These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | namespace Redaxscript\Admin\Router; |
||
3 | |||
4 | use Redaxscript\Admin; |
||
5 | use Redaxscript\Header; |
||
6 | use Redaxscript\Module; |
||
7 | use Redaxscript\Router\RouterAbstract; |
||
8 | use function in_array; |
||
9 | |||
10 | /** |
||
11 | * parent class to provide the admin router |
||
12 | * |
||
13 | * @since 3.3.0 |
||
14 | * |
||
15 | * @package Redaxscript |
||
16 | * @category Router |
||
17 | * @author Henry Ruhs |
||
18 | */ |
||
19 | |||
20 | class Router extends RouterAbstract |
||
21 | { |
||
22 | /** |
||
23 | * route the header |
||
24 | * |
||
25 | * @since 3.3.0 |
||
26 | * |
||
27 | * @return bool |
||
28 | */ |
||
29 | |||
30 | 2 | public function routeHeader() : bool |
|
31 | { |
||
32 | 2 | Module\Hook::trigger('adminRouteHeader'); |
|
33 | 2 | $adminParameter = $this->getAdmin(); |
|
34 | |||
35 | /* handle break */ |
||
36 | |||
37 | 2 | if ($this->_registry->get('adminRouterBreak')) |
|
38 | { |
||
39 | 1 | Header::responseCode(202); |
|
40 | } |
||
41 | |||
42 | /* handle guard */ |
||
43 | |||
44 | 2 | if ($adminParameter && ($this->_tokenGuard() || $this->_authGuard())) |
|
45 | { |
||
46 | Header::responseCode(403); |
||
47 | } |
||
48 | 2 | return (bool)$this->_registry->get('adminRouterBreak'); |
|
49 | } |
||
50 | |||
51 | /** |
||
52 | * route the content |
||
53 | * |
||
54 | * @since 3.3.0 |
||
55 | * |
||
56 | * @return string|null |
||
57 | */ |
||
58 | |||
59 | 10 | public function routeContent() : ?string |
|
60 | { |
||
61 | 10 | Module\Hook::trigger('adminRouteContent'); |
|
62 | 10 | $firstParameter = $this->getFirst(); |
|
63 | 10 | $adminParameter = $this->getAdmin(); |
|
64 | 10 | $tableParameter = $this->getTable(); |
|
65 | |||
66 | /* handle admin */ |
||
67 | |||
68 | 10 | if ($firstParameter === 'admin') |
|
69 | { |
||
70 | /* handle break */ |
||
71 | |||
72 | 9 | if ($this->_registry->get('adminRouterBreak')) |
|
73 | { |
||
74 | 9 | return '<!-- adminRouterBreak -->'; |
|
75 | } |
||
76 | 1 | ||
77 | /* handle guard */ |
||
78 | 8 | ||
79 | if ($adminParameter) |
||
80 | { |
||
81 | if ($this->_tokenGuard()) |
||
82 | { |
||
83 | return $this->_errorToken(); |
||
84 | } |
||
85 | if ($this->_authGuard()) |
||
86 | 8 | { |
|
87 | return $this->_errorAccess(); |
||
88 | } |
||
89 | } |
||
90 | |||
91 | /* handle update */ |
||
92 | |||
93 | 8 | if (!$adminParameter || $adminParameter === 'view' && $tableParameter === 'users' || $this->_registry->get('cronUpdate')) |
|
94 | { |
||
95 | 1 | $this->_updateLast(); |
|
96 | } |
||
97 | 7 | ||
98 | /* handle post */ |
||
99 | 1 | ||
100 | if ($this->_request->getPost('Redaxscript\Admin\View\CategoryForm')) |
||
101 | 6 | { |
|
102 | return $this->_processCategory(); |
||
103 | 1 | } |
|
104 | if ($this->_request->getPost('Redaxscript\Admin\View\ArticleForm')) |
||
105 | 5 | { |
|
106 | return $this->_processArticle(); |
||
107 | 1 | } |
|
108 | if ($this->_request->getPost('Redaxscript\Admin\View\ExtraForm')) |
||
109 | 4 | { |
|
110 | return $this->_processExtra(); |
||
111 | 1 | } |
|
112 | if ($this->_request->getPost('Redaxscript\Admin\View\CommentForm')) |
||
113 | 3 | { |
|
114 | return $this->_processComment(); |
||
115 | 1 | } |
|
116 | if ($this->_request->getPost('Redaxscript\Admin\View\UserForm')) |
||
117 | 2 | { |
|
118 | return $this->_processUser(); |
||
119 | 1 | } |
|
120 | if ($this->_request->getPost('Redaxscript\Admin\View\GroupForm')) |
||
121 | 1 | { |
|
122 | return $this->_processGroup(); |
||
123 | 1 | } |
|
124 | if ($this->_request->getPost('Redaxscript\Admin\View\ModuleForm')) |
||
125 | { |
||
126 | return $this->_processModule(); |
||
127 | } |
||
128 | if ($this->_request->getPost('Redaxscript\Admin\View\SettingForm')) |
||
129 | { |
||
130 | return $this->_processSetting(); |
||
131 | } |
||
132 | |||
133 | /* handle route */ |
||
134 | |||
135 | if ($adminParameter === 'view') |
||
136 | { |
||
137 | return $this->_renderView(); |
||
138 | } |
||
139 | if ($adminParameter === 'new') |
||
140 | { |
||
141 | return $this->_renderNew(); |
||
142 | 1 | } |
|
143 | if ($adminParameter === 'edit') |
||
144 | { |
||
145 | return $this->_renderEdit(); |
||
146 | 1 | } |
|
147 | return $this->_processCommon(); |
||
148 | } |
||
149 | return null; |
||
150 | } |
||
151 | |||
152 | /** |
||
153 | * token guard |
||
154 | * |
||
155 | * @since 3.3.0 |
||
156 | * |
||
157 | 9 | * @return bool |
|
158 | */ |
||
159 | 9 | ||
160 | 9 | protected function _tokenGuard() : bool |
|
161 | { |
||
162 | $adminParameter = $this->getAdmin(); |
||
163 | 9 | $tokenParameter = $this->getToken(); |
|
164 | $tokenArray = |
||
165 | [ |
||
166 | 'enable', |
||
167 | 'disable', |
||
168 | 'publish', |
||
169 | 'unpublish', |
||
170 | 'install', |
||
171 | 9 | 'uninstall', |
|
172 | 'delete' |
||
173 | ]; |
||
174 | return $this->_request->get('post') && $this->_request->getPost('token') !== $this->_registry->get('token') || in_array($adminParameter, $tokenArray) && !$tokenParameter; |
||
175 | } |
||
176 | |||
177 | /** |
||
178 | * auth guard |
||
179 | * |
||
180 | * @since 3.3.0 |
||
181 | * |
||
182 | 8 | * @return bool |
|
183 | */ |
||
184 | 8 | ||
185 | 8 | protected function _authGuard() : bool |
|
186 | 8 | { |
|
187 | $adminParameter = $this->getAdmin(); |
||
188 | $tableParameter = $this->getTable(); |
||
189 | 8 | $idParameter = $this->getId(); |
|
190 | $editArray = |
||
191 | [ |
||
192 | 'edit', |
||
193 | 'view', |
||
194 | 'enable', |
||
195 | 'disable', |
||
196 | 8 | 'publish', |
|
197 | 8 | 'unpublish' |
|
198 | 8 | ]; |
|
199 | 8 | $permissionNew = $adminParameter === 'new' && $this->_registry->get('tableNew'); |
|
200 | 8 | $permissionEdit = in_array($adminParameter, $editArray) && $this->_registry->get('tableEdit'); |
|
201 | 8 | $permissionDelete = $adminParameter === 'delete' && $this->_registry->get('tableDelete'); |
|
202 | 8 | $permissionInstall = $adminParameter === 'install' && $this->_registry->get('tableInstall'); |
|
203 | $permissionUninstall = $adminParameter === 'uninstall' && $this->_registry->get('tableUninstall'); |
||
204 | $permissionProfile = $tableParameter === 'users' && $idParameter === $this->_registry->get('myId'); |
||
205 | return !$permissionNew && !$permissionEdit && !$permissionDelete && !$permissionInstall && !$permissionUninstall && !$permissionProfile; |
||
206 | } |
||
207 | |||
208 | /** |
||
209 | * update last |
||
210 | * |
||
211 | * @since 4.00 |
||
212 | */ |
||
213 | |||
214 | protected function _updateLast() : void |
||
215 | { |
||
216 | $userModel = new Admin\Model\User(); |
||
217 | if ($this->_registry->get('myId')) |
||
218 | { |
||
219 | $userModel->updateLastById($this->_registry->get('myId'), $this->_registry->get('now')); |
||
220 | } |
||
221 | } |
||
222 | |||
223 | /** |
||
224 | * process the category |
||
225 | * |
||
226 | * @since 4.00 |
||
227 | * |
||
228 | 1 | * @return string |
|
229 | */ |
||
230 | 1 | ||
231 | 1 | protected function _processCategory() : string |
|
232 | { |
||
233 | $categoryController = new Admin\Controller\Category($this->_registry, $this->_request, $this->_language, $this->_config); |
||
234 | return $categoryController->process($this->_request->getPost('Redaxscript\Admin\View\CategoryForm')); |
||
235 | } |
||
236 | |||
237 | /** |
||
238 | * process the article |
||
239 | * |
||
240 | * @since 4.00 |
||
241 | * |
||
242 | 1 | * @return string |
|
243 | */ |
||
244 | 1 | ||
245 | 1 | protected function _processArticle() : string |
|
246 | { |
||
247 | $articleController = new Admin\Controller\Article($this->_registry, $this->_request, $this->_language, $this->_config); |
||
248 | return $articleController->process($this->_request->getPost('Redaxscript\Admin\View\ArticleForm')); |
||
249 | } |
||
250 | |||
251 | /** |
||
252 | * process the extra |
||
253 | * |
||
254 | * @since 4.00 |
||
255 | * |
||
256 | 1 | * @return string |
|
257 | */ |
||
258 | 1 | ||
259 | 1 | protected function _processExtra() : string |
|
260 | { |
||
261 | $extraController = new Admin\Controller\Extra($this->_registry, $this->_request, $this->_language, $this->_config); |
||
262 | return $extraController->process($this->_request->getPost('Redaxscript\Admin\View\ExtraForm')); |
||
263 | } |
||
264 | |||
265 | /** |
||
266 | * process the comment |
||
267 | * |
||
268 | * @since 4.00 |
||
269 | * |
||
270 | 1 | * @return string |
|
271 | */ |
||
272 | 1 | ||
273 | 1 | protected function _processComment() : string |
|
274 | { |
||
275 | $commentController = new Admin\Controller\Comment($this->_registry, $this->_request, $this->_language, $this->_config); |
||
276 | return $commentController->process($this->_request->getPost('Redaxscript\Admin\View\CommentForm')); |
||
277 | } |
||
278 | |||
279 | /** |
||
280 | * process the user |
||
281 | * |
||
282 | * @since 4.00 |
||
283 | * |
||
284 | 1 | * @return string |
|
285 | */ |
||
286 | 1 | ||
287 | 1 | protected function _processUser() : string |
|
288 | { |
||
289 | $userController = new Admin\Controller\User($this->_registry, $this->_request, $this->_language, $this->_config); |
||
290 | return $userController->process($this->_request->getPost('Redaxscript\Admin\View\UserForm')); |
||
291 | } |
||
292 | |||
293 | /** |
||
294 | * process the group |
||
295 | * |
||
296 | * @since 4.00 |
||
297 | * |
||
298 | 1 | * @return string |
|
299 | */ |
||
300 | 1 | ||
301 | 1 | protected function _processGroup() : string |
|
302 | { |
||
303 | $groupController = new Admin\Controller\Group($this->_registry, $this->_request, $this->_language, $this->_config); |
||
304 | return $groupController->process($this->_request->getPost('Redaxscript\Admin\View\GroupForm')); |
||
305 | } |
||
306 | |||
307 | /** |
||
308 | * process the module |
||
309 | * |
||
310 | * @since 4.00 |
||
311 | * |
||
312 | 1 | * @return string |
|
313 | */ |
||
314 | 1 | ||
315 | 1 | protected function _processModule() : string |
|
316 | { |
||
317 | $moduleController = new Admin\Controller\Module($this->_registry, $this->_request, $this->_language, $this->_config); |
||
318 | return $moduleController->process($this->_request->getPost('Redaxscript\Admin\View\ModuleForm')); |
||
319 | } |
||
320 | |||
321 | /** |
||
322 | * process the setting |
||
323 | * |
||
324 | * @since 4.00 |
||
325 | * |
||
326 | 1 | * @return string |
|
327 | */ |
||
328 | 1 | ||
329 | 1 | protected function _processSetting() : string |
|
330 | { |
||
331 | $settingController = new Admin\Controller\Setting($this->_registry, $this->_request, $this->_language, $this->_config); |
||
332 | return $settingController->process($this->_request->getPost('Redaxscript\Admin\View\SettingForm')); |
||
333 | } |
||
334 | |||
335 | /** |
||
336 | * process the common |
||
337 | * |
||
338 | * @since 4.00 |
||
339 | * |
||
340 | * @return string|null |
||
341 | */ |
||
342 | |||
343 | protected function _processCommon() : ?string |
||
344 | { |
||
345 | $adminParameter = $this->getAdmin(); |
||
346 | $commonArray = |
||
347 | [ |
||
348 | 'enable', |
||
349 | 'disable', |
||
350 | 'publish', |
||
351 | 'unpublish', |
||
352 | 'install', |
||
353 | 'uninstall', |
||
354 | 'delete' |
||
355 | ]; |
||
356 | if (in_array($adminParameter, $commonArray)) |
||
357 | { |
||
358 | $commonController = new Admin\Controller\Common($this->_registry, $this->_request, $this->_language, $this->_config); |
||
359 | return $commonController->process($adminParameter); |
||
360 | } |
||
361 | return null; |
||
362 | } |
||
363 | |||
364 | /** |
||
365 | * render the view |
||
366 | * |
||
367 | * @since 3.3.0 |
||
368 | * |
||
369 | * @return string|null |
||
370 | */ |
||
371 | |||
372 | protected function _renderView() : ?string |
||
373 | { |
||
374 | $tableParameter = $this->getTable(); |
||
375 | |||
376 | /* handle table */ |
||
377 | |||
378 | if ($tableParameter === 'categories') |
||
379 | { |
||
380 | $categoryTable = new Admin\View\CategoryTable($this->_registry, $this->_language); |
||
381 | return $categoryTable->render(); |
||
382 | } |
||
383 | if ($tableParameter === 'articles') |
||
384 | { |
||
385 | $articleTable = new Admin\View\ArticleTable($this->_registry, $this->_language); |
||
386 | return $articleTable->render(); |
||
387 | } |
||
388 | if ($tableParameter === 'extras') |
||
389 | { |
||
390 | $extraTable = new Admin\View\ExtraTable($this->_registry, $this->_language); |
||
391 | return $extraTable->render(); |
||
392 | } |
||
393 | if ($tableParameter === 'comments') |
||
394 | { |
||
395 | $commentTable = new Admin\View\CommentTable($this->_registry, $this->_language); |
||
396 | return $commentTable->render(); |
||
397 | } |
||
398 | if ($tableParameter === 'users') |
||
399 | { |
||
400 | $userTable = new Admin\View\UserTable($this->_registry, $this->_language); |
||
401 | return $userTable->render(); |
||
402 | } |
||
403 | if ($tableParameter === 'groups') |
||
404 | { |
||
405 | $groupTable = new Admin\View\GroupTable($this->_registry, $this->_language); |
||
406 | return $groupTable->render(); |
||
407 | } |
||
408 | if ($tableParameter === 'modules') |
||
409 | { |
||
410 | $moduleTable = new Admin\View\ModuleTable($this->_registry, $this->_language); |
||
411 | return $moduleTable->render(); |
||
412 | } |
||
413 | return null; |
||
414 | } |
||
415 | |||
416 | /** |
||
417 | * render the new |
||
418 | * |
||
419 | * @since 3.3.0 |
||
420 | * |
||
421 | * @return string|null |
||
422 | */ |
||
423 | |||
424 | protected function _renderNew() : ?string |
||
425 | { |
||
426 | $tableParameter = $this->getTable(); |
||
427 | |||
428 | /* handle table */ |
||
429 | |||
430 | if ($tableParameter === 'categories') |
||
431 | { |
||
432 | $categoryForm = new Admin\View\CategoryForm($this->_registry, $this->_language); |
||
433 | return $categoryForm->render(); |
||
434 | } |
||
435 | if ($tableParameter === 'articles') |
||
436 | { |
||
437 | $articleForm = new Admin\View\ArticleForm($this->_registry, $this->_language); |
||
438 | return $articleForm->render(); |
||
439 | } |
||
440 | if ($tableParameter === 'extras') |
||
441 | { |
||
442 | $extraForm = new Admin\View\ExtraForm($this->_registry, $this->_language); |
||
443 | return $extraForm->render(); |
||
444 | } |
||
445 | if ($tableParameter === 'comments') |
||
446 | { |
||
447 | $commentForm = new Admin\View\CommentForm($this->_registry, $this->_language); |
||
448 | return $commentForm->render(); |
||
449 | } |
||
450 | if ($tableParameter === 'users') |
||
451 | { |
||
452 | $userForm = new Admin\View\UserForm($this->_registry, $this->_language); |
||
453 | return $userForm->render(); |
||
454 | } |
||
455 | if ($tableParameter === 'groups') |
||
456 | { |
||
457 | $groupForm = new Admin\View\GroupForm($this->_registry, $this->_language); |
||
458 | return $groupForm->render(); |
||
459 | } |
||
460 | return null; |
||
461 | } |
||
462 | |||
463 | /** |
||
464 | * render the edit |
||
465 | * |
||
466 | * @since 3.3.0 |
||
467 | * |
||
468 | * @return string|null |
||
469 | */ |
||
470 | |||
471 | protected function _renderEdit() : ?string |
||
472 | { |
||
473 | $tableParameter = $this->getTable(); |
||
474 | $idParameter = $this->getId(); |
||
475 | |||
476 | /* handle table */ |
||
477 | |||
478 | if ($tableParameter === 'categories' && $idParameter) |
||
0 ignored issues
–
show
|
|||
479 | { |
||
480 | $categoryForm = new Admin\View\CategoryForm($this->_registry, $this->_language); |
||
481 | return $categoryForm->render($idParameter); |
||
482 | } |
||
483 | if ($tableParameter === 'articles' && $idParameter) |
||
0 ignored issues
–
show
The expression
$idParameter of type integer|null is loosely compared to true ; this is ambiguous if the integer can be zero. You might want to explicitly use !== null instead.
In PHP, under loose comparison (like For 0 == false // true
0 == null // true
123 == false // false
123 == null // false
// It is often better to use strict comparison
0 === false // false
0 === null // false
Loading history...
|
|||
484 | { |
||
485 | $articleForm = new Admin\View\ArticleForm($this->_registry, $this->_language); |
||
486 | return $articleForm->render($idParameter); |
||
487 | } |
||
488 | if ($tableParameter === 'extras' && $idParameter) |
||
0 ignored issues
–
show
The expression
$idParameter of type integer|null is loosely compared to true ; this is ambiguous if the integer can be zero. You might want to explicitly use !== null instead.
In PHP, under loose comparison (like For 0 == false // true
0 == null // true
123 == false // false
123 == null // false
// It is often better to use strict comparison
0 === false // false
0 === null // false
Loading history...
|
|||
489 | { |
||
490 | $extraForm = new Admin\View\ExtraForm($this->_registry, $this->_language); |
||
491 | return $extraForm->render($idParameter); |
||
492 | } |
||
493 | if ($tableParameter === 'comments' && $idParameter) |
||
0 ignored issues
–
show
The expression
$idParameter of type integer|null is loosely compared to true ; this is ambiguous if the integer can be zero. You might want to explicitly use !== null instead.
In PHP, under loose comparison (like For 0 == false // true
0 == null // true
123 == false // false
123 == null // false
// It is often better to use strict comparison
0 === false // false
0 === null // false
Loading history...
|
|||
494 | { |
||
495 | $commentForm = new Admin\View\CommentForm($this->_registry, $this->_language); |
||
496 | return $commentForm->render($idParameter); |
||
497 | } |
||
498 | if ($tableParameter === 'users' && $idParameter) |
||
0 ignored issues
–
show
The expression
$idParameter of type integer|null is loosely compared to true ; this is ambiguous if the integer can be zero. You might want to explicitly use !== null instead.
In PHP, under loose comparison (like For 0 == false // true
0 == null // true
123 == false // false
123 == null // false
// It is often better to use strict comparison
0 === false // false
0 === null // false
Loading history...
|
|||
499 | { |
||
500 | $userForm = new Admin\View\UserForm($this->_registry, $this->_language); |
||
501 | return $userForm->render($idParameter); |
||
502 | } |
||
503 | if ($tableParameter === 'groups' && $idParameter) |
||
0 ignored issues
–
show
The expression
$idParameter of type integer|null is loosely compared to true ; this is ambiguous if the integer can be zero. You might want to explicitly use !== null instead.
In PHP, under loose comparison (like For 0 == false // true
0 == null // true
123 == false // false
123 == null // false
// It is often better to use strict comparison
0 === false // false
0 === null // false
Loading history...
|
|||
504 | { |
||
505 | $groupForm = new Admin\View\GroupForm($this->_registry, $this->_language); |
||
506 | return $groupForm->render($idParameter); |
||
507 | } |
||
508 | if ($tableParameter === 'modules' && $idParameter) |
||
0 ignored issues
–
show
The expression
$idParameter of type integer|null is loosely compared to true ; this is ambiguous if the integer can be zero. You might want to explicitly use !== null instead.
In PHP, under loose comparison (like For 0 == false // true
0 == null // true
123 == false // false
123 == null // false
// It is often better to use strict comparison
0 === false // false
0 === null // false
Loading history...
|
|||
509 | { |
||
510 | $moduleForm = new Admin\View\ModuleForm($this->_registry, $this->_language); |
||
511 | return $moduleForm->render($idParameter); |
||
512 | } |
||
513 | if ($tableParameter === 'settings') |
||
514 | { |
||
515 | $settingForm = new Admin\View\SettingForm($this->_registry, $this->_language); |
||
516 | return $settingForm->render(); |
||
517 | } |
||
518 | return null; |
||
519 | } |
||
520 | |||
521 | /** |
||
522 | * messenger factory |
||
523 | * |
||
524 | * @since 4.0.0 |
||
525 | * |
||
526 | 1 | * @return Admin\View\Helper\Messenger |
|
527 | */ |
||
528 | 1 | ||
529 | protected function _messengerFactory() : Admin\View\Helper\Messenger |
||
530 | { |
||
531 | return new Admin\View\Helper\Messenger($this->_registry); |
||
532 | } |
||
533 | |||
534 | /** |
||
535 | * show the token error |
||
536 | * |
||
537 | * @since 3.3.0 |
||
538 | * |
||
539 | 1 | * @return string |
|
540 | */ |
||
541 | 1 | ||
542 | protected function _errorToken() : string |
||
543 | 1 | { |
|
544 | 1 | $messenger = $this->_messengerFactory(); |
|
545 | return $messenger |
||
546 | ->setRoute($this->_language->get('back'), 'admin') |
||
547 | ->error($this->_language->get('token_incorrect'), $this->_language->get('error_occurred')); |
||
548 | } |
||
549 | |||
550 | /** |
||
551 | * show the access error |
||
552 | * |
||
553 | * @since 3.3.0 |
||
554 | * |
||
555 | * @return string |
||
556 | */ |
||
557 | |||
558 | protected function _errorAccess() : string |
||
559 | { |
||
560 | $messenger = $this->_messengerFactory(); |
||
561 | return $messenger |
||
562 | ->setRoute($this->_language->get('back'), 'admin') |
||
563 | ->error($this->_language->get('access_no'), $this->_language->get('error_occurred')); |
||
564 | } |
||
565 | } |
||
566 |
In PHP, under loose comparison (like
==
, or!=
, orswitch
conditions), values of different types might be equal.For
integer
values, zero is a special case, in particular the following results might be unexpected: