LogoutForm::getFormFields() - Code Metrics - Inspection of "WIP: Add CSRF token to logout action" - silverstripe/silverstripe-framework - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#7028)

by Loz

created 2017-06-22 08:03 UTC

LogoutForm::getFormFields() A

↳ Parent: LogoutForm

Complexity

Conditions	4
Paths	4

Size

Total Lines	17
Code Lines	9

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	4
eloc	9
c	1
b	0
f	0
nc	4
nop	0
dl	0
loc	17
rs	9.2

<?php

namespace SilverStripe\Security;

use SilverStripe\Control\Director;
use SilverStripe\Control\RequestHandler;
use SilverStripe\Control\Session;
use SilverStripe\Forms\FieldList;
use SilverStripe\Forms\Form;
use SilverStripe\Forms\FormAction;
use SilverStripe\Forms\HiddenField;
use SilverStripe\Forms\Validator;

/**
 * Log out form to display to users who arrive at 'Security/logout' without a
 * CSRF token. It's preferable to link to {@link Security::logout_url()}
 * directly - we only use a form so that we can preserve the "BackURL" if set
 */
class LogoutForm extends Form
{
    /**
     * {@inheritdoc}
     */
    public function __construct(
        RequestHandler $controller = null,
        $name = self::DEFAULT_NAME,
        FieldList $fields = null,
        FieldList $actions = null,
        Validator $validator = null
    ) {
        $this->setController($controller);

        if (!$fields) {
            $fields = $this->getFormFields();
        }
        if (!$actions) {
            $actions = $this->getFormActions();
        }

        parent::__construct($controller, $name, $fields, $actions);

        $this->setFormAction(Security::logout_url());
    }

    /**
     * Build the FieldList for the logout form
     *
     * @return FieldList
     */
    protected function getFormFields()
    {
        $fields = FieldList::create();

        $controller = $this->getController();
        $backURL = $controller->getBackURL()
            ?: $controller->getReturnReferer();

        // Protect against infinite redirection back to the logout URL after logging out
        if (!$backURL || Director::makeRelative($backURL) === $controller->getRequest()->getURL()) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            $backURL = Director::baseURL();
        }

        $fields->push(HiddenField::create('BackURL', 'BackURL', $backURL));

        return $fields;
    }

    /**
     * Build default logout form action FieldList
     *
     * @return FieldList
     */
    protected function getFormActions()
    {
        $actions = FieldList::create(
            FormAction::create('doLogout', _t('SilverStripe\\Security\\Member.BUTTONLOGOUT', "Log out"))
        );

        return $actions;
    }
}


1			<?php
2
3			namespace SilverStripe\Security;
4
5			use SilverStripe\Control\Director;
6			use SilverStripe\Control\RequestHandler;
7			use SilverStripe\Control\Session;
8			use SilverStripe\Forms\FieldList;
9			use SilverStripe\Forms\Form;
10			use SilverStripe\Forms\FormAction;
11			use SilverStripe\Forms\HiddenField;
12			use SilverStripe\Forms\Validator;
13
14			/**
15			* Log out form to display to users who arrive at 'Security/logout' without a
16			* CSRF token. It's preferable to link to {@link Security::logout_url()}
17			* directly - we only use a form so that we can preserve the "BackURL" if set
18			*/
19			class LogoutForm extends Form
20			{
21			/**
22			* {@inheritdoc}
23			*/
24			public function __construct(
25			RequestHandler $controller = null,
26			$name = self::DEFAULT_NAME,
27			FieldList $fields = null,
28			FieldList $actions = null,
29			Validator $validator = null
30			) {
31			$this->setController($controller);
32
33			if (!$fields) {
34			$fields = $this->getFormFields();
35			}
36			if (!$actions) {
37			$actions = $this->getFormActions();
38			}
39
40			parent::__construct($controller, $name, $fields, $actions);
41
42			$this->setFormAction(Security::logout_url());
43			}
44
45			/**
46			* Build the FieldList for the logout form
47			*
48			* @return FieldList
49			*/
50			protected function getFormFields()
51			{
52			$fields = FieldList::create();
53
54			$controller = $this->getController();
55			$backURL = $controller->getBackURL()
56			?: $controller->getReturnReferer();
57
58			// Protect against infinite redirection back to the logout URL after logging out
59			if (!$backURL \|\| Director::makeRelative($backURL) === $controller->getRequest()->getURL()) {
			0 ignored issues – show Bug Best Practice introduced 2017-06-15 11:07 UTC by Report Bug Copy Issue Report The expression `$backURL` of type `string\|null` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
60			$backURL = Director::baseURL();
61			}
62
63			$fields->push(HiddenField::create('BackURL', 'BackURL', $backURL));
64
65			return $fields;
66			}
67
68			/**
69			* Build default logout form action FieldList
70			*
71			* @return FieldList
72			*/
73			protected function getFormActions()
74			{
75			$actions = FieldList::create(
76			FormAction::create('doLogout', _t('SilverStripe\\Security\\Member.BUTTONLOGOUT', "Log out"))
77			);
78
79			return $actions;
80			}
81			}
82

silverstripe / silverstripe-framework

Pull Request — master (#7028)

LogoutForm::getFormFields() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like