Issues in Controller.php - Fixed Issues - Inspection of "Sanitize all the things (#669)" - redaxscript/redaxscript - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( dc8f37...8770f3 )

by Henry

created 2020-07-04 19:55 UTC

modules/Contact/Controller.php (2 issues)

Labels

Bug 2

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Redaxscript\Modules\Contact;

use Redaxscript\Controller\ControllerAbstract;
use Redaxscript\Filter;
use Redaxscript\Html;
use Redaxscript\Mailer;
use Redaxscript\Model;
use Redaxscript\Validator;

/**
 * children class to process the contact request
 *
 * @since 4.0.0
 *
 * @package Redaxscript
 * @category Modules
 * @author Henry Ruhs
 */

class Controller extends ControllerAbstract
{
	/**
	 * process
	 *
	 * @since 4.0.0
	 *
	 * @return string
	 */

	public function process() : string
	{
		$postArray = $this->_normalizePost($this->_sanitizePost());
		$validateArray = $this->_validatePost($postArray);

		/* handle validate */

		if ($validateArray)
		{
			return $this->_error(
			[
				'message' => $validateArray
			]);
		}

		/* handle mail */

		$mailArray =
		[
			'author' => $postArray['author'],
			'email' => $postArray['email'],
			'url' => $postArray['url'],
			'text' => $postArray['text']
		];
		if ($this->_mail($mailArray))
		{
			return $this->_success(
			[
				'route' => $this->_registry->get('liteRoute'),
				'timeout' => 2,
				'message' => $this->_language->get('_contact')['message_sent']
			]);
		}

		/* handle error */

		return $this->_error(
		[
			'message' => $this->_language->get('email_failed')
		]);
	}

	/**
	 * sanitize the post
	 *
	 * @since 4.0.0
	 *
	 * @return array
	 */

	protected function _sanitizePost() : array
	{
		$nameFilter = new Filter\Name();
		$numberFilter = new Filter\Number();
		$emailFilter = new Filter\Email();
		$urlFilter = new Filter\Url();
		$htmlFilter = new Filter\Html();

		/* sanitize post */

		return
		[
			'author' => $nameFilter->sanitize($this->_request->getPost('author')),

			'email' => $emailFilter->sanitize($this->_request->getPost('email')),
			'url' => $urlFilter->sanitize($this->_request->getPost('url')),
			'text' => $htmlFilter->sanitize($this->_request->getPost('text')),
			'task' => $numberFilter->sanitize($this->_request->getPost('task')),

			'solution' => $this->_request->getPost('solution')
		];
	}

	/**
	 * validate
	 *
	 * @since 4.0.0
	 *
	 * @param array $postArray array of the post
	 *
	 * @return array
	 */

	protected function _validatePost(array $postArray = []) : array
	{
		$emailValidator = new Validator\Email();
		$urlValidator = new Validator\Url();
		$captchaValidator = new Validator\Captcha();
		$settingModel = new Model\Setting();
		$validateArray = [];

		/* validate post */

		if (!$postArray['author'])
		{
			$validateArray[] = $this->_language->get('author_empty');
		}
		if (!$postArray['email'])
		{
			$validateArray[] = $this->_language->get('email_empty');
		}
		else if (!$emailValidator->validate($postArray['email']))
		{
			$validateArray['email'] = $this->_language->get('email_incorrect');
		}
		if ($postArray['url'] && !$urlValidator->validate($postArray['url']))
		{
			$validateArray[] = $this->_language->get('url_incorrect');
		}
		if (!$postArray['text'])
		{
			$validateArray[] = $this->_language->get('message_empty');
		}
		if ($settingModel->get('captcha') > 0 && !$captchaValidator->validate($postArray['task'], $postArray['solution']))
		{
			$validateArray[] = $this->_language->get('captcha_incorrect');
		}
		return $validateArray;
	}

	/**
	 * mail
	 *
	 * @since 4.0.0
	 *
	 * @param array $mailArray
	 *
	 * @return bool
	 */

	protected function _mail(array $mailArray = []) : bool
	{
		$settingModel = new Model\Setting();

		/* html element */

		$element = new Html\Element();
		$linkEmail = $element
			->copy()
			->init('a',
			[
				'href' => 'mailto:' . $mailArray['email']
			])
			->text($mailArray['email']);
		$linkUrl = $element
			->copy()
			->init('a',
			[
				'href' => $mailArray['url']
			])
			->text($mailArray['url'] ? : $this->_language->get('none'));

		/* prepare mail */

		$toArray =
		[
			$settingModel->get('author') => $settingModel->get('email')
		];
		$fromArray =
		[
			$mailArray['author'] => $mailArray['email']
		];
		$subject = $this->_language->get('contact');
		$bodyArray =
		[
			$this->_language->get('author') . $this->_language->get('colon') . ' ' . $mailArray['author'],
			'<br />',
			$this->_language->get('email') . $this->_language->get('colon') . ' ' . $linkEmail,
			'<br />',
			$this->_language->get('url') . $this->_language->get('colon') . ' ' . $linkUrl,
			'<br />',
			$this->_language->get('message') . $this->_language->get('colon') . ' ' . $mailArray['text']
		];

		/* send mail */

		$mailer = new Mailer();
		$mailer->init($toArray, $fromArray, $subject, $bodyArray);
		return $mailer->send();
	}
}


1			<?php
2			namespace Redaxscript\Modules\Contact;
3
4			use Redaxscript\Controller\ControllerAbstract;
5			use Redaxscript\Filter;
6			use Redaxscript\Html;
7			use Redaxscript\Mailer;
8			use Redaxscript\Model;
9			use Redaxscript\Validator;
10
11			/**
12			* children class to process the contact request
13			*
14			* @since 4.0.0
15			*
16			* @package Redaxscript
17			* @category Modules
18			* @author Henry Ruhs
19			*/
20
21			class Controller extends ControllerAbstract
22			{
23			/**
24			* process
25			*
26			* @since 4.0.0
27			*
28			* @return string
29			*/
30
31			public function process() : string
32			{
33			$postArray = $this->_normalizePost($this->_sanitizePost());
34			$validateArray = $this->_validatePost($postArray);
35
36			/* handle validate */
37
38			if ($validateArray)
39			{
40			return $this->_error(
41			[
42			'message' => $validateArray
43			]);
44			}
45
46			/* handle mail */
47
48			$mailArray =
49			[
50			'author' => $postArray['author'],
51			'email' => $postArray['email'],
52			'url' => $postArray['url'],
53			'text' => $postArray['text']
54			];
55			if ($this->_mail($mailArray))
56			{
57			return $this->_success(
58			[
59			'route' => $this->_registry->get('liteRoute'),
60			'timeout' => 2,
61			'message' => $this->_language->get('_contact')['message_sent']
62			]);
63			}
64
65			/* handle error */
66
67			return $this->_error(
68			[
69			'message' => $this->_language->get('email_failed')
70			]);
71			}
72
73			/**
74			* sanitize the post
75			*
76			* @since 4.0.0
77			*
78			* @return array
79			*/
80
81			protected function _sanitizePost() : array
82			{
83			$nameFilter = new Filter\Name();
84			$numberFilter = new Filter\Number();
85			$emailFilter = new Filter\Email();
86			$urlFilter = new Filter\Url();
87			$htmlFilter = new Filter\Html();
88
89			/* sanitize post */
90
91			return
92			[
93			'author' => $nameFilter->sanitize($this->_request->getPost('author')),
			0 ignored issues – show Bug introduced 2020-05-09 13:04 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->_request->getPost('author')` targeting `Redaxscript\Request::getPost()` can also be of type `array`; however, `Redaxscript\Filter\Name::sanitize()` does only seem to accept `null\|string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
94			'email' => $emailFilter->sanitize($this->_request->getPost('email')),
95			'url' => $urlFilter->sanitize($this->_request->getPost('url')),
96			'text' => $htmlFilter->sanitize($this->_request->getPost('text')),
97			'task' => $numberFilter->sanitize($this->_request->getPost('task')),
			0 ignored issues – show Bug introduced 2018-09-08 16:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->_request->getPost('task')` targeting `Redaxscript\Request::getPost()` can also be of type `array`; however, `Redaxscript\Filter\Number::sanitize()` does only seem to accept `null\|string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
98			'solution' => $this->_request->getPost('solution')
99			];
100			}
101
102			/**
103			* validate
104			*
105			* @since 4.0.0
106			*
107			* @param array $postArray array of the post
108			*
109			* @return array
110			*/
111
112			protected function _validatePost(array $postArray = []) : array
113			{
114			$emailValidator = new Validator\Email();
115			$urlValidator = new Validator\Url();
116			$captchaValidator = new Validator\Captcha();
117			$settingModel = new Model\Setting();
118			$validateArray = [];
119
120			/* validate post */
121
122			if (!$postArray['author'])
123			{
124			$validateArray[] = $this->_language->get('author_empty');
125			}
126			if (!$postArray['email'])
127			{
128			$validateArray[] = $this->_language->get('email_empty');
129			}
130			else if (!$emailValidator->validate($postArray['email']))
131			{
132			$validateArray['email'] = $this->_language->get('email_incorrect');
133			}
134			if ($postArray['url'] && !$urlValidator->validate($postArray['url']))
135			{
136			$validateArray[] = $this->_language->get('url_incorrect');
137			}
138			if (!$postArray['text'])
139			{
140			$validateArray[] = $this->_language->get('message_empty');
141			}
142			if ($settingModel->get('captcha') > 0 && !$captchaValidator->validate($postArray['task'], $postArray['solution']))
143			{
144			$validateArray[] = $this->_language->get('captcha_incorrect');
145			}
146			return $validateArray;
147			}
148
149			/**
150			* mail
151			*
152			* @since 4.0.0
153			*
154			* @param array $mailArray
155			*
156			* @return bool
157			*/
158
159			protected function _mail(array $mailArray = []) : bool
160			{
161			$settingModel = new Model\Setting();
162
163			/* html element */
164
165			$element = new Html\Element();
166			$linkEmail = $element
167			->copy()
168			->init('a',
169			[
170			'href' => 'mailto:' . $mailArray['email']
171			])
172			->text($mailArray['email']);
173			$linkUrl = $element
174			->copy()
175			->init('a',
176			[
177			'href' => $mailArray['url']
178			])
179			->text($mailArray['url'] ? : $this->_language->get('none'));
180
181			/* prepare mail */
182
183			$toArray =
184			[
185			$settingModel->get('author') => $settingModel->get('email')
186			];
187			$fromArray =
188			[
189			$mailArray['author'] => $mailArray['email']
190			];
191			$subject = $this->_language->get('contact');
192			$bodyArray =
193			[
194			$this->_language->get('author') . $this->_language->get('colon') . ' ' . $mailArray['author'],
195			'<br />',
196			$this->_language->get('email') . $this->_language->get('colon') . ' ' . $linkEmail,
197			'<br />',
198			$this->_language->get('url') . $this->_language->get('colon') . ' ' . $linkUrl,
199			'<br />',
200			$this->_language->get('message') . $this->_language->get('colon') . ' ' . $mailArray['text']
201			];
202
203			/* send mail */
204
205			$mailer = new Mailer();
206			$mailer->init($toArray, $fromArray, $subject, $bodyArray);
207			return $mailer->send();
208			}
209			}
210

redaxscript / redaxscript

Push — master ( dc8f37...8770f3 )

modules/Contact/Controller.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like