These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | namespace Redaxscript\Admin\Controller; |
||
3 | |||
4 | use Redaxscript\Admin; |
||
5 | use Redaxscript\Filter; |
||
6 | use function json_encode; |
||
7 | use function strtotime; |
||
8 | |||
9 | /** |
||
10 | * children class to process the admin comment request |
||
11 | * |
||
12 | * @since 4.0.0 |
||
13 | * |
||
14 | * @package Redaxscript |
||
15 | * @category Controller |
||
16 | * @author Henry Ruhs |
||
17 | */ |
||
18 | |||
19 | class Comment extends ControllerAbstract |
||
20 | { |
||
21 | /** |
||
22 | * process the class |
||
23 | * |
||
24 | * @since 4.0.0 |
||
25 | * |
||
26 | * @param string $action action to process |
||
27 | * |
||
28 | * @return string |
||
29 | */ |
||
30 | |||
31 | public function process(string $action = null) : string |
||
32 | { |
||
33 | $postArray = $this->_normalizePost($this->_sanitizePost()); |
||
34 | $validateArray = $this->_validatePost($postArray); |
||
35 | $myUser = $this->_registry->get('myUser'); |
||
36 | $myEmail = $this->_registry->get('myEmail'); |
||
37 | $now = $this->_registry->get('now'); |
||
38 | |||
39 | /* validate post */ |
||
40 | |||
41 | if ($validateArray) |
||
42 | { |
||
43 | return $this->_error( |
||
44 | [ |
||
45 | 'route' => $this->_getErrorRoute($postArray), |
||
46 | 'message' => $validateArray |
||
47 | ]); |
||
48 | } |
||
49 | |||
50 | /* handle create */ |
||
51 | |||
52 | if ($action === 'create') |
||
53 | { |
||
54 | $createArray = |
||
55 | [ |
||
56 | 'author' => $myUser, |
||
57 | 'email' => $myEmail, |
||
58 | 'url' => $postArray['url'], |
||
59 | 'text' => $postArray['text'], |
||
60 | 'language' => $postArray['language'], |
||
61 | 'article' => $postArray['article'], |
||
62 | 'status' => $postArray['date'] > $now ? 2 : $postArray['status'], |
||
63 | 'rank' => $postArray['rank'], |
||
64 | 'access' => $postArray['access'], |
||
65 | 'date' => $postArray['date'] ? : $now |
||
66 | ]; |
||
67 | if ($this->_create($createArray)) |
||
68 | { |
||
69 | return $this->_success( |
||
70 | [ |
||
71 | 'route' => $this->_getSuccessRoute($postArray), |
||
72 | 'timeout' => 2 |
||
73 | ]); |
||
74 | } |
||
75 | } |
||
76 | |||
77 | /* handle update */ |
||
78 | |||
79 | if ($action === 'update') |
||
80 | { |
||
81 | $updateArray = |
||
82 | [ |
||
83 | 'url' => $postArray['url'], |
||
84 | 'text' => $postArray['text'], |
||
85 | 'language' => $postArray['language'], |
||
86 | 'article' => $postArray['article'], |
||
87 | 'status' => $postArray['date'] > $now ? 2 : $postArray['status'], |
||
88 | 'rank' => $postArray['rank'], |
||
89 | 'access' => $postArray['access'], |
||
90 | 'date' => $postArray['date'] ? : $now |
||
91 | ]; |
||
92 | if ($this->_update($postArray['id'], $updateArray)) |
||
93 | { |
||
94 | return $this->_success( |
||
95 | [ |
||
96 | 'route' => $this->_getSuccessRoute($postArray), |
||
97 | 'timeout' => 2 |
||
98 | ]); |
||
99 | } |
||
100 | } |
||
101 | |||
102 | /* handle error */ |
||
103 | |||
104 | return $this->_error( |
||
105 | [ |
||
106 | 'route' => $this->_getErrorRoute($postArray) |
||
107 | ]); |
||
108 | } |
||
109 | |||
110 | /** |
||
111 | * sanitize the post |
||
112 | * |
||
113 | * @since 4.0.0 |
||
114 | * |
||
115 | * @return array |
||
116 | */ |
||
117 | |||
118 | protected function _sanitizePost() : array |
||
119 | { |
||
120 | $numberFilter = new Filter\Number(); |
||
121 | $specialFilter = new Filter\Special(); |
||
122 | $urlFilter = new Filter\Url(); |
||
123 | $htmlFilter = new Filter\Html(); |
||
124 | |||
125 | /* sanitize post */ |
||
126 | |||
127 | return |
||
128 | [ |
||
129 | 'id' => $numberFilter->sanitize($this->_request->getPost('id')), |
||
130 | 'url' => $urlFilter->sanitize($this->_request->getPost('url')), |
||
131 | 'text' => $htmlFilter->sanitize($this->_request->getPost('text'), $this->_registry->get('filter')), |
||
132 | 'language' => $specialFilter->sanitize($this->_request->getPost('language')), |
||
133 | 'article' => $this->_request->getPost('article'), |
||
134 | 'status' => $numberFilter->sanitize($this->_request->getPost('status')), |
||
0 ignored issues
–
show
|
|||
135 | 'rank' => $numberFilter->sanitize($this->_request->getPost('rank')), |
||
136 | 'access' => json_encode($this->_request->getPost('access')), |
||
137 | 'date' => strtotime($this->_request->getPost('date')) |
||
138 | ]; |
||
139 | } |
||
140 | |||
141 | /** |
||
142 | * validate the post |
||
143 | * |
||
144 | * @since 4.0.0 |
||
145 | * |
||
146 | * @param array $postArray array of the post |
||
147 | * |
||
148 | * @return array |
||
149 | */ |
||
150 | |||
151 | protected function _validatePost(array $postArray = []) : array |
||
152 | { |
||
153 | $validateArray = []; |
||
154 | |||
155 | /* validate post */ |
||
156 | |||
157 | if (!$postArray['text']) |
||
158 | { |
||
159 | $validateArray[] = $this->_language->get('comment_empty'); |
||
160 | } |
||
161 | if (!$postArray['article']) |
||
162 | { |
||
163 | $validateArray[] = $this->_language->get('article_empty'); |
||
164 | } |
||
165 | return $validateArray; |
||
166 | } |
||
167 | |||
168 | /** |
||
169 | * create the comment |
||
170 | * |
||
171 | * @since 4.0.0 |
||
172 | * |
||
173 | * @param array $createArray array of the create |
||
174 | * |
||
175 | * @return bool |
||
176 | */ |
||
177 | |||
178 | protected function _create(array $createArray = []) : bool |
||
179 | { |
||
180 | $commentModel = new Admin\Model\Comment(); |
||
181 | return $commentModel->createByArray($createArray); |
||
182 | } |
||
183 | |||
184 | /** |
||
185 | * update the comment |
||
186 | * |
||
187 | * @since 4.0.0 |
||
188 | * |
||
189 | * @param int $commentId identifier of the comment |
||
190 | * @param array $updateArray array of the update |
||
191 | * |
||
192 | * @return bool |
||
193 | */ |
||
194 | |||
195 | protected function _update(int $commentId = null, array $updateArray = []) : bool |
||
196 | { |
||
197 | $commentModel = new Admin\Model\Comment(); |
||
198 | return $commentModel->updateByIdAndArray($commentId, $updateArray); |
||
199 | } |
||
200 | |||
201 | /** |
||
202 | * get success route |
||
203 | * |
||
204 | * @since 4.0.0 |
||
205 | * |
||
206 | * @param array $postArray array of the post |
||
207 | * |
||
208 | * @return string |
||
209 | */ |
||
210 | |||
211 | protected function _getSuccessRoute(array $postArray = []) : string |
||
212 | { |
||
213 | if ($this->_registry->get('commentsEdit')) |
||
214 | { |
||
215 | if ($postArray['id']) |
||
216 | { |
||
217 | return 'admin/view/comments#row-' . $postArray['id']; |
||
218 | } |
||
219 | return 'admin/view/comments'; |
||
220 | } |
||
221 | return 'admin'; |
||
222 | } |
||
223 | |||
224 | /** |
||
225 | * get error route |
||
226 | * |
||
227 | * @since 4.0.0 |
||
228 | * |
||
229 | * @param array $postArray array of the post |
||
230 | * |
||
231 | * @return string |
||
232 | */ |
||
233 | |||
234 | protected function _getErrorRoute(array $postArray = []) : string |
||
235 | { |
||
236 | if ($this->_registry->get('commentsEdit') && $postArray['id']) |
||
237 | { |
||
238 | return 'admin/edit/comments/' . $postArray['id']; |
||
239 | } |
||
240 | if ($this->_registry->get('commentsNew')) |
||
241 | { |
||
242 | return 'admin/new/comments'; |
||
243 | } |
||
244 | return 'admin'; |
||
245 | } |
||
246 | } |
||
247 |
This check looks at variables that are passed out again to other methods.
If the outgoing method call has stricter type requirements than the method itself, an issue is raised.
An additional type check may prevent trouble.