Completed
Push — master ( 0ea243...da58d4 )
by Henry
10:25 queued 33s
created

includes/Admin/Router/Router.php (7 issues)

Check for loose comparison of integers.

Best Practice Bug Major

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
namespace Redaxscript\Admin\Router;
3
4
use Redaxscript\Admin;
5
use Redaxscript\Header;
6
use Redaxscript\Module;
7
use Redaxscript\Router\RouterAbstract;
8
use function in_array;
9
10
/**
11
 * parent class to provide the admin router
12
 *
13
 * @since 3.3.0
14
 *
15
 * @package Redaxscript
16
 * @category Router
17
 * @author Henry Ruhs
18
 */
19
20
class Router extends RouterAbstract
21
{
22
	/**
23
	 * route the header
24
	 *
25
	 * @since 3.3.0
26
	 *
27
	 * @return bool
28
	 */
29
30 2
	public function routeHeader() : bool
31
	{
32 2
		Module\Hook::trigger('adminRouteHeader');
33 2
		$adminParameter = $this->getAdmin();
34
35
		/* handle break */
36
37 2
		if ($this->_registry->get('adminRouterBreak'))
38
		{
39 1
			Header::responseCode(202);
40
		}
41
42
		/* handle guard */
43
44 2
		if ($adminParameter && ($this->_tokenGuard() || $this->_authGuard()))
45
		{
46
			Header::responseCode(403);
47
		}
48 2
		return (bool)$this->_registry->get('adminRouterBreak');
49
	}
50
51
	/**
52
	 * route the content
53
	 *
54
	 * @since 3.3.0
55
	 *
56
	 * @return string|null
57
	 */
58
59 10
	public function routeContent() : ?string
60
	{
61 10
		Module\Hook::trigger('adminRouteContent');
62 10
		$firstParameter = $this->getFirst();
63 10
		$adminParameter = $this->getAdmin();
64 10
		$tableParameter = $this->getTable();
65
66
		/* handle admin */
67
68 10
		if ($firstParameter === 'admin')
69
		{
70
			/* handle guard */
71
72 9
			if ($adminParameter)
73
			{
74 9
				if ($this->_tokenGuard())
75
				{
76 1
					return $this->_errorToken();
77
				}
78 8
				if ($this->_authGuard())
79
				{
80
					return $this->_errorAccess();
81
				}
82
			}
83
84
			/* handle update */
85
86 8
			if (!$adminParameter || $adminParameter === 'view' && $tableParameter === 'users' || $this->_registry->get('cronUpdate'))
87
			{
88
				$this->_updateLast();
89
			}
90
91
			/* handle post */
92
93 8
			if ($this->_request->getPost('Redaxscript\Admin\View\CategoryForm'))
94
			{
95 1
				return $this->_processCategory();
96
			}
97 7
			if ($this->_request->getPost('Redaxscript\Admin\View\ArticleForm'))
98
			{
99 1
				return $this->_processArticle();
100
			}
101 6
			if ($this->_request->getPost('Redaxscript\Admin\View\ExtraForm'))
102
			{
103 1
				return $this->_processExtra();
104
			}
105 5
			if ($this->_request->getPost('Redaxscript\Admin\View\CommentForm'))
106
			{
107 1
				return $this->_processComment();
108
			}
109 4
			if ($this->_request->getPost('Redaxscript\Admin\View\UserForm'))
110
			{
111 1
				return $this->_processUser();
112
			}
113 3
			if ($this->_request->getPost('Redaxscript\Admin\View\GroupForm'))
114
			{
115 1
				return $this->_processGroup();
116
			}
117 2
			if ($this->_request->getPost('Redaxscript\Admin\View\ModuleForm'))
118
			{
119 1
				return $this->_processModule();
120
			}
121 1
			if ($this->_request->getPost('Redaxscript\Admin\View\SettingForm'))
122
			{
123 1
				return $this->_processSetting();
124
			}
125
126
			/* handle route */
127
128
			if ($adminParameter === 'view')
129
			{
130
				return $this->_renderView();
131
			}
132
			if ($adminParameter === 'new')
133
			{
134
				return $this->_renderNew();
135
			}
136
			if ($adminParameter === 'edit')
137
			{
138
				return $this->_renderEdit();
139
			}
140
			return $this->_processCommon();
141
		}
142 1
		if ($this->_registry->get('adminRouterBreak'))
143
		{
144
			return '<!-- adminRouterBreak -->';
145
		}
146 1
		return null;
147
	}
148
149
	/**
150
	 * token guard
151
	 *
152
	 * @since 3.3.0
153
	 *
154
	 * @return bool
155
	 */
156
157 9
	protected function _tokenGuard() : bool
158
	{
159 9
		$adminParameter = $this->getAdmin();
160 9
		$tokenParameter = $this->getToken();
161
		$tokenArray =
162
		[
163 9
			'enable',
164
			'disable',
165
			'publish',
166
			'unpublish',
167
			'install',
168
			'uninstall',
169
			'delete'
170
		];
171 9
		return $this->_request->getPost() && $this->_request->getPost('token') !== $this->_registry->get('token') || in_array($adminParameter, $tokenArray) && !$tokenParameter;
172
	}
173
174
	/**
175
	 * auth guard
176
	 *
177
	 * @since 3.3.0
178
	 *
179
	 * @return bool
180
	 */
181
182 8
	protected function _authGuard() : bool
183
	{
184 8
		$adminParameter = $this->getAdmin();
185 8
		$tableParameter = $this->getTable();
186 8
		$idParameter = $this->getId();
187
		$editArray =
188
		[
189 8
			'edit',
190
			'view',
191
			'enable',
192
			'disable',
193
			'publish',
194
			'unpublish'
195
		];
196 8
		$permissionNew = $adminParameter === 'new' && $this->_registry->get('tableNew');
197 8
		$permissionEdit = in_array($adminParameter, $editArray) && $this->_registry->get('tableEdit');
198 8
		$permissionDelete = $adminParameter === 'delete' && $this->_registry->get('tableDelete');
199 8
		$permissionInstall = $adminParameter === 'install' && $this->_registry->get('tableInstall');
200 8
		$permissionUninstall = $adminParameter === 'uninstall' && $this->_registry->get('tableUninstall');
201 8
		$permissionProfile = $tableParameter === 'users' && $idParameter === $this->_registry->get('myId');
202 8
		return !$permissionNew && !$permissionEdit && !$permissionDelete && !$permissionInstall && !$permissionUninstall && !$permissionProfile;
203
	}
204
205
	/**
206
	 * update last
207
	 *
208
	 * @since 4.00
209
	 */
210
211
	protected function _updateLast() : void
212
	{
213
		$userModel = new Admin\Model\User();
214
		if ($this->_registry->get('myId'))
215
		{
216
			$userModel->updateLastById($this->_registry->get('myId'), $this->_registry->get('now'));
217
		}
218
	}
219
220
	/**
221
	 * process the category
222
	 *
223
	 * @since 4.00
224
	 *
225
	 * @return string
226
	 */
227
228 1
	protected function _processCategory() : string
229
	{
230 1
		$categoryController = new Admin\Controller\Category($this->_registry, $this->_request, $this->_language, $this->_config);
231 1
		return $categoryController->process($this->_request->getPost('Redaxscript\Admin\View\CategoryForm'));
232
	}
233
234
	/**
235
	 * process the article
236
	 *
237
	 * @since 4.00
238
	 *
239
	 * @return string
240
	 */
241
242 1
	protected function _processArticle() : string
243
	{
244 1
		$articleController = new Admin\Controller\Article($this->_registry, $this->_request, $this->_language, $this->_config);
245 1
		return $articleController->process($this->_request->getPost('Redaxscript\Admin\View\ArticleForm'));
246
	}
247
248
	/**
249
	 * process the extra
250
	 *
251
	 * @since 4.00
252
	 *
253
	 * @return string
254
	 */
255
256 1
	protected function _processExtra() : string
257
	{
258 1
		$extraController = new Admin\Controller\Extra($this->_registry, $this->_request, $this->_language, $this->_config);
259 1
		return $extraController->process($this->_request->getPost('Redaxscript\Admin\View\ExtraForm'));
260
	}
261
262
	/**
263
	 * process the comment
264
	 *
265
	 * @since 4.00
266
	 *
267
	 * @return string
268
	 */
269
270 1
	protected function _processComment() : string
271
	{
272 1
		$commentController = new Admin\Controller\Comment($this->_registry, $this->_request, $this->_language, $this->_config);
273 1
		return $commentController->process($this->_request->getPost('Redaxscript\Admin\View\CommentForm'));
274
	}
275
276
	/**
277
	 * process the user
278
	 *
279
	 * @since 4.00
280
	 *
281
	 * @return string
282
	 */
283
284 1
	protected function _processUser() : string
285
	{
286 1
		$userController = new Admin\Controller\User($this->_registry, $this->_request, $this->_language, $this->_config);
287 1
		return $userController->process($this->_request->getPost('Redaxscript\Admin\View\UserForm'));
288
	}
289
290
	/**
291
	 * process the group
292
	 *
293
	 * @since 4.00
294
	 *
295
	 * @return string
296
	 */
297
298 1
	protected function _processGroup() : string
299
	{
300 1
		$groupController = new Admin\Controller\Group($this->_registry, $this->_request, $this->_language, $this->_config);
301 1
		return $groupController->process($this->_request->getPost('Redaxscript\Admin\View\GroupForm'));
302
	}
303
304
	/**
305
	 * process the module
306
	 *
307
	 * @since 4.00
308
	 *
309
	 * @return string
310
	 */
311
312 1
	protected function _processModule() : string
313
	{
314 1
		$moduleController = new Admin\Controller\Module($this->_registry, $this->_request, $this->_language, $this->_config);
315 1
		return $moduleController->process($this->_request->getPost('Redaxscript\Admin\View\ModuleForm'));
316
	}
317
318
	/**
319
	 * process the setting
320
	 *
321
	 * @since 4.00
322
	 *
323
	 * @return string
324
	 */
325
326 1
	protected function _processSetting() : string
327
	{
328 1
		$settingController = new Admin\Controller\Setting($this->_registry, $this->_request, $this->_language, $this->_config);
329 1
		return $settingController->process($this->_request->getPost('Redaxscript\Admin\View\SettingForm'));
330
	}
331
332
	/**
333
	 * process the common
334
	 *
335
	 * @since 4.00
336
	 *
337
	 * @return string|null
338
	 */
339
340
	protected function _processCommon() : ?string
341
	{
342
		$adminParameter = $this->getAdmin();
343
		$commonArray =
344
		[
345
			'enable',
346
			'disable',
347
			'publish',
348
			'unpublish',
349
			'install',
350
			'uninstall',
351
			'delete'
352
		];
353
		if (in_array($adminParameter, $commonArray))
354
		{
355
			$commonController = new Admin\Controller\Common($this->_registry, $this->_request, $this->_language, $this->_config);
356
			return $commonController->process($adminParameter);
357
		}
358
		return null;
359
	}
360
361
	/**
362
	 * render the view
363
	 *
364
	 * @since 3.3.0
365
	 *
366
	 * @return string|null
367
	 */
368
369
	protected function _renderView() : ?string
370
	{
371
		$tableParameter = $this->getTable();
372
373
		/* handle table */
374
375
		if ($tableParameter === 'categories')
376
		{
377
			$categoryTable = new Admin\View\CategoryTable($this->_registry, $this->_language);
378
			return $categoryTable->render();
379
		}
380
		if ($tableParameter === 'articles')
381
		{
382
			$articleTable = new Admin\View\ArticleTable($this->_registry, $this->_language);
383
			return $articleTable->render();
384
		}
385
		if ($tableParameter === 'extras')
386
		{
387
			$extraTable = new Admin\View\ExtraTable($this->_registry, $this->_language);
388
			return $extraTable->render();
389
		}
390
		if ($tableParameter === 'comments')
391
		{
392
			$commentTable = new Admin\View\CommentTable($this->_registry, $this->_language);
393
			return $commentTable->render();
394
		}
395
		if ($tableParameter === 'users')
396
		{
397
			$userTable = new Admin\View\UserTable($this->_registry, $this->_language);
398
			return $userTable->render();
399
		}
400
		if ($tableParameter === 'groups')
401
		{
402
			$groupTable = new Admin\View\GroupTable($this->_registry, $this->_language);
403
			return $groupTable->render();
404
		}
405
		if ($tableParameter === 'modules')
406
		{
407
			$moduleTable = new Admin\View\ModuleTable($this->_registry, $this->_language);
408
			return $moduleTable->render();
409
		}
410
		return null;
411
	}
412
413
	/**
414
	 * render the new
415
	 *
416
	 * @since 3.3.0
417
	 *
418
	 * @return string|null
419
	 */
420
421
	protected function _renderNew() : ?string
422
	{
423
		$tableParameter = $this->getTable();
424
425
		/* handle table */
426
427
		if ($tableParameter === 'categories')
428
		{
429
			$categoryForm = new Admin\View\CategoryForm($this->_registry, $this->_language);
430
			return $categoryForm->render();
431
		}
432
		if ($tableParameter === 'articles')
433
		{
434
			$articleForm = new Admin\View\ArticleForm($this->_registry, $this->_language);
435
			return $articleForm->render();
436
		}
437
		if ($tableParameter === 'extras')
438
		{
439
			$extraForm = new Admin\View\ExtraForm($this->_registry, $this->_language);
440
			return $extraForm->render();
441
		}
442
		if ($tableParameter === 'comments')
443
		{
444
			$commentForm = new Admin\View\CommentForm($this->_registry, $this->_language);
445
			return $commentForm->render();
446
		}
447
		if ($tableParameter === 'users')
448
		{
449
			$userForm = new Admin\View\UserForm($this->_registry, $this->_language);
450
			return $userForm->render();
451
		}
452
		if ($tableParameter === 'groups')
453
		{
454
			$groupForm = new Admin\View\GroupForm($this->_registry, $this->_language);
455
			return $groupForm->render();
456
		}
457
		return null;
458
	}
459
460
	/**
461
	 * render the edit
462
	 *
463
	 * @since 3.3.0
464
	 *
465
	 * @return string|null
466
	 */
467
468
	protected function _renderEdit() : ?string
469
	{
470
		$tableParameter = $this->getTable();
471
		$idParameter = $this->getId();
472
473
		/* handle table */
474
475
		if ($tableParameter === 'categories' && $idParameter)
0 ignored issues
show
Bug Best Practice introduced by redaxmedia
The expression $idParameter of type integer|null is loosely compared to true; this is ambiguous if the integer can be zero. You might want to explicitly use !== null instead.

In PHP, under loose comparison (like ==, or !=, or switch conditions), values of different types might be equal.

For integer values, zero is a special case, in particular the following results might be unexpected:

0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
Loading history...
476
		{
477
			$categoryForm = new Admin\View\CategoryForm($this->_registry, $this->_language);
478
			return $categoryForm->render($idParameter);
479
		}
480
		if ($tableParameter === 'articles' && $idParameter)
0 ignored issues
show
Bug Best Practice introduced by redaxmedia
The expression $idParameter of type integer|null is loosely compared to true; this is ambiguous if the integer can be zero. You might want to explicitly use !== null instead.

In PHP, under loose comparison (like ==, or !=, or switch conditions), values of different types might be equal.

For integer values, zero is a special case, in particular the following results might be unexpected:

0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
Loading history...
481
		{
482
			$articleForm = new Admin\View\ArticleForm($this->_registry, $this->_language);
483
			return $articleForm->render($idParameter);
484
		}
485
		if ($tableParameter === 'extras' && $idParameter)
0 ignored issues
show
Bug Best Practice introduced by redaxmedia
The expression $idParameter of type integer|null is loosely compared to true; this is ambiguous if the integer can be zero. You might want to explicitly use !== null instead.

In PHP, under loose comparison (like ==, or !=, or switch conditions), values of different types might be equal.

For integer values, zero is a special case, in particular the following results might be unexpected:

0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
Loading history...
486
		{
487
			$extraForm = new Admin\View\ExtraForm($this->_registry, $this->_language);
488
			return $extraForm->render($idParameter);
489
		}
490
		if ($tableParameter === 'comments' && $idParameter)
0 ignored issues
show
Bug Best Practice introduced by redaxmedia
The expression $idParameter of type integer|null is loosely compared to true; this is ambiguous if the integer can be zero. You might want to explicitly use !== null instead.

In PHP, under loose comparison (like ==, or !=, or switch conditions), values of different types might be equal.

For integer values, zero is a special case, in particular the following results might be unexpected:

0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
Loading history...
491
		{
492
			$commentForm = new Admin\View\CommentForm($this->_registry, $this->_language);
493
			return $commentForm->render($idParameter);
494
		}
495
		if ($tableParameter === 'users' && $idParameter)
0 ignored issues
show
Bug Best Practice introduced by redaxmedia
The expression $idParameter of type integer|null is loosely compared to true; this is ambiguous if the integer can be zero. You might want to explicitly use !== null instead.

In PHP, under loose comparison (like ==, or !=, or switch conditions), values of different types might be equal.

For integer values, zero is a special case, in particular the following results might be unexpected:

0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
Loading history...
496
		{
497
			$userForm = new Admin\View\UserForm($this->_registry, $this->_language);
498
			return $userForm->render($idParameter);
499
		}
500
		if ($tableParameter === 'groups' && $idParameter)
0 ignored issues
show
Bug Best Practice introduced by redaxmedia
The expression $idParameter of type integer|null is loosely compared to true; this is ambiguous if the integer can be zero. You might want to explicitly use !== null instead.

In PHP, under loose comparison (like ==, or !=, or switch conditions), values of different types might be equal.

For integer values, zero is a special case, in particular the following results might be unexpected:

0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
Loading history...
501
		{
502
			$groupForm = new Admin\View\GroupForm($this->_registry, $this->_language);
503
			return $groupForm->render($idParameter);
504
		}
505
		if ($tableParameter === 'modules' && $idParameter)
0 ignored issues
show
Bug Best Practice introduced by redaxmedia
The expression $idParameter of type integer|null is loosely compared to true; this is ambiguous if the integer can be zero. You might want to explicitly use !== null instead.

In PHP, under loose comparison (like ==, or !=, or switch conditions), values of different types might be equal.

For integer values, zero is a special case, in particular the following results might be unexpected:

0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
Loading history...
506
		{
507
			$moduleForm = new Admin\View\ModuleForm($this->_registry, $this->_language);
508
			return $moduleForm->render($idParameter);
509
		}
510
		if ($tableParameter === 'settings')
511
		{
512
			$settingForm = new Admin\View\SettingForm($this->_registry, $this->_language);
513
			return $settingForm->render();
514
		}
515
		return null;
516
	}
517
518
	/**
519
	 * messenger factory
520
	 *
521
	 * @since 4.0.0
522
	 *
523
	 * @return Admin\Messenger
524
	 */
525
526 1
	protected function _messengerFactory() : Admin\Messenger
527
	{
528 1
		return new Admin\Messenger($this->_registry);
529
	}
530
531
	/**
532
	 * show the token error
533
	 *
534
	 * @since 3.3.0
535
	 *
536
	 * @return string
537
	 */
538
539 1
	protected function _errorToken() : string
540
	{
541 1
		$messenger = $this->_messengerFactory();
542
		return $messenger
543 1
			->setRoute($this->_language->get('back'), 'admin')
544 1
			->error($this->_language->get('token_incorrect'), $this->_language->get('error_occurred'));
545
	}
546
547
	/**
548
	 * show the access error
549
	 *
550
	 * @since 3.3.0
551
	 *
552
	 * @return string
553
	 */
554
555
	protected function _errorAccess() : string
556
	{
557
		$messenger = $this->_messengerFactory();
558
		return $messenger
559
			->setRoute($this->_language->get('back'), 'admin')
560
			->error($this->_language->get('access_no'), $this->_language->get('error_occurred'));
561
	}
562
}
563