This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | namespace Redaxscript\Controller; |
||
3 | |||
4 | use Redaxscript\Filter; |
||
5 | use Redaxscript\Html; |
||
6 | use Redaxscript\Mailer; |
||
7 | use Redaxscript\Model; |
||
8 | use Redaxscript\Validator; |
||
9 | |||
10 | /** |
||
11 | * children class to process the comment request |
||
12 | * |
||
13 | * @since 3.0.0 |
||
14 | * |
||
15 | * @package Redaxscript |
||
16 | * @category Controller |
||
17 | * @author Henry Ruhs |
||
18 | * @author Balázs Szilágyi |
||
19 | */ |
||
20 | |||
21 | class Comment extends ControllerAbstract |
||
22 | { |
||
23 | /** |
||
24 | * process the class |
||
25 | * |
||
26 | * @since 3.3.0 |
||
27 | * |
||
28 | * @return string |
||
29 | */ |
||
30 | |||
31 | 8 | public function process() : string |
|
32 | { |
||
33 | 8 | $articleModel = new Model\Article(); |
|
34 | 8 | $commentModel = new Model\Comment(); |
|
35 | 8 | $settingModel = new Model\Setting(); |
|
36 | 8 | $postArray = $this->_normalizePost($this->_sanitizePost()); |
|
37 | 8 | $validateArray = $this->_validatePost($postArray); |
|
38 | |||
39 | /* handle validate */ |
||
40 | |||
41 | 8 | if ($validateArray) |
|
42 | { |
||
43 | 3 | return $this->_error( |
|
44 | [ |
||
45 | 3 | 'route' => $this->_getErrorRoute($postArray), |
|
46 | 3 | 'message' => $validateArray |
|
47 | ]); |
||
48 | } |
||
49 | |||
50 | /* handle create */ |
||
51 | |||
52 | $createArray = |
||
53 | [ |
||
54 | 5 | 'author' => $postArray['author'], |
|
55 | 5 | 'email' => $postArray['email'], |
|
56 | 5 | 'url' => $postArray['url'], |
|
57 | 5 | 'text' => $postArray['text'], |
|
58 | 5 | 'language' => $articleModel->getById($postArray['article'])->language, |
|
59 | 5 | 'article' => $postArray['article'], |
|
60 | 5 | 'status' => $settingModel->get('moderation') ? 0 : 1, |
|
61 | 5 | 'rank' => $commentModel->query()->max('rank') + 1, |
|
62 | 5 | 'date' => $this->_registry->get('now') |
|
63 | ]; |
||
64 | 5 | if (!$this->_create($createArray)) |
|
65 | { |
||
66 | 1 | return $this->_error( |
|
67 | [ |
||
68 | 1 | 'route' => $this->_getErrorRoute($postArray) |
|
69 | ]); |
||
70 | } |
||
71 | |||
72 | /* handle mail */ |
||
73 | |||
74 | $mailArray = |
||
75 | [ |
||
76 | 4 | 'author' => $postArray['author'], |
|
77 | 4 | 'email' => $postArray['email'], |
|
78 | 4 | 'url' => $postArray['url'], |
|
79 | 4 | 'text' => $postArray['text'], |
|
80 | 4 | 'article' => $articleModel->getById($postArray['article'])->title, |
|
81 | 4 | 'route' => $this->_getSuccessRoute($postArray) |
|
82 | ]; |
||
83 | 4 | if (!$this->_mail($mailArray)) |
|
84 | { |
||
85 | 1 | return $this->_warning( |
|
86 | [ |
||
87 | 1 | 'route' => $this->_getSuccessRoute($postArray), |
|
88 | 1 | 'timeout' => 2, |
|
89 | 1 | 'message' => $this->_language->get('email_failed') |
|
90 | ]); |
||
91 | } |
||
92 | |||
93 | /* handle success */ |
||
94 | |||
95 | 3 | return $this->_success( |
|
96 | [ |
||
97 | 3 | 'route' => $settingModel->get('moderation') ? $this->_getErrorRoute($postArray) : $this->_getSuccessRoute($postArray), |
|
98 | 3 | 'timeout' => 2, |
|
99 | 3 | 'message' => $settingModel->get('moderation') ? $this->_language->get('comment_moderation') : $this->_language->get('comment_sent') |
|
100 | ]); |
||
101 | } |
||
102 | |||
103 | /** |
||
104 | * sanitize the post |
||
105 | * |
||
106 | * @since 4.0.0 |
||
107 | * |
||
108 | * @return array |
||
109 | */ |
||
110 | |||
111 | 8 | protected function _sanitizePost() : array |
|
112 | { |
||
113 | 8 | $htmlFilter = new Filter\Html(); |
|
114 | 8 | $emailFilter = new Filter\Email(); |
|
115 | 8 | $numberFilter = new Filter\Number(); |
|
116 | 8 | $textFilter = new Filter\Text(); |
|
117 | 8 | $urlFilter = new Filter\Url(); |
|
118 | |||
119 | /* sanitize post */ |
||
120 | |||
121 | return |
||
122 | [ |
||
123 | 8 | 'author' => $textFilter->sanitize($this->_request->getPost('author')), |
|
124 | 8 | 'email' => $emailFilter->sanitize($this->_request->getPost('email')), |
|
125 | 8 | 'url' => $urlFilter->sanitize($this->_request->getPost('url')), |
|
126 | 8 | 'text' => $htmlFilter->sanitize($this->_request->getPost('text')), |
|
127 | 8 | 'article' => $numberFilter->sanitize($this->_request->getPost('article')), |
|
128 | 8 | 'task' => $numberFilter->sanitize($this->_request->getPost('task')), |
|
129 | 8 | 'solution' => $textFilter->sanitize($this->_request->getPost('solution')) |
|
130 | ]; |
||
131 | } |
||
132 | |||
133 | /** |
||
134 | * validate the post |
||
135 | * |
||
136 | * @since 3.3.0 |
||
137 | * |
||
138 | * @param array $postArray array of the post |
||
139 | * |
||
140 | * @return array |
||
141 | */ |
||
142 | |||
143 | 8 | protected function _validatePost(array $postArray = []) : array |
|
144 | { |
||
145 | 8 | $emailValidator = new Validator\Email(); |
|
146 | 8 | $captchaValidator = new Validator\Captcha(); |
|
147 | 8 | $nameValidator = new Validator\Name(); |
|
148 | 8 | $urlValidator = new Validator\Url(); |
|
149 | 8 | $settingModel = new Model\Setting(); |
|
150 | 8 | $validateArray = []; |
|
151 | |||
152 | /* validate post */ |
||
153 | |||
154 | 8 | if (!$postArray['author']) |
|
155 | { |
||
156 | 2 | $validateArray[] = $this->_language->get('author_empty'); |
|
157 | } |
||
158 | 6 | else if (!$nameValidator->validate($postArray['author'])) |
|
159 | { |
||
160 | $validateArray[] = $this->_language->get('author_incorrect'); |
||
161 | } |
||
162 | 8 | if (!$postArray['email']) |
|
163 | { |
||
164 | 1 | $validateArray[] = $this->_language->get('email_empty'); |
|
165 | } |
||
166 | 7 | else if (!$emailValidator->validate($postArray['email'])) |
|
167 | { |
||
168 | 1 | $validateArray[] = $this->_language->get('email_incorrect'); |
|
169 | } |
||
170 | 8 | if ($postArray['url'] && !$urlValidator->validate($postArray['url'])) |
|
171 | { |
||
172 | 1 | $validateArray[] = $this->_language->get('url_incorrect'); |
|
173 | } |
||
174 | 8 | if (!$postArray['text']) |
|
175 | { |
||
176 | 2 | $validateArray[] = $this->_language->get('comment_empty'); |
|
177 | } |
||
178 | 8 | if (!$postArray['article']) |
|
179 | { |
||
180 | 2 | $validateArray[] = $this->_language->get('article_empty'); |
|
181 | } |
||
182 | 8 | if ($settingModel->get('captcha') > 0 && !$captchaValidator->validate($postArray['task'], $postArray['solution'])) |
|
183 | { |
||
184 | 2 | $validateArray[] = $this->_language->get('captcha_incorrect'); |
|
185 | } |
||
186 | 8 | return $validateArray; |
|
187 | } |
||
188 | |||
189 | /** |
||
190 | * create the comment |
||
191 | * |
||
192 | * @since 3.0.0 |
||
193 | * |
||
194 | * @param array $createArray array of the create |
||
195 | * |
||
196 | * @return bool |
||
197 | */ |
||
198 | |||
199 | 4 | protected function _create(array $createArray = []) : bool |
|
200 | { |
||
201 | 4 | $commentModel = new Model\Comment(); |
|
202 | 4 | return $commentModel->createByArray($createArray); |
|
203 | } |
||
204 | |||
205 | /** |
||
206 | * send the mail |
||
207 | * |
||
208 | * @since 3.3.0 |
||
209 | * |
||
210 | * @param array $mailArray array of the mail |
||
211 | * |
||
212 | * @return bool |
||
213 | */ |
||
214 | |||
215 | 3 | protected function _mail(array $mailArray = []) : bool |
|
216 | { |
||
217 | 3 | $settingModel = new Model\Setting(); |
|
218 | 3 | $urlArticle = $this->_registry->get('root') . '/' . $this->_registry->get('parameterRoute') . $mailArray['route']; |
|
219 | |||
220 | /* html element */ |
||
221 | |||
222 | 3 | $element = new Html\Element(); |
|
223 | $linkEmail = $element |
||
224 | 3 | ->copy() |
|
225 | 3 | ->init('a', |
|
226 | [ |
||
227 | 3 | 'href' => 'mailto:' . $mailArray['email'] |
|
228 | ]) |
||
229 | 3 | ->text($mailArray['email']); |
|
230 | $linkUrl = $element |
||
231 | 3 | ->copy() |
|
232 | 3 | ->init('a', |
|
233 | [ |
||
234 | 3 | 'href' => $mailArray['url'] |
|
235 | ]) |
||
236 | 3 | ->text($mailArray['url'] ? : $this->_language->get('none')); |
|
237 | $linkArticle = $element |
||
238 | 3 | ->copy() |
|
239 | 3 | ->init('a', |
|
240 | [ |
||
241 | 3 | 'href' => $urlArticle |
|
242 | ]) |
||
243 | 3 | ->text($urlArticle); |
|
244 | |||
245 | /* prepare mail */ |
||
246 | |||
247 | $toArray = |
||
248 | [ |
||
249 | 3 | $this->_language->get('author') => $settingModel->get('email') |
|
250 | ]; |
||
251 | $fromArray = |
||
252 | [ |
||
253 | 3 | $mailArray['author'] => $mailArray['email'] |
|
254 | ]; |
||
255 | 3 | $subject = $this->_language->get('comment_new'); |
|
256 | $bodyArray = |
||
257 | [ |
||
258 | 3 | $this->_language->get('author') . $this->_language->get('colon') . ' ' . $mailArray['author'], |
|
259 | 3 | '<br />', |
|
260 | 3 | $this->_language->get('email') . $this->_language->get('colon') . ' ' . $linkEmail, |
|
261 | 3 | '<br />', |
|
262 | 3 | $this->_language->get('url') . $this->_language->get('colon') . ' ' . $linkUrl, |
|
263 | 3 | '<br />', |
|
264 | 3 | $this->_language->get('article') . $this->_language->get('colon') . ' ' . $linkArticle, |
|
265 | 3 | '<br />', |
|
266 | 3 | $this->_language->get('comment') . $this->_language->get('colon') . ' ' . $mailArray['text'] |
|
267 | ]; |
||
268 | |||
269 | /* send mail */ |
||
270 | |||
271 | 3 | $mailer = new Mailer(); |
|
272 | 3 | $mailer->init($toArray, $fromArray, $subject, $bodyArray); |
|
273 | 3 | return $mailer->send(); |
|
274 | } |
||
275 | |||
276 | /** |
||
277 | * get success route |
||
278 | * |
||
279 | * @since 4.5.0 |
||
280 | * |
||
281 | * @param array $postArray array of the post |
||
282 | * |
||
283 | * @return string|null |
||
284 | */ |
||
285 | |||
286 | 4 | protected function _getSuccessRoute(array $postArray = []) : ?string |
|
287 | { |
||
288 | 4 | $articleModel = new Model\Article(); |
|
289 | 4 | $commentModel = new Model\Comment(); |
|
290 | 4 | $commentId = $commentModel->maxIdByArticleAndLanguage($postArray['article'], $articleModel->getById($postArray['article'])->language); |
|
291 | 4 | if ($commentId) |
|
0 ignored issues
–
show
|
|||
292 | { |
||
293 | 1 | return $commentModel->getRouteById($commentId); |
|
294 | } |
||
295 | 3 | return $articleModel->getRouteById($postArray['article']); |
|
296 | } |
||
297 | |||
298 | /** |
||
299 | * get error route |
||
300 | * |
||
301 | * @since 4.5.0 |
||
302 | * |
||
303 | * @param array $postArray array of the post |
||
304 | * |
||
305 | * @return string|null |
||
306 | */ |
||
307 | |||
308 | 6 | protected function _getErrorRoute(array $postArray = []) : ?string |
|
309 | { |
||
310 | 6 | $articleModel = new Model\Article(); |
|
311 | 6 | return $articleModel->getRouteById($postArray['article']); |
|
312 | } |
||
313 | } |
||
314 |
In PHP, under loose comparison (like
==
, or!=
, orswitch
conditions), values of different types might be equal.For
integer
values, zero is a special case, in particular the following results might be unexpected: