null && !WebRequest::postBoolean('skipAutoWelcome')) {
82		- $this->enqueueWelcomeTask($request, $creationTaskId, $user, $database);
83		- }
84		-
85		- $this->getNotificationHelper()->requestCloseQueued($request, $template->getName());
86		-
87		- SessionAlert::success("Request {$request->getId()} has been queued for autocreation");
88		-
89		- $this->redirect();
90		- }
91		-
92		- protected function getCreationMode()
93		- {
94		- $creationMode = WebRequest::postString('mode');
95		- if ($creationMode !== 'oauth' && $creationMode !== 'bot') {
96		- throw new ApplicationLogicException('Unknown creation mode');
97		- }
98		-
99		- return $creationMode;
100		- }
101		-
102		- /**
103		- * @param PdoDatabase $database
104		- *
105		- * @return EmailTemplate
106		- * @throws ApplicationLogicException
107		- */
108		- protected function getTemplate(PdoDatabase $database)
109		- {
110		- $templateId = WebRequest::postInt('template');
111		- if ($templateId === null) {
112		- throw new ApplicationLogicException('No template specified');
113		- }
114		-
115		- /** @var EmailTemplate $template */
116		- $template = EmailTemplate::getById($templateId, $database);
117		- if ($template === false \|\| !$template->getActive()) {
118		- throw new ApplicationLogicException('Invalid or inactive template specified');
119		- }
120		-
121		- if ($template->getDefaultAction() !== EmailTemplate::ACTION_CREATED) {
122		- throw new ApplicationLogicException('Specified template is not a creation template!');
123		- }
124		-
125		- return $template;
126		- }
127		-
128		- /**
129		- * @param PdoDatabase $database
130		- *
131		- * @return Request
132		- * @throws ApplicationLogicException
133		- */
134		- protected function getRequest(PdoDatabase $database)
135		- {
136		- $request = parent::getRequest($database);
137		-
138		- if ($request->getStatus() == RequestStatus::CLOSED) {
139		- throw new ApplicationLogicException('Request is already closed');
140		- }
141		-
142		- return $request;
143		- }
144		-
145		- /**
146		- * @param $creationMode
147		- * @param Request $request
148		- * @param EmailTemplate $template
149		- * @param User $user
150		- *
151		- * @param PdoDatabase $database
152		- *
153		- * @return int
154		- * @throws ApplicationLogicException
155		- */
156		- protected function enqueueCreationTask(
157		- $creationMode,
158		- Request $request,
159		- EmailTemplate $template,
160		- User $user,
161		- PdoDatabase $database
162		- ) {
163		- $creationTaskClass = null;
164		-
165		- if ($creationMode == "oauth") {
166		- $creationTaskClass = UserCreationTask::class;
167		- }
168		-
169		- if ($creationMode == "bot") {
170		- $creationTaskClass = BotCreationTask::class;
171		- }
172		-
173		- if ($creationTaskClass === null) {
174		- throw new ApplicationLogicException('Cannot determine creation mode');
175		- }
176		-
177		- $creationTask = new JobQueue();
178		- $creationTask->setDomain(1); // FIXME: domains!
179		- $creationTask->setTask($creationTaskClass);
180		- $creationTask->setRequest($request->getId());
181		- $creationTask->setEmailTemplate($template->getId());
182		- $creationTask->setTriggerUserId($user->getId());
183		- $creationTask->setDatabase($database);
184		- $creationTask->save();
185		-
186		- $creationTaskId = $creationTask->getId();
187		-
188		- return $creationTaskId;
189		- }
	38	+ /**
	39	+ * Main function for this page, when no specific actions are called.
	40	+ * @return void
	41	+ * @throws AccessDeniedException
	42	+ * @throws ApplicationLogicException
	43	+ */
	44	+ protected function main()
	45	+ {
	46	+ $this->checkPosted();
	47	+
	48	+ $database = $this->getDatabase();
	49	+
	50	+ $request = $this->getRequest($database);
	51	+ $template = $this->getTemplate($database);
	52	+ $creationMode = $this->getCreationMode();
	53	+ $user = User::getCurrent($database);
	54	+ $preferencesManager = PreferenceManager::getForCurrent($database);
	55	+
	56	+ $secMgr = $this->getSecurityManager();
	57	+ if ($secMgr->allows('RequestCreation', PreferenceManager::CREATION_BOT, $user) !== ISecurityManager::ALLOWED
	58	+ && $creationMode === 'bot'
	59	+ ) {
	60	+ throw new AccessDeniedException($secMgr, $this->getDomainAccessManager());
	61	+ }
	62	+ elseif ($secMgr->allows('RequestCreation', PreferenceManager::CREATION_OAUTH, $user) !== ISecurityManager::ALLOWED
	63	+ && $creationMode === 'oauth'
	64	+ ) {
	65	+ throw new AccessDeniedException($secMgr, $this->getDomainAccessManager());
	66	+ }
	67	+
	68	+ if ($request->getEmailSent()) {
	69	+ throw new ApplicationLogicException('This requester has already had an email sent to them. Please fall back to manual creation or a custom close');
	70	+ }
	71	+
	72	+ $request->setStatus(RequestStatus::JOBQUEUE);
	73	+ $request->setReserved(null);
	74	+ $request->save();
	75	+
	76	+ Logger::enqueuedJobQueue($database, $request);
	77	+
	78	+ $creationTaskId = $this->enqueueCreationTask($creationMode, $request, $template, $user, $database);
	79	+
	80	+ $welcomeTemplate = $preferencesManager->getPreference(PreferenceManager::PREF_WELCOMETEMPLATE);
	81	+ if ($welcomeTemplate !== null && !WebRequest::postBoolean('skipAutoWelcome')) {
	82	+ $this->enqueueWelcomeTask($request, $creationTaskId, $user, $database);
	83	+ }
	84	+
	85	+ $this->getNotificationHelper()->requestCloseQueued($request, $template->getName());
	86	+
	87	+ SessionAlert::success("Request {$request->getId()} has been queued for autocreation");
	88	+
	89	+ $this->redirect();
	90	+ }
	91	+
	92	+ protected function getCreationMode()
	93	+ {
	94	+ $creationMode = WebRequest::postString('mode');
	95	+ if ($creationMode !== 'oauth' && $creationMode !== 'bot') {
	96	+ throw new ApplicationLogicException('Unknown creation mode');
	97	+ }
	98	+
	99	+ return $creationMode;
	100	+ }
	101	+
	102	+ /**
	103	+ * @param PdoDatabase $database
	104	+ *
	105	+ * @return EmailTemplate
	106	+ * @throws ApplicationLogicException
	107	+ */
	108	+ protected function getTemplate(PdoDatabase $database)
	109	+ {
	110	+ $templateId = WebRequest::postInt('template');
	111	+ if ($templateId === null) {
	112	+ throw new ApplicationLogicException('No template specified');
	113	+ }
	114	+
	115	+ /** @var EmailTemplate $template */
	116	+ $template = EmailTemplate::getById($templateId, $database);
	117	+ if ($template === false \|\| !$template->getActive()) {
	118	+ throw new ApplicationLogicException('Invalid or inactive template specified');
	119	+ }
	120	+
	121	+ if ($template->getDefaultAction() !== EmailTemplate::ACTION_CREATED) {
	122	+ throw new ApplicationLogicException('Specified template is not a creation template!');
	123	+ }
	124	+
	125	+ return $template;
	126	+ }
	127	+
	128	+ /**
	129	+ * @param PdoDatabase $database
	130	+ *
	131	+ * @return Request
	132	+ * @throws ApplicationLogicException
	133	+ */
	134	+ protected function getRequest(PdoDatabase $database)
	135	+ {
	136	+ $request = parent::getRequest($database);
	137	+
	138	+ if ($request->getStatus() == RequestStatus::CLOSED) {
	139	+ throw new ApplicationLogicException('Request is already closed');
	140	+ }
	141	+
	142	+ return $request;
	143	+ }
	144	+
	145	+ /**
	146	+ * @param $creationMode
	147	+ * @param Request $request
	148	+ * @param EmailTemplate $template
	149	+ * @param User $user
	150	+ *
	151	+ * @param PdoDatabase $database
	152	+ *
	153	+ * @return int
	154	+ * @throws ApplicationLogicException
	155	+ */
	156	+ protected function enqueueCreationTask(
	157	+ $creationMode,
	158	+ Request $request,
	159	+ EmailTemplate $template,
	160	+ User $user,
	161	+ PdoDatabase $database
	162	+ ) {
	163	+ $creationTaskClass = null;
	164	+
	165	+ if ($creationMode == "oauth") {
	166	+ $creationTaskClass = UserCreationTask::class;
	167	+ }
	168	+
	169	+ if ($creationMode == "bot") {
	170	+ $creationTaskClass = BotCreationTask::class;
	171	+ }
	172	+
	173	+ if ($creationTaskClass === null) {
	174	+ throw new ApplicationLogicException('Cannot determine creation mode');
	175	+ }
	176	+
	177	+ $creationTask = new JobQueue();
	178	+ $creationTask->setDomain(1); // FIXME: domains!
	179	+ $creationTask->setTask($creationTaskClass);
	180	+ $creationTask->setRequest($request->getId());
	181	+ $creationTask->setEmailTemplate($template->getId());
	182	+ $creationTask->setTriggerUserId($user->getId());
	183	+ $creationTask->setDatabase($database);
	184	+ $creationTask->save();
	185	+
	186	+ $creationTaskId = $creationTask->getId();
	187	+
	188	+ return $creationTaskId;
	189	+ }
190	190	}

		@@ -18,112 +18,112 @@
		block discarded – undo
18	18
19	19	class PageListFlaggedComments extends InternalPageBase
20	20	{
21		- /**
22		- * @inheritDoc
23		- */
24		- protected function main()
25		- {
26		- $this->setHtmlTitle('Flagged comments');
27		- $this->setTemplate('flagged-comments.tpl');
28		-
29		- $database = $this->getDatabase();
30		- $this->assignCSRFToken();
31		-
32		- /** @var Comment[] $commentObjects */
33		- $commentObjects = Comment::getFlaggedComments($database, 1); // FIXME: domains
34		- $comments = [];
35		-
36		- $currentUser = User::getCurrent($database);
37		-
38		- $seeRestrictedComments = $this->barrierTest('seeRestrictedComments', $currentUser, 'RequestData');
39		- $seeCheckuserComments = $this->barrierTest('seeCheckuserComments', $currentUser, 'RequestData');
40		- $alwaysSeePrivateData = $this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData');
41		-
42		- foreach ($commentObjects as $object) {
43		- $data = [
44		- 'visibility' => $object->getVisibility(),
45		- 'hidden' => false,
46		- 'hiddenText' => false,
47		- ];
48		-
49		- if (!$alwaysSeePrivateData) {
50		- // tl;dr: This is a stupid configuration, but let's account for it anyway.
51		- //
52		- // Flagged comments are treated as private data. If you don't have the privilege
53		- // RequestData::alwaysSeePrivateData, then we can't show you the content of the comments here.
54		- // This page is forced to degrade into basically a list of requests, seriously hampering the usefulness
55		- // of this page. Still, we need to handle the case where we have access to this page, but not access
56		- // to private data.
57		- // At the time of writing, this case does not exist in the current role configuration, but for the role
58		- // configuration to be free of assumptions, we need this code.
59		-
60		- /** @var Request $request */
61		- $request = Request::getById($object->getRequest(), $database);
62		-
63		- if ($request->getReserved() === $currentUser->getId()) {
64		- $data['hiddenText'] = false;
65		- }
66		- else {
67		- $data['hiddenText'] = true;
68		- }
69		- }
70		-
71		- if ($object->getVisibility() == 'requester' \|\| $object->getVisibility() == 'user') {
72		- $data['hidden'] = false;
73		- }
74		- elseif ($object->getVisibility() == 'admin') {
75		- if ($seeRestrictedComments) {
76		- $data['hidden'] = false;
77		- }
78		- else {
79		- $data['hidden'] = true;
80		- }
81		- }
82		- elseif ($object->getVisibility() == 'checkuser') {
83		- if ($seeCheckuserComments) {
84		- $data['hidden'] = false;
85		- }
86		- else {
87		- $data['hidden'] = true;
88		- }
89		- }
90		-
91		- $this->copyCommentData($object, $data, $database);
92		-
93		- $comments[] = $data;
94		- }
95		-
96		- $this->assign('comments', $comments);
97		- $this->assign('seeRestrictedComments', $seeRestrictedComments);
98		- $this->assign('seeCheckuserComments', $seeCheckuserComments);
99		-
100		- $this->assign('editOthersComments', $this->barrierTest('editOthers', $currentUser, PageEditComment::class));
101		- $this->assign('editComments', $this->barrierTest(RoleConfigurationBase::MAIN, $currentUser, PageEditComment::class));
102		- $this->assign('canUnflag', $this->barrierTest('unflag', $currentUser, PageFlagComment::class) && $this->barrierTest(RoleConfigurationBase::MAIN, $currentUser, PageFlagComment::class));
103		- }
104		-
105		- private function copyCommentData(Comment $object, array &$data, PdoDatabase $database): void
106		- {
107		- if ($data['hidden']) {
108		- // All details hidden, so don't copy anything.
109		- return;
110		- }
111		-
112		- /** @var Request $request */
113		- $request = Request::getById($object->getRequest(), $database);
114		-
115		- if (!$data['hiddenText']) {
116		- // Comment text is hidden, but presence of the comment is visible.
117		- $data['comment'] = $object->getComment();
118		- }
119		-
120		- $data['id'] = $object->getId();
121		- $data['updateversion'] = $object->getUpdateVersion();
122		- $data['time'] = $object->getTime();
123		- $data['requestid'] = $object->getRequest();
124		- $data['request'] = $request->getName();
125		- $data['requeststatus'] = $request->getStatus();
126		- $data['userid'] = $object->getUser();
127		- $data['user'] = User::getById($object->getUser(), $database)->getUsername();
128		- }
	21	+ /**
	22	+ * @inheritDoc
	23	+ */
	24	+ protected function main()
	25	+ {
	26	+ $this->setHtmlTitle('Flagged comments');
	27	+ $this->setTemplate('flagged-comments.tpl');
	28	+
	29	+ $database = $this->getDatabase();
	30	+ $this->assignCSRFToken();
	31	+
	32	+ /** @var Comment[] $commentObjects */
	33	+ $commentObjects = Comment::getFlaggedComments($database, 1); // FIXME: domains
	34	+ $comments = [];
	35	+
	36	+ $currentUser = User::getCurrent($database);
	37	+
	38	+ $seeRestrictedComments = $this->barrierTest('seeRestrictedComments', $currentUser, 'RequestData');
	39	+ $seeCheckuserComments = $this->barrierTest('seeCheckuserComments', $currentUser, 'RequestData');
	40	+ $alwaysSeePrivateData = $this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData');
	41	+
	42	+ foreach ($commentObjects as $object) {
	43	+ $data = [
	44	+ 'visibility' => $object->getVisibility(),
	45	+ 'hidden' => false,
	46	+ 'hiddenText' => false,
	47	+ ];
	48	+
	49	+ if (!$alwaysSeePrivateData) {
	50	+ // tl;dr: This is a stupid configuration, but let's account for it anyway.
	51	+ //
	52	+ // Flagged comments are treated as private data. If you don't have the privilege
	53	+ // RequestData::alwaysSeePrivateData, then we can't show you the content of the comments here.
	54	+ // This page is forced to degrade into basically a list of requests, seriously hampering the usefulness
	55	+ // of this page. Still, we need to handle the case where we have access to this page, but not access
	56	+ // to private data.
	57	+ // At the time of writing, this case does not exist in the current role configuration, but for the role
	58	+ // configuration to be free of assumptions, we need this code.
	59	+
	60	+ /** @var Request $request */
	61	+ $request = Request::getById($object->getRequest(), $database);
	62	+
	63	+ if ($request->getReserved() === $currentUser->getId()) {
	64	+ $data['hiddenText'] = false;
	65	+ }
	66	+ else {
	67	+ $data['hiddenText'] = true;
	68	+ }
	69	+ }
	70	+
	71	+ if ($object->getVisibility() == 'requester' \|\| $object->getVisibility() == 'user') {
	72	+ $data['hidden'] = false;
	73	+ }
	74	+ elseif ($object->getVisibility() == 'admin') {
	75	+ if ($seeRestrictedComments) {
	76	+ $data['hidden'] = false;
	77	+ }
	78	+ else {
	79	+ $data['hidden'] = true;
	80	+ }
	81	+ }
	82	+ elseif ($object->getVisibility() == 'checkuser') {
	83	+ if ($seeCheckuserComments) {
	84	+ $data['hidden'] = false;
	85	+ }
	86	+ else {
	87	+ $data['hidden'] = true;
	88	+ }
	89	+ }
	90	+
	91	+ $this->copyCommentData($object, $data, $database);
	92	+
	93	+ $comments[] = $data;
	94	+ }
	95	+
	96	+ $this->assign('comments', $comments);
	97	+ $this->assign('seeRestrictedComments', $seeRestrictedComments);
	98	+ $this->assign('seeCheckuserComments', $seeCheckuserComments);
	99	+
	100	+ $this->assign('editOthersComments', $this->barrierTest('editOthers', $currentUser, PageEditComment::class));
	101	+ $this->assign('editComments', $this->barrierTest(RoleConfigurationBase::MAIN, $currentUser, PageEditComment::class));
	102	+ $this->assign('canUnflag', $this->barrierTest('unflag', $currentUser, PageFlagComment::class) && $this->barrierTest(RoleConfigurationBase::MAIN, $currentUser, PageFlagComment::class));
	103	+ }
	104	+
	105	+ private function copyCommentData(Comment $object, array &$data, PdoDatabase $database): void
	106	+ {
	107	+ if ($data['hidden']) {
	108	+ // All details hidden, so don't copy anything.
	109	+ return;
	110	+ }
	111	+
	112	+ /** @var Request $request */
	113	+ $request = Request::getById($object->getRequest(), $database);
	114	+
	115	+ if (!$data['hiddenText']) {
	116	+ // Comment text is hidden, but presence of the comment is visible.
	117	+ $data['comment'] = $object->getComment();
	118	+ }
	119	+
	120	+ $data['id'] = $object->getId();
	121	+ $data['updateversion'] = $object->getUpdateVersion();
	122	+ $data['time'] = $object->getTime();
	123	+ $data['requestid'] = $object->getRequest();
	124	+ $data['request'] = $request->getName();
	125	+ $data['requeststatus'] = $request->getStatus();
	126	+ $data['userid'] = $object->getUser();
	127	+ $data['user'] = User::getById($object->getUser(), $database)->getUsername();
	128	+ }
129	129	}
130	130	\ No newline at end of file

		@@ -18,129 +18,129 @@
		block discarded – undo
18	18
19	19	trait TemplateOutput
20	20	{
21		- /** @var Smarty */
22		- private $smarty;
23		-
24		- /**
25		- * @param string $pluginsDir
26		- *
27		- * @return void
28		- * @throws Exception
29		- */
30		- private function loadPlugins(string $pluginsDir): void
31		- {
32		- /** @var DirectoryIterator $file */
33		- foreach (new DirectoryIterator($pluginsDir) as $file) {
34		- if ($file->isDot()) {
35		- continue;
36		- }
37		-
38		- if ($file->getExtension() != 'php') {
39		- continue;
40		- }
41		-
42		- require_once $file->getPathname();
43		-
44		- list($type, $name) = explode('.', $file->getBasename('.php'), 2);
45		-
46		- switch ($type) {
47		- case 'modifier':
48		- $this->smarty->registerPlugin(Smarty::PLUGIN_MODIFIER, $name, 'smarty_modifier_' . $name);
49		- break;
50		- case 'function':
51		- $this->smarty->registerPlugin(Smarty::PLUGIN_FUNCTION, $name, 'smarty_function_' . $name);
52		- break;
53		- }
54		- }
55		- }
56		-
57		- /**
58		- * @return SiteConfiguration
59		- */
60		- protected abstract function getSiteConfiguration();
61		-
62		- /**
63		- * Assigns a Smarty variable
64		- *
65		- * @param array\|string $name the template variable name(s)
66		- * @param mixed $value the value to assign
67		- */
68		- final protected function assign($name, $value)
69		- {
70		- $this->smarty->assign($name, $value);
71		- }
72		-
73		- /**
74		- * Sets up the variables used by the main Smarty base template.
75		- *
76		- * This list is getting kinda long.
77		- * @throws Exception
78		- */
79		- final protected function setUpSmarty()
80		- {
81		- $this->smarty = new Smarty();
82		- $pluginsDir = $this->getSiteConfiguration()->getFilePath() . '/smarty-plugins';
83		-
84		- // Dynamically load all plugins in the plugins directory
85		- $this->loadPlugins($pluginsDir);
86		-
87		- $this->assign('currentUser', User::getCommunity());
88		- $this->assign('skin', 'auto');
89		- $this->assign('currentDomain', null);
90		- $this->assign('loggedIn', false);
91		- $this->assign('baseurl', $this->getSiteConfiguration()->getBaseUrl());
92		- $this->assign('resourceCacheEpoch', $this->getSiteConfiguration()->getResourceCacheEpoch());
93		-
94		- $this->assign('siteNoticeText', '');
95		- $this->assign('siteNoticeVersion', 0);
96		- $this->assign('siteNoticeState', 'd-none');
97		- $this->assign('toolversion', Environment::getToolVersion());
98		-
99		- // default these
100		- $this->assign('onlineusers', array());
101		- $this->assign('typeAheadBlock', '');
102		- $this->assign('extraJs', array());
103		-
104		- // nav menu access control
105		- $this->assign('nav__canRequests', false);
106		- $this->assign('nav__canLogs', false);
107		- $this->assign('nav__canUsers', false);
108		- $this->assign('nav__canSearch', false);
109		- $this->assign('nav__canStats', false);
110		- $this->assign('nav__canBan', false);
111		- $this->assign('nav__canEmailMgmt', false);
112		- $this->assign('nav__canWelcomeMgmt', false);
113		- $this->assign('nav__canSiteNoticeMgmt', false);
114		- $this->assign('nav__canUserMgmt', false);
115		- $this->assign('nav__canViewRequest', false);
116		- $this->assign('nav__canJobQueue', false);
117		- $this->assign('nav__canFlaggedComments', false);
118		- $this->assign('nav__canDomainMgmt', false);
119		- $this->assign('nav__canQueueMgmt', false);
120		- $this->assign('nav__canFormMgmt', false);
121		- $this->assign('nav__canErrorLog', false);
122		-
123		- // Navigation badges for concern areas.
124		- $this->assign("nav__numAdmin", 0);
125		- $this->assign("nav__numFlaggedComments", 0);
126		- $this->assign("nav__numJobQueueFailed", 0);
127		-
128		- // debug helpers
129		- $this->assign('showDebugCssBreakpoints', $this->getSiteConfiguration()->getDebuggingCssBreakpointsEnabled());
130		-
131		- $this->assign('page', $this);
132		- }
133		-
134		- /**
135		- * Fetches a rendered Smarty template
136		- *
137		- * @param $template string Template file path, relative to /templates/
138		- *
139		- * @return string Templated HTML
140		- * @throws Exception
141		- */
142		- final protected function fetchTemplate($template)
143		- {
144		- return $this->smarty->fetch($template);
145		- }
	21	+ /** @var Smarty */
	22	+ private $smarty;
	23	+
	24	+ /**
	25	+ * @param string $pluginsDir
	26	+ *
	27	+ * @return void
	28	+ * @throws Exception
	29	+ */
	30	+ private function loadPlugins(string $pluginsDir): void
	31	+ {
	32	+ /** @var DirectoryIterator $file */
	33	+ foreach (new DirectoryIterator($pluginsDir) as $file) {
	34	+ if ($file->isDot()) {
	35	+ continue;
	36	+ }
	37	+
	38	+ if ($file->getExtension() != 'php') {
	39	+ continue;
	40	+ }
	41	+
	42	+ require_once $file->getPathname();
	43	+
	44	+ list($type, $name) = explode('.', $file->getBasename('.php'), 2);
	45	+
	46	+ switch ($type) {
	47	+ case 'modifier':
	48	+ $this->smarty->registerPlugin(Smarty::PLUGIN_MODIFIER, $name, 'smarty_modifier_' . $name);
	49	+ break;
	50	+ case 'function':
	51	+ $this->smarty->registerPlugin(Smarty::PLUGIN_FUNCTION, $name, 'smarty_function_' . $name);
	52	+ break;
	53	+ }
	54	+ }
	55	+ }
	56	+
	57	+ /**
	58	+ * @return SiteConfiguration
	59	+ */
	60	+ protected abstract function getSiteConfiguration();
	61	+
	62	+ /**
	63	+ * Assigns a Smarty variable
	64	+ *
	65	+ * @param array\|string $name the template variable name(s)
	66	+ * @param mixed $value the value to assign
	67	+ */
	68	+ final protected function assign($name, $value)
	69	+ {
	70	+ $this->smarty->assign($name, $value);
	71	+ }
	72	+
	73	+ /**
	74	+ * Sets up the variables used by the main Smarty base template.
	75	+ *
	76	+ * This list is getting kinda long.
	77	+ * @throws Exception
	78	+ */
	79	+ final protected function setUpSmarty()
	80	+ {
	81	+ $this->smarty = new Smarty();
	82	+ $pluginsDir = $this->getSiteConfiguration()->getFilePath() . '/smarty-plugins';
	83	+
	84	+ // Dynamically load all plugins in the plugins directory
	85	+ $this->loadPlugins($pluginsDir);
	86	+
	87	+ $this->assign('currentUser', User::getCommunity());
	88	+ $this->assign('skin', 'auto');
	89	+ $this->assign('currentDomain', null);
	90	+ $this->assign('loggedIn', false);
	91	+ $this->assign('baseurl', $this->getSiteConfiguration()->getBaseUrl());
	92	+ $this->assign('resourceCacheEpoch', $this->getSiteConfiguration()->getResourceCacheEpoch());
	93	+
	94	+ $this->assign('siteNoticeText', '');
	95	+ $this->assign('siteNoticeVersion', 0);
	96	+ $this->assign('siteNoticeState', 'd-none');
	97	+ $this->assign('toolversion', Environment::getToolVersion());
	98	+
	99	+ // default these
	100	+ $this->assign('onlineusers', array());
	101	+ $this->assign('typeAheadBlock', '');
	102	+ $this->assign('extraJs', array());
	103	+
	104	+ // nav menu access control
	105	+ $this->assign('nav__canRequests', false);
	106	+ $this->assign('nav__canLogs', false);
	107	+ $this->assign('nav__canUsers', false);
	108	+ $this->assign('nav__canSearch', false);
	109	+ $this->assign('nav__canStats', false);
	110	+ $this->assign('nav__canBan', false);
	111	+ $this->assign('nav__canEmailMgmt', false);
	112	+ $this->assign('nav__canWelcomeMgmt', false);
	113	+ $this->assign('nav__canSiteNoticeMgmt', false);
	114	+ $this->assign('nav__canUserMgmt', false);
	115	+ $this->assign('nav__canViewRequest', false);
	116	+ $this->assign('nav__canJobQueue', false);
	117	+ $this->assign('nav__canFlaggedComments', false);
	118	+ $this->assign('nav__canDomainMgmt', false);
	119	+ $this->assign('nav__canQueueMgmt', false);
	120	+ $this->assign('nav__canFormMgmt', false);
	121	+ $this->assign('nav__canErrorLog', false);
	122	+
	123	+ // Navigation badges for concern areas.
	124	+ $this->assign("nav__numAdmin", 0);
	125	+ $this->assign("nav__numFlaggedComments", 0);
	126	+ $this->assign("nav__numJobQueueFailed", 0);
	127	+
	128	+ // debug helpers
	129	+ $this->assign('showDebugCssBreakpoints', $this->getSiteConfiguration()->getDebuggingCssBreakpointsEnabled());
	130	+
	131	+ $this->assign('page', $this);
	132	+ }
	133	+
	134	+ /**
	135	+ * Fetches a rendered Smarty template
	136	+ *
	137	+ * @param $template string Template file path, relative to /templates/
	138	+ *
	139	+ * @return string Templated HTML
	140	+ * @throws Exception
	141	+ */
	142	+ final protected function fetchTemplate($template)
	143	+ {
	144	+ return $this->smarty->fetch($template);
	145	+ }
146	146	}

		@@ -10,135 +10,135 @@
		block discarded – undo
10	10
11	11	abstract class RoleConfigurationBase
12	12	{
13		- const ACCESS_ALLOW = 1;
14		- const ACCESS_DENY = -1;
15		- const ACCESS_DEFAULT = 0;
16		- const MAIN = 'main';
17		- const ALL = '*';
18		-
19		- protected array $roleConfig;
20		- protected array $identificationExempt;
21		-
22		- protected function __construct(array $roleConfig, array $identificationExempt)
23		- {
24		- $this->roleConfig = $roleConfig;
25		- $this->identificationExempt = $identificationExempt;
26		- }
27		-
28		- /**
29		- * Takes an array of role names and flattens the values to a single
30		- * resultant role configuration.
31		- *
32		- * @param string[] $activeRoles
33		- * @category Security-Critical
34		- */
35		- public function getResultantRole(array $activeRoles): array
36		- {
37		- $result = array();
38		-
39		- $roleConfig = $this->getApplicableRoles($activeRoles);
40		-
41		- // Iterate over every page in every role
42		- foreach ($roleConfig as $role) {
43		- foreach ($role as $page => $pageRights) {
44		- // Create holder in result for this page
45		- if (!isset($result[$page])) {
46		- $result[$page] = array();
47		- }
48		-
49		- foreach ($pageRights as $action => $permission) {
50		- // Deny takes precedence, so if it's set, don't change it.
51		- if (isset($result[$page][$action])) {
52		- if ($result[$page][$action] === RoleConfigurationBase::ACCESS_DENY) {
53		- continue;
54		- }
55		- }
56		-
57		- if ($permission === RoleConfigurationBase::ACCESS_DEFAULT) {
58		- // Configured to do precisely nothing.
59		- continue;
60		- }
61		-
62		- $result[$page][$action] = $permission;
63		- }
64		- }
65		- }
66		-
67		- return $result;
68		- }
69		-
70		- /**
71		- * Returns a set of all roles which are available to be set.
72		- *
73		- * Hidden roles and implicit roles are excluded.
74		- */
75		- public function getAvailableRoles(): array
76		- {
77		- // remove the implicit roles
78		- $possible = array_diff(array_keys($this->roleConfig), array('public', 'loggedIn', 'user'));
79		-
80		- $actual = array();
81		-
82		- foreach ($possible as $role) {
83		- if (!isset($this->roleConfig[$role]['_hidden'])) {
84		- $actual[$role] = array(
85		- 'description' => $this->roleConfig[$role]['_description'],
86		- 'editableBy' => $this->roleConfig[$role]['_editableBy'],
87		- 'globalOnly' => isset($this->roleConfig[$role]['_globalOnly']) && $this->roleConfig[$role]['_globalOnly'],
88		- );
89		- }
90		- }
91		-
92		- return $actual;
93		- }
94		-
95		- /**
96		- * Returns a boolean for whether the provided role requires identification
97		- * before being used by a user.
98		- *
99		- * @category Security-Critical
100		- */
101		- public function roleNeedsIdentification(string $role): bool
102		- {
103		- if (in_array($role, $this->identificationExempt)) {
104		- return false;
105		- }
106		-
107		- return true;
108		- }
109		-
110		- /**
111		- * Takes an array of role names, and returns all the relevant roles for that
112		- * set, including any child roles found recursively.
113		- *
114		- * @param array $roles The names of roles to start searching with
115		- */
116		- private function getApplicableRoles(array $roles): array
117		- {
118		- $available = array();
119		-
120		- foreach ($roles as $role) {
121		- if (!isset($this->roleConfig[$role])) {
122		- // wat
123		- continue;
124		- }
125		-
126		- $available[$role] = $this->roleConfig[$role];
127		-
128		- if (isset($available[$role]['_childRoles'])) {
129		- $childRoles = $this->getApplicableRoles($available[$role]['_childRoles']);
130		- $available = array_merge($available, $childRoles);
131		-
132		- unset($available[$role]['_childRoles']);
133		- }
134		-
135		- foreach (array('_hidden', '_editableBy', '_description', '_globalOnly') as $item) {
136		- if (isset($available[$role][$item])) {
137		- unset($available[$role][$item]);
138		- }
139		- }
140		- }
141		-
142		- return $available;
143		- }
	13	+ const ACCESS_ALLOW = 1;
	14	+ const ACCESS_DENY = -1;
	15	+ const ACCESS_DEFAULT = 0;
	16	+ const MAIN = 'main';
	17	+ const ALL = '*';
	18	+
	19	+ protected array $roleConfig;
	20	+ protected array $identificationExempt;
	21	+
	22	+ protected function __construct(array $roleConfig, array $identificationExempt)
	23	+ {
	24	+ $this->roleConfig = $roleConfig;
	25	+ $this->identificationExempt = $identificationExempt;
	26	+ }
	27	+
	28	+ /**
	29	+ * Takes an array of role names and flattens the values to a single
	30	+ * resultant role configuration.
	31	+ *
	32	+ * @param string[] $activeRoles
	33	+ * @category Security-Critical
	34	+ */
	35	+ public function getResultantRole(array $activeRoles): array
	36	+ {
	37	+ $result = array();
	38	+
	39	+ $roleConfig = $this->getApplicableRoles($activeRoles);
	40	+
	41	+ // Iterate over every page in every role
	42	+ foreach ($roleConfig as $role) {
	43	+ foreach ($role as $page => $pageRights) {
	44	+ // Create holder in result for this page
	45	+ if (!isset($result[$page])) {
	46	+ $result[$page] = array();
	47	+ }
	48	+
	49	+ foreach ($pageRights as $action => $permission) {
	50	+ // Deny takes precedence, so if it's set, don't change it.
	51	+ if (isset($result[$page][$action])) {
	52	+ if ($result[$page][$action] === RoleConfigurationBase::ACCESS_DENY) {
	53	+ continue;
	54	+ }
	55	+ }
	56	+
	57	+ if ($permission === RoleConfigurationBase::ACCESS_DEFAULT) {
	58	+ // Configured to do precisely nothing.
	59	+ continue;
	60	+ }
	61	+
	62	+ $result[$page][$action] = $permission;
	63	+ }
	64	+ }
	65	+ }
	66	+
	67	+ return $result;
	68	+ }
	69	+
	70	+ /**
	71	+ * Returns a set of all roles which are available to be set.
	72	+ *
	73	+ * Hidden roles and implicit roles are excluded.
	74	+ */
	75	+ public function getAvailableRoles(): array
	76	+ {
	77	+ // remove the implicit roles
	78	+ $possible = array_diff(array_keys($this->roleConfig), array('public', 'loggedIn', 'user'));
	79	+
	80	+ $actual = array();
	81	+
	82	+ foreach ($possible as $role) {
	83	+ if (!isset($this->roleConfig[$role]['_hidden'])) {
	84	+ $actual[$role] = array(
	85	+ 'description' => $this->roleConfig[$role]['_description'],
	86	+ 'editableBy' => $this->roleConfig[$role]['_editableBy'],
	87	+ 'globalOnly' => isset($this->roleConfig[$role]['_globalOnly']) && $this->roleConfig[$role]['_globalOnly'],
	88	+ );
	89	+ }
	90	+ }
	91	+
	92	+ return $actual;
	93	+ }
	94	+
	95	+ /**
	96	+ * Returns a boolean for whether the provided role requires identification
	97	+ * before being used by a user.
	98	+ *
	99	+ * @category Security-Critical
	100	+ */
	101	+ public function roleNeedsIdentification(string $role): bool
	102	+ {
	103	+ if (in_array($role, $this->identificationExempt)) {
	104	+ return false;
	105	+ }
	106	+
	107	+ return true;
	108	+ }
	109	+
	110	+ /**
	111	+ * Takes an array of role names, and returns all the relevant roles for that
	112	+ * set, including any child roles found recursively.
	113	+ *
	114	+ * @param array $roles The names of roles to start searching with
	115	+ */
	116	+ private function getApplicableRoles(array $roles): array
	117	+ {
	118	+ $available = array();
	119	+
	120	+ foreach ($roles as $role) {
	121	+ if (!isset($this->roleConfig[$role])) {
	122	+ // wat
	123	+ continue;
	124	+ }
	125	+
	126	+ $available[$role] = $this->roleConfig[$role];
	127	+
	128	+ if (isset($available[$role]['_childRoles'])) {
	129	+ $childRoles = $this->getApplicableRoles($available[$role]['_childRoles']);
	130	+ $available = array_merge($available, $childRoles);
	131	+
	132	+ unset($available[$role]['_childRoles']);
	133	+ }
	134	+
	135	+ foreach (array('_hidden', '_editableBy', '_description', '_globalOnly') as $item) {
	136	+ if (isset($available[$role][$item])) {
	137	+ unset($available[$role][$item]);
	138	+ }
	139	+ }
	140	+ }
	141	+
	142	+ return $available;
	143	+ }
144	144	}
145	145	\ No newline at end of file

		@@ -14,22 +14,22 @@ discard block
		block discarded – undo
14	14
15	15	class ExceptionHandler
16	16	{
17		- /**
18		- * Global exception handler
19		- *
20		- * Smarty would be nice to use, but it COULD BE smarty that throws the errors.
21		- * Let's build something ourselves, and hope it works.
22		- *
23		- * @param $exception
24		- *
25		- * @category Security-Critical - has the potential to leak data when exception is thrown.
26		- */
27		- public static function exceptionHandler(Throwable $exception)
28		- {
29		- /** @global $siteConfiguration SiteConfiguration */
30		- global $siteConfiguration;
31		-
32		- $errorDocument = <<<HTML
	17	+ /**
	18	+ * Global exception handler
	19	+ *
	20	+ * Smarty would be nice to use, but it COULD BE smarty that throws the errors.
	21	+ * Let's build something ourselves, and hope it works.
	22	+ *
	23	+ * @param $exception
	24	+ *
	25	+ * @category Security-Critical - has the potential to leak data when exception is thrown.
	26	+ */
	27	+ public static function exceptionHandler(Throwable $exception)
	28	+ {
	29	+ /** @global $siteConfiguration SiteConfiguration */
	30	+ global $siteConfiguration;
	31	+
	32	+ $errorDocument = <<<HTML
33	33	<!DOCTYPE html>
34	34	<html lang="en"><head>
35	35	<meta charset="utf-8">
		@@ -49,106 +49,106 @@ discard block
		block discarded – undo
49	49	</div></body></html>
50	50	HTML;
51	51
52		- list($errorData, $errorId) = self::logExceptionToDisk($exception, $siteConfiguration, true);
53		-
54		- error_log('Unhandled ' . get_class($exception) . ': ' . $exception->getMessage());
55		-
56		- // clear and discard any content that's been saved to the output buffer
57		- if (ob_get_level() > 0) {
58		- ob_end_clean();
59		- }
60		-
61		- // push error ID into the document.
62		- $message = str_replace('$1$', $errorId, $errorDocument);
63		-
64		- if ($siteConfiguration->getDebuggingTraceEnabled()) {
65		- ob_start();
66		- var_dump($errorData);
67		- $textErrorData = ob_get_contents();
68		- ob_end_clean();
69		-
70		- $message = str_replace('$2$', $textErrorData, $message);
71		- }
72		- else {
73		- $message = str_replace('$2$', "", $message);
74		- }
75		-
76		- // While we shouldn't have sent headers by now due to the output buffering, PHPUnit does weird things.
77		- // This is "only" needed for the tests, but it's a good idea to wrap this anyway.
78		- if (!headers_sent()) {
79		- header('HTTP/1.1 500 Internal Server Error');
80		- }
81		-
82		- // output the document
83		- print $message;
84		- }
85		-
86		- /**
87		- * @param int $errorSeverity The severity level of the exception.
88		- * @param string $errorMessage The Exception message to throw.
89		- * @param string $errorFile The filename where the exception is thrown.
90		- * @param int $errorLine The line number where the exception is thrown.
91		- *
92		- * @throws ErrorException
93		- */
94		- public static function errorHandler($errorSeverity, $errorMessage, $errorFile, $errorLine)
95		- {
96		- // call into the main exception handler above
97		- throw new ErrorException($errorMessage, 0, $errorSeverity, $errorFile, $errorLine);
98		- }
99		-
100		- /**
101		- * @param Throwable $exception
102		- *
103		- * @return null\|array
104		- */
105		- public static function getExceptionData($exception)
106		- {
107		- if ($exception == null) {
108		- return null;
109		- }
110		-
111		- $array = array(
112		- 'exception' => get_class($exception),
113		- 'message' => $exception->getMessage(),
114		- 'stack' => $exception->getTraceAsString(),
115		- );
116		-
117		- $array['previous'] = self::getExceptionData($exception->getPrevious());
118		-
119		- return $array;
120		- }
121		-
122		- public static function logExceptionToDisk(
123		- Throwable $exception,
124		- SiteConfiguration $siteConfiguration,
125		- bool $fromGlobalHandler = false
126		- ): array {
127		- $errorData = self::getExceptionData($exception);
128		- $errorData['server'] = $_SERVER;
129		- $errorData['get'] = $_GET;
130		- $errorData['post'] = $_POST;
131		-
132		- $redactions = ['password', 'newpassword', 'newpasswordconfirm', 'otp'];
133		- foreach ($redactions as $redaction) {
134		- if (isset($errorData['post'][$redaction])) {
135		- $errorData['post'][$redaction] = '<redacted>';
136		- }
137		- }
138		-
139		- if ($fromGlobalHandler) {
140		- $errorData['globalHandler'] = true;
141		- }
142		- else {
143		- $errorData['globalHandler'] = false;
144		- }
145		-
146		- $state = serialize($errorData);
147		- $errorId = sha1($state);
148		-
149		- // Save the error for later analysis
150		- file_put_contents($siteConfiguration->getErrorLog() . '/' . $errorId . '.log', $state);
151		-
152		- return array($errorData, $errorId);
153		- }
	52	+ list($errorData, $errorId) = self::logExceptionToDisk($exception, $siteConfiguration, true);
	53	+
	54	+ error_log('Unhandled ' . get_class($exception) . ': ' . $exception->getMessage());
	55	+
	56	+ // clear and discard any content that's been saved to the output buffer
	57	+ if (ob_get_level() > 0) {
	58	+ ob_end_clean();
	59	+ }
	60	+
	61	+ // push error ID into the document.
	62	+ $message = str_replace('$1$', $errorId, $errorDocument);
	63	+
	64	+ if ($siteConfiguration->getDebuggingTraceEnabled()) {
	65	+ ob_start();
	66	+ var_dump($errorData);
	67	+ $textErrorData = ob_get_contents();
	68	+ ob_end_clean();
	69	+
	70	+ $message = str_replace('$2$', $textErrorData, $message);
	71	+ }
	72	+ else {
	73	+ $message = str_replace('$2$', "", $message);
	74	+ }
	75	+
	76	+ // While we shouldn't have sent headers by now due to the output buffering, PHPUnit does weird things.
	77	+ // This is "only" needed for the tests, but it's a good idea to wrap this anyway.
	78	+ if (!headers_sent()) {
	79	+ header('HTTP/1.1 500 Internal Server Error');
	80	+ }
	81	+
	82	+ // output the document
	83	+ print $message;
	84	+ }
	85	+
	86	+ /**
	87	+ * @param int $errorSeverity The severity level of the exception.
	88	+ * @param string $errorMessage The Exception message to throw.
	89	+ * @param string $errorFile The filename where the exception is thrown.
	90	+ * @param int $errorLine The line number where the exception is thrown.
	91	+ *
	92	+ * @throws ErrorException
	93	+ */
	94	+ public static function errorHandler($errorSeverity, $errorMessage, $errorFile, $errorLine)
	95	+ {
	96	+ // call into the main exception handler above
	97	+ throw new ErrorException($errorMessage, 0, $errorSeverity, $errorFile, $errorLine);
	98	+ }
	99	+
	100	+ /**
	101	+ * @param Throwable $exception
	102	+ *
	103	+ * @return null\|array
	104	+ */
	105	+ public static function getExceptionData($exception)
	106	+ {
	107	+ if ($exception == null) {
	108	+ return null;
	109	+ }
	110	+
	111	+ $array = array(
	112	+ 'exception' => get_class($exception),
	113	+ 'message' => $exception->getMessage(),
	114	+ 'stack' => $exception->getTraceAsString(),
	115	+ );
	116	+
	117	+ $array['previous'] = self::getExceptionData($exception->getPrevious());
	118	+
	119	+ return $array;
	120	+ }
	121	+
	122	+ public static function logExceptionToDisk(
	123	+ Throwable $exception,
	124	+ SiteConfiguration $siteConfiguration,
	125	+ bool $fromGlobalHandler = false
	126	+ ): array {
	127	+ $errorData = self::getExceptionData($exception);
	128	+ $errorData['server'] = $_SERVER;
	129	+ $errorData['get'] = $_GET;
	130	+ $errorData['post'] = $_POST;
	131	+
	132	+ $redactions = ['password', 'newpassword', 'newpasswordconfirm', 'otp'];
	133	+ foreach ($redactions as $redaction) {
	134	+ if (isset($errorData['post'][$redaction])) {
	135	+ $errorData['post'][$redaction] = '<redacted>';
	136	+ }
	137	+ }
	138	+
	139	+ if ($fromGlobalHandler) {
	140	+ $errorData['globalHandler'] = true;
	141	+ }
	142	+ else {
	143	+ $errorData['globalHandler'] = false;
	144	+ }
	145	+
	146	+ $state = serialize($errorData);
	147	+ $errorId = sha1($state);
	148	+
	149	+ // Save the error for later analysis
	150	+ file_put_contents($siteConfiguration->getErrorLog() . '/' . $errorId . '.log', $state);
	151	+
	152	+ return array($errorData, $errorId);
	153	+ }
154	154	}

mdaniels5757 / waca

Push — smarty5 ( 853ee4...d2daf7 )

Status

Category

Indentation +152 added lines, -152 removed lines patch added patch discarded remove patch

Indentation +108 added lines, -108 removed lines patch added patch discarded remove patch

Indentation +1110 added lines, -1110 removed lines patch added patch discarded remove patch

Indentation +125 added lines, -125 removed lines patch added patch discarded remove patch

Indentation +131 added lines, -131 removed lines patch added patch discarded remove patch

Indentation +118 added lines, -118 removed lines patch added patch discarded remove patch

Indentation +659 added lines, -659 removed lines patch added patch discarded remove patch