Issues in CommentForm.php - New Issues - Inspection of "Merge pull request #216 from fullscreeninteractive..." - silverstripe/silverstripe-comments - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 187618...8c43e0 )

by Will

created 2017-10-09 20:49 UTC

src/Forms/CommentForm.php (2 issues)

Labels

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace SilverStripe\Comments\Forms;

use SilverStripe\Forms\CompositeField;
use SilverStripe\Forms\EmailField;
use SilverStripe\Forms\FieldList;
use SilverStripe\Forms\Form;
use SilverStripe\Forms\FormAction;
use SilverStripe\Forms\HiddenField;
use SilverStripe\Forms\ReadonlyField;
use SilverStripe\Forms\RequiredFields;
use SilverStripe\Forms\TextareaField;
use SilverStripe\Forms\TextField;
use SilverStripe\Security\Member;
use SilverStripe\Control\Cookie;
use SilverStripe\Core\Convert;
use SilverStripe\Security\Security;
use SilverStripe\Comments\Model\Comment;
use SilverStripe\Control\Controller;
use SilverStripe\Comments\Controllers\CommentingController;
use SilverStripe\Core\Config\Config;

class CommentForm extends Form
{
    /**
     * @param string $name
     * @param CommentingController $controller
     */
    public function __construct($name, CommentingController $controller)
    {
        $usePreview = $controller->getOption('use_preview');
        $nameRequired = _t('CommentInterface.YOURNAME_MESSAGE_REQUIRED', 'Please enter your name');
        $emailRequired = _t('CommentInterface.EMAILADDRESS_MESSAGE_REQUIRED', 'Please enter your email address');
        $emailInvalid = _t('CommentInterface.EMAILADDRESS_MESSAGE_EMAIL', 'Please enter a valid email address');
        $urlInvalid = _t('CommentInterface.COMMENT_MESSAGE_URL', 'Please enter a valid URL');
        $commentRequired = _t('CommentInterface.COMMENT_MESSAGE_REQUIRED', 'Please enter your comment');

        $fields = FieldList::create(
            $dataFields = CompositeField::create(
                // Name
                $a = TextField::create('Name', _t('CommentInterface.YOURNAME', 'Your name'))
                    ->setCustomValidationMessage($nameRequired)
                    ->setAttribute('data-msg-required', $nameRequired),
                // Email
                EmailField::create(
                    'Email',
                    _t('SilverStripe\\Comments\\Controllers\\CommentingController.EMAILADDRESS', 'Your email address (will not be published)')
                )
                    ->setCustomValidationMessage($emailRequired)
                    ->setAttribute('data-msg-required', $emailRequired)
                    ->setAttribute('data-msg-email', $emailInvalid)
                    ->setAttribute('data-rule-email', true),
                // Url
                TextField::create('URL', _t('SilverStripe\\Comments\\Controllers\\CommentingController.WEBSITEURL', 'Your website URL'))
                    ->setAttribute('data-msg-url', $urlInvalid)
                    ->setAttribute('data-rule-url', true),
                // Comment
                TextareaField::create('Comment', _t('SilverStripe\\Comments\\Controllers\\CommentingController.COMMENTS', 'Comments'))
                    ->setCustomValidationMessage($commentRequired)
                    ->setAttribute('data-msg-required', $commentRequired)
            ),
            HiddenField::create('ParentID'),
            HiddenField::create('ParentClassName'),
            HiddenField::create('ReturnURL'),
            HiddenField::create('ParentCommentID')
        );

        // Preview formatted comment. Makes most sense when shortcodes or
        // limited HTML is allowed. Populated by JS/Ajax.
        if ($usePreview) {
            $fields->insertAfter(
                ReadonlyField::create('PreviewComment', _t('CommentInterface.PREVIEWLABEL', 'Preview'))
                    ->setAttribute('style', 'display: none'), // enable through JS
                'Comment'
            );
        }

        $dataFields->addExtraClass('data-fields');

        // save actions
        $actions = FieldList::create(
            $postAction = new FormAction('doPostComment', _t('CommentInterface.POST', 'Post'))
        );

        if ($usePreview) {
            $actions->push(
                FormAction::create('doPreviewComment', _t('CommentInterface.PREVIEW', 'Preview'))
                    ->addExtraClass('action-minor')
                    ->setAttribute('style', 'display: none') // enable through JS
            );
        }

        $required = new RequiredFields(
            $controller->config()->required_fields
        );

        parent::__construct($controller, $name, $fields, $actions, $required);


        // if the record exists load the extra required data
        if ($record = $controller->getOwnerRecord()) {
            // Load member data
            $member = Member::currentUser();
            if (($record->CommentsRequireLogin || $record->PostingRequiredPermission) && $member) {
                $fields = $this->Fields();

                $fields->removeByName('Name');
                $fields->removeByName('Email');
                $fields->insertBefore(
                    new ReadonlyField(
                        'NameView',
                        _t('CommentInterface.YOURNAME', 'Your name'),
                        $member->getName()
                    ),
                    'URL'
                );
                $fields->push(new HiddenField('Name', '', $member->getName()));
                $fields->push(new HiddenField('Email', '', $member->Email));
            }

            // we do not want to read a new URL when the form has already been submitted
            // which in here, it hasn't been.
            $this->loadDataFrom(array(
                'ParentID'        => $record->ID,
                'ReturnURL'       => $controller->getRequest()->getURL(),
                'ParentClassName' => $controller->getParentClass()
            ));

            if ($holder = $record->getCommentHolderID()) {
                $this->setHTMLID($holder);
            }
        }

        // Set it so the user gets redirected back down to the form upon form fail
        $this->setRedirectToFormOnValidationError(true);

        // load any data from the cookies
        if ($data = Cookie::get('CommentsForm_UserData')) {
            $data = Convert::json2array($data);

            $this->loadDataFrom(array(
                'Name'  => isset($data['Name']) ? $data['Name'] : '',
                'URL'   => isset($data['URL']) ? $data['URL'] : '',
                'Email' => isset($data['Email']) ? $data['Email'] : ''
            ));

            // allow previous value to fill if comment not stored in cookie (i.e. validation error)
            $prevComment = Cookie::get('CommentsForm_Comment');

            if ($prevComment && $prevComment != '') {
                $this->loadDataFrom(array('Comment' => $prevComment));
            }
        }
    }

    /**
     * @param  array $data
     * @param  Form $form
     * @return HTTPResponse
     */
    public function doPreviewComment($data, $form)
    {
        $data['IsPreview'] = 1;

        return $this->doPostComment($data, $form);
    }

    /**
     * Process which creates a {@link Comment} once a user submits a comment from this form.
     *
     * @param  array $data
     * @param  Form $form
     * @return HTTPResponse
     */
    public function doPostComment($data, $form)
    {
        // Load class and parent from data
        if (isset($data['ParentClassName'])) {
            $this->controller->setParentClass($data['ParentClassName']);
        }
        if (isset($data['ParentID']) && ($class = $this->controller->getParentClass())) {
            $this->controller->setOwnerRecord($class::get()->byID($data['ParentID']));
        }
        if (!$this->controller->getOwnerRecord()) {
            return $this->httpError(404);
class ParentClass {
    private $data = array();

    public function __call($method, array $args) {
        if (0 === strpos($method, 'get')) {
            return $this->data[strtolower(substr($method, 3))];
        }

        throw new \LogicException(sprintf('Unsupported method: %s', $method));
    }
}

/**
 * If this class knows which fields exist, you can specify the methods here:
 *
 * @method string getName()
 */
class SomeClass extends ParentClass { }
        }

        // cache users data
        Cookie::set('CommentsForm_UserData', Convert::raw2json($data));
        Cookie::set('CommentsForm_Comment', $data['Comment']);

        // extend hook to allow extensions. Also see onAfterPostComment
        $this->controller->extend('onBeforePostComment', $form);

        // If commenting can only be done by logged in users, make sure the user is logged in
        if (!$this->controller->getOwnerRecord()->canPostComment()) {
            return Security::permissionFailure(
                $this,
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
                _t(
                    'SilverStripe\\Comments\\Controllers\\CommentingController.PERMISSIONFAILURE',
                    "You're not able to post comments to this page. Please ensure you are logged in and have an "
                    . 'appropriate permission level.'
                )
            );
        }

        if ($member = Security::getCurrentUser()) {
            $form->Fields()->push(new HiddenField('AuthorID', 'Author ID', $member->ID));
        }

        // What kind of moderation is required?
        switch ($this->controller->getOwnerRecord()->ModerationRequired) {
            case 'Required':
                $requireModeration = true;
                break;
            case 'NonMembersOnly':
                $requireModeration = empty($member);
                break;
            case 'None':
            default:
                $requireModeration = false;
                break;
        }

        $comment = Comment::create();
        $form->saveInto($comment);

        $comment->ParentID = $data['ParentID'];
        $comment->ParentClass = $data['ParentClassName'];

        $comment->AllowHtml = $this->controller->getOption('html_allowed');
        $comment->Moderated = !$requireModeration;

        // Save into DB, or call pre-save hooks to give accurate preview
        $usePreview = $this->controller->getOption('use_preview');
        $isPreview = $usePreview && !empty($data['IsPreview']);
        if ($isPreview) {
            $comment->extend('onBeforeWrite');
        } else {
            $comment->write();

            // extend hook to allow extensions. Also see onBeforePostComment
            $this->controller->extend('onAfterPostComment', $comment);
        }

        // we want to show a notification if comments are moderated
        if ($requireModeration && !$comment->IsSpam) {
            Session::set('CommentsModerated', 1);
        }

        // clear the users comment since it passed validation
        Cookie::set('CommentsForm_Comment', false);

        // Find parent link
        if (!empty($data['ReturnURL'])) {
            $url = $data['ReturnURL'];
        } elseif ($parent = $comment->Parent()) {
            $url = $parent->Link();
        } else {
            return $this->controller->redirectBack();
        }

        // Given a redirect page exists, attempt to link to the correct anchor
        if ($comment->IsSpam) {
            // Link to the form with the error message contained
            $hash = $form->FormName();
        } elseif (!$comment->Moderated) {
            // Display the "awaiting moderation" text
            $hash = 'moderated';
        } else {
            // Link to the moderated, non-spam comment
            $hash = $comment->Permalink();
        }

        return $this->controller->redirect(Controller::join_links($url, "#{$hash}"));
    }
}


1			<?php
2
3			namespace SilverStripe\Comments\Forms;
4
5			use SilverStripe\Forms\CompositeField;
6			use SilverStripe\Forms\EmailField;
7			use SilverStripe\Forms\FieldList;
8			use SilverStripe\Forms\Form;
9			use SilverStripe\Forms\FormAction;
10			use SilverStripe\Forms\HiddenField;
11			use SilverStripe\Forms\ReadonlyField;
12			use SilverStripe\Forms\RequiredFields;
13			use SilverStripe\Forms\TextareaField;
14			use SilverStripe\Forms\TextField;
15			use SilverStripe\Security\Member;
16			use SilverStripe\Control\Cookie;
17			use SilverStripe\Core\Convert;
18			use SilverStripe\Security\Security;
19			use SilverStripe\Comments\Model\Comment;
20			use SilverStripe\Control\Controller;
21			use SilverStripe\Comments\Controllers\CommentingController;
22			use SilverStripe\Core\Config\Config;
23
24			class CommentForm extends Form
25			{
26			/**
27			* @param string $name
28			* @param CommentingController $controller
29			*/
30			public function __construct($name, CommentingController $controller)
31			{
32			$usePreview = $controller->getOption('use_preview');
33			$nameRequired = _t('CommentInterface.YOURNAME_MESSAGE_REQUIRED', 'Please enter your name');
34			$emailRequired = _t('CommentInterface.EMAILADDRESS_MESSAGE_REQUIRED', 'Please enter your email address');
35			$emailInvalid = _t('CommentInterface.EMAILADDRESS_MESSAGE_EMAIL', 'Please enter a valid email address');
36			$urlInvalid = _t('CommentInterface.COMMENT_MESSAGE_URL', 'Please enter a valid URL');
37			$commentRequired = _t('CommentInterface.COMMENT_MESSAGE_REQUIRED', 'Please enter your comment');
38
39			$fields = FieldList::create(
40			$dataFields = CompositeField::create(
41			// Name
42			$a = TextField::create('Name', _t('CommentInterface.YOURNAME', 'Your name'))
43			->setCustomValidationMessage($nameRequired)
44			->setAttribute('data-msg-required', $nameRequired),
45			// Email
46			EmailField::create(
47			'Email',
48			_t('SilverStripe\\Comments\\Controllers\\CommentingController.EMAILADDRESS', 'Your email address (will not be published)')
49			)
50			->setCustomValidationMessage($emailRequired)
51			->setAttribute('data-msg-required', $emailRequired)
52			->setAttribute('data-msg-email', $emailInvalid)
53			->setAttribute('data-rule-email', true),
54			// Url
55			TextField::create('URL', _t('SilverStripe\\Comments\\Controllers\\CommentingController.WEBSITEURL', 'Your website URL'))
56			->setAttribute('data-msg-url', $urlInvalid)
57			->setAttribute('data-rule-url', true),
58			// Comment
59			TextareaField::create('Comment', _t('SilverStripe\\Comments\\Controllers\\CommentingController.COMMENTS', 'Comments'))
60			->setCustomValidationMessage($commentRequired)
61			->setAttribute('data-msg-required', $commentRequired)
62			),
63			HiddenField::create('ParentID'),
64			HiddenField::create('ParentClassName'),
65			HiddenField::create('ReturnURL'),
66			HiddenField::create('ParentCommentID')
67			);
68
69			// Preview formatted comment. Makes most sense when shortcodes or
70			// limited HTML is allowed. Populated by JS/Ajax.
71			if ($usePreview) {
72			$fields->insertAfter(
73			ReadonlyField::create('PreviewComment', _t('CommentInterface.PREVIEWLABEL', 'Preview'))
74			->setAttribute('style', 'display: none'), // enable through JS
75			'Comment'
76			);
77			}
78
79			$dataFields->addExtraClass('data-fields');
80
81			// save actions
82			$actions = FieldList::create(
83			$postAction = new FormAction('doPostComment', _t('CommentInterface.POST', 'Post'))
84			);
85
86			if ($usePreview) {
87			$actions->push(
88			FormAction::create('doPreviewComment', _t('CommentInterface.PREVIEW', 'Preview'))
89			->addExtraClass('action-minor')
90			->setAttribute('style', 'display: none') // enable through JS
91			);
92			}
93
94			$required = new RequiredFields(
95			$controller->config()->required_fields
96			);
97
98			parent::__construct($controller, $name, $fields, $actions, $required);
99
100
101			// if the record exists load the extra required data
102			if ($record = $controller->getOwnerRecord()) {
103			// Load member data
104			$member = Member::currentUser();
105			if (($record->CommentsRequireLogin \|\| $record->PostingRequiredPermission) && $member) {
106			$fields = $this->Fields();
107
108			$fields->removeByName('Name');
109			$fields->removeByName('Email');
110			$fields->insertBefore(
111			new ReadonlyField(
112			'NameView',
113			_t('CommentInterface.YOURNAME', 'Your name'),
114			$member->getName()
115			),
116			'URL'
117			);
118			$fields->push(new HiddenField('Name', '', $member->getName()));
119			$fields->push(new HiddenField('Email', '', $member->Email));
120			}
121
122			// we do not want to read a new URL when the form has already been submitted
123			// which in here, it hasn't been.
124			$this->loadDataFrom(array(
125			'ParentID' => $record->ID,
126			'ReturnURL' => $controller->getRequest()->getURL(),
127			'ParentClassName' => $controller->getParentClass()
128			));
129
130			if ($holder = $record->getCommentHolderID()) {
131			$this->setHTMLID($holder);
132			}
133			}
134
135			// Set it so the user gets redirected back down to the form upon form fail
136			$this->setRedirectToFormOnValidationError(true);
137
138			// load any data from the cookies
139			if ($data = Cookie::get('CommentsForm_UserData')) {
140			$data = Convert::json2array($data);
141
142			$this->loadDataFrom(array(
143			'Name' => isset($data['Name']) ? $data['Name'] : '',
144			'URL' => isset($data['URL']) ? $data['URL'] : '',
145			'Email' => isset($data['Email']) ? $data['Email'] : ''
146			));
147
148			// allow previous value to fill if comment not stored in cookie (i.e. validation error)
149			$prevComment = Cookie::get('CommentsForm_Comment');
150
151			if ($prevComment && $prevComment != '') {
152			$this->loadDataFrom(array('Comment' => $prevComment));
153			}
154			}
155			}
156
157			/**
158			* @param array $data
159			* @param Form $form
160			* @return HTTPResponse
161			*/
162			public function doPreviewComment($data, $form)
163			{
164			$data['IsPreview'] = 1;
165
166			return $this->doPostComment($data, $form);
167			}
168
169			/**
170			* Process which creates a {@link Comment} once a user submits a comment from this form.
171			*
172			* @param array $data
173			* @param Form $form
174			* @return HTTPResponse
175			*/
176			public function doPostComment($data, $form)
177			{
178			// Load class and parent from data
179			if (isset($data['ParentClassName'])) {
180			$this->controller->setParentClass($data['ParentClassName']);
181			}
182			if (isset($data['ParentID']) && ($class = $this->controller->getParentClass())) {
183			$this->controller->setOwnerRecord($class::get()->byID($data['ParentID']));
184			}
185			if (!$this->controller->getOwnerRecord()) {
186			return $this->httpError(404);
			0 ignored issues – show Documentation Bug introduced 2017-09-18 02:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `httpError` does not exist on `object<SilverStripe\Comments\Forms\CommentForm>`? Since you implemented `__call`, maybe consider adding a @method annotation. If you implement `__call` and you know which methods are available, you can improve IDE auto-completion and static analysis by adding a @method annotation to the class. This is often the case, when `__call` is implemented by a parent class and only the child class knows which methods exist: class ParentClass { private $data = array(); public function __call($method, array $args) { if (0 === strpos($method, 'get')) { return $this->data[strtolower(substr($method, 3))]; } throw new \LogicException(sprintf('Unsupported method: %s', $method)); } } /** * If this class knows which fields exist, you can specify the methods here: * * @method string getName() */ class SomeClass extends ParentClass { } Loading history...
187			}
188
189			// cache users data
190			Cookie::set('CommentsForm_UserData', Convert::raw2json($data));
191			Cookie::set('CommentsForm_Comment', $data['Comment']);
192
193			// extend hook to allow extensions. Also see onAfterPostComment
194			$this->controller->extend('onBeforePostComment', $form);
195
196			// If commenting can only be done by logged in users, make sure the user is logged in
197			if (!$this->controller->getOwnerRecord()->canPostComment()) {
198			return Security::permissionFailure(
199			$this,
			0 ignored issues – show Documentation introduced 2017-09-18 02:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$this` is of type `this<SilverStripe\Comments\Forms\CommentForm>`, but the function expects a `object<SilverStripe\Control\Controller>\|null`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
200			_t(
201			'SilverStripe\\Comments\\Controllers\\CommentingController.PERMISSIONFAILURE',
202			"You're not able to post comments to this page. Please ensure you are logged in and have an "
203			. 'appropriate permission level.'
204			)
205			);
206			}
207
208			if ($member = Security::getCurrentUser()) {
209			$form->Fields()->push(new HiddenField('AuthorID', 'Author ID', $member->ID));
210			}
211
212			// What kind of moderation is required?
213			switch ($this->controller->getOwnerRecord()->ModerationRequired) {
214			case 'Required':
215			$requireModeration = true;
216			break;
217			case 'NonMembersOnly':
218			$requireModeration = empty($member);
219			break;
220			case 'None':
221			default:
222			$requireModeration = false;
223			break;
224			}
225
226			$comment = Comment::create();
227			$form->saveInto($comment);
228
229			$comment->ParentID = $data['ParentID'];
230			$comment->ParentClass = $data['ParentClassName'];
231
232			$comment->AllowHtml = $this->controller->getOption('html_allowed');
233			$comment->Moderated = !$requireModeration;
234
235			// Save into DB, or call pre-save hooks to give accurate preview
236			$usePreview = $this->controller->getOption('use_preview');
237			$isPreview = $usePreview && !empty($data['IsPreview']);
238			if ($isPreview) {
239			$comment->extend('onBeforeWrite');
240			} else {
241			$comment->write();
242
243			// extend hook to allow extensions. Also see onBeforePostComment
244			$this->controller->extend('onAfterPostComment', $comment);
245			}
246
247			// we want to show a notification if comments are moderated
248			if ($requireModeration && !$comment->IsSpam) {
249			Session::set('CommentsModerated', 1);
250			}
251
252			// clear the users comment since it passed validation
253			Cookie::set('CommentsForm_Comment', false);
254
255			// Find parent link
256			if (!empty($data['ReturnURL'])) {
257			$url = $data['ReturnURL'];
258			} elseif ($parent = $comment->Parent()) {
259			$url = $parent->Link();
260			} else {
261			return $this->controller->redirectBack();
262			}
263
264			// Given a redirect page exists, attempt to link to the correct anchor
265			if ($comment->IsSpam) {
266			// Link to the form with the error message contained
267			$hash = $form->FormName();
268			} elseif (!$comment->Moderated) {
269			// Display the "awaiting moderation" text
270			$hash = 'moderated';
271			} else {
272			// Link to the moderated, non-spam comment
273			$hash = $comment->Permalink();
274			}
275
276			return $this->controller->redirect(Controller::join_links($url, "#{$hash}"));
277			}
278			}
279

silverstripe / silverstripe-comments

Push — master ( 187618...8c43e0 )

src/Forms/CommentForm.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like