This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | namespace Redaxscript\Controller; |
||
3 | |||
4 | use Redaxscript\Db; |
||
5 | use Redaxscript\Filter; |
||
6 | use Redaxscript\Html; |
||
7 | use Redaxscript\Installer; |
||
8 | use Redaxscript\Mailer; |
||
9 | use Redaxscript\Model; |
||
10 | use Redaxscript\Validator; |
||
11 | use function touch; |
||
12 | use function unlink; |
||
13 | |||
14 | /** |
||
15 | * children class to process install |
||
16 | * |
||
17 | * @since 3.0.0 |
||
18 | * |
||
19 | * @package Redaxscript |
||
20 | * @category Controller |
||
21 | * @author Henry Ruhs |
||
22 | * @author Balázs Szilágyi |
||
23 | */ |
||
24 | |||
25 | class Install extends ControllerAbstract |
||
26 | { |
||
27 | /** |
||
28 | * process the class |
||
29 | * |
||
30 | * @since 3.0.0 |
||
31 | * |
||
32 | * @return string |
||
33 | */ |
||
34 | |||
35 | 8 | public function process() : string |
|
36 | { |
||
37 | 8 | $postArray = $this->_normalizePost($this->_sanitizePost()); |
|
38 | |||
39 | /* validate database */ |
||
40 | |||
41 | 8 | $validateArray = $this->_validateDatabase($postArray); |
|
42 | 8 | if ($validateArray) |
|
0 ignored issues
–
show
|
|||
43 | { |
||
44 | 1 | return $this->_error( |
|
45 | [ |
||
46 | 1 | 'url' => 'install.php', |
|
47 | 1 | 'title' => $this->_language->get('database'), |
|
48 | 1 | 'message' => $validateArray |
|
49 | ]); |
||
50 | } |
||
51 | |||
52 | /* validate account */ |
||
53 | |||
54 | 7 | $validateArray = $this->_validateAccount($postArray); |
|
55 | 7 | if ($validateArray) |
|
0 ignored issues
–
show
The expression
$validateArray of type array is implicitly converted to a boolean; are you sure this is intended? If so, consider using ! empty($expr) instead to make it clear that you intend to check for an array without elements.
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using
Loading history...
|
|||
56 | { |
||
57 | 1 | return $this->_error( |
|
58 | [ |
||
59 | 1 | 'url' => 'install.php', |
|
60 | 1 | 'title' => $this->_language->get('account'), |
|
61 | 1 | 'message' => $validateArray |
|
62 | ]); |
||
63 | } |
||
64 | |||
65 | /* touch config */ |
||
66 | |||
67 | $configArray = |
||
68 | [ |
||
69 | 6 | 'dbType' => $postArray['dbType'], |
|
70 | 6 | 'dbHost' => $postArray['dbHost'], |
|
71 | 6 | 'dbName' => $postArray['dbName'], |
|
72 | 6 | 'dbUser' => $postArray['dbUser'], |
|
73 | 6 | 'dbPassword' => $postArray['dbPassword'], |
|
74 | 6 | 'dbPrefix' => $postArray['dbPrefix'] |
|
75 | ]; |
||
76 | 6 | if (!$this->_touch($configArray)) |
|
77 | { |
||
78 | 1 | return $this->_error( |
|
79 | [ |
||
80 | 1 | 'url' => 'install.php', |
|
81 | 1 | 'message' => $this->_language->get('directory_permission_grant') . $this->_language->get('point') |
|
82 | ]); |
||
83 | } |
||
84 | |||
85 | /* write config */ |
||
86 | |||
87 | 5 | if (!$this->_write($configArray)) |
|
88 | { |
||
89 | 1 | return $this->_error( |
|
90 | [ |
||
91 | 1 | 'url' => 'install.php', |
|
92 | 1 | 'message' => $this->_language->get('file_permission_grant') . $this->_language->get('colon') . ' config.php' |
|
93 | ]); |
||
94 | } |
||
95 | |||
96 | /* refresh connection */ |
||
97 | |||
98 | 4 | if ($postArray['refreshConnection']) |
|
99 | { |
||
100 | $this->_refreshConnection(); |
||
101 | } |
||
102 | |||
103 | /* handle database */ |
||
104 | |||
105 | 4 | if ($this->_getStatus() === 0) |
|
106 | { |
||
107 | 1 | return $this->_error( |
|
108 | [ |
||
109 | 1 | 'url' => 'install.php', |
|
110 | 1 | 'message' => $this->_language->get('database_failed') |
|
111 | ]); |
||
112 | } |
||
113 | |||
114 | /* handle install */ |
||
115 | |||
116 | $adminArray = |
||
117 | [ |
||
118 | 3 | 'adminName' => $postArray['adminName'], |
|
119 | 3 | 'adminUser' => $postArray['adminUser'], |
|
120 | 3 | 'adminEmail' => $postArray['adminEmail'], |
|
121 | 3 | 'adminPassword' => $postArray['adminPassword'] |
|
122 | ]; |
||
123 | 3 | if (!$this->_install($adminArray)) |
|
124 | { |
||
125 | 1 | return $this->_error( |
|
126 | [ |
||
127 | 1 | 'url' => 'install.php', |
|
128 | 1 | 'message' => $this->_language->get('installation_failed') |
|
129 | ]); |
||
130 | } |
||
131 | |||
132 | /* handle mail */ |
||
133 | |||
134 | $mailArray = |
||
135 | [ |
||
136 | 2 | 'adminName' => $postArray['adminName'], |
|
137 | 2 | 'adminUser' => $postArray['adminUser'], |
|
138 | 2 | 'adminEmail' => $postArray['adminEmail'] |
|
139 | ]; |
||
140 | 2 | if (!$this->_mail($mailArray)) |
|
141 | { |
||
142 | 1 | return $this->_warning( |
|
143 | [ |
||
144 | 1 | 'url' => 'index.php', |
|
145 | 1 | 'message' => $this->_language->get('email_failed') |
|
146 | ]); |
||
147 | } |
||
148 | |||
149 | /* handle success */ |
||
150 | |||
151 | 1 | return $this->_success( |
|
152 | [ |
||
153 | 1 | 'url' => 'index.php', |
|
154 | 1 | 'message' => $this->_language->get('installation_completed') |
|
155 | ]); |
||
156 | } |
||
157 | |||
158 | /** |
||
159 | * sanitize the post |
||
160 | * |
||
161 | * @since 4.0.0 |
||
162 | * |
||
163 | * @return array |
||
164 | */ |
||
165 | |||
166 | 8 | protected function _sanitizePost() : array |
|
167 | { |
||
168 | 8 | $emailFilter = new Filter\Email(); |
|
169 | 8 | $numberFilter = new Filter\Number(); |
|
170 | 8 | $passwordFilter = new Filter\Password(); |
|
171 | 8 | $textFilter = new Filter\Text(); |
|
172 | 8 | $userFilter = new Filter\User(); |
|
173 | |||
174 | /* sanitize post */ |
||
175 | |||
176 | return |
||
177 | [ |
||
178 | 8 | 'dbType' => $this->_request->getPost('db-type'), |
|
179 | 8 | 'dbHost' => $this->_request->getPost('db-host'), |
|
180 | 8 | 'dbName' => $this->_request->getPost('db-name'), |
|
181 | 8 | 'dbUser' => $this->_request->getPost('db-user'), |
|
182 | 8 | 'dbPassword' => $this->_request->getPost('db-password'), |
|
183 | 8 | 'dbPrefix' => $this->_request->getPost('db-prefix'), |
|
184 | 8 | 'adminName' => $textFilter->sanitize($this->_request->getPost('admin-name')), |
|
185 | 8 | 'adminUser' => $userFilter->sanitize($this->_request->getPost('admin-user')), |
|
186 | 8 | 'adminPassword' => $passwordFilter->sanitize($this->_request->getPost('admin-password')), |
|
187 | 8 | 'adminEmail' => $emailFilter->sanitize($this->_request->getPost('admin-email')), |
|
188 | 8 | 'refreshConnection' => $numberFilter->sanitize($this->_request->getPost('refresh-connection')) |
|
189 | ]; |
||
190 | } |
||
191 | |||
192 | /** |
||
193 | * validate the database |
||
194 | * |
||
195 | * @since 3.0.0 |
||
196 | * |
||
197 | * @param array $postArray array of the post |
||
198 | * |
||
199 | * @return array |
||
200 | */ |
||
201 | |||
202 | 11 | protected function _validateDatabase(array $postArray = []) : array |
|
203 | { |
||
204 | 11 | $validateArray = []; |
|
205 | 11 | if (!$postArray['dbType']) |
|
206 | { |
||
207 | 2 | $validateArray[] = $this->_language->get('type_empty'); |
|
208 | } |
||
209 | 11 | if (!$postArray['dbHost']) |
|
210 | { |
||
211 | 4 | $validateArray[] = $this->_language->get('host_empty'); |
|
212 | } |
||
213 | 11 | if ($postArray['dbType'] !== 'sqlite') |
|
214 | { |
||
215 | 3 | if (!$postArray['dbName']) |
|
216 | { |
||
217 | 3 | $validateArray[] = $this->_language->get('name_empty'); |
|
218 | } |
||
219 | 3 | if (!$postArray['dbUser']) |
|
220 | { |
||
221 | 3 | $validateArray[] = $this->_language->get('user_empty'); |
|
222 | } |
||
223 | } |
||
224 | 11 | return $validateArray; |
|
225 | } |
||
226 | |||
227 | /** |
||
228 | * validate the account |
||
229 | * |
||
230 | * @since 3.0.0 |
||
231 | * |
||
232 | * @param array $postArray array of the post |
||
233 | * |
||
234 | * @return array |
||
235 | */ |
||
236 | |||
237 | 10 | protected function _validateAccount(array $postArray = []) : array |
|
238 | { |
||
239 | 10 | $nameValidator = new Validator\Name(); |
|
240 | 10 | $emailValidator = new Validator\Email(); |
|
241 | 10 | $userValidator = new Validator\User(); |
|
242 | 10 | $passwordValidator = new Validator\Password(); |
|
243 | 10 | $validateArray = []; |
|
244 | |||
245 | /* validate post */ |
||
246 | |||
247 | 10 | if (!$postArray['adminName']) |
|
248 | { |
||
249 | 3 | $validateArray[] = $this->_language->get('name_empty'); |
|
250 | } |
||
251 | 7 | else if (!$nameValidator->validate($postArray['adminName'])) |
|
252 | { |
||
253 | $validateArray[] = $this->_language->get('name_incorrect'); |
||
254 | } |
||
255 | 10 | if (!$postArray['adminUser']) |
|
256 | { |
||
257 | 2 | $validateArray[] = $this->_language->get('user_empty'); |
|
258 | } |
||
259 | 8 | else if (!$userValidator->validate($postArray['adminUser'])) |
|
260 | { |
||
261 | 1 | $validateArray[] = $this->_language->get('user_incorrect'); |
|
262 | } |
||
263 | 10 | if (!$postArray['adminPassword']) |
|
264 | { |
||
265 | 2 | $validateArray[] = $this->_language->get('password_empty'); |
|
266 | } |
||
267 | 8 | else if (!$passwordValidator->validate($postArray['adminPassword'])) |
|
268 | { |
||
269 | 1 | $validateArray[] = $this->_language->get('password_incorrect'); |
|
270 | } |
||
271 | 10 | if (!$postArray['adminEmail']) |
|
272 | { |
||
273 | 2 | $validateArray[] = $this->_language->get('email_empty'); |
|
274 | } |
||
275 | 8 | else if (!$emailValidator->validate($postArray['adminEmail'])) |
|
276 | { |
||
277 | 1 | $validateArray[] = $this->_language->get('email_incorrect'); |
|
278 | } |
||
279 | 10 | return $validateArray; |
|
280 | } |
||
281 | |||
282 | /** |
||
283 | * touch sqlite file |
||
284 | * |
||
285 | * @since 3.0.0 |
||
286 | * |
||
287 | * @param array $configArray |
||
288 | * |
||
289 | * @return bool |
||
290 | */ |
||
291 | |||
292 | 5 | protected function _touch(array $configArray = []) : bool |
|
293 | { |
||
294 | 5 | if ($configArray['dbType'] === 'sqlite') |
|
295 | { |
||
296 | 5 | $file = $configArray['dbHost'] . '.tmp'; |
|
297 | 5 | return touch($file) && unlink($file); |
|
298 | } |
||
299 | return true; |
||
300 | } |
||
301 | |||
302 | /** |
||
303 | * write config file |
||
304 | * |
||
305 | * @since 3.0.0 |
||
306 | * |
||
307 | * @param array $configArray |
||
308 | * |
||
309 | * @return bool |
||
310 | */ |
||
311 | |||
312 | 4 | protected function _write(array $configArray = []) : bool |
|
313 | { |
||
314 | 4 | $this->_config->set('dbType', $configArray['dbType']); |
|
315 | 4 | $this->_config->set('dbHost', $configArray['dbHost']); |
|
316 | 4 | $this->_config->set('dbName', $configArray['dbName']); |
|
317 | 4 | $this->_config->set('dbUser', $configArray['dbUser']); |
|
318 | 4 | $this->_config->set('dbPassword', $configArray['dbPassword']); |
|
319 | 4 | $this->_config->set('dbPrefix', $configArray['dbPrefix']); |
|
320 | 4 | return $this->_config->write(); |
|
321 | } |
||
322 | |||
323 | /** |
||
324 | * get the status |
||
325 | * |
||
326 | * @since 3.0.0 |
||
327 | * |
||
328 | * @return int |
||
329 | */ |
||
330 | |||
331 | 4 | protected function _getStatus() : int |
|
332 | { |
||
333 | 4 | return Db::getStatus(); |
|
334 | } |
||
335 | |||
336 | /** |
||
337 | * refresh the connection |
||
338 | * |
||
339 | * @since 3.0.0 |
||
340 | */ |
||
341 | |||
342 | protected function _refreshConnection() : void |
||
343 | { |
||
344 | Db::resetDb(); |
||
345 | Db::init(); |
||
346 | } |
||
347 | |||
348 | /** |
||
349 | * install the database |
||
350 | * |
||
351 | * @since 3.0.0 |
||
352 | * |
||
353 | * @param array $installArray |
||
354 | * |
||
355 | * @return bool |
||
356 | */ |
||
357 | |||
358 | 4 | protected function _install(array $installArray = []) : bool |
|
359 | { |
||
360 | 4 | $adminName = $installArray['adminName']; |
|
361 | 4 | $adminUser = $installArray['adminUser']; |
|
362 | 4 | $adminPassword = $installArray['adminPassword']; |
|
363 | 4 | $adminEmail = $installArray['adminEmail']; |
|
364 | 4 | if ($adminName && $adminUser && $adminPassword && $adminEmail) |
|
365 | { |
||
366 | 3 | $installer = new Installer($this->_registry, $this->_request, $this->_language, $this->_config); |
|
367 | 3 | $installer->init(); |
|
368 | 3 | $installer->rawDrop(); |
|
369 | 3 | $installer->rawCreate(); |
|
370 | 3 | $installer->insertData( |
|
371 | [ |
||
372 | 3 | 'adminName' => $installArray['adminName'], |
|
373 | 3 | 'adminUser' => $installArray['adminUser'], |
|
374 | 3 | 'adminPassword' => $installArray['adminPassword'], |
|
375 | 3 | 'adminEmail' => $installArray['adminEmail'] |
|
376 | ]); |
||
377 | 3 | return $this->_getStatus() === 2; |
|
378 | } |
||
379 | 1 | return false; |
|
380 | } |
||
381 | |||
382 | /** |
||
383 | * send the mail |
||
384 | * |
||
385 | * @since 3.0.0 |
||
386 | * |
||
387 | * @param array $mailArray |
||
388 | * |
||
389 | * @return bool |
||
390 | */ |
||
391 | |||
392 | 1 | protected function _mail(array $mailArray = []) : bool |
|
393 | { |
||
394 | 1 | $settingModel = new Model\Setting(); |
|
395 | 1 | $urlLogin = $this->_registry->get('root') . '/' . $this->_registry->get('parameterRoute') . 'login'; |
|
396 | |||
397 | /* html element */ |
||
398 | |||
399 | 1 | $linkElement = new Html\Element(); |
|
400 | $linkElement |
||
401 | 1 | ->init('a', |
|
402 | [ |
||
403 | 1 | 'href' => $urlLogin |
|
404 | ]) |
||
405 | 1 | ->text($urlLogin); |
|
406 | |||
407 | /* prepare mail */ |
||
408 | |||
409 | $toArray = |
||
410 | [ |
||
411 | 1 | $mailArray['adminName'] => $mailArray['adminEmail'] |
|
412 | ]; |
||
413 | $fromArray = |
||
414 | [ |
||
415 | 1 | $settingModel->get('author') => $settingModel->get('email') |
|
416 | ]; |
||
417 | 1 | $subject = $this->_language->get('installation'); |
|
418 | $bodyArray = |
||
419 | [ |
||
420 | 1 | $this->_language->get('user') . $this->_language->get('colon') . ' ' . $mailArray['adminUser'], |
|
421 | 1 | '<br />', |
|
422 | 1 | $this->_language->get('login') . $this->_language->get('colon') . ' ' . $linkElement |
|
423 | ]; |
||
424 | |||
425 | /* send mail */ |
||
426 | |||
427 | 1 | $mailer = new Mailer(); |
|
428 | 1 | $mailer->init($toArray, $fromArray, $subject, $bodyArray); |
|
429 | 1 | return $mailer->send(); |
|
430 | } |
||
431 | |||
432 | /** |
||
433 | * show the success |
||
434 | * |
||
435 | * @since 3.0.0 |
||
436 | * |
||
437 | * @param array $successArray array of the success |
||
438 | * |
||
439 | * @return string |
||
440 | */ |
||
441 | |||
442 | 1 | protected function _success(array $successArray = []) : string |
|
443 | { |
||
444 | 1 | $messenger = $this->_messengerFactory(); |
|
445 | return $messenger |
||
446 | 1 | ->setUrl($this->_language->get('home'), $successArray['url']) |
|
447 | 1 | ->doRedirect() |
|
448 | 1 | ->success($successArray['message'] ?? null, $successArray['title'] ?? null); |
|
449 | } |
||
450 | |||
451 | /** |
||
452 | * show the warning |
||
453 | * |
||
454 | * @since 3.0.0 |
||
455 | * |
||
456 | * @param array $warningArray array of the warning |
||
457 | * |
||
458 | * @return string |
||
459 | */ |
||
460 | |||
461 | 1 | protected function _warning(array $warningArray = []) : string |
|
462 | { |
||
463 | 1 | $messenger = $this->_messengerFactory(); |
|
464 | return $messenger |
||
465 | 1 | ->setUrl($this->_language->get('home'), $warningArray['url']) |
|
466 | 1 | ->doRedirect() |
|
467 | 1 | ->warning($warningArray['message'] ?? null, $warningArray['title'] ?? null); |
|
468 | } |
||
469 | |||
470 | /** |
||
471 | * show the error |
||
472 | * |
||
473 | * @since 3.0.0 |
||
474 | * |
||
475 | * @param array $errorArray array of the error |
||
476 | * |
||
477 | * @return string |
||
478 | */ |
||
479 | |||
480 | 6 | protected function _error(array $errorArray = []) : string |
|
481 | { |
||
482 | 6 | $messenger = $this->_messengerFactory(); |
|
483 | return $messenger |
||
484 | 6 | ->setUrl($this->_language->get('back'), $errorArray['url']) |
|
485 | 6 | ->error($errorArray['message'] ?? null, $errorArray['title'] ?? null); |
|
486 | } |
||
487 | } |
||
488 |
This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent.
Consider making the comparison explicit by using
empty(..)
or! empty(...)
instead.