Issues in Client.php (master) - Issues in master - plesk/api-php-lib - Measure and Improve Code Quality continuously with Scrutinizer

Issues (41)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Api/Client.php (8 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
// Copyright 1999-2021. Plesk International GmbH.

namespace PleskX\Api;

use SimpleXMLElement;

/**
 * Client for Plesk XML-RPC API.
 */
class Client
{
    const RESPONSE_SHORT = 1;
    const RESPONSE_FULL = 2;

    protected $_host;
    protected $_port;
    protected $_protocol;
    protected $_login;
    protected $_password;
    protected $_proxy = '';
    protected $_secretKey;
    protected $_version = '';

    protected $_operatorsCache = [];

    /**
     * @var callable
     */
    protected $_verifyResponseCallback;

    /**
     * Create client.
     *
     * @param string $host
     * @param int $port
     * @param string $protocol
     */
    public function __construct($host, $port = 8443, $protocol = 'https')
    {
        $this->_host = $host;
        $this->_port = $port;
        $this->_protocol = $protocol;
    }

    /**
     * Setup credentials for authentication.
     *
     * @param string $login
     * @param string $password
     */
    public function setCredentials($login, $password)
    {
        $this->_login = $login;
        $this->_password = $password;
    }

    /**
     * Define secret key for alternative authentication.
     *
     * @param string $secretKey
     */
    public function setSecretKey($secretKey)
    {
        $this->_secretKey = $secretKey;
    }

    /**
     * Set proxy server for requests.
     *
     * @param string $proxy
     */
    public function setProxy($proxy)
    {
        $this->_proxy = $proxy;
    }

    /**
     * Set default version for requests.
     *
     * @param string $version
     */
    public function setVersion($version)
    {
        $this->_version = $version;
    }

    /**
     * Set custom function to verify response of API call according your own needs. Default verifying will be used if it is not specified.
     *
     * @param callable|null $function
     */
    public function setVerifyResponse(callable $function = null)
    {
        $this->_verifyResponseCallback = $function;
    }

    /**
     * Retrieve host used for communication.
     *
     * @return string
     */
    public function getHost()
    {
        return $this->_host;
    }

    /**
     * Retrieve port used for communication.
     *
     * @return int
     */
    public function getPort()
    {
        return $this->_port;
    }

    /**
     * Retrieve name of the protocol (http or https) used for communication.
     *
     * @return string
     */
    public function getProtocol()
    {
        return $this->_protocol;
    }

    /**
     * Retrieve XML template for packet.
     *
     * @param string|null $version
     *
     * @return SimpleXMLElement
     */
    public function getPacket($version = null)
    {
        $protocolVersion = !is_null($version) ? $version : $this->_version;
        $content = "<?xml version='1.0' encoding='UTF-8' ?>";
        $content .= '<packet'.('' === $protocolVersion ? '' : " version='$protocolVersion'").'/>';

        return new SimpleXMLElement($content);
    }

    /**
     * Perform API request.
     *
     * @param string|array|SimpleXMLElement $request
     * @param int $mode
     *
     * @return XmlResponse
     */
    public function request($request, $mode = self::RESPONSE_SHORT)
    {
        if ($request instanceof SimpleXMLElement) {
            $request = $request->asXml();
        } else {

            $xml = $this->getPacket();

            if (is_array($request)) {
                $request = $this->_arrayToXml($request, $xml)->asXML();
            } elseif (preg_match('/^[a-z]/', $request)) {
                $request = $this->_expandRequestShortSyntax($request, $xml);
            }
        }

        if ('sdk' == $this->_protocol) {
            $version = ('' == $this->_version) ? null : $this->_version;
            $requestXml = new SimpleXMLElement((string) $request);
            $xml = \pm_ApiRpc::getService($version)->call($requestXml->children()[0]->asXml(), $this->_login);
        } else {
            $xml = $this->_performHttpRequest($request);

        }

        $this->_verifyResponseCallback
            ? call_user_func($this->_verifyResponseCallback, $xml)
            : $this->_verifyResponse($xml);

        return (self::RESPONSE_FULL == $mode) ? $xml : $xml->xpath('//result')[0];
    }

    /**
     * Perform HTTP request to end-point.
     *
     * @param string $request
     *
     * @throws Client\Exception
     *
     * @return XmlResponse
     */
    private function _performHttpRequest($request)
    {
        $curl = curl_init();

        curl_setopt($curl, CURLOPT_URL, "$this->_protocol://$this->_host:$this->_port/enterprise/control/agent.php");
        curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
        curl_setopt($curl, CURLOPT_POST, true);
        curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
        curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
        curl_setopt($curl, CURLOPT_HTTPHEADER, $this->_getHeaders());
        curl_setopt($curl, CURLOPT_POSTFIELDS, $request);

        if ('' !== $this->_proxy) {
            curl_setopt($curl, CURLOPT_PROXY, $this->_proxy);
        }

        $result = curl_exec($curl);

        if (false === $result) {
            throw new Client\Exception(curl_error($curl), curl_errno($curl));
        }

        curl_close($curl);

        $xml = new XmlResponse($result);

        return $xml;
    }

    /**
     * Perform multiple API requests using single HTTP request.
     *
     * @param $requests
     * @param int $mode
     *
     * @throws Client\Exception
     *
     * @return array
     */
    public function multiRequest($requests, $mode = self::RESPONSE_SHORT)
    {
        $requestXml = $this->getPacket();

        foreach ($requests as $request) {
            if ($request instanceof SimpleXMLElement) {
                throw new Client\Exception('SimpleXML type of request is not supported for multi requests.');
            } else {

                if (is_array($request)) {
                    $request = $this->_arrayToXml($request, $requestXml)->asXML();
                } elseif (preg_match('/^[a-z]/', $request)) {
                    $this->_expandRequestShortSyntax($request, $requestXml);
                }
            }
            $responses[] = $this->request($request);
foreach ($collection as $item) {
    $myArray['foo'] = $item->getFoo();

    if ($item->hasBar()) {
        $myArray['bar'] = $item->getBar();
    }

    // do something with $myArray
}
        }

        if ('sdk' == $this->_protocol) {
            throw new Client\Exception('Multi requests are not supported via SDK.');
        } else {
            $responseXml = $this->_performHttpRequest($requestXml->asXML());

        }

        $responses = [];
        foreach ($responseXml->children() as $childNode) {
            $xml = $this->getPacket();
            $dom = dom_import_simplexml($xml)->ownerDocument;

            $childDomNode = dom_import_simplexml($childNode);
            $childDomNode = $dom->importNode($childDomNode, true);
            $dom->documentElement->appendChild($childDomNode);

            $response = simplexml_load_string($dom->saveXML());
            $responses[] = (self::RESPONSE_FULL == $mode) ? $response : $response->xpath('//result')[0];
        }

        return $responses;
    }

    /**
     * Retrieve list of headers needed for request.
     *
     * @return array
     */
    protected function _getHeaders()
    {
        $headers = [
            'Content-Type: text/xml',
            'HTTP_PRETTY_PRINT: TRUE',
        ];

        if ($this->_secretKey) {
            $headers[] = "KEY: $this->_secretKey";
        } else {
            $headers[] = "HTTP_AUTH_LOGIN: $this->_login";
            $headers[] = "HTTP_AUTH_PASSWD: $this->_password";
        }

        return $headers;
    }

    /**
     * Verify that response does not contain errors.
     *
     * @param XmlResponse $xml
     *
     * @throws Exception
     */
    protected function _verifyResponse($xml)
    {
        if ($xml->system && $xml->system->status && 'error' == (string) $xml->system->status) {
            throw new Exception((string) $xml->system->errtext, (int) $xml->system->errcode);
        }

        if ($xml->xpath('//status[text()="error"]') && $xml->xpath('//errcode') && $xml->xpath('//errtext')) {
            $errorCode = (int) $xml->xpath('//errcode')[0];
            $errorMessage = (string) $xml->xpath('//errtext')[0];

            throw new Exception($errorMessage, $errorCode);
        }
    }

    /**
     * Expand short syntax (some.method.call) into full XML representation.
     *
     * @param string $request
     * @param SimpleXMLElement $xml
     *
     * @return string
     */
    protected function _expandRequestShortSyntax($request, SimpleXMLElement $xml)
    {
        $parts = explode('.', $request);
        $node = $xml;

        foreach ($parts as $part) {
            @list($name, $value) = explode('=', $part);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
            $node = $node->addChild($name, $value);
        }

        return $xml->asXML();
    }

    /**
     * Convert array to XML representation.
     *
     * @param array $array
     * @param SimpleXMLElement $xml
     * @param string $parentEl
     *
     * @return SimpleXMLElement
     */
    protected function _arrayToXml(array $array, SimpleXMLElement $xml, $parentEl = null)
    {
        foreach ($array as $key => $value) {
            $el = is_int($key) && $parentEl ? $parentEl : $key;
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            if (is_array($value)) {
                $this->_arrayToXml($value, $this->_isAssocArray($value) ? $xml->addChild($el) : $xml, $el);
            } else {
                $xml->addChild($el, $value);
            }
        }

        return $xml;
    }

    /**
     * @param array $array
     *
     * @return bool
     */
    protected function _isAssocArray(array $array)
    {
        return $array && array_keys($array) !== range(0, count($array) - 1);

    }

    /**
     * @param string $name
     *
     * @return \PleskX\Api\Operator
     */
    protected function _getOperator($name)
    {
        if (!isset($this->_operatorsCache[$name])) {
            $className = '\\PleskX\\Api\\Operator\\'.$name;
            $this->_operatorsCache[$name] = new $className($this);
        }

        return $this->_operatorsCache[$name];
    }

    /**
     * @return Operator\Server
     */
    public function server()
    {
        return $this->_getOperator('Server');
    }

    /**
     * @return Operator\Customer
     */
    public function customer()
    {
        return $this->_getOperator('Customer');
    }

    /**
     * @return Operator\Webspace
     */
    public function webspace()
    {
        return $this->_getOperator('Webspace');
    }

    /**
     * @return Operator\Subdomain
     */
    public function subdomain()
    {
        return $this->_getOperator('Subdomain');
    }

    /**
     * @return Operator\Dns
     */
    public function dns()
    {
        return $this->_getOperator('Dns');
    }

    /**
     * @return Operator\DnsTemplate
     */
    public function dnsTemplate()
    {
        return $this->_getOperator('DnsTemplate');
    }

    /**
     * @return Operator\DatabaseServer
     */
    public function databaseServer()
    {
        return $this->_getOperator('DatabaseServer');
    }

    /**
     * @return Operator\Mail
     */
    public function mail()
    {
        return $this->_getOperator('Mail');
    }

    /**
     * @return Operator\Certificate
     */
    public function certificate()
    {
        return $this->_getOperator('Certificate');
    }

    /**
     * @return Operator\SiteAlias
     */
    public function siteAlias()
    {
        return $this->_getOperator('SiteAlias');
    }

    /**
     * @return Operator\Ip
     */
    public function ip()
    {
        return $this->_getOperator('Ip');
    }

    /**
     * @return Operator\EventLog
     */
    public function eventLog()
    {
        return $this->_getOperator('EventLog');
    }

    /**
     * @return Operator\SecretKey
     */
    public function secretKey()
    {
        return $this->_getOperator('SecretKey');
    }

    /**
     * @return Operator\Ui
     */
    public function ui()
    {
        return $this->_getOperator('Ui');
    }

    /**
     * @return Operator\ServicePlan
     */
    public function servicePlan()
    {
        return $this->_getOperator('ServicePlan');
    }

    /**
     * @return Operator\VirtualDirectory
     */
    public function virtualDirectory()
    {
        return $this->_getOperator('VirtualDirectory');
    }

    /**
     * @return Operator\Database
     */
    public function database()
    {
        return $this->_getOperator('Database');
    }

    /**
     * @return Operator\Session
     */
    public function session()
    {
        return $this->_getOperator('Session');
    }

    /**
     * @return Operator\Locale
     */
    public function locale()
    {
        return $this->_getOperator('Locale');
    }

    /**
     * @return Operator\LogRotation
     */
    public function logRotation()
    {
        return $this->_getOperator('LogRotation');
    }

    /**
     * @return Operator\ProtectedDirectory
     */
    public function protectedDirectory()
    {
        return $this->_getOperator('ProtectedDirectory');
    }

    /**
     * @return Operator\Reseller
     */
    public function reseller()
    {
        return $this->_getOperator('Reseller');
    }

    /**
     * @return Operator\ResellerPlan
     */
    public function resellerPlan()
    {
        return $this->_getOperator('ResellerPlan');
    }

    /**
     * @return Operator\Aps
     */
    public function aps()
    {
        return $this->_getOperator('Aps');
    }

    /**
     * @return Operator\ServicePlanAddon
     */
    public function servicePlanAddon()
    {
        return $this->_getOperator('ServicePlanAddon');
    }

    /**
     * @return Operator\Site
     */
    public function site()
    {
        return $this->_getOperator('Site');
    }

    /**
     * @return Operator\PhpHandler
     */
    public function phpHandler()
    {
        return $this->_getOperator('PhpHandler');
    }
}


1		<?php
2		// Copyright 1999-2021. Plesk International GmbH.
3
4		namespace PleskX\Api;
5
6		use SimpleXMLElement;
7
8		/**
9		* Client for Plesk XML-RPC API.
10		*/
11		class Client
12		{
13		const RESPONSE_SHORT = 1;
14		const RESPONSE_FULL = 2;
15
16		protected $_host;
17		protected $_port;
18		protected $_protocol;
19		protected $_login;
20		protected $_password;
21		protected $_proxy = '';
22		protected $_secretKey;
23		protected $_version = '';
24
25		protected $_operatorsCache = [];
26
27		/**
28		* @var callable
29		*/
30		protected $_verifyResponseCallback;
31
32		/**
33		* Create client.
34		*
35		* @param string $host
36		* @param int $port
37		* @param string $protocol
38		*/
39		public function __construct($host, $port = 8443, $protocol = 'https')
40		{
41		$this->_host = $host;
42		$this->_port = $port;
43		$this->_protocol = $protocol;
44		}
45
46		/**
47		* Setup credentials for authentication.
48		*
49		* @param string $login
50		* @param string $password
51		*/
52		public function setCredentials($login, $password)
53		{
54		$this->_login = $login;
55		$this->_password = $password;
56		}
57
58		/**
59		* Define secret key for alternative authentication.
60		*
61		* @param string $secretKey
62		*/
63		public function setSecretKey($secretKey)
64		{
65		$this->_secretKey = $secretKey;
66		}
67
68		/**
69		* Set proxy server for requests.
70		*
71		* @param string $proxy
72		*/
73		public function setProxy($proxy)
74		{
75		$this->_proxy = $proxy;
76		}
77
78		/**
79		* Set default version for requests.
80		*
81		* @param string $version
82		*/
83		public function setVersion($version)
84		{
85		$this->_version = $version;
86		}
87
88		/**
89		* Set custom function to verify response of API call according your own needs. Default verifying will be used if it is not specified.
90		*
91		* @param callable\|null $function
92		*/
93		public function setVerifyResponse(callable $function = null)
94		{
95		$this->_verifyResponseCallback = $function;
96		}
97
98		/**
99		* Retrieve host used for communication.
100		*
101		* @return string
102		*/
103		public function getHost()
104		{
105		return $this->_host;
106		}
107
108		/**
109		* Retrieve port used for communication.
110		*
111		* @return int
112		*/
113		public function getPort()
114		{
115		return $this->_port;
116		}
117
118		/**
119		* Retrieve name of the protocol (http or https) used for communication.
120		*
121		* @return string
122		*/
123		public function getProtocol()
124		{
125		return $this->_protocol;
126		}
127
128		/**
129		* Retrieve XML template for packet.
130		*
131		* @param string\|null $version
132		*
133		* @return SimpleXMLElement
134		*/
135		public function getPacket($version = null)
136		{
137		$protocolVersion = !is_null($version) ? $version : $this->_version;
138		$content = "<?xml version='1.0' encoding='UTF-8' ?>";
139		$content .= '<packet'.('' === $protocolVersion ? '' : " version='$protocolVersion'").'/>';
140
141		return new SimpleXMLElement($content);
142		}
143
144		/**
145		* Perform API request.
146		*
147		* @param string\|array\|SimpleXMLElement $request
148		* @param int $mode
149		*
150		* @return XmlResponse
151		*/
152		public function request($request, $mode = self::RESPONSE_SHORT)
153		{
154		if ($request instanceof SimpleXMLElement) {
155		$request = $request->asXml();
156	View Code Duplication	} else {
		0 ignored issues – show Duplication introduced 2016-03-26 06:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
157		$xml = $this->getPacket();
158
159		if (is_array($request)) {
160		$request = $this->_arrayToXml($request, $xml)->asXML();
161		} elseif (preg_match('/^[a-z]/', $request)) {
162		$request = $this->_expandRequestShortSyntax($request, $xml);
163		}
164		}
165
166		if ('sdk' == $this->_protocol) {
167		$version = ('' == $this->_version) ? null : $this->_version;
168		$requestXml = new SimpleXMLElement((string) $request);
169		$xml = \pm_ApiRpc::getService($version)->call($requestXml->children()[0]->asXml(), $this->_login);
170		} else {
171		$xml = $this->_performHttpRequest($request);
		0 ignored issues – show Security Bug introduced 2017-04-18 12:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$request` can also be of type `false`; however, `PleskX\Api\Client::_performHttpRequest()` does only seem to accept `string`, did you maybe forget to handle an error condition? Loading history...
172		}
173
174		$this->_verifyResponseCallback
175		? call_user_func($this->_verifyResponseCallback, $xml)
176		: $this->_verifyResponse($xml);
177
178		return (self::RESPONSE_FULL == $mode) ? $xml : $xml->xpath('//result')[0];
179		}
180
181		/**
182		* Perform HTTP request to end-point.
183		*
184		* @param string $request
185		*
186		* @throws Client\Exception
187		*
188		* @return XmlResponse
189		*/
190		private function _performHttpRequest($request)
191		{
192		$curl = curl_init();
193
194		curl_setopt($curl, CURLOPT_URL, "$this->_protocol://$this->_host:$this->_port/enterprise/control/agent.php");
195		curl_setopt($curl, CURLOPT_RETURNTRANSFER, true);
196		curl_setopt($curl, CURLOPT_POST, true);
197		curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
198		curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
199		curl_setopt($curl, CURLOPT_HTTPHEADER, $this->_getHeaders());
200		curl_setopt($curl, CURLOPT_POSTFIELDS, $request);
201
202		if ('' !== $this->_proxy) {
203		curl_setopt($curl, CURLOPT_PROXY, $this->_proxy);
204		}
205
206		$result = curl_exec($curl);
207
208		if (false === $result) {
209		throw new Client\Exception(curl_error($curl), curl_errno($curl));
210		}
211
212		curl_close($curl);
213
214		$xml = new XmlResponse($result);
215
216		return $xml;
217		}
218
219		/**
220		* Perform multiple API requests using single HTTP request.
221		*
222		* @param $requests
223		* @param int $mode
224		*
225		* @throws Client\Exception
226		*
227		* @return array
228		*/
229		public function multiRequest($requests, $mode = self::RESPONSE_SHORT)
230		{
231		$requestXml = $this->getPacket();
232
233		foreach ($requests as $request) {
234		if ($request instanceof SimpleXMLElement) {
235		throw new Client\Exception('SimpleXML type of request is not supported for multi requests.');
236	View Code Duplication	} else {
		0 ignored issues – show Duplication introduced 2018-06-12 13:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
237		if (is_array($request)) {
238		$request = $this->_arrayToXml($request, $requestXml)->asXML();
239		} elseif (preg_match('/^[a-z]/', $request)) {
240		$this->_expandRequestShortSyntax($request, $requestXml);
241		}
242		}
243		$responses[] = $this->request($request);
		0 ignored issues – show Coding Style Comprehensibility introduced 2016-03-26 06:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$responses` was never initialized. Although not strictly required by PHP, it is generally a good practice to add `$responses = array();` before regardless. Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) { $myArray['foo'] = $item->getFoo(); if ($item->hasBar()) { $myArray['bar'] = $item->getBar(); } // do something with $myArray } As you can see in this example, the array `$myArray` is initialized the first time when the foreach loop is entered. You can also see that the value of the `bar` key is only written conditionally; thus, its value might result from a previous iteration. This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization `$myArray = array()` either outside or inside the foreach loop. Loading history...
244		}
245
246		if ('sdk' == $this->_protocol) {
247		throw new Client\Exception('Multi requests are not supported via SDK.');
248		} else {
249		$responseXml = $this->_performHttpRequest($requestXml->asXML());
		0 ignored issues – show Security Bug introduced 2016-03-26 06:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$requestXml->asXML()` targeting `SimpleXMLElement::asXML()` can also be of type `false`; however, `PleskX\Api\Client::_performHttpRequest()` does only seem to accept `string`, did you maybe forget to handle an error condition? Loading history...
250		}
251
252		$responses = [];
253		foreach ($responseXml->children() as $childNode) {
254		$xml = $this->getPacket();
255		$dom = dom_import_simplexml($xml)->ownerDocument;
256
257		$childDomNode = dom_import_simplexml($childNode);
258		$childDomNode = $dom->importNode($childDomNode, true);
259		$dom->documentElement->appendChild($childDomNode);
260
261		$response = simplexml_load_string($dom->saveXML());
262		$responses[] = (self::RESPONSE_FULL == $mode) ? $response : $response->xpath('//result')[0];
263		}
264
265		return $responses;
266		}
267
268		/**
269		* Retrieve list of headers needed for request.
270		*
271		* @return array
272		*/
273		protected function _getHeaders()
274		{
275		$headers = [
276		'Content-Type: text/xml',
277		'HTTP_PRETTY_PRINT: TRUE',
278		];
279
280		if ($this->_secretKey) {
281		$headers[] = "KEY: $this->_secretKey";
282		} else {
283		$headers[] = "HTTP_AUTH_LOGIN: $this->_login";
284		$headers[] = "HTTP_AUTH_PASSWD: $this->_password";
285		}
286
287		return $headers;
288		}
289
290		/**
291		* Verify that response does not contain errors.
292		*
293		* @param XmlResponse $xml
294		*
295		* @throws Exception
296		*/
297		protected function _verifyResponse($xml)
298		{
299		if ($xml->system && $xml->system->status && 'error' == (string) $xml->system->status) {
300		throw new Exception((string) $xml->system->errtext, (int) $xml->system->errcode);
301		}
302
303		if ($xml->xpath('//status[text()="error"]') && $xml->xpath('//errcode') && $xml->xpath('//errtext')) {
304		$errorCode = (int) $xml->xpath('//errcode')[0];
305		$errorMessage = (string) $xml->xpath('//errtext')[0];
306
307		throw new Exception($errorMessage, $errorCode);
308		}
309		}
310
311		/**
312		* Expand short syntax (some.method.call) into full XML representation.
313		*
314		* @param string $request
315		* @param SimpleXMLElement $xml
316		*
317		* @return string
318		*/
319		protected function _expandRequestShortSyntax($request, SimpleXMLElement $xml)
320		{
321		$parts = explode('.', $request);
322		$node = $xml;
323
324		foreach ($parts as $part) {
325		@list($name, $value) = explode('=', $part);
		0 ignored issues – show Security Best Practice introduced 2016-03-26 06:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
326		$node = $node->addChild($name, $value);
327		}
328
329		return $xml->asXML();
330		}
331
332		/**
333		* Convert array to XML representation.
334		*
335		* @param array $array
336		* @param SimpleXMLElement $xml
337		* @param string $parentEl
338		*
339		* @return SimpleXMLElement
340		*/
341		protected function _arrayToXml(array $array, SimpleXMLElement $xml, $parentEl = null)
342		{
343		foreach ($array as $key => $value) {
344		$el = is_int($key) && $parentEl ? $parentEl : $key;
		0 ignored issues – show Bug Best Practice introduced 2017-12-20 08:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$parentEl` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
345		if (is_array($value)) {
346		$this->_arrayToXml($value, $this->_isAssocArray($value) ? $xml->addChild($el) : $xml, $el);
347		} else {
348		$xml->addChild($el, $value);
349		}
350		}
351
352		return $xml;
353		}
354
355		/**
356		* @param array $array
357		*
358		* @return bool
359		*/
360		protected function _isAssocArray(array $array)
361		{
362		return $array && array_keys($array) !== range(0, count($array) - 1);
		0 ignored issues – show Bug Best Practice introduced 2017-12-20 08:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$array` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
363		}
364
365		/**
366		* @param string $name
367		*
368		* @return \PleskX\Api\Operator
369		*/
370		protected function _getOperator($name)
371		{
372		if (!isset($this->_operatorsCache[$name])) {
373		$className = '\\PleskX\\Api\\Operator\\'.$name;
374		$this->_operatorsCache[$name] = new $className($this);
375		}
376
377		return $this->_operatorsCache[$name];
378		}
379
380		/**
381		* @return Operator\Server
382		*/
383		public function server()
384		{
385		return $this->_getOperator('Server');
386		}
387
388		/**
389		* @return Operator\Customer
390		*/
391		public function customer()
392		{
393		return $this->_getOperator('Customer');
394		}
395
396		/**
397		* @return Operator\Webspace
398		*/
399		public function webspace()
400		{
401		return $this->_getOperator('Webspace');
402		}
403
404		/**
405		* @return Operator\Subdomain
406		*/
407		public function subdomain()
408		{
409		return $this->_getOperator('Subdomain');
410		}
411
412		/**
413		* @return Operator\Dns
414		*/
415		public function dns()
416		{
417		return $this->_getOperator('Dns');
418		}
419
420		/**
421		* @return Operator\DnsTemplate
422		*/
423		public function dnsTemplate()
424		{
425		return $this->_getOperator('DnsTemplate');
426		}
427
428		/**
429		* @return Operator\DatabaseServer
430		*/
431		public function databaseServer()
432		{
433		return $this->_getOperator('DatabaseServer');
434		}
435
436		/**
437		* @return Operator\Mail
438		*/
439		public function mail()
440		{
441		return $this->_getOperator('Mail');
442		}
443
444		/**
445		* @return Operator\Certificate
446		*/
447		public function certificate()
448		{
449		return $this->_getOperator('Certificate');
450		}
451
452		/**
453		* @return Operator\SiteAlias
454		*/
455		public function siteAlias()
456		{
457		return $this->_getOperator('SiteAlias');
458		}
459
460		/**
461		* @return Operator\Ip
462		*/
463		public function ip()
464		{
465		return $this->_getOperator('Ip');
466		}
467
468		/**
469		* @return Operator\EventLog
470		*/
471		public function eventLog()
472		{
473		return $this->_getOperator('EventLog');
474		}
475
476		/**
477		* @return Operator\SecretKey
478		*/
479		public function secretKey()
480		{
481		return $this->_getOperator('SecretKey');
482		}
483
484		/**
485		* @return Operator\Ui
486		*/
487		public function ui()
488		{
489		return $this->_getOperator('Ui');
490		}
491
492		/**
493		* @return Operator\ServicePlan
494		*/
495		public function servicePlan()
496		{
497		return $this->_getOperator('ServicePlan');
498		}
499
500		/**
501		* @return Operator\VirtualDirectory
502		*/
503		public function virtualDirectory()
504		{
505		return $this->_getOperator('VirtualDirectory');
506		}
507
508		/**
509		* @return Operator\Database
510		*/
511		public function database()
512		{
513		return $this->_getOperator('Database');
514		}
515
516		/**
517		* @return Operator\Session
518		*/
519		public function session()
520		{
521		return $this->_getOperator('Session');
522		}
523
524		/**
525		* @return Operator\Locale
526		*/
527		public function locale()
528		{
529		return $this->_getOperator('Locale');
530		}
531
532		/**
533		* @return Operator\LogRotation
534		*/
535		public function logRotation()
536		{
537		return $this->_getOperator('LogRotation');
538		}
539
540		/**
541		* @return Operator\ProtectedDirectory
542		*/
543		public function protectedDirectory()
544		{
545		return $this->_getOperator('ProtectedDirectory');
546		}
547
548		/**
549		* @return Operator\Reseller
550		*/
551		public function reseller()
552		{
553		return $this->_getOperator('Reseller');
554		}
555
556		/**
557		* @return Operator\ResellerPlan
558		*/
559		public function resellerPlan()
560		{
561		return $this->_getOperator('ResellerPlan');
562		}
563
564		/**
565		* @return Operator\Aps
566		*/
567		public function aps()
568		{
569		return $this->_getOperator('Aps');
570		}
571
572		/**
573		* @return Operator\ServicePlanAddon
574		*/
575		public function servicePlanAddon()
576		{
577		return $this->_getOperator('ServicePlanAddon');
578		}
579
580		/**
581		* @return Operator\Site
582		*/
583		public function site()
584		{
585		return $this->_getOperator('Site');
586		}
587
588		/**
589		* @return Operator\PhpHandler
590		*/
591		public function phpHandler()
592		{
593		return $this->_getOperator('PhpHandler');
594		}
595		}
596

plesk / api-php-lib

Issues (41)

Security Analysis no request data

src/Api/Client.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like