This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | namespace Redaxscript\Controller; |
||
3 | |||
4 | use Redaxscript\Filter; |
||
5 | use Redaxscript\Html; |
||
6 | use Redaxscript\Mailer; |
||
7 | use Redaxscript\Model; |
||
8 | use Redaxscript\Validator; |
||
9 | |||
10 | /** |
||
11 | * children class to process the comment request |
||
12 | * |
||
13 | * @since 3.0.0 |
||
14 | * |
||
15 | * @package Redaxscript |
||
16 | * @category Controller |
||
17 | * @author Henry Ruhs |
||
18 | * @author Balázs Szilágyi |
||
19 | */ |
||
20 | |||
21 | class Comment extends ControllerAbstract |
||
22 | { |
||
23 | /** |
||
24 | * process the class |
||
25 | * |
||
26 | * @since 3.3.0 |
||
27 | * |
||
28 | * @return string |
||
29 | */ |
||
30 | |||
31 | 8 | public function process() : string |
|
32 | { |
||
33 | 8 | $articleModel = new Model\Article(); |
|
34 | 8 | $commentModel = new Model\Comment(); |
|
35 | 8 | $settingModel = new Model\Setting(); |
|
36 | 8 | $postArray = $this->_normalizePost($this->_sanitizePost()); |
|
37 | 8 | $validateArray = $this->_validatePost($postArray); |
|
38 | |||
39 | /* handle validate */ |
||
40 | |||
41 | 8 | if ($validateArray) |
|
0 ignored issues
–
show
|
|||
42 | { |
||
43 | 3 | return $this->_error( |
|
44 | [ |
||
45 | 3 | 'route' => $this->_getErrorRoute($postArray), |
|
46 | 3 | 'message' => $validateArray |
|
47 | ]); |
||
48 | } |
||
49 | |||
50 | /* handle create */ |
||
51 | |||
52 | $createArray = |
||
53 | [ |
||
54 | 5 | 'author' => $postArray['author'], |
|
55 | 5 | 'email' => $postArray['email'], |
|
56 | 5 | 'url' => $postArray['url'], |
|
57 | 5 | 'text' => $postArray['text'], |
|
58 | 5 | 'language' => $articleModel->getById($postArray['article'])->language, |
|
59 | 5 | 'article' => $postArray['article'], |
|
60 | 5 | 'status' => $settingModel->get('moderation') ? 0 : 1, |
|
61 | 5 | 'rank' => $commentModel->query()->max('rank') + 1, |
|
62 | 5 | 'date' => $this->_registry->get('now') |
|
63 | ]; |
||
64 | 5 | if (!$this->_create($createArray)) |
|
65 | { |
||
66 | 1 | return $this->_error( |
|
67 | [ |
||
68 | 1 | 'route' => $this->_getErrorRoute($postArray) |
|
69 | ]); |
||
70 | } |
||
71 | |||
72 | /* handle mail */ |
||
73 | |||
74 | $mailArray = |
||
75 | [ |
||
76 | 4 | 'author' => $postArray['author'], |
|
77 | 4 | 'email' => $postArray['email'], |
|
78 | 4 | 'url' => $postArray['url'], |
|
79 | 4 | 'text' => $postArray['text'], |
|
80 | 4 | 'article' => $articleModel->getById($postArray['article'])->title, |
|
81 | 4 | 'route' => $this->_getSuccessRoute($postArray) |
|
82 | ]; |
||
83 | 4 | if (!$this->_mail($mailArray)) |
|
84 | { |
||
85 | 1 | return $this->_warning( |
|
86 | [ |
||
87 | 1 | 'route' => $this->_getSuccessRoute($postArray), |
|
88 | 1 | 'timeout' => 2, |
|
89 | 1 | 'message' => $this->_language->get('email_failed') |
|
90 | ]); |
||
91 | } |
||
92 | |||
93 | /* handle success */ |
||
94 | |||
95 | 3 | return $this->_success( |
|
96 | [ |
||
97 | 3 | 'route' => $settingModel->get('moderation') ? $this->_getErrorRoute($postArray) : $this->_getSuccessRoute($postArray), |
|
98 | 3 | 'timeout' => 2, |
|
99 | 3 | 'message' => $settingModel->get('moderation') ? $this->_language->get('comment_moderation') : $this->_language->get('comment_sent') |
|
100 | ]); |
||
101 | } |
||
102 | |||
103 | /** |
||
104 | * sanitize the post |
||
105 | * |
||
106 | * @since 4.0.0 |
||
107 | * |
||
108 | * @return array |
||
109 | */ |
||
110 | |||
111 | 8 | protected function _sanitizePost() : array |
|
112 | { |
||
113 | 8 | $htmlFilter = new Filter\Html(); |
|
114 | 8 | $emailFilter = new Filter\Email(); |
|
115 | 8 | $numberFilter = new Filter\Number(); |
|
116 | 8 | $textFilter = new Filter\Text(); |
|
117 | 8 | $urlFilter = new Filter\Url(); |
|
118 | |||
119 | /* sanitize post */ |
||
120 | |||
121 | return |
||
122 | [ |
||
123 | 8 | 'author' => $textFilter->sanitize($this->_request->getPost('author')), |
|
124 | 8 | 'email' => $emailFilter->sanitize($this->_request->getPost('email')), |
|
125 | 8 | 'url' => $urlFilter->sanitize($this->_request->getPost('url')), |
|
126 | 8 | 'text' => $htmlFilter->sanitize($this->_request->getPost('text')), |
|
127 | 8 | 'article' => $numberFilter->sanitize($this->_request->getPost('article')), |
|
128 | 8 | 'task' => $numberFilter->sanitize($this->_request->getPost('task')), |
|
129 | 8 | 'solution' => $textFilter->sanitize($this->_request->getPost('solution')) |
|
130 | ]; |
||
131 | } |
||
132 | |||
133 | /** |
||
134 | * validate the post |
||
135 | * |
||
136 | * @since 3.3.0 |
||
137 | * |
||
138 | * @param array $postArray array of the post |
||
139 | * |
||
140 | * @return array |
||
141 | */ |
||
142 | |||
143 | 8 | protected function _validatePost(array $postArray = []) : array |
|
144 | { |
||
145 | 8 | $emailValidator = new Validator\Email(); |
|
146 | 8 | $captchaValidator = new Validator\Captcha(); |
|
147 | 8 | $nameValidator = new Validator\Name(); |
|
148 | 8 | $urlValidator = new Validator\Url(); |
|
149 | 8 | $settingModel = new Model\Setting(); |
|
150 | 8 | $validateArray = []; |
|
151 | |||
152 | /* validate post */ |
||
153 | |||
154 | 8 | if (!$postArray['author']) |
|
155 | { |
||
156 | 2 | $validateArray[] = $this->_language->get('author_empty'); |
|
157 | } |
||
158 | 6 | else if (!$nameValidator->validate($postArray['author'])) |
|
159 | { |
||
160 | $validateArray[] = $this->_language->get('author_incorrect'); |
||
161 | } |
||
162 | 8 | if (!$postArray['email']) |
|
163 | { |
||
164 | 1 | $validateArray[] = $this->_language->get('email_empty'); |
|
165 | } |
||
166 | 7 | else if (!$emailValidator->validate($postArray['email'])) |
|
167 | { |
||
168 | 1 | $validateArray[] = $this->_language->get('email_incorrect'); |
|
169 | } |
||
170 | 8 | if ($postArray['url'] && !$urlValidator->validate($postArray['url'])) |
|
171 | { |
||
172 | 1 | $validateArray[] = $this->_language->get('url_incorrect'); |
|
173 | } |
||
174 | 8 | if (!$postArray['text']) |
|
175 | { |
||
176 | 2 | $validateArray[] = $this->_language->get('comment_empty'); |
|
177 | } |
||
178 | 8 | if (!$postArray['article']) |
|
179 | { |
||
180 | 2 | $validateArray[] = $this->_language->get('article_empty'); |
|
181 | } |
||
182 | 8 | if ($settingModel->get('captcha') > 0 && !$captchaValidator->validate($postArray['task'], $postArray['solution'])) |
|
183 | { |
||
184 | 2 | $validateArray[] = $this->_language->get('captcha_incorrect'); |
|
185 | } |
||
186 | 8 | return $validateArray; |
|
187 | } |
||
188 | |||
189 | /** |
||
190 | * create the comment |
||
191 | * |
||
192 | * @since 3.0.0 |
||
193 | * |
||
194 | * @param array $createArray array of the create |
||
195 | * |
||
196 | * @return bool |
||
197 | */ |
||
198 | |||
199 | 4 | protected function _create(array $createArray = []) : bool |
|
200 | { |
||
201 | 4 | $commentModel = new Model\Comment(); |
|
202 | 4 | return $commentModel->createByArray($createArray); |
|
203 | } |
||
204 | |||
205 | /** |
||
206 | * send the mail |
||
207 | * |
||
208 | * @since 3.3.0 |
||
209 | * |
||
210 | * @param array $mailArray array of the mail |
||
211 | * |
||
212 | * @return bool |
||
213 | */ |
||
214 | |||
215 | 3 | protected function _mail(array $mailArray = []) : bool |
|
216 | { |
||
217 | 3 | $settingModel = new Model\Setting(); |
|
218 | 3 | $urlArticle = $this->_registry->get('root') . '/' . $this->_registry->get('parameterRoute') . $mailArray['route']; |
|
219 | |||
220 | /* html element */ |
||
221 | |||
222 | 3 | $element = new Html\Element(); |
|
223 | $linkEmail = $element |
||
224 | 3 | ->copy() |
|
225 | 3 | ->init('a', |
|
226 | [ |
||
227 | 3 | 'href' => 'mailto:' . $mailArray['email'] |
|
228 | ]) |
||
229 | 3 | ->text($mailArray['email']); |
|
230 | $linkUrl = $element |
||
231 | 3 | ->copy() |
|
232 | 3 | ->init('a', |
|
233 | [ |
||
234 | 3 | 'href' => $mailArray['url'] |
|
235 | ]) |
||
236 | 3 | ->text($mailArray['url'] ? : $this->_language->get('none')); |
|
237 | $linkArticle = $element |
||
238 | 3 | ->copy() |
|
239 | 3 | ->init('a', |
|
240 | [ |
||
241 | 3 | 'href' => $urlArticle |
|
242 | ]) |
||
243 | 3 | ->text($urlArticle); |
|
244 | |||
245 | /* prepare mail */ |
||
246 | |||
247 | $toArray = |
||
248 | [ |
||
249 | 3 | $this->_language->get('author') => $settingModel->get('email') |
|
250 | ]; |
||
251 | $fromArray = |
||
252 | [ |
||
253 | 3 | $mailArray['author'] => $mailArray['email'] |
|
254 | ]; |
||
255 | 3 | $subject = $this->_language->get('comment_new'); |
|
256 | $bodyArray = |
||
257 | [ |
||
258 | 3 | $this->_language->get('author') . $this->_language->get('colon') . ' ' . $mailArray['author'], |
|
259 | 3 | '<br />', |
|
260 | 3 | $this->_language->get('email') . $this->_language->get('colon') . ' ' . $linkEmail, |
|
261 | 3 | '<br />', |
|
262 | 3 | $this->_language->get('url') . $this->_language->get('colon') . ' ' . $linkUrl, |
|
263 | 3 | '<br />', |
|
264 | 3 | $this->_language->get('article') . $this->_language->get('colon') . ' ' . $linkArticle, |
|
265 | 3 | '<br />', |
|
266 | 3 | $this->_language->get('comment') . $this->_language->get('colon') . ' ' . $mailArray['text'] |
|
267 | ]; |
||
268 | |||
269 | /* send mail */ |
||
270 | |||
271 | 3 | $mailer = new Mailer(); |
|
272 | 3 | $mailer->init($toArray, $fromArray, $subject, $bodyArray); |
|
273 | 3 | return $mailer->send(); |
|
274 | } |
||
275 | |||
276 | /** |
||
277 | * get success route |
||
278 | * |
||
279 | * @since 4.5.0 |
||
280 | * |
||
281 | * @param array $postArray array of the post |
||
282 | * |
||
283 | * @return string|null |
||
284 | */ |
||
285 | |||
286 | 4 | protected function _getSuccessRoute(array $postArray = []) : ?string |
|
287 | { |
||
288 | 4 | $articleModel = new Model\Article(); |
|
289 | 4 | $commentModel = new Model\Comment(); |
|
290 | 4 | $commentId = $commentModel->maxIdByArticleAndLanguage($postArray['article'], $articleModel->getById($postArray['article'])->language); |
|
291 | 4 | if ($commentId) |
|
0 ignored issues
–
show
The expression
$commentId of type integer|null is loosely compared to true ; this is ambiguous if the integer can be zero. You might want to explicitly use !== null instead.
In PHP, under loose comparison (like For 0 == false // true
0 == null // true
123 == false // false
123 == null // false
// It is often better to use strict comparison
0 === false // false
0 === null // false
Loading history...
|
|||
292 | { |
||
293 | 1 | return $commentModel->getRouteById($commentId); |
|
294 | } |
||
295 | 3 | return $articleModel->getRouteById($postArray['article']); |
|
296 | } |
||
297 | |||
298 | /** |
||
299 | * get error route |
||
300 | * |
||
301 | * @since 4.5.0 |
||
302 | * |
||
303 | * @param array $postArray array of the post |
||
304 | * |
||
305 | * @return string|null |
||
306 | */ |
||
307 | |||
308 | 6 | protected function _getErrorRoute(array $postArray = []) : ?string |
|
309 | { |
||
310 | 6 | $articleModel = new Model\Article(); |
|
311 | 6 | return $articleModel->getRouteById($postArray['article']); |
|
312 | } |
||
313 | } |
||
314 |
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.
Consider making the comparison explicit by using
empty(..)
or! empty(...)
instead.