These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | namespace Redaxscript\Admin\Router; |
||
3 | |||
4 | use Redaxscript\Admin; |
||
5 | use Redaxscript\Header; |
||
6 | use Redaxscript\Module; |
||
7 | use Redaxscript\Router\RouterAbstract; |
||
8 | use function in_array; |
||
9 | |||
10 | /** |
||
11 | * parent class to provide the admin router |
||
12 | * |
||
13 | * @since 3.3.0 |
||
14 | * |
||
15 | * @package Redaxscript |
||
16 | * @category Router |
||
17 | * @author Henry Ruhs |
||
18 | */ |
||
19 | |||
20 | class Router extends RouterAbstract |
||
21 | { |
||
22 | /** |
||
23 | * route the header |
||
24 | * |
||
25 | * @since 3.3.0 |
||
26 | * |
||
27 | * @return bool |
||
28 | */ |
||
29 | |||
30 | 2 | public function routeHeader() : bool |
|
31 | { |
||
32 | 2 | Module\Hook::trigger('adminRouteHeader'); |
|
33 | 2 | $adminParameter = $this->getAdmin(); |
|
34 | |||
35 | /* handle break */ |
||
36 | |||
37 | 2 | if ($this->_registry->get('adminRouterBreak')) |
|
38 | { |
||
39 | 1 | Header::responseCode(202); |
|
40 | } |
||
41 | |||
42 | /* handle guard */ |
||
43 | |||
44 | 2 | if ($adminParameter && ($this->_tokenGuard() || $this->_authGuard())) |
|
45 | { |
||
46 | Header::responseCode(403); |
||
47 | } |
||
48 | 2 | return (bool)$this->_registry->get('adminRouterBreak'); |
|
49 | } |
||
50 | |||
51 | /** |
||
52 | * route the content |
||
53 | * |
||
54 | * @since 3.3.0 |
||
55 | * |
||
56 | * @return string|null |
||
57 | */ |
||
58 | |||
59 | 10 | public function routeContent() : ?string |
|
60 | { |
||
61 | 10 | Module\Hook::trigger('adminRouteContent'); |
|
62 | 10 | $firstParameter = $this->getFirst(); |
|
63 | 10 | $adminParameter = $this->getAdmin(); |
|
64 | 10 | $tableParameter = $this->getTable(); |
|
65 | |||
66 | /* handle admin */ |
||
67 | |||
68 | 10 | if ($firstParameter === 'admin') |
|
69 | { |
||
70 | /* handle guard */ |
||
71 | |||
72 | 9 | if ($adminParameter) |
|
73 | { |
||
74 | 9 | if ($this->_tokenGuard()) |
|
75 | { |
||
76 | 1 | return $this->_errorToken(); |
|
77 | } |
||
78 | 8 | if ($this->_authGuard()) |
|
79 | { |
||
80 | return $this->_errorAccess(); |
||
81 | } |
||
82 | } |
||
83 | |||
84 | /* handle update */ |
||
85 | |||
86 | 8 | if (!$adminParameter || $adminParameter === 'view' && $tableParameter === 'users' || $this->_registry->get('cronUpdate')) |
|
87 | { |
||
88 | $this->_updateLast(); |
||
89 | } |
||
90 | |||
91 | /* handle post */ |
||
92 | |||
93 | 8 | if ($this->_request->getPost('Redaxscript\Admin\View\CategoryForm')) |
|
94 | { |
||
95 | 1 | return $this->_processCategory(); |
|
96 | } |
||
97 | 7 | if ($this->_request->getPost('Redaxscript\Admin\View\ArticleForm')) |
|
98 | { |
||
99 | 1 | return $this->_processArticle(); |
|
100 | } |
||
101 | 6 | if ($this->_request->getPost('Redaxscript\Admin\View\ExtraForm')) |
|
102 | { |
||
103 | 1 | return $this->_processExtra(); |
|
104 | } |
||
105 | 5 | if ($this->_request->getPost('Redaxscript\Admin\View\CommentForm')) |
|
106 | { |
||
107 | 1 | return $this->_processComment(); |
|
108 | } |
||
109 | 4 | if ($this->_request->getPost('Redaxscript\Admin\View\UserForm')) |
|
110 | { |
||
111 | 1 | return $this->_processUser(); |
|
112 | } |
||
113 | 3 | if ($this->_request->getPost('Redaxscript\Admin\View\GroupForm')) |
|
114 | { |
||
115 | 1 | return $this->_processGroup(); |
|
116 | } |
||
117 | 2 | if ($this->_request->getPost('Redaxscript\Admin\View\ModuleForm')) |
|
118 | { |
||
119 | 1 | return $this->_processModule(); |
|
120 | } |
||
121 | 1 | if ($this->_request->getPost('Redaxscript\Admin\View\SettingForm')) |
|
122 | { |
||
123 | 1 | return $this->_processSetting(); |
|
124 | } |
||
125 | |||
126 | /* handle route */ |
||
127 | |||
128 | if ($adminParameter === 'view') |
||
129 | { |
||
130 | return $this->_renderView(); |
||
131 | } |
||
132 | if ($adminParameter === 'new') |
||
133 | { |
||
134 | return $this->_renderNew(); |
||
135 | } |
||
136 | if ($adminParameter === 'edit') |
||
137 | { |
||
138 | return $this->_renderEdit(); |
||
139 | } |
||
140 | return $this->_processCommon(); |
||
141 | } |
||
142 | 1 | if ($this->_registry->get('adminRouterBreak')) |
|
143 | { |
||
144 | return '<!-- adminRouterBreak -->'; |
||
145 | } |
||
146 | 1 | return null; |
|
147 | } |
||
148 | |||
149 | /** |
||
150 | * token guard |
||
151 | * |
||
152 | * @since 3.3.0 |
||
153 | * |
||
154 | * @return bool |
||
155 | */ |
||
156 | |||
157 | 9 | protected function _tokenGuard() : bool |
|
158 | { |
||
159 | 9 | $adminParameter = $this->getAdmin(); |
|
160 | 9 | $tokenParameter = $this->getToken(); |
|
161 | $tokenArray = |
||
162 | [ |
||
163 | 9 | 'enable', |
|
164 | 'disable', |
||
165 | 'publish', |
||
166 | 'unpublish', |
||
167 | 'install', |
||
168 | 'uninstall', |
||
169 | 'delete' |
||
170 | ]; |
||
171 | 9 | return $this->_request->getPost() && $this->_request->getPost('token') !== $this->_registry->get('token') || in_array($adminParameter, $tokenArray) && !$tokenParameter; |
|
172 | } |
||
173 | |||
174 | /** |
||
175 | * auth guard |
||
176 | * |
||
177 | * @since 3.3.0 |
||
178 | * |
||
179 | * @return bool |
||
180 | */ |
||
181 | |||
182 | 8 | protected function _authGuard() : bool |
|
183 | { |
||
184 | 8 | $adminParameter = $this->getAdmin(); |
|
185 | 8 | $tableParameter = $this->getTable(); |
|
186 | 8 | $idParameter = $this->getId(); |
|
187 | $editArray = |
||
188 | [ |
||
189 | 8 | 'edit', |
|
190 | 'view', |
||
191 | 'enable', |
||
192 | 'disable', |
||
193 | 'publish', |
||
194 | 'unpublish' |
||
195 | ]; |
||
196 | 8 | $permissionNew = $adminParameter === 'new' && $this->_registry->get('tableNew'); |
|
197 | 8 | $permissionEdit = in_array($adminParameter, $editArray) && $this->_registry->get('tableEdit'); |
|
198 | 8 | $permissionDelete = $adminParameter === 'delete' && $this->_registry->get('tableDelete'); |
|
199 | 8 | $permissionInstall = $adminParameter === 'install' && $this->_registry->get('tableInstall'); |
|
200 | 8 | $permissionUninstall = $adminParameter === 'uninstall' && $this->_registry->get('tableUninstall'); |
|
201 | 8 | $permissionProfile = $tableParameter === 'users' && $idParameter === $this->_registry->get('myId'); |
|
202 | 8 | return !$permissionNew && !$permissionEdit && !$permissionDelete && !$permissionInstall && !$permissionUninstall && !$permissionProfile; |
|
203 | } |
||
204 | |||
205 | /** |
||
206 | * update last |
||
207 | * |
||
208 | * @since 4.00 |
||
209 | */ |
||
210 | |||
211 | protected function _updateLast() : void |
||
212 | { |
||
213 | $userModel = new Admin\Model\User(); |
||
214 | if ($this->_registry->get('myId')) |
||
215 | { |
||
216 | $userModel->updateLastById($this->_registry->get('myId'), $this->_registry->get('now')); |
||
217 | } |
||
218 | } |
||
219 | |||
220 | /** |
||
221 | * process the category |
||
222 | * |
||
223 | * @since 4.00 |
||
224 | * |
||
225 | * @return string |
||
226 | */ |
||
227 | |||
228 | 1 | protected function _processCategory() : string |
|
229 | { |
||
230 | 1 | $categoryController = new Admin\Controller\Category($this->_registry, $this->_request, $this->_language, $this->_config); |
|
231 | 1 | return $categoryController->process($this->_request->getPost('Redaxscript\Admin\View\CategoryForm')); |
|
232 | } |
||
233 | |||
234 | /** |
||
235 | * process the article |
||
236 | * |
||
237 | * @since 4.00 |
||
238 | * |
||
239 | * @return string |
||
240 | */ |
||
241 | |||
242 | 1 | protected function _processArticle() : string |
|
243 | { |
||
244 | 1 | $articleController = new Admin\Controller\Article($this->_registry, $this->_request, $this->_language, $this->_config); |
|
245 | 1 | return $articleController->process($this->_request->getPost('Redaxscript\Admin\View\ArticleForm')); |
|
246 | } |
||
247 | |||
248 | /** |
||
249 | * process the extra |
||
250 | * |
||
251 | * @since 4.00 |
||
252 | * |
||
253 | * @return string |
||
254 | */ |
||
255 | |||
256 | 1 | protected function _processExtra() : string |
|
257 | { |
||
258 | 1 | $extraController = new Admin\Controller\Extra($this->_registry, $this->_request, $this->_language, $this->_config); |
|
259 | 1 | return $extraController->process($this->_request->getPost('Redaxscript\Admin\View\ExtraForm')); |
|
260 | } |
||
261 | |||
262 | /** |
||
263 | * process the comment |
||
264 | * |
||
265 | * @since 4.00 |
||
266 | * |
||
267 | * @return string |
||
268 | */ |
||
269 | |||
270 | 1 | protected function _processComment() : string |
|
271 | { |
||
272 | 1 | $commentController = new Admin\Controller\Comment($this->_registry, $this->_request, $this->_language, $this->_config); |
|
273 | 1 | return $commentController->process($this->_request->getPost('Redaxscript\Admin\View\CommentForm')); |
|
274 | } |
||
275 | |||
276 | /** |
||
277 | * process the user |
||
278 | * |
||
279 | * @since 4.00 |
||
280 | * |
||
281 | * @return string |
||
282 | */ |
||
283 | |||
284 | 1 | protected function _processUser() : string |
|
285 | { |
||
286 | 1 | $userController = new Admin\Controller\User($this->_registry, $this->_request, $this->_language, $this->_config); |
|
287 | 1 | return $userController->process($this->_request->getPost('Redaxscript\Admin\View\UserForm')); |
|
288 | } |
||
289 | |||
290 | /** |
||
291 | * process the group |
||
292 | * |
||
293 | * @since 4.00 |
||
294 | * |
||
295 | * @return string |
||
296 | */ |
||
297 | |||
298 | 1 | protected function _processGroup() : string |
|
299 | { |
||
300 | 1 | $groupController = new Admin\Controller\Group($this->_registry, $this->_request, $this->_language, $this->_config); |
|
301 | 1 | return $groupController->process($this->_request->getPost('Redaxscript\Admin\View\GroupForm')); |
|
302 | } |
||
303 | |||
304 | /** |
||
305 | * process the module |
||
306 | * |
||
307 | * @since 4.00 |
||
308 | * |
||
309 | * @return string |
||
310 | */ |
||
311 | |||
312 | 1 | protected function _processModule() : string |
|
313 | { |
||
314 | 1 | $moduleController = new Admin\Controller\Module($this->_registry, $this->_request, $this->_language, $this->_config); |
|
315 | 1 | return $moduleController->process($this->_request->getPost('Redaxscript\Admin\View\ModuleForm')); |
|
316 | } |
||
317 | |||
318 | /** |
||
319 | * process the setting |
||
320 | * |
||
321 | * @since 4.00 |
||
322 | * |
||
323 | * @return string |
||
324 | */ |
||
325 | |||
326 | 1 | protected function _processSetting() : string |
|
327 | { |
||
328 | 1 | $settingController = new Admin\Controller\Setting($this->_registry, $this->_request, $this->_language, $this->_config); |
|
329 | 1 | return $settingController->process($this->_request->getPost('Redaxscript\Admin\View\SettingForm')); |
|
330 | } |
||
331 | |||
332 | /** |
||
333 | * process the common |
||
334 | * |
||
335 | * @since 4.00 |
||
336 | * |
||
337 | * @return string|null |
||
338 | */ |
||
339 | |||
340 | protected function _processCommon() : ?string |
||
341 | { |
||
342 | $adminParameter = $this->getAdmin(); |
||
343 | $commonArray = |
||
344 | [ |
||
345 | 'enable', |
||
346 | 'disable', |
||
347 | 'publish', |
||
348 | 'unpublish', |
||
349 | 'install', |
||
350 | 'uninstall', |
||
351 | 'delete' |
||
352 | ]; |
||
353 | if (in_array($adminParameter, $commonArray)) |
||
354 | { |
||
355 | $commonController = new Admin\Controller\Common($this->_registry, $this->_request, $this->_language, $this->_config); |
||
356 | return $commonController->process($adminParameter); |
||
357 | } |
||
358 | return null; |
||
359 | } |
||
360 | |||
361 | /** |
||
362 | * render the view |
||
363 | * |
||
364 | * @since 3.3.0 |
||
365 | * |
||
366 | * @return string|null |
||
367 | */ |
||
368 | |||
369 | protected function _renderView() : ?string |
||
370 | { |
||
371 | $tableParameter = $this->getTable(); |
||
372 | |||
373 | /* handle table */ |
||
374 | |||
375 | if ($tableParameter === 'categories') |
||
376 | { |
||
377 | $categoryTable = new Admin\View\CategoryTable($this->_registry, $this->_language); |
||
378 | return $categoryTable->render(); |
||
379 | } |
||
380 | if ($tableParameter === 'articles') |
||
381 | { |
||
382 | $articleTable = new Admin\View\ArticleTable($this->_registry, $this->_language); |
||
383 | return $articleTable->render(); |
||
384 | } |
||
385 | if ($tableParameter === 'extras') |
||
386 | { |
||
387 | $extraTable = new Admin\View\ExtraTable($this->_registry, $this->_language); |
||
388 | return $extraTable->render(); |
||
389 | } |
||
390 | if ($tableParameter === 'comments') |
||
391 | { |
||
392 | $commentTable = new Admin\View\CommentTable($this->_registry, $this->_language); |
||
393 | return $commentTable->render(); |
||
394 | } |
||
395 | if ($tableParameter === 'users') |
||
396 | { |
||
397 | $userTable = new Admin\View\UserTable($this->_registry, $this->_language); |
||
398 | return $userTable->render(); |
||
399 | } |
||
400 | if ($tableParameter === 'groups') |
||
401 | { |
||
402 | $groupTable = new Admin\View\GroupTable($this->_registry, $this->_language); |
||
403 | return $groupTable->render(); |
||
404 | } |
||
405 | if ($tableParameter === 'modules') |
||
406 | { |
||
407 | $moduleTable = new Admin\View\ModuleTable($this->_registry, $this->_language); |
||
408 | return $moduleTable->render(); |
||
409 | } |
||
410 | return null; |
||
411 | } |
||
412 | |||
413 | /** |
||
414 | * render the new |
||
415 | * |
||
416 | * @since 3.3.0 |
||
417 | * |
||
418 | * @return string|null |
||
419 | */ |
||
420 | |||
421 | protected function _renderNew() : ?string |
||
422 | { |
||
423 | $tableParameter = $this->getTable(); |
||
424 | |||
425 | /* handle table */ |
||
426 | |||
427 | if ($tableParameter === 'categories') |
||
428 | { |
||
429 | $categoryForm = new Admin\View\CategoryForm($this->_registry, $this->_language); |
||
430 | return $categoryForm->render(); |
||
431 | } |
||
432 | if ($tableParameter === 'articles') |
||
433 | { |
||
434 | $articleForm = new Admin\View\ArticleForm($this->_registry, $this->_language); |
||
435 | return $articleForm->render(); |
||
436 | } |
||
437 | if ($tableParameter === 'extras') |
||
438 | { |
||
439 | $extraForm = new Admin\View\ExtraForm($this->_registry, $this->_language); |
||
440 | return $extraForm->render(); |
||
441 | } |
||
442 | if ($tableParameter === 'comments') |
||
443 | { |
||
444 | $commentForm = new Admin\View\CommentForm($this->_registry, $this->_language); |
||
445 | return $commentForm->render(); |
||
446 | } |
||
447 | if ($tableParameter === 'users') |
||
448 | { |
||
449 | $userForm = new Admin\View\UserForm($this->_registry, $this->_language); |
||
450 | return $userForm->render(); |
||
451 | } |
||
452 | if ($tableParameter === 'groups') |
||
453 | { |
||
454 | $groupForm = new Admin\View\GroupForm($this->_registry, $this->_language); |
||
455 | return $groupForm->render(); |
||
456 | } |
||
457 | return null; |
||
458 | } |
||
459 | |||
460 | /** |
||
461 | * render the edit |
||
462 | * |
||
463 | * @since 3.3.0 |
||
464 | * |
||
465 | * @return string|null |
||
466 | */ |
||
467 | |||
468 | protected function _renderEdit() : ?string |
||
469 | { |
||
470 | $tableParameter = $this->getTable(); |
||
471 | $idParameter = $this->getId(); |
||
472 | |||
473 | /* handle table */ |
||
474 | |||
475 | if ($tableParameter === 'categories' && $idParameter) |
||
476 | { |
||
477 | $categoryForm = new Admin\View\CategoryForm($this->_registry, $this->_language); |
||
478 | return $categoryForm->render($idParameter); |
||
479 | } |
||
480 | if ($tableParameter === 'articles' && $idParameter) |
||
481 | { |
||
482 | $articleForm = new Admin\View\ArticleForm($this->_registry, $this->_language); |
||
483 | return $articleForm->render($idParameter); |
||
484 | } |
||
485 | if ($tableParameter === 'extras' && $idParameter) |
||
486 | { |
||
487 | $extraForm = new Admin\View\ExtraForm($this->_registry, $this->_language); |
||
488 | return $extraForm->render($idParameter); |
||
489 | } |
||
490 | if ($tableParameter === 'comments' && $idParameter) |
||
491 | { |
||
492 | $commentForm = new Admin\View\CommentForm($this->_registry, $this->_language); |
||
493 | return $commentForm->render($idParameter); |
||
494 | } |
||
495 | if ($tableParameter === 'users' && $idParameter) |
||
496 | { |
||
497 | $userForm = new Admin\View\UserForm($this->_registry, $this->_language); |
||
498 | return $userForm->render($idParameter); |
||
499 | } |
||
500 | if ($tableParameter === 'groups' && $idParameter) |
||
501 | { |
||
502 | $groupForm = new Admin\View\GroupForm($this->_registry, $this->_language); |
||
503 | return $groupForm->render($idParameter); |
||
504 | } |
||
505 | if ($tableParameter === 'modules' && $idParameter) |
||
506 | { |
||
507 | $moduleForm = new Admin\View\ModuleForm($this->_registry, $this->_language); |
||
508 | return $moduleForm->render($idParameter); |
||
509 | } |
||
510 | if ($tableParameter === 'settings') |
||
511 | { |
||
512 | $settingForm = new Admin\View\SettingForm($this->_registry, $this->_language); |
||
513 | return $settingForm->render(); |
||
514 | } |
||
515 | return null; |
||
516 | } |
||
517 | |||
518 | /** |
||
519 | * messenger factory |
||
520 | * |
||
521 | * @since 4.0.0 |
||
522 | * |
||
523 | * @return Admin\Messenger |
||
524 | */ |
||
525 | |||
526 | 1 | protected function _messengerFactory() : Admin\Messenger |
|
527 | { |
||
528 | 1 | return new Admin\Messenger($this->_registry); |
|
529 | } |
||
530 | |||
531 | /** |
||
532 | * show the token error |
||
533 | * |
||
534 | * @since 3.3.0 |
||
535 | * |
||
536 | * @return string |
||
537 | */ |
||
538 | |||
539 | 1 | protected function _errorToken() : string |
|
540 | { |
||
541 | 1 | $messenger = $this->_messengerFactory(); |
|
542 | return $messenger |
||
543 | 1 | ->setRoute($this->_language->get('back'), 'admin') |
|
0 ignored issues
–
show
|
|||
544 | 1 | ->error($this->_language->get('token_incorrect'), $this->_language->get('error_occurred')); |
|
0 ignored issues
–
show
It seems like
$this->_language->get('error_occurred') targeting Redaxscript\Language::get() can also be of type array ; however, Redaxscript\Messenger::error() does only seem to accept null|string , maybe add an additional type check?
This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble.
Loading history...
|
|||
545 | } |
||
546 | |||
547 | /** |
||
548 | * show the access error |
||
549 | * |
||
550 | * @since 3.3.0 |
||
551 | * |
||
552 | * @return string |
||
553 | */ |
||
554 | |||
555 | protected function _errorAccess() : string |
||
556 | { |
||
557 | $messenger = $this->_messengerFactory(); |
||
558 | return $messenger |
||
559 | ->setRoute($this->_language->get('back'), 'admin') |
||
0 ignored issues
–
show
It seems like
$this->_language->get('back') targeting Redaxscript\Language::get() can also be of type array ; however, Redaxscript\Messenger::setRoute() does only seem to accept null|string , maybe add an additional type check?
This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble.
Loading history...
|
|||
560 | ->error($this->_language->get('access_no'), $this->_language->get('error_occurred')); |
||
0 ignored issues
–
show
It seems like
$this->_language->get('error_occurred') targeting Redaxscript\Language::get() can also be of type array ; however, Redaxscript\Messenger::error() does only seem to accept null|string , maybe add an additional type check?
This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble.
Loading history...
|
|||
561 | } |
||
562 | } |
||
563 |
This check looks at variables that are passed out again to other methods.
If the outgoing method call has stricter type requirements than the method itself, an issue is raised.
An additional type check may prevent trouble.