mdaniels5757 / waca

includes/Pages/PageViewRequest.php

Indentation +275 added lines, -275 removed lines

@@ -25,279 +25,279 @@
 
 class PageViewRequest extends InternalPageBase
 {
-    use RequestData;
-    const STATUS_SYMBOL_OPEN = '&#x2610';
-    const STATUS_SYMBOL_ACCEPTED = '&#x2611';
-    const STATUS_SYMBOL_REJECTED = '&#x2612';
-
-    /**
-     * Main function for this page, when no specific actions are called.
-     * @throws ApplicationLogicException
-     */
-    protected function main()
-    {
-        // set up csrf protection
-        $this->assignCSRFToken();
-
-        // get some useful objects
-        $database = $this->getDatabase();
-        $request = $this->getRequest($database, WebRequest::getInt('id'));
-        $config = $this->getSiteConfiguration();
-        $currentUser = User::getCurrent($database);
-
-        // Test we should be able to look at this request
-        if ($config->getEmailConfirmationEnabled()) {
-            if ($request->getEmailConfirm() !== 'Confirmed') {
-                // Not allowed to look at this yet.
-                throw new ApplicationLogicException('The email address has not yet been confirmed for this request.');
-            }
-        }
-
-        $this->setupBasicData($request, $config);
-
-        $this->setupUsernameData($request);
-
-        $this->setupTitle($request);
-
-        $this->setupReservationDetails($request->getReserved(), $database, $currentUser);
-        $this->setupGeneralData($database);
-
-        $this->assign('requestDataCleared', false);
-        if ($request->getEmail() === $this->getSiteConfiguration()->getDataClearEmail()) {
-            $this->assign('requestDataCleared', true);
-        }
-
-        $allowedPrivateData = $this->isAllowedPrivateData($request, $currentUser);
-
-        $this->setupCreationTypes($currentUser);
-
-        $this->setupLogData($request, $database);
-
-        $this->addJs("/api.php?action=templates&targetVariable=templateconfirms");
-
-        $this->assign('showRevealLink', false);
-        if ($request->getReserved() === $currentUser->getId() ||
-            $this->barrierTest('alwaysSeeHash', $currentUser, 'RequestData')
-        ) {
-            $this->assign('showRevealLink', true);
-            $this->assign('revealHash', $request->getRevealHash());
-        }
-
-        $this->assign('canSeeRelatedRequests', false);
-        if ($allowedPrivateData || $this->barrierTest('seeRelatedRequests', $currentUser, 'RequestData')) {
-            $this->setupRelatedRequests($request, $config, $database);
-        }
-
-        if ($allowedPrivateData) {
-            $this->setTemplate('view-request/main-with-data.tpl');
-            $this->setupPrivateData($request);
-
-            $this->assign('canSetBan', $this->barrierTest('set', $currentUser, PageBan::class));
-            $this->assign('canSeeCheckuserData', $this->barrierTest('seeUserAgentData', $currentUser, 'RequestData'));
-
-            if ($this->barrierTest('seeUserAgentData', $currentUser, 'RequestData')) {
-                $this->setTemplate('view-request/main-with-checkuser-data.tpl');
-                $this->setupCheckUserData($request);
-            }
-        }
-        else {
-            $this->setTemplate('view-request/main.tpl');
-        }
-    }
-
-    /**
-     * @param Request $request
-     */
-    protected function setupTitle(Request $request)
-    {
-        $statusSymbol = self::STATUS_SYMBOL_OPEN;
-        if ($request->getStatus() === 'Closed') {
-            if ($request->getWasCreated()) {
-                $statusSymbol = self::STATUS_SYMBOL_ACCEPTED;
-            }
-            else {
-                $statusSymbol = self::STATUS_SYMBOL_REJECTED;
-            }
-        }
-
-        $this->setHtmlTitle($statusSymbol . ' #' . $request->getId());
-    }
-
-    /**
-     * Sets up data unrelated to the request, such as the email template information
-     *
-     * @param PdoDatabase $database
-     */
-    protected function setupGeneralData(PdoDatabase $database)
-    {
-        $config = $this->getSiteConfiguration();
-
-        $this->assign('createAccountReason', 'Requested account at [[WP:ACC]], request #');
-
-        $this->assign('defaultRequestState', $config->getDefaultRequestStateKey());
-
-        $this->assign('requestStates', $config->getRequestStates());
-
-        /** @var EmailTemplate $createdTemplate */
-        $createdTemplate = EmailTemplate::getById($config->getDefaultCreatedTemplateId(), $database);
-
-        $this->assign('createdHasJsQuestion', $createdTemplate->getJsquestion() != '');
-        $this->assign('createdId', $createdTemplate->getId());
-        $this->assign('createdName', $createdTemplate->getName());
-
-        $createReasons = EmailTemplate::getActiveTemplates(EmailTemplate::CREATED, $database);
-        $this->assign("createReasons", $createReasons);
-        $declineReasons = EmailTemplate::getActiveTemplates(EmailTemplate::NOT_CREATED, $database);
-        $this->assign("declineReasons", $declineReasons);
-
-        $allCreateReasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::CREATED, $database);
-        $this->assign("allCreateReasons", $allCreateReasons);
-        $allDeclineReasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::NOT_CREATED, $database);
-        $this->assign("allDeclineReasons", $allDeclineReasons);
-        $allOtherReasons = EmailTemplate::getAllActiveTemplates(false, $database);
-        $this->assign("allOtherReasons", $allOtherReasons);
-    }
-
-    private function setupLogData(Request $request, PdoDatabase $database)
-    {
-        $currentUser = User::getCurrent($database);
-
-        $logs = LogHelper::getRequestLogsWithComments($request->getId(), $database, $this->getSecurityManager());
-        $requestLogs = array();
-
-        /** @var User[] $nameCache */
-        $nameCache = array();
-
-        $editableComments = $this->barrierTest('editOthers', $currentUser, PageEditComment::class);
-
-        /** @var Log|Comment $entry */
-        foreach ($logs as $entry) {
-            // both log and comment have a 'user' field
-            if (!array_key_exists($entry->getUser(), $nameCache)) {
-                $entryUser = User::getById($entry->getUser(), $database);
-                $nameCache[$entry->getUser()] = $entryUser;
-            }
-
-            if ($entry instanceof Comment) {
-                $requestLogs[] = array(
-                    'type'     => 'comment',
-                    'security' => $entry->getVisibility(),
-                    'user'     => $entry->getVisibility() == 'requester' ? $request->getName() : $nameCache[$entry->getUser()]->getUsername(),
-                    'userid'   => $entry->getUser() == -1 ? null : $entry->getUser(),
-                    'entry'    => null,
-                    'time'     => $entry->getTime(),
-                    'canedit'  => ($editableComments || $entry->getUser() == $currentUser->getId()),
-                    'id'       => $entry->getId(),
-                    'comment'  => $entry->getComment(),
-                );
-            }
-
-            if ($entry instanceof Log) {
-                $invalidUserId = $entry->getUser() === -1 || $entry->getUser() === 0;
-                $entryUser = $invalidUserId ? User::getCommunity() : $nameCache[$entry->getUser()];
-
-                $entryComment = $entry->getComment();
-
-                if ($entry->getAction() === 'JobIssueRequest' || $entry->getAction() === 'JobCompletedRequest') {
-                    $data = unserialize($entry->getComment());
-                    /** @var JobQueue $job */
-                    $job = JobQueue::getById($data['job'], $database);
-                    $requestLogs[] = array(
-                        'type'     => 'joblog',
-                        'security' => 'user',
-                        'userid'   => $entry->getUser() == -1 ? null : $entry->getUser(),
-                        'user'     => $entryUser->getUsername(),
-                        'entry'    => LogHelper::getLogDescription($entry),
-                        'time'     => $entry->getTimestamp(),
-                        'canedit'  => false,
-                        'id'       => $entry->getId(),
-                        'jobId'    => $job->getId(),
-                        'jobDesc'  => JobQueue::getTaskDescriptions()[$job->getTask()],
-                    );
-                } else {
-                    $requestLogs[] = array(
-                        'type'     => 'log',
-                        'security' => 'user',
-                        'userid'   => $entry->getUser() == -1 ? null : $entry->getUser(),
-                        'user'     => $entryUser->getUsername(),
-                        'entry'    => LogHelper::getLogDescription($entry),
-                        'time'     => $entry->getTimestamp(),
-                        'canedit'  => false,
-                        'id'       => $entry->getId(),
-                        'comment'  => $entryComment,
-                    );
-                }
-            }
-        }
-
-        $this->addJs("/api.php?action=users&targetVariable=typeaheaddata");
-
-        $this->assign("requestLogs", $requestLogs);
-    }
-
-    /**
-     * @param Request $request
-     */
-    protected function setupUsernameData(Request $request)
-    {
-        $blacklistData = $this->getBlacklistHelper()->isBlacklisted($request->getName());
-
-        $this->assign('requestIsBlacklisted', $blacklistData !== false);
-        $this->assign('requestBlacklist', $blacklistData);
-
-        try {
-            $spoofs = $this->getAntiSpoofProvider()->getSpoofs($request->getName());
-        }
-        catch (Exception $ex) {
-            $spoofs = $ex->getMessage();
-        }
-
-        $this->assign("spoofs", $spoofs);
-    }
-
-    private function setupCreationTypes(User $user)
-    {
-        $this->assign('allowWelcomeSkip', false);
-        $this->assign('forceWelcomeSkip', false);
-
-        $oauth = new OAuthUserHelper($user, $this->getDatabase(), $this->getOAuthProtocolHelper(), $this->getSiteConfiguration());
-
-        if ($user->getWelcomeTemplate() != 0) {
-            $this->assign('allowWelcomeSkip', true);
-
-            if (!$oauth->canWelcome()) {
-                $this->assign('forceWelcomeSkip', true);
-            }
-        }
-
-        // test credentials
-        $canManualCreate = $this->barrierTest(User::CREATION_MANUAL, $user, 'RequestCreation');
-        $canOauthCreate = $this->barrierTest(User::CREATION_OAUTH, $user, 'RequestCreation');
-        $canBotCreate = $this->barrierTest(User::CREATION_BOT, $user, 'RequestCreation');
-
-        $this->assign('canManualCreate', $canManualCreate);
-        $this->assign('canOauthCreate', $canOauthCreate);
-        $this->assign('canBotCreate', $canBotCreate);
-
-        // show/hide the type radio buttons
-        $creationHasChoice = count(array_filter([$canManualCreate, $canOauthCreate, $canBotCreate])) > 1;
-
-        if (!$this->barrierTest($user->getCreationMode(), $user, 'RequestCreation')) {
-            // user is not allowed to use their default. Force a choice.
-            $creationHasChoice = true;
-        }
-
-        $this->assign('creationHasChoice', $creationHasChoice);
-
-        // determine problems in creation types
-        $this->assign('botProblem', false);
-        if ($canBotCreate && $this->getSiteConfiguration()->getCreationBotPassword() === null) {
-            $this->assign('botProblem', true);
-        }
-
-        $this->assign('oauthProblem', false);
-        if ($canOauthCreate && !$oauth->canCreateAccount()) {
-            $this->assign('oauthProblem', true);
-        }
-    }
+	use RequestData;
+	const STATUS_SYMBOL_OPEN = '&#x2610';
+	const STATUS_SYMBOL_ACCEPTED = '&#x2611';
+	const STATUS_SYMBOL_REJECTED = '&#x2612';
+
+	/**
+	 * Main function for this page, when no specific actions are called.
+	 * @throws ApplicationLogicException
+	 */
+	protected function main()
+	{
+		// set up csrf protection
+		$this->assignCSRFToken();
+
+		// get some useful objects
+		$database = $this->getDatabase();
+		$request = $this->getRequest($database, WebRequest::getInt('id'));
+		$config = $this->getSiteConfiguration();
+		$currentUser = User::getCurrent($database);
+
+		// Test we should be able to look at this request
+		if ($config->getEmailConfirmationEnabled()) {
+			if ($request->getEmailConfirm() !== 'Confirmed') {
+				// Not allowed to look at this yet.
+				throw new ApplicationLogicException('The email address has not yet been confirmed for this request.');
+			}
+		}
+
+		$this->setupBasicData($request, $config);
+
+		$this->setupUsernameData($request);
+
+		$this->setupTitle($request);
+
+		$this->setupReservationDetails($request->getReserved(), $database, $currentUser);
+		$this->setupGeneralData($database);
+
+		$this->assign('requestDataCleared', false);
+		if ($request->getEmail() === $this->getSiteConfiguration()->getDataClearEmail()) {
+			$this->assign('requestDataCleared', true);
+		}
+
+		$allowedPrivateData = $this->isAllowedPrivateData($request, $currentUser);
+
+		$this->setupCreationTypes($currentUser);
+
+		$this->setupLogData($request, $database);
+
+		$this->addJs("/api.php?action=templates&targetVariable=templateconfirms");
+
+		$this->assign('showRevealLink', false);
+		if ($request->getReserved() === $currentUser->getId() ||
+			$this->barrierTest('alwaysSeeHash', $currentUser, 'RequestData')
+		) {
+			$this->assign('showRevealLink', true);
+			$this->assign('revealHash', $request->getRevealHash());
+		}
+
+		$this->assign('canSeeRelatedRequests', false);
+		if ($allowedPrivateData || $this->barrierTest('seeRelatedRequests', $currentUser, 'RequestData')) {
+			$this->setupRelatedRequests($request, $config, $database);
+		}
+
+		if ($allowedPrivateData) {
+			$this->setTemplate('view-request/main-with-data.tpl');
+			$this->setupPrivateData($request);
+
+			$this->assign('canSetBan', $this->barrierTest('set', $currentUser, PageBan::class));
+			$this->assign('canSeeCheckuserData', $this->barrierTest('seeUserAgentData', $currentUser, 'RequestData'));
+
+			if ($this->barrierTest('seeUserAgentData', $currentUser, 'RequestData')) {
+				$this->setTemplate('view-request/main-with-checkuser-data.tpl');
+				$this->setupCheckUserData($request);
+			}
+		}
+		else {
+			$this->setTemplate('view-request/main.tpl');
+		}
+	}
+
+	/**
+	 * @param Request $request
+	 */
+	protected function setupTitle(Request $request)
+	{
+		$statusSymbol = self::STATUS_SYMBOL_OPEN;
+		if ($request->getStatus() === 'Closed') {
+			if ($request->getWasCreated()) {
+				$statusSymbol = self::STATUS_SYMBOL_ACCEPTED;
+			}
+			else {
+				$statusSymbol = self::STATUS_SYMBOL_REJECTED;
+			}
+		}
+
+		$this->setHtmlTitle($statusSymbol . ' #' . $request->getId());
+	}
+
+	/**
+	 * Sets up data unrelated to the request, such as the email template information
+	 *
+	 * @param PdoDatabase $database
+	 */
+	protected function setupGeneralData(PdoDatabase $database)
+	{
+		$config = $this->getSiteConfiguration();
+
+		$this->assign('createAccountReason', 'Requested account at [[WP:ACC]], request #');
+
+		$this->assign('defaultRequestState', $config->getDefaultRequestStateKey());
+
+		$this->assign('requestStates', $config->getRequestStates());
+
+		/** @var EmailTemplate $createdTemplate */
+		$createdTemplate = EmailTemplate::getById($config->getDefaultCreatedTemplateId(), $database);
+
+		$this->assign('createdHasJsQuestion', $createdTemplate->getJsquestion() != '');
+		$this->assign('createdId', $createdTemplate->getId());
+		$this->assign('createdName', $createdTemplate->getName());
+
+		$createReasons = EmailTemplate::getActiveTemplates(EmailTemplate::CREATED, $database);
+		$this->assign("createReasons", $createReasons);
+		$declineReasons = EmailTemplate::getActiveTemplates(EmailTemplate::NOT_CREATED, $database);
+		$this->assign("declineReasons", $declineReasons);
+
+		$allCreateReasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::CREATED, $database);
+		$this->assign("allCreateReasons", $allCreateReasons);
+		$allDeclineReasons = EmailTemplate::getAllActiveTemplates(EmailTemplate::NOT_CREATED, $database);
+		$this->assign("allDeclineReasons", $allDeclineReasons);
+		$allOtherReasons = EmailTemplate::getAllActiveTemplates(false, $database);
+		$this->assign("allOtherReasons", $allOtherReasons);
+	}
+
+	private function setupLogData(Request $request, PdoDatabase $database)
+	{
+		$currentUser = User::getCurrent($database);
+
+		$logs = LogHelper::getRequestLogsWithComments($request->getId(), $database, $this->getSecurityManager());
+		$requestLogs = array();
+
+		/** @var User[] $nameCache */
+		$nameCache = array();
+
+		$editableComments = $this->barrierTest('editOthers', $currentUser, PageEditComment::class);
+
+		/** @var Log|Comment $entry */
+		foreach ($logs as $entry) {
+			// both log and comment have a 'user' field
+			if (!array_key_exists($entry->getUser(), $nameCache)) {
+				$entryUser = User::getById($entry->getUser(), $database);
+				$nameCache[$entry->getUser()] = $entryUser;
+			}
+
+			if ($entry instanceof Comment) {
+				$requestLogs[] = array(
+					'type'     => 'comment',
+					'security' => $entry->getVisibility(),
+					'user'     => $entry->getVisibility() == 'requester' ? $request->getName() : $nameCache[$entry->getUser()]->getUsername(),
+					'userid'   => $entry->getUser() == -1 ? null : $entry->getUser(),
+					'entry'    => null,
+					'time'     => $entry->getTime(),
+					'canedit'  => ($editableComments || $entry->getUser() == $currentUser->getId()),
+					'id'       => $entry->getId(),
+					'comment'  => $entry->getComment(),
+				);
+			}
+
+			if ($entry instanceof Log) {
+				$invalidUserId = $entry->getUser() === -1 || $entry->getUser() === 0;
+				$entryUser = $invalidUserId ? User::getCommunity() : $nameCache[$entry->getUser()];
+
+				$entryComment = $entry->getComment();
+
+				if ($entry->getAction() === 'JobIssueRequest' || $entry->getAction() === 'JobCompletedRequest') {
+					$data = unserialize($entry->getComment());
+					/** @var JobQueue $job */
+					$job = JobQueue::getById($data['job'], $database);
+					$requestLogs[] = array(
+						'type'     => 'joblog',
+						'security' => 'user',
+						'userid'   => $entry->getUser() == -1 ? null : $entry->getUser(),
+						'user'     => $entryUser->getUsername(),
+						'entry'    => LogHelper::getLogDescription($entry),
+						'time'     => $entry->getTimestamp(),
+						'canedit'  => false,
+						'id'       => $entry->getId(),
+						'jobId'    => $job->getId(),
+						'jobDesc'  => JobQueue::getTaskDescriptions()[$job->getTask()],
+					);
+				} else {
+					$requestLogs[] = array(
+						'type'     => 'log',
+						'security' => 'user',
+						'userid'   => $entry->getUser() == -1 ? null : $entry->getUser(),
+						'user'     => $entryUser->getUsername(),
+						'entry'    => LogHelper::getLogDescription($entry),
+						'time'     => $entry->getTimestamp(),
+						'canedit'  => false,
+						'id'       => $entry->getId(),
+						'comment'  => $entryComment,
+					);
+				}
+			}
+		}
+
+		$this->addJs("/api.php?action=users&targetVariable=typeaheaddata");
+
+		$this->assign("requestLogs", $requestLogs);
+	}
+
+	/**
+	 * @param Request $request
+	 */
+	protected function setupUsernameData(Request $request)
+	{
+		$blacklistData = $this->getBlacklistHelper()->isBlacklisted($request->getName());
+
+		$this->assign('requestIsBlacklisted', $blacklistData !== false);
+		$this->assign('requestBlacklist', $blacklistData);
+
+		try {
+			$spoofs = $this->getAntiSpoofProvider()->getSpoofs($request->getName());
+		}
+		catch (Exception $ex) {
+			$spoofs = $ex->getMessage();
+		}
+
+		$this->assign("spoofs", $spoofs);
+	}
+
+	private function setupCreationTypes(User $user)
+	{
+		$this->assign('allowWelcomeSkip', false);
+		$this->assign('forceWelcomeSkip', false);
+
+		$oauth = new OAuthUserHelper($user, $this->getDatabase(), $this->getOAuthProtocolHelper(), $this->getSiteConfiguration());
+
+		if ($user->getWelcomeTemplate() != 0) {
+			$this->assign('allowWelcomeSkip', true);
+
+			if (!$oauth->canWelcome()) {
+				$this->assign('forceWelcomeSkip', true);
+			}
+		}
+
+		// test credentials
+		$canManualCreate = $this->barrierTest(User::CREATION_MANUAL, $user, 'RequestCreation');
+		$canOauthCreate = $this->barrierTest(User::CREATION_OAUTH, $user, 'RequestCreation');
+		$canBotCreate = $this->barrierTest(User::CREATION_BOT, $user, 'RequestCreation');
+
+		$this->assign('canManualCreate', $canManualCreate);
+		$this->assign('canOauthCreate', $canOauthCreate);
+		$this->assign('canBotCreate', $canBotCreate);
+
+		// show/hide the type radio buttons
+		$creationHasChoice = count(array_filter([$canManualCreate, $canOauthCreate, $canBotCreate])) > 1;
+
+		if (!$this->barrierTest($user->getCreationMode(), $user, 'RequestCreation')) {
+			// user is not allowed to use their default. Force a choice.
+			$creationHasChoice = true;
+		}
+
+		$this->assign('creationHasChoice', $creationHasChoice);
+
+		// determine problems in creation types
+		$this->assign('botProblem', false);
+		if ($canBotCreate && $this->getSiteConfiguration()->getCreationBotPassword() === null) {
+			$this->assign('botProblem', true);
+		}
+
+		$this->assign('oauthProblem', false);
+		if ($canOauthCreate && !$oauth->canCreateAccount()) {
+			$this->assign('oauthProblem', true);
+		}
+	}
 }

Braces +2 added lines, -4 removed lines

@@ -99,8 +99,7 @@ 
                 $this->setTemplate('view-request/main-with-checkuser-data.tpl');
                 $this->setupCheckUserData($request);
             }
-        }
-        else {
+        } else {
             $this->setTemplate('view-request/main.tpl');
         }
     }
@@ -114,8 +113,7 @@ 
         if ($request->getStatus() === 'Closed') {
             if ($request->getWasCreated()) {
                 $statusSymbol = self::STATUS_SYMBOL_ACCEPTED;
-            }
-            else {
+            } else {
                 $statusSymbol = self::STATUS_SYMBOL_REJECTED;
             }
         }

includes/Pages/RequestAction/PageCustomClose.php

Indentation +275 added lines, -275 removed lines

@@ -24,279 +24,279 @@
 
 class PageCustomClose extends PageCloseRequest
 {
-    use RequestData;
-
-    protected function main()
-    {
-        $database = $this->getDatabase();
-
-        $request = $this->getRequest($database);
-        $currentUser = User::getCurrent($this->getDatabase());
-
-        if ($request->getStatus() === 'Closed') {
-            throw new ApplicationLogicException('Request is already closed');
-        }
-
-        // Dual-mode page
-        if (WebRequest::wasPosted()) {
-            $this->validateCSRFToken();
-            $this->doCustomClose($currentUser, $request, $database);
-
-            $this->redirect();
-        }
-        else {
-            $this->assignCSRFToken();
-            $this->showCustomCloseForm($database, $request);
-        }
-    }
-
-    /**
-     * @param $database
-     *
-     * @return Request
-     * @throws ApplicationLogicException
-     */
-    protected function getRequest(PdoDatabase $database)
-    {
-        $requestId = WebRequest::getInt('request');
-        if ($requestId === null) {
-            throw new ApplicationLogicException('Request ID not found');
-        }
-
-        /** @var Request $request */
-        $request = Request::getById($requestId, $database);
-
-        if ($request === false) {
-            throw new ApplicationLogicException('Request not found');
-        }
-
-        return $request;
-    }
-
-    /**
-     * @param PdoDatabase $database
-     *
-     * @return EmailTemplate|null
-     */
-    protected function getTemplate(PdoDatabase $database)
-    {
-        $templateId = WebRequest::getInt('template');
-        if ($templateId === null) {
-            return null;
-        }
-
-        /** @var EmailTemplate $template */
-        $template = EmailTemplate::getById($templateId, $database);
-        if ($template === false || !$template->getActive()) {
-            return null;
-        }
-
-        return $template;
-    }
-
-    /**
-     * @param $database
-     * @param $request
-     *
-     * @throws Exception
-     */
-    protected function showCustomCloseForm(PdoDatabase $database, Request $request)
-    {
-        $currentUser = User::getCurrent($database);
-        $config = $this->getSiteConfiguration();
-
-        $allowedPrivateData = $this->isAllowedPrivateData($request, $currentUser);
-        if (!$allowedPrivateData) {
-            // we probably shouldn't be showing the user this form if they're not allowed to access private data...
-            throw new AccessDeniedException($this->getSecurityManager());
-        }
-
-        $template = $this->getTemplate($database);
-
-        // Preload data
-        $this->assign('defaultAction', '');
-        $this->assign('preloadText', '');
-        $this->assign('preloadTitle', '');
-
-        if ($template !== null) {
-            $this->assign('defaultAction', $template->getDefaultAction());
-            $this->assign('preloadText', $template->getText());
-            $this->assign('preloadTitle', $template->getName());
-        }
-
-        // Static data
-        $this->assign('requeststates', $config->getRequestStates());
-
-        // request data
-        $this->assign('requestId', $request->getIp());
-        $this->assign('updateVersion', $request->getUpdateVersion());
-        $this->setupBasicData($request, $config);
-        $this->setupReservationDetails($request->getReserved(), $database, $currentUser);
-        $this->setupPrivateData($request);
-        $this->setupRelatedRequests($request, $config, $database);
-
-        // IP location
-        $trustedIp = $this->getXffTrustProvider()->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
-        $this->assign('iplocation', $this->getLocationProvider()->getIpLocation($trustedIp));
-
-        // Confirmations
-        $this->assign('confirmEmailAlreadySent', $this->checkEmailAlreadySent($request));
-
-        $this->assign('canSkipCcMailingList', $this->barrierTest('skipCcMailingList', $currentUser));
-
-        $this->assign('allowWelcomeSkip', false);
-        $this->assign('forceWelcomeSkip', false);
-
-        $oauth = new OAuthUserHelper($currentUser, $this->getDatabase(), $this->getOAuthProtocolHelper(), $config);
-
-        if ($currentUser->getWelcomeTemplate() != 0) {
-            $this->assign('allowWelcomeSkip', true);
-
-            if (!$oauth->canWelcome()) {
-                $this->assign('forceWelcomeSkip', true);
-            }
-        }
-
-
-        // template
-        $this->setTemplate('custom-close.tpl');
-    }
-
-    /**
-     * @param User        $currentUser
-     * @param Request     $request
-     * @param PdoDatabase $database
-     *
-     * @throws ApplicationLogicException
-     */
-    protected function doCustomClose(User $currentUser, Request $request, PdoDatabase $database)
-    {
-        $messageBody = WebRequest::postString('msgbody');
-        if ($messageBody === null || trim($messageBody) === '') {
-            throw new ApplicationLogicException('Message body cannot be blank');
-        }
-
-        $ccMailingList = true;
-        if ($this->barrierTest('skipCcMailingList', $currentUser)) {
-            $ccMailingList = WebRequest::postBoolean('ccMailingList');
-        }
-
-        if ($request->getStatus() === 'Closed') {
-            throw new ApplicationLogicException('Request is already closed');
-        }
-
-        if (!(WebRequest::postBoolean('confirmEmailAlreadySent'))
-        ) {
-            throw new ApplicationLogicException('Not all confirmations checked');
-        }
-
-        $action = WebRequest::postString('action');
-        $availableRequestStates = $this->getSiteConfiguration()->getRequestStates();
-
-        if ($action === EmailTemplate::CREATED || $action === EmailTemplate::NOT_CREATED) {
-            // Close request
-            $this->closeRequest($request, $database, $action, $messageBody);
-
-            $this->processWelcome($action);
-
-            // Send the mail after the save, since save can be rolled back
-            $this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
-        }
-        else {
-            if (array_key_exists($action, $availableRequestStates)) {
-                // Defer to other state
-                $this->deferRequest($request, $database, $action, $availableRequestStates, $messageBody);
-
-                // Send the mail after the save, since save can be rolled back
-                $this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
-            }
-            else {
-                $request->setReserved(null);
-                $request->setUpdateVersion(WebRequest::postInt('updateversion'));
-                $request->save();
-
-                // Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE
-                // and be rolled back.
-
-                // Send mail
-                $this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
-
-                Logger::sentMail($database, $request, $messageBody);
-                Logger::unreserve($database, $request);
-
-                $this->getNotificationHelper()->sentMail($request);
-                SessionAlert::success("Sent mail to Request {$request->getId()}");
-            }
-        }
-    }
-
-    /**
-     * @param Request     $request
-     * @param PdoDatabase $database
-     * @param string      $action
-     * @param string      $messageBody
-     *
-     * @throws Exception
-     * @throws OptimisticLockFailedException
-     */
-    protected function closeRequest(Request $request, PdoDatabase $database, $action, $messageBody)
-    {
-        $request->setStatus('Closed');
-        $request->setReserved(null);
-        $request->setUpdateVersion(WebRequest::postInt('updateversion'));
-        $request->save();
-
-        // Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE and
-        // be rolled back.
-
-        if ($action == EmailTemplate::CREATED) {
-            $logCloseType = 'custom-y';
-            $notificationCloseType = "Custom, Created";
-        }
-        else {
-            $logCloseType = 'custom-n';
-            $notificationCloseType = "Custom, Not Created";
-        }
-
-        Logger::closeRequest($database, $request, $logCloseType, $messageBody);
-        $this->getNotificationHelper()->requestClosed($request, $notificationCloseType);
-
-        $requestName = htmlentities($request->getName(), ENT_COMPAT, 'UTF-8');
-        SessionAlert::success("Request {$request->getId()} ({$requestName}) closed as {$notificationCloseType}.");
-    }
-
-    /**
-     * @param Request     $request
-     * @param PdoDatabase $database
-     * @param string      $action
-     * @param             $availableRequestStates
-     * @param string      $messageBody
-     *
-     * @throws Exception
-     * @throws OptimisticLockFailedException
-     */
-    protected function deferRequest(
-        Request $request,
-        PdoDatabase $database,
-        $action,
-        $availableRequestStates,
-        $messageBody
-    ) {
-        $request->setStatus($action);
-        $request->setReserved(null);
-        $request->setUpdateVersion(WebRequest::postInt('updateversion'));
-        $request->save();
-
-        // Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE
-        // and be rolled back.
-
-        $deferToLog = $availableRequestStates[$action]['defertolog'];
-        Logger::sentMail($database, $request, $messageBody);
-        Logger::deferRequest($database, $request, $deferToLog);
-
-        $this->getNotificationHelper()->requestDeferredWithMail($request);
-
-        $deferTo = $availableRequestStates[$action]['deferto'];
-        SessionAlert::success("Request {$request->getId()} deferred to $deferTo, sending an email.");
-    }
+	use RequestData;
+
+	protected function main()
+	{
+		$database = $this->getDatabase();
+
+		$request = $this->getRequest($database);
+		$currentUser = User::getCurrent($this->getDatabase());
+
+		if ($request->getStatus() === 'Closed') {
+			throw new ApplicationLogicException('Request is already closed');
+		}
+
+		// Dual-mode page
+		if (WebRequest::wasPosted()) {
+			$this->validateCSRFToken();
+			$this->doCustomClose($currentUser, $request, $database);
+
+			$this->redirect();
+		}
+		else {
+			$this->assignCSRFToken();
+			$this->showCustomCloseForm($database, $request);
+		}
+	}
+
+	/**
+	 * @param $database
+	 *
+	 * @return Request
+	 * @throws ApplicationLogicException
+	 */
+	protected function getRequest(PdoDatabase $database)
+	{
+		$requestId = WebRequest::getInt('request');
+		if ($requestId === null) {
+			throw new ApplicationLogicException('Request ID not found');
+		}
+
+		/** @var Request $request */
+		$request = Request::getById($requestId, $database);
+
+		if ($request === false) {
+			throw new ApplicationLogicException('Request not found');
+		}
+
+		return $request;
+	}
+
+	/**
+	 * @param PdoDatabase $database
+	 *
+	 * @return EmailTemplate|null
+	 */
+	protected function getTemplate(PdoDatabase $database)
+	{
+		$templateId = WebRequest::getInt('template');
+		if ($templateId === null) {
+			return null;
+		}
+
+		/** @var EmailTemplate $template */
+		$template = EmailTemplate::getById($templateId, $database);
+		if ($template === false || !$template->getActive()) {
+			return null;
+		}
+
+		return $template;
+	}
+
+	/**
+	 * @param $database
+	 * @param $request
+	 *
+	 * @throws Exception
+	 */
+	protected function showCustomCloseForm(PdoDatabase $database, Request $request)
+	{
+		$currentUser = User::getCurrent($database);
+		$config = $this->getSiteConfiguration();
+
+		$allowedPrivateData = $this->isAllowedPrivateData($request, $currentUser);
+		if (!$allowedPrivateData) {
+			// we probably shouldn't be showing the user this form if they're not allowed to access private data...
+			throw new AccessDeniedException($this->getSecurityManager());
+		}
+
+		$template = $this->getTemplate($database);
+
+		// Preload data
+		$this->assign('defaultAction', '');
+		$this->assign('preloadText', '');
+		$this->assign('preloadTitle', '');
+
+		if ($template !== null) {
+			$this->assign('defaultAction', $template->getDefaultAction());
+			$this->assign('preloadText', $template->getText());
+			$this->assign('preloadTitle', $template->getName());
+		}
+
+		// Static data
+		$this->assign('requeststates', $config->getRequestStates());
+
+		// request data
+		$this->assign('requestId', $request->getIp());
+		$this->assign('updateVersion', $request->getUpdateVersion());
+		$this->setupBasicData($request, $config);
+		$this->setupReservationDetails($request->getReserved(), $database, $currentUser);
+		$this->setupPrivateData($request);
+		$this->setupRelatedRequests($request, $config, $database);
+
+		// IP location
+		$trustedIp = $this->getXffTrustProvider()->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
+		$this->assign('iplocation', $this->getLocationProvider()->getIpLocation($trustedIp));
+
+		// Confirmations
+		$this->assign('confirmEmailAlreadySent', $this->checkEmailAlreadySent($request));
+
+		$this->assign('canSkipCcMailingList', $this->barrierTest('skipCcMailingList', $currentUser));
+
+		$this->assign('allowWelcomeSkip', false);
+		$this->assign('forceWelcomeSkip', false);
+
+		$oauth = new OAuthUserHelper($currentUser, $this->getDatabase(), $this->getOAuthProtocolHelper(), $config);
+
+		if ($currentUser->getWelcomeTemplate() != 0) {
+			$this->assign('allowWelcomeSkip', true);
+
+			if (!$oauth->canWelcome()) {
+				$this->assign('forceWelcomeSkip', true);
+			}
+		}
+
+
+		// template
+		$this->setTemplate('custom-close.tpl');
+	}
+
+	/**
+	 * @param User        $currentUser
+	 * @param Request     $request
+	 * @param PdoDatabase $database
+	 *
+	 * @throws ApplicationLogicException
+	 */
+	protected function doCustomClose(User $currentUser, Request $request, PdoDatabase $database)
+	{
+		$messageBody = WebRequest::postString('msgbody');
+		if ($messageBody === null || trim($messageBody) === '') {
+			throw new ApplicationLogicException('Message body cannot be blank');
+		}
+
+		$ccMailingList = true;
+		if ($this->barrierTest('skipCcMailingList', $currentUser)) {
+			$ccMailingList = WebRequest::postBoolean('ccMailingList');
+		}
+
+		if ($request->getStatus() === 'Closed') {
+			throw new ApplicationLogicException('Request is already closed');
+		}
+
+		if (!(WebRequest::postBoolean('confirmEmailAlreadySent'))
+		) {
+			throw new ApplicationLogicException('Not all confirmations checked');
+		}
+
+		$action = WebRequest::postString('action');
+		$availableRequestStates = $this->getSiteConfiguration()->getRequestStates();
+
+		if ($action === EmailTemplate::CREATED || $action === EmailTemplate::NOT_CREATED) {
+			// Close request
+			$this->closeRequest($request, $database, $action, $messageBody);
+
+			$this->processWelcome($action);
+
+			// Send the mail after the save, since save can be rolled back
+			$this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
+		}
+		else {
+			if (array_key_exists($action, $availableRequestStates)) {
+				// Defer to other state
+				$this->deferRequest($request, $database, $action, $availableRequestStates, $messageBody);
+
+				// Send the mail after the save, since save can be rolled back
+				$this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
+			}
+			else {
+				$request->setReserved(null);
+				$request->setUpdateVersion(WebRequest::postInt('updateversion'));
+				$request->save();
+
+				// Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE
+				// and be rolled back.
+
+				// Send mail
+				$this->sendMail($request, $messageBody, $currentUser, $ccMailingList);
+
+				Logger::sentMail($database, $request, $messageBody);
+				Logger::unreserve($database, $request);
+
+				$this->getNotificationHelper()->sentMail($request);
+				SessionAlert::success("Sent mail to Request {$request->getId()}");
+			}
+		}
+	}
+
+	/**
+	 * @param Request     $request
+	 * @param PdoDatabase $database
+	 * @param string      $action
+	 * @param string      $messageBody
+	 *
+	 * @throws Exception
+	 * @throws OptimisticLockFailedException
+	 */
+	protected function closeRequest(Request $request, PdoDatabase $database, $action, $messageBody)
+	{
+		$request->setStatus('Closed');
+		$request->setReserved(null);
+		$request->setUpdateVersion(WebRequest::postInt('updateversion'));
+		$request->save();
+
+		// Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE and
+		// be rolled back.
+
+		if ($action == EmailTemplate::CREATED) {
+			$logCloseType = 'custom-y';
+			$notificationCloseType = "Custom, Created";
+		}
+		else {
+			$logCloseType = 'custom-n';
+			$notificationCloseType = "Custom, Not Created";
+		}
+
+		Logger::closeRequest($database, $request, $logCloseType, $messageBody);
+		$this->getNotificationHelper()->requestClosed($request, $notificationCloseType);
+
+		$requestName = htmlentities($request->getName(), ENT_COMPAT, 'UTF-8');
+		SessionAlert::success("Request {$request->getId()} ({$requestName}) closed as {$notificationCloseType}.");
+	}
+
+	/**
+	 * @param Request     $request
+	 * @param PdoDatabase $database
+	 * @param string      $action
+	 * @param             $availableRequestStates
+	 * @param string      $messageBody
+	 *
+	 * @throws Exception
+	 * @throws OptimisticLockFailedException
+	 */
+	protected function deferRequest(
+		Request $request,
+		PdoDatabase $database,
+		$action,
+		$availableRequestStates,
+		$messageBody
+	) {
+		$request->setStatus($action);
+		$request->setReserved(null);
+		$request->setUpdateVersion(WebRequest::postInt('updateversion'));
+		$request->save();
+
+		// Perform the notifications and stuff *after* we've successfully saved, since the save can throw an OLE
+		// and be rolled back.
+
+		$deferToLog = $availableRequestStates[$action]['defertolog'];
+		Logger::sentMail($database, $request, $messageBody);
+		Logger::deferRequest($database, $request, $deferToLog);
+
+		$this->getNotificationHelper()->requestDeferredWithMail($request);
+
+		$deferTo = $availableRequestStates[$action]['deferto'];
+		SessionAlert::success("Request {$request->getId()} deferred to $deferTo, sending an email.");
+	}
 }

includes/Fragments/RequestData.php

Indentation +322 added lines, -322 removed lines

@@ -24,326 +24,326 @@
 
 trait RequestData
 {
-    /**
-     * @var array Array of IP address classed as 'private' by RFC1918.
-     */
-    protected static $rfc1918ips = array(
-        "10.0.0.0"    => "10.255.255.255",
-        "172.16.0.0"  => "172.31.255.255",
-        "192.168.0.0" => "192.168.255.255",
-        "169.254.0.0" => "169.254.255.255",
-        "127.0.0.0"   => "127.255.255.255",
-    );
-
-    /**
-     * Gets a request object
-     *
-     * @param PdoDatabase $database  The database connection
-     * @param int|null    $requestId The ID of the request to retrieve
-     *
-     * @return Request
-     * @throws ApplicationLogicException
-     */
-    protected function getRequest(PdoDatabase $database, $requestId)
-    {
-        if ($requestId === null) {
-            throw new ApplicationLogicException("No request specified");
-        }
-
-        $request = Request::getById($requestId, $database);
-        if ($request === false || !is_a($request, Request::class)) {
-            throw new ApplicationLogicException('Could not load the requested request!');
-        }
-
-        return $request;
-    }
-
-    /**
-     * Returns a value stating whether the user is allowed to see private data or not
-     *
-     * @param Request $request
-     * @param User    $currentUser
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    protected function isAllowedPrivateData(Request $request, User $currentUser)
-    {
-        // Test the main security barrier for private data access using SecurityManager
-        if ($this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData')) {
-            // Tool admins/check-users can always see private data
-            return true;
-        }
-
-        // reserving user is allowed to see the data
-        if ($currentUser->getId() === $request->getReserved()
-            && $request->getReserved() !== null
-            && $this->barrierTest('seePrivateDataWhenReserved', $currentUser, 'RequestData')
-        ) {
-            return true;
-        }
-
-        // user has the reveal hash
-        if (WebRequest::getString('hash') === $request->getRevealHash()
-            && $this->barrierTest('seePrivateDataWithHash', $currentUser, 'RequestData')
-        ) {
-            return true;
-        }
-
-        // nope. Not allowed.
-        return false;
-    }
-
-    /**
-     * Tests the security barrier for a specified action.
-     *
-     * Don't use within templates
-     *
-     * @param string      $action
-     *
-     * @param User        $user
-     * @param null|string $pageName
-     *
-     * @return bool
-     * @category Security-Critical
-     */
-    abstract protected function barrierTest($action, User $user, $pageName = null);
-
-    /**
-     * Gets the name of the route that has been passed from the request router.
-     * @return string
-     */
-    abstract protected function getRouteName();
-
-    /** @return SecurityManager */
-    abstract protected function getSecurityManager();
-
-    /**
-     * Sets the name of the template this page should display.
-     *
-     * @param string $name
-     */
-    abstract protected function setTemplate($name);
-
-    /** @return IXffTrustProvider */
-    abstract protected function getXffTrustProvider();
-
-    /** @return ILocationProvider */
-    abstract protected function getLocationProvider();
-
-    /** @return IRDnsProvider */
-    abstract protected function getRdnsProvider();
-
-    /**
-     * Assigns a Smarty variable
-     *
-     * @param  array|string $name  the template variable name(s)
-     * @param  mixed        $value the value to assign
-     */
-    abstract protected function assign($name, $value);
-
-    /**
-     * @param int|null    $requestReservationId
-     * @param PdoDatabase $database
-     * @param User        $currentUser
-     */
-    protected function setupReservationDetails($requestReservationId, PdoDatabase $database, User $currentUser)
-    {
-        $requestIsReserved = $requestReservationId !== null;
-        $this->assign('requestIsReserved', $requestIsReserved);
-        $this->assign('requestIsReservedByMe', false);
-
-        if ($requestIsReserved) {
-            $this->assign('requestReservedByName', User::getById($requestReservationId, $database)->getUsername());
-            $this->assign('requestReservedById', $requestReservationId);
-
-            if ($requestReservationId === $currentUser->getId()) {
-                $this->assign('requestIsReservedByMe', true);
-            }
-        }
-
-        $this->assign('canBreakReservation', $this->barrierTest('force', $currentUser, PageBreakReservation::class));
-    }
-
-    /**
-     * Adds private request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
-     *
-     * @param Request           $request
-     */
-    protected function setupPrivateData(
-        $request
-    ) {
-        $xffProvider = $this->getXffTrustProvider();
-
-        $this->assign('requestEmail', $request->getEmail());
-        $emailDomain = explode("@", $request->getEmail())[1];
-        $this->assign("emailurl", $emailDomain);
-
-        $trustedIp = $xffProvider->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
-        $this->assign('requestTrustedIp', $trustedIp);
-        $this->assign('requestRealIp', $request->getIp());
-        $this->assign('requestForwardedIp', $request->getForwardedIp());
-
-        $trustedIpLocation = $this->getLocationProvider()->getIpLocation($trustedIp);
-        $this->assign('requestTrustedIpLocation', $trustedIpLocation);
-
-        $this->assign('requestHasForwardedIp', $request->getForwardedIp() !== null);
-
-        $this->setupForwardedIpData($request);
-    }
-
-    /**
-     * Adds related request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
-     *
-     * @param Request           $request
-     * @param SiteConfiguration $configuration
-     * @param PdoDatabase       $database
-     */
-    protected function setupRelatedRequests(
-        Request $request,
-        SiteConfiguration $configuration,
-        PdoDatabase $database)
-    {
-        $this->assign('canSeeRelatedRequests', true);
-
-        $relatedEmailRequests = RequestSearchHelper::get($database)
-            ->byEmailAddress($request->getEmail())
-            ->withConfirmedEmail()
-            ->excludingPurgedData($configuration)
-            ->excludingRequest($request->getId())
-            ->fetch();
-
-        $this->assign('requestRelatedEmailRequestsCount', count($relatedEmailRequests));
-        $this->assign('requestRelatedEmailRequests', $relatedEmailRequests);
-
-        $trustedIp = $this->getXffTrustProvider()->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
-        $relatedIpRequests = RequestSearchHelper::get($database)
-            ->byIp($trustedIp)
-            ->withConfirmedEmail()
-            ->excludingPurgedData($configuration)
-            ->excludingRequest($request->getId())
-            ->fetch();
-
-        $this->assign('requestRelatedIpRequestsCount', count($relatedIpRequests));
-        $this->assign('requestRelatedIpRequests', $relatedIpRequests);
-    }
-
-    /**
-     * Adds checkuser request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
-     *
-     * @param Request $request
-     */
-    protected function setupCheckUserData(Request $request)
-    {
-        $this->assign('requestUserAgent', $request->getUserAgent());
-    }
-
-    /**
-     * Sets up the basic data for this request, and adds it to Smarty
-     *
-     * @param Request           $request
-     * @param SiteConfiguration $config
-     */
-    protected function setupBasicData(Request $request, SiteConfiguration $config)
-    {
-        $this->assign('requestId', $request->getId());
-        $this->assign('updateVersion', $request->getUpdateVersion());
-        $this->assign('requestName', $request->getName());
-        $this->assign('requestDate', $request->getDate());
-        $this->assign('requestStatus', $request->getStatus());
-
-        $isClosed = !array_key_exists($request->getStatus(), $config->getRequestStates())
-            && $request->getStatus() !== RequestStatus::HOSPITAL;
-        $this->assign('requestIsClosed', $isClosed);
-    }
-
-    /**
-     * Sets up the forwarded IP data for this request and adds it to Smarty
-     *
-     * @param Request $request
-     */
-    protected function setupForwardedIpData(Request $request)
-    {
-        if ($request->getForwardedIp() !== null) {
-            $requestProxyData = array(); // Initialize array to store data to be output in Smarty template.
-            $proxyIndex = 0;
-
-            // Assuming [client] <=> [proxy1] <=> [proxy2] <=> [proxy3] <=> [us], we will see an XFF header of [client],
-            // [proxy1], [proxy2], and our actual IP will be [proxy3]
-            $proxies = explode(",", $request->getForwardedIp());
-            $proxies[] = $request->getIp();
-
-            // Origin is the supposed "client" IP.
-            $origin = $proxies[0];
-            $this->assign("forwardedOrigin", $origin);
-
-            // We step through the servers in reverse order, from closest to furthest
-            $proxies = array_reverse($proxies);
-
-            // By default, we have trust, because the first in the chain is now REMOTE_ADDR, which is hardest to spoof.
-            $trust = true;
-
-            /**
-             * @var int    $index     The zero-based index of the proxy.
-             * @var string $proxyData The proxy IP address (although possibly not!)
-             */
-            foreach ($proxies as $index => $proxyData) {
-                $proxyAddress = trim($proxyData);
-                $requestProxyData[$proxyIndex]['ip'] = $proxyAddress;
-
-                // get data on this IP.
-                $thisProxyIsTrusted = $this->getXffTrustProvider()->isTrusted($proxyAddress);
-
-                $proxyIsInPrivateRange = $this->getXffTrustProvider()
-                    ->ipInRange(self::$rfc1918ips, $proxyAddress);
-
-                if (!$proxyIsInPrivateRange) {
-                    $proxyReverseDns = $this->getRdnsProvider()->getReverseDNS($proxyAddress);
-                    $proxyLocation = $this->getLocationProvider()->getIpLocation($proxyAddress);
-                }
-                else {
-                    // this is going to fail, so why bother trying?
-                    $proxyReverseDns = false;
-                    $proxyLocation = false;
-                }
-
-                // current trust chain status BEFORE this link
-                $preLinkTrust = $trust;
-
-                // is *this* link trusted? Note, this will be true even if there is an untrusted link before this!
-                $requestProxyData[$proxyIndex]['trustedlink'] = $thisProxyIsTrusted;
-
-                // set the trust status of the chain to this point
-                $trust = $trust & $thisProxyIsTrusted;
-
-                // If this is the origin address, and the chain was trusted before this point, then we can trust
-                // the origin.
-                if ($preLinkTrust && $proxyAddress == $origin) {
-                    // if this is the origin, then we are at the last point in the chain.
-                    // @todo: this is probably the cause of some bugs when an IP appears twice - we're missing a check
-                    // to see if this is *really* the last in the chain, rather than just the same IP as it.
-                    $trust = true;
-                }
-
-                $requestProxyData[$proxyIndex]['trust'] = $trust;
-
-                $requestProxyData[$proxyIndex]['rdnsfailed'] = $proxyReverseDns === false;
-                $requestProxyData[$proxyIndex]['rdns'] = $proxyReverseDns;
-                $requestProxyData[$proxyIndex]['routable'] = !$proxyIsInPrivateRange;
-
-                $requestProxyData[$proxyIndex]['location'] = $proxyLocation;
-
-                if ($proxyReverseDns === $proxyAddress && $proxyIsInPrivateRange === false) {
-                    $requestProxyData[$proxyIndex]['rdns'] = null;
-                }
-
-                $showLinks = (!$trust || $proxyAddress == $origin) && !$proxyIsInPrivateRange;
-                $requestProxyData[$proxyIndex]['showlinks'] = $showLinks;
-
-                $proxyIndex++;
-            }
-
-            $this->assign("requestProxyData", $requestProxyData);
-        }
-    }
+	/**
+	 * @var array Array of IP address classed as 'private' by RFC1918.
+	 */
+	protected static $rfc1918ips = array(
+		"10.0.0.0"    => "10.255.255.255",
+		"172.16.0.0"  => "172.31.255.255",
+		"192.168.0.0" => "192.168.255.255",
+		"169.254.0.0" => "169.254.255.255",
+		"127.0.0.0"   => "127.255.255.255",
+	);
+
+	/**
+	 * Gets a request object
+	 *
+	 * @param PdoDatabase $database  The database connection
+	 * @param int|null    $requestId The ID of the request to retrieve
+	 *
+	 * @return Request
+	 * @throws ApplicationLogicException
+	 */
+	protected function getRequest(PdoDatabase $database, $requestId)
+	{
+		if ($requestId === null) {
+			throw new ApplicationLogicException("No request specified");
+		}
+
+		$request = Request::getById($requestId, $database);
+		if ($request === false || !is_a($request, Request::class)) {
+			throw new ApplicationLogicException('Could not load the requested request!');
+		}
+
+		return $request;
+	}
+
+	/**
+	 * Returns a value stating whether the user is allowed to see private data or not
+	 *
+	 * @param Request $request
+	 * @param User    $currentUser
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	protected function isAllowedPrivateData(Request $request, User $currentUser)
+	{
+		// Test the main security barrier for private data access using SecurityManager
+		if ($this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData')) {
+			// Tool admins/check-users can always see private data
+			return true;
+		}
+
+		// reserving user is allowed to see the data
+		if ($currentUser->getId() === $request->getReserved()
+			&& $request->getReserved() !== null
+			&& $this->barrierTest('seePrivateDataWhenReserved', $currentUser, 'RequestData')
+		) {
+			return true;
+		}
+
+		// user has the reveal hash
+		if (WebRequest::getString('hash') === $request->getRevealHash()
+			&& $this->barrierTest('seePrivateDataWithHash', $currentUser, 'RequestData')
+		) {
+			return true;
+		}
+
+		// nope. Not allowed.
+		return false;
+	}
+
+	/**
+	 * Tests the security barrier for a specified action.
+	 *
+	 * Don't use within templates
+	 *
+	 * @param string      $action
+	 *
+	 * @param User        $user
+	 * @param null|string $pageName
+	 *
+	 * @return bool
+	 * @category Security-Critical
+	 */
+	abstract protected function barrierTest($action, User $user, $pageName = null);
+
+	/**
+	 * Gets the name of the route that has been passed from the request router.
+	 * @return string
+	 */
+	abstract protected function getRouteName();
+
+	/** @return SecurityManager */
+	abstract protected function getSecurityManager();
+
+	/**
+	 * Sets the name of the template this page should display.
+	 *
+	 * @param string $name
+	 */
+	abstract protected function setTemplate($name);
+
+	/** @return IXffTrustProvider */
+	abstract protected function getXffTrustProvider();
+
+	/** @return ILocationProvider */
+	abstract protected function getLocationProvider();
+
+	/** @return IRDnsProvider */
+	abstract protected function getRdnsProvider();
+
+	/**
+	 * Assigns a Smarty variable
+	 *
+	 * @param  array|string $name  the template variable name(s)
+	 * @param  mixed        $value the value to assign
+	 */
+	abstract protected function assign($name, $value);
+
+	/**
+	 * @param int|null    $requestReservationId
+	 * @param PdoDatabase $database
+	 * @param User        $currentUser
+	 */
+	protected function setupReservationDetails($requestReservationId, PdoDatabase $database, User $currentUser)
+	{
+		$requestIsReserved = $requestReservationId !== null;
+		$this->assign('requestIsReserved', $requestIsReserved);
+		$this->assign('requestIsReservedByMe', false);
+
+		if ($requestIsReserved) {
+			$this->assign('requestReservedByName', User::getById($requestReservationId, $database)->getUsername());
+			$this->assign('requestReservedById', $requestReservationId);
+
+			if ($requestReservationId === $currentUser->getId()) {
+				$this->assign('requestIsReservedByMe', true);
+			}
+		}
+
+		$this->assign('canBreakReservation', $this->barrierTest('force', $currentUser, PageBreakReservation::class));
+	}
+
+	/**
+	 * Adds private request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
+	 *
+	 * @param Request           $request
+	 */
+	protected function setupPrivateData(
+		$request
+	) {
+		$xffProvider = $this->getXffTrustProvider();
+
+		$this->assign('requestEmail', $request->getEmail());
+		$emailDomain = explode("@", $request->getEmail())[1];
+		$this->assign("emailurl", $emailDomain);
+
+		$trustedIp = $xffProvider->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
+		$this->assign('requestTrustedIp', $trustedIp);
+		$this->assign('requestRealIp', $request->getIp());
+		$this->assign('requestForwardedIp', $request->getForwardedIp());
+
+		$trustedIpLocation = $this->getLocationProvider()->getIpLocation($trustedIp);
+		$this->assign('requestTrustedIpLocation', $trustedIpLocation);
+
+		$this->assign('requestHasForwardedIp', $request->getForwardedIp() !== null);
+
+		$this->setupForwardedIpData($request);
+	}
+
+	/**
+	 * Adds related request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
+	 *
+	 * @param Request           $request
+	 * @param SiteConfiguration $configuration
+	 * @param PdoDatabase       $database
+	 */
+	protected function setupRelatedRequests(
+		Request $request,
+		SiteConfiguration $configuration,
+		PdoDatabase $database)
+	{
+		$this->assign('canSeeRelatedRequests', true);
+
+		$relatedEmailRequests = RequestSearchHelper::get($database)
+			->byEmailAddress($request->getEmail())
+			->withConfirmedEmail()
+			->excludingPurgedData($configuration)
+			->excludingRequest($request->getId())
+			->fetch();
+
+		$this->assign('requestRelatedEmailRequestsCount', count($relatedEmailRequests));
+		$this->assign('requestRelatedEmailRequests', $relatedEmailRequests);
+
+		$trustedIp = $this->getXffTrustProvider()->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
+		$relatedIpRequests = RequestSearchHelper::get($database)
+			->byIp($trustedIp)
+			->withConfirmedEmail()
+			->excludingPurgedData($configuration)
+			->excludingRequest($request->getId())
+			->fetch();
+
+		$this->assign('requestRelatedIpRequestsCount', count($relatedIpRequests));
+		$this->assign('requestRelatedIpRequests', $relatedIpRequests);
+	}
+
+	/**
+	 * Adds checkuser request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
+	 *
+	 * @param Request $request
+	 */
+	protected function setupCheckUserData(Request $request)
+	{
+		$this->assign('requestUserAgent', $request->getUserAgent());
+	}
+
+	/**
+	 * Sets up the basic data for this request, and adds it to Smarty
+	 *
+	 * @param Request           $request
+	 * @param SiteConfiguration $config
+	 */
+	protected function setupBasicData(Request $request, SiteConfiguration $config)
+	{
+		$this->assign('requestId', $request->getId());
+		$this->assign('updateVersion', $request->getUpdateVersion());
+		$this->assign('requestName', $request->getName());
+		$this->assign('requestDate', $request->getDate());
+		$this->assign('requestStatus', $request->getStatus());
+
+		$isClosed = !array_key_exists($request->getStatus(), $config->getRequestStates())
+			&& $request->getStatus() !== RequestStatus::HOSPITAL;
+		$this->assign('requestIsClosed', $isClosed);
+	}
+
+	/**
+	 * Sets up the forwarded IP data for this request and adds it to Smarty
+	 *
+	 * @param Request $request
+	 */
+	protected function setupForwardedIpData(Request $request)
+	{
+		if ($request->getForwardedIp() !== null) {
+			$requestProxyData = array(); // Initialize array to store data to be output in Smarty template.
+			$proxyIndex = 0;
+
+			// Assuming [client] <=> [proxy1] <=> [proxy2] <=> [proxy3] <=> [us], we will see an XFF header of [client],
+			// [proxy1], [proxy2], and our actual IP will be [proxy3]
+			$proxies = explode(",", $request->getForwardedIp());
+			$proxies[] = $request->getIp();
+
+			// Origin is the supposed "client" IP.
+			$origin = $proxies[0];
+			$this->assign("forwardedOrigin", $origin);
+
+			// We step through the servers in reverse order, from closest to furthest
+			$proxies = array_reverse($proxies);
+
+			// By default, we have trust, because the first in the chain is now REMOTE_ADDR, which is hardest to spoof.
+			$trust = true;
+
+			/**
+			 * @var int    $index     The zero-based index of the proxy.
+			 * @var string $proxyData The proxy IP address (although possibly not!)
+			 */
+			foreach ($proxies as $index => $proxyData) {
+				$proxyAddress = trim($proxyData);
+				$requestProxyData[$proxyIndex]['ip'] = $proxyAddress;
+
+				// get data on this IP.
+				$thisProxyIsTrusted = $this->getXffTrustProvider()->isTrusted($proxyAddress);
+
+				$proxyIsInPrivateRange = $this->getXffTrustProvider()
+					->ipInRange(self::$rfc1918ips, $proxyAddress);
+
+				if (!$proxyIsInPrivateRange) {
+					$proxyReverseDns = $this->getRdnsProvider()->getReverseDNS($proxyAddress);
+					$proxyLocation = $this->getLocationProvider()->getIpLocation($proxyAddress);
+				}
+				else {
+					// this is going to fail, so why bother trying?
+					$proxyReverseDns = false;
+					$proxyLocation = false;
+				}
+
+				// current trust chain status BEFORE this link
+				$preLinkTrust = $trust;
+
+				// is *this* link trusted? Note, this will be true even if there is an untrusted link before this!
+				$requestProxyData[$proxyIndex]['trustedlink'] = $thisProxyIsTrusted;
+
+				// set the trust status of the chain to this point
+				$trust = $trust & $thisProxyIsTrusted;
+
+				// If this is the origin address, and the chain was trusted before this point, then we can trust
+				// the origin.
+				if ($preLinkTrust && $proxyAddress == $origin) {
+					// if this is the origin, then we are at the last point in the chain.
+					// @todo: this is probably the cause of some bugs when an IP appears twice - we're missing a check
+					// to see if this is *really* the last in the chain, rather than just the same IP as it.
+					$trust = true;
+				}
+
+				$requestProxyData[$proxyIndex]['trust'] = $trust;
+
+				$requestProxyData[$proxyIndex]['rdnsfailed'] = $proxyReverseDns === false;
+				$requestProxyData[$proxyIndex]['rdns'] = $proxyReverseDns;
+				$requestProxyData[$proxyIndex]['routable'] = !$proxyIsInPrivateRange;
+
+				$requestProxyData[$proxyIndex]['location'] = $proxyLocation;
+
+				if ($proxyReverseDns === $proxyAddress && $proxyIsInPrivateRange === false) {
+					$requestProxyData[$proxyIndex]['rdns'] = null;
+				}
+
+				$showLinks = (!$trust || $proxyAddress == $origin) && !$proxyIsInPrivateRange;
+				$requestProxyData[$proxyIndex]['showlinks'] = $showLinks;
+
+				$proxyIndex++;
+			}
+
+			$this->assign("requestProxyData", $requestProxyData);
+		}
+	}
 }

config.inc.php

Indentation +89 added lines, -89 removed lines

@@ -189,27 +189,27 @@ 
 
 // request states
 $availableRequestStates = array(
-    'Open'          => array(
-        'defertolog' => 'users', // don't change or you'll break old logs
-        'deferto'    => 'users',
-        'header'     => 'Open requests',
-        'api'        => "open",
-        'queuehelp'  => null
-    ),
-    'Flagged users' => array(
-        'defertolog' => 'flagged users', // don't change or you'll break old logs
-        'deferto'    => 'flagged users',
-        'header'     => 'Flagged user needed',
-        'api'        => "admin",
-        'queuehelp'  => 'This queue lists the requests which require a user with the <code>accountcreator</code> flag to create.<br />If creation is determined to be the correct course of action, requests here will require the overriding the AntiSpoof checks or the title blacklist in order to create. It is recommended to try to create the account <em>without</em> checking the flags to validate the results of the AntiSpoof and/or title blacklist hits.'
-    ),
-    'Checkuser'     => array(
-        'defertolog' => 'checkusers', // don't change or you'll break old logs
-        'deferto'    => 'checkusers',
-        'header'     => 'Checkuser needed',
-        'api'        => "checkuser",
-        'queuehelp'  => null
-    ),
+	'Open'          => array(
+		'defertolog' => 'users', // don't change or you'll break old logs
+		'deferto'    => 'users',
+		'header'     => 'Open requests',
+		'api'        => "open",
+		'queuehelp'  => null
+	),
+	'Flagged users' => array(
+		'defertolog' => 'flagged users', // don't change or you'll break old logs
+		'deferto'    => 'flagged users',
+		'header'     => 'Flagged user needed',
+		'api'        => "admin",
+		'queuehelp'  => 'This queue lists the requests which require a user with the <code>accountcreator</code> flag to create.<br />If creation is determined to be the correct course of action, requests here will require the overriding the AntiSpoof checks or the title blacklist in order to create. It is recommended to try to create the account <em>without</em> checking the flags to validate the results of the AntiSpoof and/or title blacklist hits.'
+	),
+	'Checkuser'     => array(
+		'defertolog' => 'checkusers', // don't change or you'll break old logs
+		'deferto'    => 'checkusers',
+		'header'     => 'Checkuser needed',
+		'api'        => "checkuser",
+		'queuehelp'  => null
+	),
 );
 
 $defaultRequestStateKey = 'Open';
@@ -262,24 +262,24 @@ 
 require_once('config.local.inc.php');
 
 $cDatabaseConfig = array(
-    "acc"           => array(
-        "dsrcname" => "mysql:host=" . $toolserver_host . ";dbname=" . $toolserver_database,
-        "username" => $toolserver_username,
-        "password" => $toolserver_password,
+	"acc"           => array(
+		"dsrcname" => "mysql:host=" . $toolserver_host . ";dbname=" . $toolserver_database,
+		"username" => $toolserver_username,
+		"password" => $toolserver_password,
 		"options"  => array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8mb4'),
-    ),
-    "wikipedia"     => array(
-        "dsrcname" => "mysql:host=" . $antispoof_host . ";dbname=" . $antispoof_db,
-        "username" => $toolserver_username,
-        "password" => $toolserver_password,
-        "options"  => array(),
-    ),
-    "notifications" => array(
-        "dsrcname" => "mysql:host=" . $toolserver_notification_dbhost . ";dbname=" . $toolserver_notification_database,
-        "username" => $notifications_username,
-        "password" => $notifications_password,
-        "options"  => array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8mb4'),
-    ),
+	),
+	"wikipedia"     => array(
+		"dsrcname" => "mysql:host=" . $antispoof_host . ";dbname=" . $antispoof_db,
+		"username" => $toolserver_username,
+		"password" => $toolserver_password,
+		"options"  => array(),
+	),
+	"notifications" => array(
+		"dsrcname" => "mysql:host=" . $toolserver_notification_dbhost . ";dbname=" . $toolserver_notification_database,
+		"username" => $notifications_username,
+		"password" => $notifications_password,
+		"options"  => array(PDO::MYSQL_ATTR_INIT_COMMAND => 'SET NAMES utf8mb4'),
+	),
 );
 
 // //Keep the included files from being executed.
@@ -291,18 +291,18 @@ 
 ini_set('user_agent', $toolUserAgent);
 
 foreach (array(
-    "mbstring", // unicode and stuff
-    "pdo",
-    "pdo_mysql", // new database module
-    "session",
-    "date",
-    "pcre", // core stuff
-    "curl", // mediawiki api access etc
-    "openssl", // token generation
+	"mbstring", // unicode and stuff
+	"pdo",
+	"pdo_mysql", // new database module
+	"session",
+	"date",
+	"pcre", // core stuff
+	"curl", // mediawiki api access etc
+	"openssl", // token generation
 ) as $x) {
-    if (!extension_loaded($x)) {
-        die("extension $x is required.");
-    }
+	if (!extension_loaded($x)) {
+		die("extension $x is required.");
+	}
 }
 
 // Set up the AutoLoader
@@ -326,43 +326,43 @@ 
 $siteConfiguration = new \Waca\SiteConfiguration();
 
 $siteConfiguration->setBaseUrl($baseurl)
-    ->setFilePath(__DIR__)
-    ->setDebuggingTraceEnabled($enableErrorTrace)
-    ->setForceIdentification($forceIdentification)
-    ->setIdentificationCacheExpiry($identificationCacheExpiry)
-    ->setMediawikiScriptPath($mediawikiScriptPath)
-    ->setMediawikiWebServiceEndpoint($mediawikiWebServiceEndpoint)
-    ->setMetaWikimediaWebServiceEndpoint($metaWikimediaWebServiceEndpoint)
-    ->setEnforceOAuth($enforceOAuth)
-    ->setEmailConfirmationEnabled($enableEmailConfirm == 1)
-    ->setEmailConfirmationExpiryDays($emailConfirmationExpiryDays)
-    ->setMiserModeLimit($requestLimitShowOnly)
-    ->setRequestStates($availableRequestStates)
-    ->setSquidList($squidIpList)
-    ->setDefaultCreatedTemplateId($createdid)
-    ->setDefaultRequestStateKey($defaultRequestStateKey)
-    ->setUseStrictTransportSecurity($strictTransportSecurityExpiry)
-    ->setUserAgent($toolUserAgent)
-    ->setCurlDisableVerifyPeer($curlDisableSSLVerifyPeer)
-    ->setUseOAuthSignup($useOauthSignup)
-    ->setOAuthBaseUrl($oauthBaseUrl)
-    ->setOAuthConsumerToken($oauthConsumerToken)
-    ->setOAuthConsumerSecret($oauthSecretToken)
-    ->setOauthMediaWikiCanonicalServer($oauthMediaWikiCanonicalServer)
-    ->setDataClearInterval($dataclear_interval)
-    ->setXffTrustedHostsFile($xff_trusted_hosts_file)
-    ->setIrcNotificationsEnabled($ircBotNotificationsEnabled == 1)
-    ->setIrcNotificationType($ircBotNotificationType)
-    ->setIrcNotificationsInstance($whichami)
-    ->setTitleBlacklistEnabled($enableTitleblacklist == 1)
-    ->setTorExitPaths(array_merge(gethostbynamel('en.wikipedia.org'), gethostbynamel('accounts.wmflabs.org')))
-    ->setCreationBotUsername($creationBotUsername)
-    ->setCreationBotPassword($creationBotPassword)
-    ->setCurlCookieJar($curlCookieJar)
-    ->setYubicoApiId($yubicoApiId)
-    ->setYubicoApiKey($yubicoApiKey)
-    ->setTotpEncryptionKey($totpEncryptionKey)
-    ->setRegistrationAllowed($allowRegistration)
-    ->setCspReportUri($cspReportUri)
-    ->setResourceCacheEpoch($resourceCacheEpoch)
-    ->setLocationProviderApiKey($locationProviderApiKey);
+	->setFilePath(__DIR__)
+	->setDebuggingTraceEnabled($enableErrorTrace)
+	->setForceIdentification($forceIdentification)
+	->setIdentificationCacheExpiry($identificationCacheExpiry)
+	->setMediawikiScriptPath($mediawikiScriptPath)
+	->setMediawikiWebServiceEndpoint($mediawikiWebServiceEndpoint)
+	->setMetaWikimediaWebServiceEndpoint($metaWikimediaWebServiceEndpoint)
+	->setEnforceOAuth($enforceOAuth)
+	->setEmailConfirmationEnabled($enableEmailConfirm == 1)
+	->setEmailConfirmationExpiryDays($emailConfirmationExpiryDays)
+	->setMiserModeLimit($requestLimitShowOnly)
+	->setRequestStates($availableRequestStates)
+	->setSquidList($squidIpList)
+	->setDefaultCreatedTemplateId($createdid)
+	->setDefaultRequestStateKey($defaultRequestStateKey)
+	->setUseStrictTransportSecurity($strictTransportSecurityExpiry)
+	->setUserAgent($toolUserAgent)
+	->setCurlDisableVerifyPeer($curlDisableSSLVerifyPeer)
+	->setUseOAuthSignup($useOauthSignup)
+	->setOAuthBaseUrl($oauthBaseUrl)
+	->setOAuthConsumerToken($oauthConsumerToken)
+	->setOAuthConsumerSecret($oauthSecretToken)
+	->setOauthMediaWikiCanonicalServer($oauthMediaWikiCanonicalServer)
+	->setDataClearInterval($dataclear_interval)
+	->setXffTrustedHostsFile($xff_trusted_hosts_file)
+	->setIrcNotificationsEnabled($ircBotNotificationsEnabled == 1)
+	->setIrcNotificationType($ircBotNotificationType)
+	->setIrcNotificationsInstance($whichami)
+	->setTitleBlacklistEnabled($enableTitleblacklist == 1)
+	->setTorExitPaths(array_merge(gethostbynamel('en.wikipedia.org'), gethostbynamel('accounts.wmflabs.org')))
+	->setCreationBotUsername($creationBotUsername)
+	->setCreationBotPassword($creationBotPassword)
+	->setCurlCookieJar($curlCookieJar)
+	->setYubicoApiId($yubicoApiId)
+	->setYubicoApiKey($yubicoApiKey)
+	->setTotpEncryptionKey($totpEncryptionKey)
+	->setRegistrationAllowed($allowRegistration)
+	->setCspReportUri($cspReportUri)
+	->setResourceCacheEpoch($resourceCacheEpoch)
+	->setLocationProviderApiKey($locationProviderApiKey);