1 | <?php |
||
2 | /** |
||
3 | * Nextcloud - Gallery |
||
4 | * |
||
5 | * This file is licensed under the Affero General Public License version 3 or |
||
6 | * later. See the COPYING file. |
||
7 | * |
||
8 | * @author Olivier Paroz <[email protected]> |
||
9 | * |
||
10 | * @copyright Olivier Paroz 2017 |
||
11 | */ |
||
12 | |||
13 | namespace OCA\Gallery\Config; |
||
14 | |||
15 | /** |
||
16 | * Validates parsed configuration elements |
||
17 | * |
||
18 | * @package OCA\Gallery\Config |
||
19 | */ |
||
20 | class ConfigValidator { |
||
21 | |||
22 | /** |
||
23 | * Determines if the content of that sub-section is safe for web use |
||
24 | * |
||
25 | * @param string $key the configuration sub-section identifier |
||
26 | * @param array $parsedConfigItem the configuration for a sub-section |
||
27 | * |
||
28 | * @return bool |
||
29 | */ |
||
30 | public function isConfigSafe($key, $parsedConfigItem) { |
||
31 | $safe = true; |
||
32 | |||
33 | switch ($key) { |
||
34 | case 'sorting': |
||
35 | $safe = $this->isSortingSafe('type',$parsedConfigItem, $safe); |
||
36 | $safe = $this->isSortingSafe('order',$parsedConfigItem, $safe); |
||
37 | break; |
||
38 | case 'design': |
||
39 | $safe = $this->isDesignColourSafe($parsedConfigItem, $safe); |
||
40 | break; |
||
41 | } |
||
42 | |||
43 | return $safe; |
||
44 | } |
||
45 | |||
46 | /** |
||
47 | * Determines if the sorting type found in the config file is safe for web use |
||
48 | * @param string will specify the key to check 'type' or 'order' |
||
0 ignored issues
–
show
|
|||
49 | * @param array $parsedConfigItem the sorting configuration to analyse |
||
50 | * @param bool $safe whether the current config has been deemed safe to use so far |
||
51 | * @return bool |
||
52 | */ |
||
53 | private function isSortingSafe($key,$parsedConfigItem, $safe) { |
||
54 | if ($safe && array_key_exists($key, $parsedConfigItem)) { |
||
55 | $safe = $safe && $this->sortingValidator($key, $parsedConfigItem[ $key ]); |
||
56 | } |
||
57 | |||
58 | return $safe; |
||
59 | } |
||
60 | |||
61 | /** |
||
62 | * Determines if the background colour found in the config file is safe for web use |
||
63 | * |
||
64 | * @param array $parsedConfigItem the design configuration to analyse |
||
65 | * @param bool $safe whether the current config has been deemed safe to use so far |
||
66 | * |
||
67 | * @return bool |
||
68 | */ |
||
69 | private function isDesignColourSafe($parsedConfigItem, $safe) { |
||
70 | if (array_key_exists('background', $parsedConfigItem)) { |
||
71 | $background = $parsedConfigItem['background']; |
||
72 | $safe = $safe && ctype_xdigit(substr($background, 1)); |
||
73 | } |
||
74 | |||
75 | return $safe; |
||
76 | } |
||
77 | |||
78 | /** |
||
79 | * Validates the parsed sorting values against allowed values |
||
80 | * |
||
81 | * @param string $section the section in the sorting config to be analysed |
||
82 | * @param string $value the value found in that section |
||
83 | * |
||
84 | * @return bool |
||
85 | */ |
||
86 | private function sortingValidator($section, $value) { |
||
87 | if ($section === 'type') { |
||
88 | $validValues = ['date', 'name']; |
||
89 | } else { |
||
90 | $validValues = ['des', 'asc']; |
||
91 | } |
||
92 | |||
93 | return in_array($value, $validValues); |
||
94 | } |
||
95 | |||
96 | } |
||
97 |
The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g.
excluded_paths: ["lib/*"]
, you can move it to the dependency path list as follows:For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths