Issues in User.php - New Issues - Inspection of "Sanitize all the things (#669)" - redaxscript/redaxscript - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( dc8f37...8770f3 )

by Henry

created 2020-07-04 19:55 UTC

includes/Admin/Controller/User.php (3 issues)

Labels

Bug 3

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Redaxscript\Admin\Controller;

use Redaxscript\Admin;
use Redaxscript\Auth;
use Redaxscript\Filter;
use Redaxscript\Hash;
use Redaxscript\Validator;
use function json_encode;

/**
 * children class to process the admin user request
 *
 * @since 4.0.0
 *
 * @package Redaxscript
 * @category Controller
 * @author Henry Ruhs
 */

class User extends ControllerAbstract
{
	/**
	 * process the class
	 *
	 * @since 4.0.0
	 *
	 * @param string $action action to process
	 *
	 * @return string
	 */

	public function process(string $action = null) : string
	{
		$postArray = $this->_normalizePost($this->_sanitizePost());
		$validateArray = $this->_validatePost($postArray);
		$passwordHash = new Hash();
		$myId = (int)$this->_registry->get('myId');

		/* validate post */

		if ($validateArray)
		{
			return $this->_error(
			[
				'route' => $this->_getErrorRoute($postArray),
				'message' => $validateArray
			]);
		}

		/* handle create */

		if ($action === 'create')
		{
			$passwordHash->init($postArray['password']);
			$createArray =
			[
				'name' => $postArray['name'],
				'user' => $postArray['user'],
				'description' => $postArray['description'],
				'password' => $passwordHash->getHash(),
				'email' => $postArray['email'],
				'language' => $postArray['language'],
				'status' => $postArray['status'],
				'groups' => $postArray['groups']
			];
			if ($this->_create($createArray))
			{
				return $this->_success(
				[
					'route' => $this->_getSuccessRoute($postArray),
					'timeout' => 2
				]);
			}
		}

		/* handle update */

		if ($action === 'update')
		{
			$updateFullArray =
			[
				'name' => $postArray['name'],
				'description' => $postArray['description'],
				'email' => $postArray['email'],
				'language' => $postArray['language'],
				'status' => $postArray['status'],
				'groups' => $postArray['groups']
			];
			$updateLiteArray =
			[
				'name' => $postArray['name'],
				'description' => $postArray['description'],
				'email' => $postArray['email'],
				'language' => $postArray['language']
			];
			if ($postArray['password'])
			{
				$passwordHash->init($postArray['password']);
				$updateFullArray['password'] = $updateLiteArray['password'] = $passwordHash->getHash();
			}
			if ($this->_update($postArray['id'], $postArray['id'] > 1 ? $updateFullArray : $updateLiteArray))
			{
				if ($postArray['id'] === $myId)
				{
					$this->_refresh($postArray);
				}
				return $this->_success(
				[
					'route' => $this->_getSuccessRoute($postArray),
					'timeout' => 2
				]);
			}
		}

		/* handle error */

		return $this->_error(
		[
			'route' => $this->_getErrorRoute($postArray)
		]);
	}

	/**
	 * sanitize the post
	 *
	 * @since 4.0.0
	 *
	 * @return array
	 */

	protected function _sanitizePost() : array
	{
		$emailFilter = new Filter\Email();
		$numberFilter = new Filter\Number();
		$passwordFilter = new Filter\Password();
		$specialFilter = new Filter\Special();
		$textFilter = new Filter\Text();
		$toggleFilter = new Filter\Toggle();
		$userFilter = new Filter\User();

		/* sanitize post */

		return
		[
			'id' => $numberFilter->sanitize($this->_request->getPost('id')),

			'name' => $textFilter->sanitize($this->_request->getPost('name')),

			'user' => $userFilter->sanitize($this->_request->getPost('user')),
			'description' => $textFilter->sanitize($this->_request->getPost('description')),

			'password' => $passwordFilter->sanitize($this->_request->getPost('password')),
			'email' => $emailFilter->sanitize($this->_request->getPost('email')),
			'language' => $specialFilter->sanitize($this->_request->getPost('language')),
			'status' => $toggleFilter->sanitize($this->_request->getPost('status')),
			'groups' => json_encode($this->_request->getPost('groups'))
		];
	}

	/**
	 * validate the post
	 *
	 * @since 4.0.0
	 *
	 * @param array $postArray array of the post
	 *
	 * @return array
	 */

	protected function _validatePost(array $postArray = []) : array
	{
		$nameValidator = new Validator\Name();
		$userValidator = new Validator\User();
		$passwordValidator = new Validator\Password();
		$emailValidator = new Validator\Email();
		$userModel = new Admin\Model\User();
		$validateArray = [];

		/* validate post */

		if (!$postArray['name'])
		{
			$validateArray[] = $this->_language->get('name_empty');
		}
		else if (!$nameValidator->validate($postArray['name']))
		{
			$validateArray[] = $this->_language->get('name_incorrect');
		}
		if (!$postArray['id'])
		{
			if (!$postArray['user'])
			{
				$validateArray[] = $this->_language->get('user_empty');
			}
			else if (!$userValidator->validate($postArray['user']))
			{
				$validateArray[] = $this->_language->get('user_incorrect');
			}
			else if ($userModel->getByUser($postArray['user']))
			{
				$validateArray[] = $this->_language->get('user_exists');
			}
			if (!$postArray['password'])
			{
				$validateArray[] = $this->_language->get('password_empty');
			}
			else if (!$passwordValidator->validate($postArray['password']))
			{
				$validateArray[] = $this->_language->get('password_incorrect');
			}
		}
		else if ($postArray['password'] && !$passwordValidator->validate($postArray['password']))
		{
			$validateArray[] = $this->_language->get('password_incorrect');
		}
		if (!$emailValidator->validate($postArray['email']))
		{
			$validateArray[] = $this->_language->get('email_incorrect');
		}
		return $validateArray;
	}

	/**
	 * create the user
	 *
	 * @since 4.0.0
	 *
	 * @param array $createArray array of the create
	 *
	 * @return bool
	 */

	protected function _create(array $createArray = []) : bool
	{
		$userModel = new Admin\Model\User();
		return $userModel->createByArray($createArray);
	}

	/**
	 * update the user
	 *
	 * @since 4.0.0
	 *
	 * @param int $userId identifier of the user
	 * @param array $updateArray array of the update
	 *
	 * @return bool
	 */

	protected function _update(int $userId = null, array $updateArray = []) : bool
	{
		$userModel = new Admin\Model\User();
		return $userModel->updateByIdAndArray($userId, $updateArray);
	}

	/**
	 * refresh the auth
	 *
	 * @since 4.0.0
	 *
	 * @param array $refreshArray array of the update
	 */

	protected function _refresh(array $refreshArray = []) : void
	{
		$auth = new Auth($this->_request);
		$auth->init();
		$auth->setUser('name', $refreshArray['name']);
		$auth->setUser('email', $refreshArray['email']);
		$auth->setUser('language', $refreshArray['language']);
		$auth->save();
	}

	/**
	 * get success route
	 *
	 * @since 4.0.0
	 *
	 * @param array $postArray array of the post
	 *
	 * @return string
	 */

	protected function _getSuccessRoute(array $postArray = []) : string
	{
		if ($this->_registry->get('usersEdit') && $postArray['id'])
		{
			return 'admin/view/users#row-' . $postArray['id'];
		}
		if ($this->_registry->get('usersEdit') && $postArray['user'])
		{
			$userModel = new Admin\Model\User();
			return 'admin/view/users#row-' . $userModel->getByUser($postArray['user'])->id;
		}
		return 'admin';
	}

	/**
	 * get error route
	 *
	 * @since 4.0.0
	 *
	 * @param array $postArray array of the post
	 *
	 * @return string
	 */

	protected function _getErrorRoute(array $postArray = []) : string
	{
		if ($this->_registry->get('usersEdit') && $postArray['id'])
		{
			return 'admin/edit/users/' . $postArray['id'];
		}
		if ($this->_registry->get('usersNew'))
		{
			return 'admin/new/users';
		}
		return 'admin';
	}
}


1		<?php
2		namespace Redaxscript\Admin\Controller;
3
4		use Redaxscript\Admin;
5		use Redaxscript\Auth;
6		use Redaxscript\Filter;
7		use Redaxscript\Hash;
8		use Redaxscript\Validator;
9		use function json_encode;
10
11		/**
12		* children class to process the admin user request
13		*
14		* @since 4.0.0
15		*
16		* @package Redaxscript
17		* @category Controller
18		* @author Henry Ruhs
19		*/
20
21		class User extends ControllerAbstract
22		{
23		/**
24		* process the class
25		*
26		* @since 4.0.0
27		*
28		* @param string $action action to process
29		*
30		* @return string
31		*/
32
33	14	public function process(string $action = null) : string
34		{
35	14	$postArray = $this->_normalizePost($this->_sanitizePost());
36	14	$validateArray = $this->_validatePost($postArray);
37	14	$passwordHash = new Hash();
38	14	$myId = (int)$this->_registry->get('myId');
39
40		/* validate post */
41
42	14	if ($validateArray)
43		{
44	10	return $this->_error(
45		[
46	10	'route' => $this->_getErrorRoute($postArray),
47	10	'message' => $validateArray
48		]);
49		}
50
51		/* handle create */
52
53	4	if ($action === 'create')
54		{
55	1	$passwordHash->init($postArray['password']);
56		$createArray =
57		[
58	1	'name' => $postArray['name'],
59	1	'user' => $postArray['user'],
60	1	'description' => $postArray['description'],
61	1	'password' => $passwordHash->getHash(),
62	1	'email' => $postArray['email'],
63	1	'language' => $postArray['language'],
64	1	'status' => $postArray['status'],
65	1	'groups' => $postArray['groups']
66		];
67	1	if ($this->_create($createArray))
68		{
69	1	return $this->_success(
70		[
71	1	'route' => $this->_getSuccessRoute($postArray),
72	1	'timeout' => 2
73		]);
74		}
75		}
76
77		/* handle update */
78
79	3	if ($action === 'update')
80		{
81		$updateFullArray =
82		[
83	2	'name' => $postArray['name'],
84	2	'description' => $postArray['description'],
85	2	'email' => $postArray['email'],
86	2	'language' => $postArray['language'],
87	2	'status' => $postArray['status'],
88	2	'groups' => $postArray['groups']
89		];
90		$updateLiteArray =
91		[
92	2	'name' => $postArray['name'],
93	2	'description' => $postArray['description'],
94	2	'email' => $postArray['email'],
95	2	'language' => $postArray['language']
96		];
97	2	if ($postArray['password'])
98		{
99	2	$passwordHash->init($postArray['password']);
100	2	$updateFullArray['password'] = $updateLiteArray['password'] = $passwordHash->getHash();
101		}
102	2	if ($this->_update($postArray['id'], $postArray['id'] > 1 ? $updateFullArray : $updateLiteArray))
103		{
104	2	if ($postArray['id'] === $myId)
105		{
106	2	$this->_refresh($postArray);
107		}
108	2	return $this->_success(
109		[
110	2	'route' => $this->_getSuccessRoute($postArray),
111	2	'timeout' => 2
112		]);
113		}
114		}
115
116		/* handle error */
117
118	1	return $this->_error(
119		[
120	1	'route' => $this->_getErrorRoute($postArray)
121		]);
122		}
123
124		/**
125		* sanitize the post
126		*
127		* @since 4.0.0
128		*
129		* @return array
130		*/
131
132	14	protected function _sanitizePost() : array
133		{
134	14	$emailFilter = new Filter\Email();
135	14	$numberFilter = new Filter\Number();
136	14	$passwordFilter = new Filter\Password();
137	14	$specialFilter = new Filter\Special();
138		$textFilter = new Filter\Text();
139		$toggleFilter = new Filter\Toggle();
140		$userFilter = new Filter\User();
141
142		/* sanitize post */
143	14
144	14	return
145	14	[
146	14	'id' => $numberFilter->sanitize($this->_request->getPost('id')),
		0 ignored issues – show Bug introduced 2020-07-04 08:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->_request->getPost('id')` targeting `Redaxscript\Request::getPost()` can also be of type `array`; however, `Redaxscript\Filter\Number::sanitize()` does only seem to accept `integer\|string\|null`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
147	14	'name' => $textFilter->sanitize($this->_request->getPost('name')),
		0 ignored issues – show Bug introduced 2020-07-04 08:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->_request->getPost('name')` targeting `Redaxscript\Request::getPost()` can also be of type `array`; however, `Redaxscript\Filter\Text::sanitize()` does only seem to accept `integer\|string\|null`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
148	14	'user' => $userFilter->sanitize($this->_request->getPost('user')),
149	14	'description' => $textFilter->sanitize($this->_request->getPost('description')),
		0 ignored issues – show Bug introduced 2020-07-04 08:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->_request->getPost('description')` targeting `Redaxscript\Request::getPost()` can also be of type `array`; however, `Redaxscript\Filter\Text::sanitize()` does only seem to accept `integer\|string\|null`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
150	14	'password' => $passwordFilter->sanitize($this->_request->getPost('password')),
151	14	'email' => $emailFilter->sanitize($this->_request->getPost('email')),
152	14	'language' => $specialFilter->sanitize($this->_request->getPost('language')),
153		'status' => $toggleFilter->sanitize($this->_request->getPost('status')),
154		'groups' => json_encode($this->_request->getPost('groups'))
155		];
156		}
157
158		/**
159		* validate the post
160		*
161		* @since 4.0.0
162		*
163		* @param array $postArray array of the post
164		*
165		* @return array
166	14	*/
167
168	14	protected function _validatePost(array $postArray = []) : array
169	14	{
170	14	$nameValidator = new Validator\Name();
171	14	$userValidator = new Validator\User();
172	14	$passwordValidator = new Validator\Password();
173		$emailValidator = new Validator\Email();
174		$userModel = new Admin\Model\User();
175		$validateArray = [];
176	14
177		/* validate post */
178	10
179		if (!$postArray['name'])
180	14	{
181		$validateArray[] = $this->_language->get('name_empty');
182	9	}
183		else if (!$nameValidator->validate($postArray['name']))
184	5	{
185		$validateArray[] = $this->_language->get('name_incorrect');
186	4	}
187		if (!$postArray['id'])
188	1	{
189		if (!$postArray['user'])
190	3	{
191		$validateArray[] = $this->_language->get('user_empty');
192	1	}
193		else if (!$userValidator->validate($postArray['user']))
194	9	{
195		$validateArray[] = $this->_language->get('user_incorrect');
196	5	}
197		else if ($userModel->getByUser($postArray['user']))
198	4	{
199		$validateArray[] = $this->_language->get('user_exists');
200	1	}
201		if (!$postArray['password'])
202	3	{
203		$validateArray[] = $this->_language->get('password_empty');
204	9	}
205		else if (!$passwordValidator->validate($postArray['password']))
206		{
207	5	$validateArray[] = $this->_language->get('password_incorrect');
208		}
209	4	}
210		else if ($postArray['password'] && !$passwordValidator->validate($postArray['password']))
211	1	{
212		$validateArray[] = $this->_language->get('password_incorrect');
213	3	}
214		if (!$emailValidator->validate($postArray['email']))
215	1	{
216		$validateArray[] = $this->_language->get('email_incorrect');
217		}
218	14	return $validateArray;
219		}
220	10
221		/**
222	14	* create the user
223		*
224		* @since 4.0.0
225		*
226		* @param array $createArray array of the create
227		*
228		* @return bool
229		*/
230
231		protected function _create(array $createArray = []) : bool
232		{
233		$userModel = new Admin\Model\User();
234		return $userModel->createByArray($createArray);
235	1	}
236
237	1	/**
238	1	* update the user
239		*
240		* @since 4.0.0
241		*
242		* @param int $userId identifier of the user
243		* @param array $updateArray array of the update
244		*
245		* @return bool
246		*/
247
248		protected function _update(int $userId = null, array $updateArray = []) : bool
249		{
250		$userModel = new Admin\Model\User();
251		return $userModel->updateByIdAndArray($userId, $updateArray);
252	2	}
253
254	2	/**
255	2	* refresh the auth
256		*
257		* @since 4.0.0
258		*
259		* @param array $refreshArray array of the update
260		*/
261
262		protected function _refresh(array $refreshArray = []) : void
263		{
264		$auth = new Auth($this->_request);
265		$auth->init();
266	2	$auth->setUser('name', $refreshArray['name']);
267		$auth->setUser('email', $refreshArray['email']);
268	2	$auth->setUser('language', $refreshArray['language']);
269	2	$auth->save();
270	2	}
271	2
272	2	/**
273	2	* get success route
274	2	*
275		* @since 4.0.0
276		*
277		* @param array $postArray array of the post
278		*
279		* @return string
280		*/
281
282		protected function _getSuccessRoute(array $postArray = []) : string
283		{
284		if ($this->_registry->get('usersEdit') && $postArray['id'])
285		{
286	3	return 'admin/view/users#row-' . $postArray['id'];
287		}
288	3	if ($this->_registry->get('usersEdit') && $postArray['user'])
289		{
290	1	$userModel = new Admin\Model\User();
291		return 'admin/view/users#row-' . $userModel->getByUser($postArray['user'])->id;
292	2	}
293		return 'admin';
294	1	}
295	1
296		/**
297	1	* get error route
298		*
299		* @since 4.0.0
300		*
301		* @param array $postArray array of the post
302		*
303		* @return string
304		*/
305
306		protected function _getErrorRoute(array $postArray = []) : string
307		{
308		if ($this->_registry->get('usersEdit') && $postArray['id'])
309		{
310	11	return 'admin/edit/users/' . $postArray['id'];
311		}
312	11	if ($this->_registry->get('usersNew'))
313		{
314	1	return 'admin/new/users';
315		}
316	10	return 'admin';
317		}
318		}
319

redaxscript / redaxscript

Push — master ( dc8f37...8770f3 )

includes/Admin/Controller/User.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like