Issues in Comment.php - Fixed Issues - Inspection of "Sanitize all the things (#669)" - redaxscript/redaxscript - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( dc8f37...8770f3 )

by Henry

created 2020-07-04 19:55 UTC

includes/Controller/Comment.php (3 issues)

Labels

Bug 3

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Redaxscript\Controller;

use Redaxscript\Filter;
use Redaxscript\Html;
use Redaxscript\Mailer;
use Redaxscript\Model;
use Redaxscript\Validator;

/**
 * children class to process the comment request
 *
 * @since 3.0.0
 *
 * @package Redaxscript
 * @category Controller
 * @author Henry Ruhs
 * @author Balázs Szilágyi
 */

class Comment extends ControllerAbstract
{
	/**
	 * process the class
	 *
	 * @since 3.3.0
	 *
	 * @return string
	 */

	public function process() : string
	{
		$articleModel = new Model\Article();
		$settingModel = new Model\Setting();
		$postArray = $this->_normalizePost($this->_sanitizePost());
		$validateArray = $this->_validatePost($postArray);
		$route = $postArray['article'] ? $articleModel->getRouteById($postArray['article']) : null;

		/* handle validate */

		if ($validateArray)
		{
			return $this->_error(
			[
				'route' => $route,
				'message' => $validateArray
			]);
		}

		/* handle create */

		$createArray =
		[
			'author' => $postArray['author'],
			'email' => $postArray['email'],
			'url' => $postArray['url'],
			'text' => $postArray['text'],
			'language' => $articleModel->getById($postArray['article'])->language,
			'article' => $postArray['article'],
			'status' => $settingModel->get('verification') ? 0 : 1
		];
		if (!$this->_create($createArray))
		{
			return $this->_error(
			[
				'route' => $route
			]);
		}

		/* handle mail */

		$mailArray =
		[
			'author' => $postArray['author'],
			'email' => $postArray['email'],
			'url' => $postArray['url'],
			'text' => $postArray['text'],
			'article' => $articleModel->getById($postArray['article'])->title,
			'route' => $route
		];
		if (!$this->_mail($mailArray))
		{
			return $this->_warning(
			[
				'route' => $route,
				'timeout' => $settingModel->get('notification') ? 2 : 0,
				'message' => $this->_language->get('email_failed')
			]);
		}

		/* handle success */

		return $this->_success(
		[
			'route' => $route,
			'timeout' => $settingModel->get('notification') ? 2 : 0,
			'message' => $settingModel->get('moderation') ? $this->_language->get('comment_moderation') : $this->_language->get('comment_sent')
		]);
	}

	/**
	 * sanitize the post
	 *
	 * @since 4.0.0
	 *
	 * @return array
	 */

	protected function _sanitizePost() : array
	{
		$nameFilter = new Filter\Name();
		$numberFilter = new Filter\Number();
		$emailFilter = new Filter\Email();
		$urlFilter = new Filter\Url();
		$htmlFilter = new Filter\Html();

		/* sanitize post */

		return
		[
			'author' => $nameFilter->sanitize($this->_request->getPost('author')),

			'email' => $emailFilter->sanitize($this->_request->getPost('email')),
			'url' => $urlFilter->sanitize($this->_request->getPost('url')),
			'text' => $htmlFilter->sanitize($this->_request->getPost('text')),
			'article' => $numberFilter->sanitize($this->_request->getPost('article')),

			'task' => $numberFilter->sanitize($this->_request->getPost('task')),

			'solution' => $this->_request->getPost('solution')
		];
	}

	/**
	 * validate the post
	 *
	 * @since 3.3.0
	 *
	 * @param array $postArray array of the post
	 *
	 * @return array
	 */

	protected function _validatePost(array $postArray = []) : array
	{
		$emailValidator = new Validator\Email();
		$captchaValidator = new Validator\Captcha();
		$urlValidator = new Validator\Url();
		$settingModel = new Model\Setting();
		$validateArray = [];

		/* validate post */

		if (!$postArray['author'])
		{
			$validateArray[] = $this->_language->get('author_empty');
		}
		if (!$postArray['email'])
		{
			$validateArray[] = $this->_language->get('email_empty');
		}
		else if (!$emailValidator->validate($postArray['email']))
		{
			$validateArray[] = $this->_language->get('email_incorrect');
		}
		if ($postArray['url'] && !$urlValidator->validate($postArray['url']))
		{
			$validateArray[] = $this->_language->get('url_incorrect');
		}
		if (!$postArray['text'])
		{
			$validateArray[] = $this->_language->get('comment_empty');
		}
		if (!$postArray['article'])
		{
			$validateArray[] = $this->_language->get('article_empty');
		}
		if ($settingModel->get('captcha') > 0 && !$captchaValidator->validate($postArray['task'], $postArray['solution']))
		{
			$validateArray[] = $this->_language->get('captcha_incorrect');
		}
		return $validateArray;
	}

	/**
	 * create the comment
	 *
	 * @since 3.0.0
	 *
	 * @param array $createArray array of the create
	 *
	 * @return bool
	 */

	protected function _create(array $createArray = []) : bool
	{
		$commentModel = new Model\Comment();
		return $commentModel->createByArray($createArray);
	}

	/**
	 * send the mail
	 *
	 * @since 3.3.0
	 *
	 * @param array $mailArray array of the mail
	 *
	 * @return bool
	 */

	protected function _mail(array $mailArray = []) : bool
	{
		$settingModel = new Model\Setting();
		$urlArticle = $this->_registry->get('root') . '/' . $this->_registry->get('parameterRoute') . $mailArray['route'];

		/* html element */

		$element = new Html\Element();
		$linkEmail = $element
			->copy()
			->init('a',
			[
				'href' => 'mailto:' . $mailArray['email']
			])
			->text($mailArray['email']);
		$linkUrl = $element
			->copy()
			->init('a',
			[
				'href' => $mailArray['url']
			])
			->text($mailArray['url'] ? : $this->_language->get('none'));
		$linkArticle = $element
			->copy()
			->init('a',
			[
				'href' => $urlArticle
			])
			->text($urlArticle);

		/* prepare mail */

		$toArray =
		[
			$this->_language->get('author') => $settingModel->get('email')
		];
		$fromArray =
		[
			$mailArray['author'] => $mailArray['email']
		];
		$subject = $this->_language->get('comment_new');
		$bodyArray =
		[
			$this->_language->get('author') . $this->_language->get('colon') . ' ' . $mailArray['author'],
			'<br />',
			$this->_language->get('email') . $this->_language->get('colon') . ' ' . $linkEmail,
			'<br />',
			$this->_language->get('url') . $this->_language->get('colon') . ' ' . $linkUrl,
			'<br />',
			$this->_language->get('article') . $this->_language->get('colon') . ' ' . $linkArticle,
			'<br />',
			$this->_language->get('comment') . $this->_language->get('colon') . ' ' . $mailArray['text']
		];

		/* send mail */

		$mailer = new Mailer();
		$mailer->init($toArray, $fromArray, $subject, $bodyArray);
		return $mailer->send();
	}
}


1		<?php
2		namespace Redaxscript\Controller;
3
4		use Redaxscript\Filter;
5		use Redaxscript\Html;
6		use Redaxscript\Mailer;
7		use Redaxscript\Model;
8		use Redaxscript\Validator;
9
10		/**
11		* children class to process the comment request
12		*
13		* @since 3.0.0
14		*
15		* @package Redaxscript
16		* @category Controller
17		* @author Henry Ruhs
18		* @author Balázs Szilágyi
19		*/
20
21		class Comment extends ControllerAbstract
22		{
23		/**
24		* process the class
25		*
26		* @since 3.3.0
27		*
28		* @return string
29		*/
30
31	7	public function process() : string
32		{
33	7	$articleModel = new Model\Article();
34	7	$settingModel = new Model\Setting();
35	7	$postArray = $this->_normalizePost($this->_sanitizePost());
36	7	$validateArray = $this->_validatePost($postArray);
37	7	$route = $postArray['article'] ? $articleModel->getRouteById($postArray['article']) : null;
38
39		/* handle validate */
40
41	7	if ($validateArray)
42		{
43	3	return $this->_error(
44		[
45	3	'route' => $route,
46	3	'message' => $validateArray
47		]);
48		}
49
50		/* handle create */
51
52		$createArray =
53		[
54	4	'author' => $postArray['author'],
55	4	'email' => $postArray['email'],
56	4	'url' => $postArray['url'],
57	4	'text' => $postArray['text'],
58	4	'language' => $articleModel->getById($postArray['article'])->language,
59	4	'article' => $postArray['article'],
60	4	'status' => $settingModel->get('verification') ? 0 : 1
61		];
62	4	if (!$this->_create($createArray))
63		{
64	1	return $this->_error(
65		[
66	1	'route' => $route
67		]);
68		}
69
70		/* handle mail */
71
72		$mailArray =
73		[
74	3	'author' => $postArray['author'],
75	3	'email' => $postArray['email'],
76	3	'url' => $postArray['url'],
77	3	'text' => $postArray['text'],
78	3	'article' => $articleModel->getById($postArray['article'])->title,
79	3	'route' => $route
80		];
81	3	if (!$this->_mail($mailArray))
82		{
83	1	return $this->_warning(
84		[
85	1	'route' => $route,
86	1	'timeout' => $settingModel->get('notification') ? 2 : 0,
87	1	'message' => $this->_language->get('email_failed')
88		]);
89		}
90
91		/* handle success */
92
93	2	return $this->_success(
94		[
95	2	'route' => $route,
96	2	'timeout' => $settingModel->get('notification') ? 2 : 0,
97	2	'message' => $settingModel->get('moderation') ? $this->_language->get('comment_moderation') : $this->_language->get('comment_sent')
98		]);
99		}
100
101		/**
102		* sanitize the post
103		*
104		* @since 4.0.0
105		*
106		* @return array
107		*/
108
109	7	protected function _sanitizePost() : array
110		{
111	7	$nameFilter = new Filter\Name();
112	7	$numberFilter = new Filter\Number();
113	7	$emailFilter = new Filter\Email();
114	7	$urlFilter = new Filter\Url();
115	7	$htmlFilter = new Filter\Html();
116
117		/* sanitize post */
118
119		return
120		[
121	7	'author' => $nameFilter->sanitize($this->_request->getPost('author')),
		0 ignored issues – show Bug introduced 2020-05-09 13:04 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->_request->getPost('author')` targeting `Redaxscript\Request::getPost()` can also be of type `array`; however, `Redaxscript\Filter\Name::sanitize()` does only seem to accept `null\|string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
122	7	'email' => $emailFilter->sanitize($this->_request->getPost('email')),
123	7	'url' => $urlFilter->sanitize($this->_request->getPost('url')),
124	7	'text' => $htmlFilter->sanitize($this->_request->getPost('text')),
125	7	'article' => $numberFilter->sanitize($this->_request->getPost('article')),
		0 ignored issues – show Bug introduced 2018-09-08 16:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->_request->getPost('article')` targeting `Redaxscript\Request::getPost()` can also be of type `array`; however, `Redaxscript\Filter\Number::sanitize()` does only seem to accept `null\|string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
126	7	'task' => $numberFilter->sanitize($this->_request->getPost('task')),
		0 ignored issues – show Bug introduced 2018-09-08 16:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->_request->getPost('task')` targeting `Redaxscript\Request::getPost()` can also be of type `array`; however, `Redaxscript\Filter\Number::sanitize()` does only seem to accept `null\|string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
127	7	'solution' => $this->_request->getPost('solution')
128		];
129		}
130
131		/**
132		* validate the post
133		*
134		* @since 3.3.0
135		*
136		* @param array $postArray array of the post
137		*
138		* @return array
139		*/
140
141	7	protected function _validatePost(array $postArray = []) : array
142		{
143	7	$emailValidator = new Validator\Email();
144	7	$captchaValidator = new Validator\Captcha();
145	7	$urlValidator = new Validator\Url();
146	7	$settingModel = new Model\Setting();
147	7	$validateArray = [];
148
149		/* validate post */
150
151	7	if (!$postArray['author'])
152		{
153	2	$validateArray[] = $this->_language->get('author_empty');
154		}
155	7	if (!$postArray['email'])
156		{
157	1	$validateArray[] = $this->_language->get('email_empty');
158		}
159	6	else if (!$emailValidator->validate($postArray['email']))
160		{
161	1	$validateArray[] = $this->_language->get('email_incorrect');
162		}
163	7	if ($postArray['url'] && !$urlValidator->validate($postArray['url']))
164		{
165	1	$validateArray[] = $this->_language->get('url_incorrect');
166		}
167	7	if (!$postArray['text'])
168		{
169	2	$validateArray[] = $this->_language->get('comment_empty');
170		}
171	7	if (!$postArray['article'])
172		{
173	2	$validateArray[] = $this->_language->get('article_empty');
174		}
175	7	if ($settingModel->get('captcha') > 0 && !$captchaValidator->validate($postArray['task'], $postArray['solution']))
176		{
177	2	$validateArray[] = $this->_language->get('captcha_incorrect');
178		}
179	7	return $validateArray;
180		}
181
182		/**
183		* create the comment
184		*
185		* @since 3.0.0
186		*
187		* @param array $createArray array of the create
188		*
189		* @return bool
190		*/
191
192	3	protected function _create(array $createArray = []) : bool
193		{
194	3	$commentModel = new Model\Comment();
195	3	return $commentModel->createByArray($createArray);
196		}
197
198		/**
199		* send the mail
200		*
201		* @since 3.3.0
202		*
203		* @param array $mailArray array of the mail
204		*
205		* @return bool
206		*/
207
208	2	protected function _mail(array $mailArray = []) : bool
209		{
210	2	$settingModel = new Model\Setting();
211	2	$urlArticle = $this->_registry->get('root') . '/' . $this->_registry->get('parameterRoute') . $mailArray['route'];
212
213		/* html element */
214
215	2	$element = new Html\Element();
216		$linkEmail = $element
217	2	->copy()
218	2	->init('a',
219		[
220	2	'href' => 'mailto:' . $mailArray['email']
221		])
222	2	->text($mailArray['email']);
223		$linkUrl = $element
224	2	->copy()
225	2	->init('a',
226		[
227	2	'href' => $mailArray['url']
228		])
229	2	->text($mailArray['url'] ? : $this->_language->get('none'));
230		$linkArticle = $element
231	2	->copy()
232	2	->init('a',
233		[
234	2	'href' => $urlArticle
235		])
236	2	->text($urlArticle);
237
238		/* prepare mail */
239
240		$toArray =
241		[
242	2	$this->_language->get('author') => $settingModel->get('email')
243		];
244		$fromArray =
245		[
246	2	$mailArray['author'] => $mailArray['email']
247		];
248	2	$subject = $this->_language->get('comment_new');
249		$bodyArray =
250		[
251	2	$this->_language->get('author') . $this->_language->get('colon') . ' ' . $mailArray['author'],
252	2	'<br />',
253	2	$this->_language->get('email') . $this->_language->get('colon') . ' ' . $linkEmail,
254	2	'<br />',
255	2	$this->_language->get('url') . $this->_language->get('colon') . ' ' . $linkUrl,
256	2	'<br />',
257	2	$this->_language->get('article') . $this->_language->get('colon') . ' ' . $linkArticle,
258	2	'<br />',
259	2	$this->_language->get('comment') . $this->_language->get('colon') . ' ' . $mailArray['text']
260		];
261
262		/* send mail */
263
264	2	$mailer = new Mailer();
265	2	$mailer->init($toArray, $fromArray, $subject, $bodyArray);
266	2	return $mailer->send();
267		}
268		}
269

redaxscript / redaxscript

Push — master ( dc8f37...8770f3 )

includes/Controller/Comment.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like