Inspection of "Merge pull request #15016 from nextcloud/enh/no-ev..." - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( ec4b15...1416ef )

by Morris

created 2019-04-09 10:27 UTC

Status

Indentation +73 added lines, -73 removed lines patch added patch discarded remove patch

@@ -31,81 +31,81 @@
 block discarded – undo
  */
 
 class OC_Response {
-	/**
-	 * Sets the content disposition header (with possible workarounds)
-	 * @param string $filename file name
-	 * @param string $type disposition type, either 'attachment' or 'inline'
-	 */
-	static public function setContentDispositionHeader( $filename, $type = 'attachment' ) {
-		if (\OC::$server->getRequest()->isUserAgent(
-			[
-				\OC\AppFramework\Http\Request::USER_AGENT_IE,
-				\OC\AppFramework\Http\Request::USER_AGENT_ANDROID_MOBILE_CHROME,
-				\OC\AppFramework\Http\Request::USER_AGENT_FREEBOX,
-			])) {
-			header( 'Content-Disposition: ' . rawurlencode($type) . '; filename="' . rawurlencode( $filename ) . '"' );
-		} else {
-			header( 'Content-Disposition: ' . rawurlencode($type) . '; filename*=UTF-8\'\'' . rawurlencode( $filename )
-												 . '; filename="' . rawurlencode( $filename ) . '"' );
-		}
-	}
+    /**
+     * Sets the content disposition header (with possible workarounds)
+     * @param string $filename file name
+     * @param string $type disposition type, either 'attachment' or 'inline'
+     */
+    static public function setContentDispositionHeader( $filename, $type = 'attachment' ) {
+        if (\OC::$server->getRequest()->isUserAgent(
+            [
+                \OC\AppFramework\Http\Request::USER_AGENT_IE,
+                \OC\AppFramework\Http\Request::USER_AGENT_ANDROID_MOBILE_CHROME,
+                \OC\AppFramework\Http\Request::USER_AGENT_FREEBOX,
+            ])) {
+            header( 'Content-Disposition: ' . rawurlencode($type) . '; filename="' . rawurlencode( $filename ) . '"' );
+        } else {
+            header( 'Content-Disposition: ' . rawurlencode($type) . '; filename*=UTF-8\'\'' . rawurlencode( $filename )
+                                                    . '; filename="' . rawurlencode( $filename ) . '"' );
+        }
+    }
 
-	/**
-	 * Sets the content length header (with possible workarounds)
-	 * @param string|int|float $length Length to be sent
-	 */
-	static public function setContentLengthHeader($length) {
-		if (PHP_INT_SIZE === 4) {
-			if ($length > PHP_INT_MAX && stripos(PHP_SAPI, 'apache') === 0) {
-				// Apache PHP SAPI casts Content-Length headers to PHP integers.
-				// This enforces a limit of PHP_INT_MAX (2147483647 on 32-bit
-				// platforms). So, if the length is greater than PHP_INT_MAX,
-				// we just do not send a Content-Length header to prevent
-				// bodies from being received incompletely.
-				return;
-			}
-			// Convert signed integer or float to unsigned base-10 string.
-			$lfh = new \OC\LargeFileHelper;
-			$length = $lfh->formatUnsignedInteger($length);
-		}
-		header('Content-Length: '.$length);
-	}
+    /**
+     * Sets the content length header (with possible workarounds)
+     * @param string|int|float $length Length to be sent
+     */
+    static public function setContentLengthHeader($length) {
+        if (PHP_INT_SIZE === 4) {
+            if ($length > PHP_INT_MAX && stripos(PHP_SAPI, 'apache') === 0) {
+                // Apache PHP SAPI casts Content-Length headers to PHP integers.
+                // This enforces a limit of PHP_INT_MAX (2147483647 on 32-bit
+                // platforms). So, if the length is greater than PHP_INT_MAX,
+                // we just do not send a Content-Length header to prevent
+                // bodies from being received incompletely.
+                return;
+            }
+            // Convert signed integer or float to unsigned base-10 string.
+            $lfh = new \OC\LargeFileHelper;
+            $length = $lfh->formatUnsignedInteger($length);
+        }
+        header('Content-Length: '.$length);
+    }
 
-	/**
-	 * This function adds some security related headers to all requests served via base.php
-	 * The implementation of this function has to happen here to ensure that all third-party
-	 * components (e.g. SabreDAV) also benefit from this headers.
-	 */
-	public static function addSecurityHeaders() {
-		/**
-		 * FIXME: Content Security Policy for legacy ownCloud components. This
-		 * can be removed once \OCP\AppFramework\Http\Response from the AppFramework
-		 * is used everywhere.
-		 * @see \OCP\AppFramework\Http\Response::getHeaders
-		 */
-		$policy = 'default-src \'self\'; '
-			. 'script-src \'self\' \'nonce-'.\OC::$server->getContentSecurityPolicyNonceManager()->getNonce().'\'; '
-			. 'style-src \'self\' \'unsafe-inline\'; '
-			. 'frame-src *; '
-			. 'img-src * data: blob:; '
-			. 'font-src \'self\' data:; '
-			. 'media-src *; ' 
-			. 'connect-src *; '
-			. 'object-src \'none\'; '
-			. 'base-uri \'self\'; ';
-		header('Content-Security-Policy:' . $policy);
-		header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains
+    /**
+     * This function adds some security related headers to all requests served via base.php
+     * The implementation of this function has to happen here to ensure that all third-party
+     * components (e.g. SabreDAV) also benefit from this headers.
+     */
+    public static function addSecurityHeaders() {
+        /**
+         * FIXME: Content Security Policy for legacy ownCloud components. This
+         * can be removed once \OCP\AppFramework\Http\Response from the AppFramework
+         * is used everywhere.
+         * @see \OCP\AppFramework\Http\Response::getHeaders
+         */
+        $policy = 'default-src \'self\'; '
+            . 'script-src \'self\' \'nonce-'.\OC::$server->getContentSecurityPolicyNonceManager()->getNonce().'\'; '
+            . 'style-src \'self\' \'unsafe-inline\'; '
+            . 'frame-src *; '
+            . 'img-src * data: blob:; '
+            . 'font-src \'self\' data:; '
+            . 'media-src *; ' 
+            . 'connect-src *; '
+            . 'object-src \'none\'; '
+            . 'base-uri \'self\'; ';
+        header('Content-Security-Policy:' . $policy);
+        header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains
 
-		// Send fallback headers for installations that don't have the possibility to send
-		// custom headers on the webserver side
-		if(getenv('modHeadersAvailable') !== 'true') {
-			header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
-			header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
-			header('X-Robots-Tag: none'); // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag
-			header('X-Download-Options: noopen'); // https://msdn.microsoft.com/en-us/library/jj542450(v=vs.85).aspx
-			header('X-Permitted-Cross-Domain-Policies: none'); // https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html
-			header('Referrer-Policy: no-referrer'); // https://www.w3.org/TR/referrer-policy/
-		}
-	}
+        // Send fallback headers for installations that don't have the possibility to send
+        // custom headers on the webserver side
+        if(getenv('modHeadersAvailable') !== 'true') {
+            header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
+            header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
+            header('X-Robots-Tag: none'); // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag
+            header('X-Download-Options: noopen'); // https://msdn.microsoft.com/en-us/library/jj542450(v=vs.85).aspx
+            header('X-Permitted-Cross-Domain-Policies: none'); // https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html
+            header('Referrer-Policy: no-referrer'); // https://www.w3.org/TR/referrer-policy/
+        }
+    }
 
 }

Please login to merge, or discard this patch.

		@@ -31,81 +31,81 @@
		block discarded – undo
31	31	*/
32	32
33	33	class OC_Response {
34		- /**
35		- * Sets the content disposition header (with possible workarounds)
36		- * @param string $filename file name
37		- * @param string $type disposition type, either 'attachment' or 'inline'
38		- */
39		- static public function setContentDispositionHeader( $filename, $type = 'attachment' ) {
40		- if (\OC::$server->getRequest()->isUserAgent(
41		- [
42		- \OC\AppFramework\Http\Request::USER_AGENT_IE,
43		- \OC\AppFramework\Http\Request::USER_AGENT_ANDROID_MOBILE_CHROME,
44		- \OC\AppFramework\Http\Request::USER_AGENT_FREEBOX,
45		- ])) {
46		- header( 'Content-Disposition: ' . rawurlencode($type) . '; filename="' . rawurlencode( $filename ) . '"' );
47		- } else {
48		- header( 'Content-Disposition: ' . rawurlencode($type) . '; filename*=UTF-8\'\'' . rawurlencode( $filename )
49		- . '; filename="' . rawurlencode( $filename ) . '"' );
50		- }
51		- }
	34	+ /**
	35	+ * Sets the content disposition header (with possible workarounds)
	36	+ * @param string $filename file name
	37	+ * @param string $type disposition type, either 'attachment' or 'inline'
	38	+ */
	39	+ static public function setContentDispositionHeader( $filename, $type = 'attachment' ) {
	40	+ if (\OC::$server->getRequest()->isUserAgent(
	41	+ [
	42	+ \OC\AppFramework\Http\Request::USER_AGENT_IE,
	43	+ \OC\AppFramework\Http\Request::USER_AGENT_ANDROID_MOBILE_CHROME,
	44	+ \OC\AppFramework\Http\Request::USER_AGENT_FREEBOX,
	45	+ ])) {
	46	+ header( 'Content-Disposition: ' . rawurlencode($type) . '; filename="' . rawurlencode( $filename ) . '"' );
	47	+ } else {
	48	+ header( 'Content-Disposition: ' . rawurlencode($type) . '; filename*=UTF-8\'\'' . rawurlencode( $filename )
	49	+ . '; filename="' . rawurlencode( $filename ) . '"' );
	50	+ }
	51	+ }
52	52
53		- /**
54		- * Sets the content length header (with possible workarounds)
55		- * @param string\|int\|float $length Length to be sent
56		- */
57		- static public function setContentLengthHeader($length) {
58		- if (PHP_INT_SIZE === 4) {
59		- if ($length > PHP_INT_MAX && stripos(PHP_SAPI, 'apache') === 0) {
60		- // Apache PHP SAPI casts Content-Length headers to PHP integers.
61		- // This enforces a limit of PHP_INT_MAX (2147483647 on 32-bit
62		- // platforms). So, if the length is greater than PHP_INT_MAX,
63		- // we just do not send a Content-Length header to prevent
64		- // bodies from being received incompletely.
65		- return;
66		- }
67		- // Convert signed integer or float to unsigned base-10 string.
68		- $lfh = new \OC\LargeFileHelper;
69		- $length = $lfh->formatUnsignedInteger($length);
70		- }
71		- header('Content-Length: '.$length);
72		- }
	53	+ /**
	54	+ * Sets the content length header (with possible workarounds)
	55	+ * @param string\|int\|float $length Length to be sent
	56	+ */
	57	+ static public function setContentLengthHeader($length) {
	58	+ if (PHP_INT_SIZE === 4) {
	59	+ if ($length > PHP_INT_MAX && stripos(PHP_SAPI, 'apache') === 0) {
	60	+ // Apache PHP SAPI casts Content-Length headers to PHP integers.
	61	+ // This enforces a limit of PHP_INT_MAX (2147483647 on 32-bit
	62	+ // platforms). So, if the length is greater than PHP_INT_MAX,
	63	+ // we just do not send a Content-Length header to prevent
	64	+ // bodies from being received incompletely.
	65	+ return;
	66	+ }
	67	+ // Convert signed integer or float to unsigned base-10 string.
	68	+ $lfh = new \OC\LargeFileHelper;
	69	+ $length = $lfh->formatUnsignedInteger($length);
	70	+ }
	71	+ header('Content-Length: '.$length);
	72	+ }
73	73
74		- /**
75		- * This function adds some security related headers to all requests served via base.php
76		- * The implementation of this function has to happen here to ensure that all third-party
77		- * components (e.g. SabreDAV) also benefit from this headers.
78		- */
79		- public static function addSecurityHeaders() {
80		- /**
81		- * FIXME: Content Security Policy for legacy ownCloud components. This
82		- * can be removed once \OCP\AppFramework\Http\Response from the AppFramework
83		- * is used everywhere.
84		- * @see \OCP\AppFramework\Http\Response::getHeaders
85		- */
86		- $policy = 'default-src \'self\'; '
87		- . 'script-src \'self\' \'nonce-'.\OC::$server->getContentSecurityPolicyNonceManager()->getNonce().'\'; '
88		- . 'style-src \'self\' \'unsafe-inline\'; '
89		- . 'frame-src *; '
90		- . 'img-src * data: blob:; '
91		- . 'font-src \'self\' data:; '
92		- . 'media-src *; '
93		- . 'connect-src *; '
94		- . 'object-src \'none\'; '
95		- . 'base-uri \'self\'; ';
96		- header('Content-Security-Policy:' . $policy);
97		- header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains
	74	+ /**
	75	+ * This function adds some security related headers to all requests served via base.php
	76	+ * The implementation of this function has to happen here to ensure that all third-party
	77	+ * components (e.g. SabreDAV) also benefit from this headers.
	78	+ */
	79	+ public static function addSecurityHeaders() {
	80	+ /**
	81	+ * FIXME: Content Security Policy for legacy ownCloud components. This
	82	+ * can be removed once \OCP\AppFramework\Http\Response from the AppFramework
	83	+ * is used everywhere.
	84	+ * @see \OCP\AppFramework\Http\Response::getHeaders
	85	+ */
	86	+ $policy = 'default-src \'self\'; '
	87	+ . 'script-src \'self\' \'nonce-'.\OC::$server->getContentSecurityPolicyNonceManager()->getNonce().'\'; '
	88	+ . 'style-src \'self\' \'unsafe-inline\'; '
	89	+ . 'frame-src *; '
	90	+ . 'img-src * data: blob:; '
	91	+ . 'font-src \'self\' data:; '
	92	+ . 'media-src *; '
	93	+ . 'connect-src *; '
	94	+ . 'object-src \'none\'; '
	95	+ . 'base-uri \'self\'; ';
	96	+ header('Content-Security-Policy:' . $policy);
	97	+ header('X-Frame-Options: SAMEORIGIN'); // Disallow iFraming from other domains
98	98
99		- // Send fallback headers for installations that don't have the possibility to send
100		- // custom headers on the webserver side
101		- if(getenv('modHeadersAvailable') !== 'true') {
102		- header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
103		- header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
104		- header('X-Robots-Tag: none'); // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag
105		- header('X-Download-Options: noopen'); // https://msdn.microsoft.com/en-us/library/jj542450(v=vs.85).aspx
106		- header('X-Permitted-Cross-Domain-Policies: none'); // https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html
107		- header('Referrer-Policy: no-referrer'); // https://www.w3.org/TR/referrer-policy/
108		- }
109		- }
	99	+ // Send fallback headers for installations that don't have the possibility to send
	100	+ // custom headers on the webserver side
	101	+ if(getenv('modHeadersAvailable') !== 'true') {
	102	+ header('X-XSS-Protection: 1; mode=block'); // Enforce browser based XSS filters
	103	+ header('X-Content-Type-Options: nosniff'); // Disable sniffing the content type for IE
	104	+ header('X-Robots-Tag: none'); // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag
	105	+ header('X-Download-Options: noopen'); // https://msdn.microsoft.com/en-us/library/jj542450(v=vs.85).aspx
	106	+ header('X-Permitted-Cross-Domain-Policies: none'); // https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html
	107	+ header('Referrer-Policy: no-referrer'); // https://www.w3.org/TR/referrer-policy/
	108	+ }
	109	+ }
110	110
111	111	}

nextcloud / server

Push — master ( ec4b15...1416ef )

Status

Category

Indentation +73 added lines, -73 removed lines patch added patch discarded remove patch