AllowedHostsMiddleware::process() - Code Metrics - Inspection of "Merge pull request #7052 from sminnee/director-mid..." - silverstripe/silverstripe-framework - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( daed8c...cf758d )

by Damian

created 2017-06-27 02:21 UTC

AllowedHostsMiddleware::process() A

↳ Parent: AllowedHostsMiddleware

Complexity

Conditions	4
Paths	2

Size

Total Lines	14
Code Lines	7

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	4
eloc	7
nc	2
nop	2
dl	0
loc	14
rs	9.2
c	0
b	0
f	0

<?php

namespace SilverStripe\Control\Middleware;

use SilverStripe\Control\Director;
use SilverStripe\Control\HTTPRequest;
use SilverStripe\Control\HTTPResponse;

/**
 * Secures requests by only allowing a whitelist of Host values
 */
class AllowedHostsMiddleware implements HTTPMiddleware
{
    /**
     * List of allowed hosts
     *
     * @var array
     */
    private $allowedHosts = [];

    /**
     * @return array List of allowed Host header values
     */
    public function getAllowedHosts()
    {
        return $this->allowedHosts;
    }

    /**
     * Sets the list of allowed Host header values
     * Can also specify a comma separated list
     *
     * @param array|string $allowedHosts
     * @return $this
     */
    public function setAllowedHosts($allowedHosts)
    {
        if (is_string($allowedHosts)) {
            $allowedHosts = preg_split('/ *, */', $allowedHosts);
        }
        $this->allowedHosts = $allowedHosts;
        return $this;
    }

    /**
     * @inheritdoc
     */
    public function process(HTTPRequest $request, callable $delegate)
    {
        $allowedHosts = $this->getAllowedHosts();

        // check allowed hosts
        if ($allowedHosts

            && !Director::is_cli()
            && !in_array($request->getHeader('Host'), $allowedHosts)
        ) {
            return new HTTPResponse('Invalid Host', 400);
        }

        return $delegate($request);
    }
}


1			<?php
2
3			namespace SilverStripe\Control\Middleware;
4
5			use SilverStripe\Control\Director;
6			use SilverStripe\Control\HTTPRequest;
7			use SilverStripe\Control\HTTPResponse;
8
9			/**
10			* Secures requests by only allowing a whitelist of Host values
11			*/
12			class AllowedHostsMiddleware implements HTTPMiddleware
13			{
14			/**
15			* List of allowed hosts
16			*
17			* @var array
18			*/
19			private $allowedHosts = [];
20
21			/**
22			* @return array List of allowed Host header values
23			*/
24			public function getAllowedHosts()
25			{
26			return $this->allowedHosts;
27			}
28
29			/**
30			* Sets the list of allowed Host header values
31			* Can also specify a comma separated list
32			*
33			* @param array\|string $allowedHosts
34			* @return $this
35			*/
36			public function setAllowedHosts($allowedHosts)
37			{
38			if (is_string($allowedHosts)) {
39			$allowedHosts = preg_split('/ , /', $allowedHosts);
40			}
41			$this->allowedHosts = $allowedHosts;
42			return $this;
43			}
44
45			/**
46			* @inheritdoc
47			*/
48			public function process(HTTPRequest $request, callable $delegate)
49			{
50			$allowedHosts = $this->getAllowedHosts();
51
52			// check allowed hosts
53			if ($allowedHosts
			0 ignored issues – show Bug Best Practice introduced 2017-06-25 03:24 UTC by Report Bug Copy Issue Report The expression `$allowedHosts` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
54			&& !Director::is_cli()
55			&& !in_array($request->getHeader('Host'), $allowedHosts)
56			) {
57			return new HTTPResponse('Invalid Host', 400);
58			}
59
60			return $delegate($request);
61			}
62			}
63

silverstripe / silverstripe-framework

Push — master ( daed8c...cf758d )

AllowedHostsMiddleware::process() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like