Issues in IFramePage.php (master) - Issues in master - silverstripe/silverstripe-iframe - Measure and Improve Code Quality continuously with Scrutinizer

Issues (8)

src/IFramePage.php (6 issues)

Labels

Bug 1

Severity

<?php

namespace SilverStripe\IFrame;

use Page;
filter:
    dependency_paths: ["lib/*"]
use SilverStripe\Forms\TextField;
use SilverStripe\Forms\DropdownField;
use SilverStripe\Forms\CheckboxField;
use SilverStripe\Forms\NumericField;
use SilverStripe\Forms\HTMLEditor\HtmlEditorField;
use SilverStripe\ORM\FieldType\DBField;
use SilverStripe\ORM\ValidationException;
use SilverStripe\ORM\ValidationResult;

/**
 * Iframe page type embeds an iframe of URL of choice into the page.
 * CMS editor can choose width, height, or set it to attempt automatic size configuration.
 */

class IFramePage extends Page
{
    private static $db = array(

        'IFrameURL' => 'Text',
        'IFrameTitle' => 'Varchar',
        'AutoHeight' => 'Boolean(1)',
        'AutoWidth' => 'Boolean(1)',
        'FixedHeight' => 'Int(500)',
        'FixedWidth' => 'Int(0)',
        'AlternateContent' => 'HTMLText',
        'BottomContent' => 'HTMLText',
        'ForceProtocol' => 'Varchar',
    );

    private static $defaults = array(

        'AutoHeight' => '1',
        'AutoWidth' => '1',
        'FixedHeight' => '500',
        'FixedWidth' => '0'
    );

    private static $table_name = 'IFramePage';


    private static $description = 'Embeds an iframe into the body of the page.';


    private static $singular_name = 'IFrame Page';


    public function getCMSFields()
    {
        $fields = parent::getCMSFields();

        $fields->removeFieldFromTab('Root.Main', 'Content');
        $fields->addFieldsToTab('Root.Main', [
            $url = TextField::create('IFrameURL', 'Iframe URL'),
            TextField::create('IFrameTitle', 'Description of contents (title)')
                ->setDescription(_t(__CLASS__ . '.TITLE_DESCRIPTION', 'Used by screen readers')),
        ]);
        $url->setRightTitle(
            DBField::create_field(
                'HTMLText',
                'Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).'
            )
        );
        $fields->addFieldToTab(
            'Root.Main',
            DropdownField::create('ForceProtocol', 'Force protocol?')
                ->setSource(array('http://' => 'http://', 'https://' => 'https://'))
                ->setEmptyString('')
                ->setDescription(
                    'Avoids mixed content warnings when iframe content is just available under a specific protocol'
                ),
            'Metadata'
        );
        $fields->addFieldsToTab('Root.Main', [
            CheckboxField::create('AutoHeight', 'Auto height (only works with same domain URLs)'),
            CheckboxField::create('AutoWidth', 'Auto width (100% of the available space)'),
            NumericField::create('FixedHeight', 'Fixed height (in pixels)'),
            NumericField::create('FixedWidth', 'Fixed width (in pixels)'),
            HtmlEditorField::create('Content', 'Content (appears above iframe)'),
            HtmlEditorField::create('BottomContent', 'Content (appears below iframe)'),
            HtmlEditorField::create('AlternateContent', 'Alternate Content (appears when user has iframes disabled)')
        ]);

        // Move the Metadata field to last position, but make a check for it's
        // existence first.
        //
        // See https://github.com/silverstripe-labs/silverstripe-iframe/issues/18
        $mainTab = $fields->findOrMakeTab('Root.Main');
        $mainTabFields = $mainTab->FieldList();
        $metaDataField = $mainTabFields->fieldByName('Metadata');
        if ($metaDataField) {
            $mainTabFields->removeByName('Metadata');
            $mainTabFields->push($metaDataField);
        }
        return $fields;
    }

    /**
     * Compute class from the size parameters.
     */
    public function getClass()
    {
        $class = '';
        if ($this->AutoHeight) {
            $class .= 'iframepage-height-auto';
        }

        return $class;
    }

    /**
     * Compute style from the size parameters.
     */
    public function getStyle()
    {
        $style = '';

        // Always add fixed height as a fallback if autosetting or JS fails.
        $height = $this->FixedHeight;
        if (!$height) {
            $height = 800;
        }
        $style .= "height: {$height}px; ";

        if ($this->AutoWidth) {
            $style .= "width: 100%; ";
        } elseif ($this->FixedWidth) {
            $style .= "width: {$this->FixedWidth}px; ";
        }

        return $style;
    }

    /**
     * Ensure that the IFrameURL is a valid url and prevents XSS
     *
     * @throws ValidationException
     * @return ValidationResult
     */
    public function validate()
    {
        $result = parent::validate();

        //whitelist allowed URL schemes
        $allowed_schemes = array('http', 'https');
        if ($matches = parse_url($this->IFrameURL)) {
            if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
                $result->addError(_t(__CLASS__ . '.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
            }
        }

        return $result;
    }
}


1			<?php
2
3			namespace SilverStripe\IFrame;
4
5			use Page;
			0 ignored issues – show Bug introduced 2017-11-22 21:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `Page` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
6			use SilverStripe\Forms\TextField;
7			use SilverStripe\Forms\DropdownField;
8			use SilverStripe\Forms\CheckboxField;
9			use SilverStripe\Forms\NumericField;
10			use SilverStripe\Forms\HTMLEditor\HtmlEditorField;
11			use SilverStripe\ORM\FieldType\DBField;
12			use SilverStripe\ORM\ValidationException;
13			use SilverStripe\ORM\ValidationResult;
14
15			/**
16			* Iframe page type embeds an iframe of URL of choice into the page.
17			* CMS editor can choose width, height, or set it to attempt automatic size configuration.
18			*/
19
20			class IFramePage extends Page
21			{
22			private static $db = array(
			0 ignored issues – show introduced 2017-11-22 21:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this The private property `$db` is not used, and could be removed. Loading history...
23			'IFrameURL' => 'Text',
24			'IFrameTitle' => 'Varchar',
25			'AutoHeight' => 'Boolean(1)',
26			'AutoWidth' => 'Boolean(1)',
27			'FixedHeight' => 'Int(500)',
28			'FixedWidth' => 'Int(0)',
29			'AlternateContent' => 'HTMLText',
30			'BottomContent' => 'HTMLText',
31			'ForceProtocol' => 'Varchar',
32			);
33
34			private static $defaults = array(
			0 ignored issues – show introduced 2017-11-22 21:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this The private property `$defaults` is not used, and could be removed. Loading history...
35			'AutoHeight' => '1',
36			'AutoWidth' => '1',
37			'FixedHeight' => '500',
38			'FixedWidth' => '0'
39			);
40
41			private static $table_name = 'IFramePage';
			0 ignored issues – show introduced 2017-12-03 22:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The private property `$table_name` is not used, and could be removed. Loading history...
42
43			private static $description = 'Embeds an iframe into the body of the page.';
			0 ignored issues – show introduced 2017-11-22 21:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this The private property `$description` is not used, and could be removed. Loading history...
44
45			private static $singular_name = 'IFrame Page';
			0 ignored issues – show introduced 2017-11-27 01:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The private property `$singular_name` is not used, and could be removed. Loading history...
46
47			public function getCMSFields()
48			{
49			$fields = parent::getCMSFields();
50
51			$fields->removeFieldFromTab('Root.Main', 'Content');
52			$fields->addFieldsToTab('Root.Main', [
53			$url = TextField::create('IFrameURL', 'Iframe URL'),
54			TextField::create('IFrameTitle', 'Description of contents (title)')
55			->setDescription(_t(__CLASS__ . '.TITLE_DESCRIPTION', 'Used by screen readers')),
56			]);
57			$url->setRightTitle(
58			DBField::create_field(
59			'HTMLText',
60			'Can be absolute (<em>http://silverstripe.com</em>) or relative to this site (<em>about-us</em>).'
61			)
62			);
63			$fields->addFieldToTab(
64			'Root.Main',
65			DropdownField::create('ForceProtocol', 'Force protocol?')
66			->setSource(array('http://' => 'http://', 'https://' => 'https://'))
67			->setEmptyString('')
68			->setDescription(
69			'Avoids mixed content warnings when iframe content is just available under a specific protocol'
70			),
71			'Metadata'
72			);
73			$fields->addFieldsToTab('Root.Main', [
74			CheckboxField::create('AutoHeight', 'Auto height (only works with same domain URLs)'),
75			CheckboxField::create('AutoWidth', 'Auto width (100% of the available space)'),
76			NumericField::create('FixedHeight', 'Fixed height (in pixels)'),
77			NumericField::create('FixedWidth', 'Fixed width (in pixels)'),
78			HtmlEditorField::create('Content', 'Content (appears above iframe)'),
79			HtmlEditorField::create('BottomContent', 'Content (appears below iframe)'),
80			HtmlEditorField::create('AlternateContent', 'Alternate Content (appears when user has iframes disabled)')
81			]);
82
83			// Move the Metadata field to last position, but make a check for it's
84			// existence first.
85			//
86			// See https://github.com/silverstripe-labs/silverstripe-iframe/issues/18
87			$mainTab = $fields->findOrMakeTab('Root.Main');
88			$mainTabFields = $mainTab->FieldList();
89			$metaDataField = $mainTabFields->fieldByName('Metadata');
90			if ($metaDataField) {
91			$mainTabFields->removeByName('Metadata');
92			$mainTabFields->push($metaDataField);
93			}
94			return $fields;
95			}
96
97			/**
98			* Compute class from the size parameters.
99			*/
100			public function getClass()
101			{
102			$class = '';
103			if ($this->AutoHeight) {
104			$class .= 'iframepage-height-auto';
105			}
106
107			return $class;
108			}
109
110			/**
111			* Compute style from the size parameters.
112			*/
113			public function getStyle()
114			{
115			$style = '';
116
117			// Always add fixed height as a fallback if autosetting or JS fails.
118			$height = $this->FixedHeight;
119			if (!$height) {
120			$height = 800;
121			}
122			$style .= "height: {$height}px; ";
123
124			if ($this->AutoWidth) {
125			$style .= "width: 100%; ";
126			} elseif ($this->FixedWidth) {
127			$style .= "width: {$this->FixedWidth}px; ";
128			}
129
130			return $style;
131			}
132
133			/**
134			* Ensure that the IFrameURL is a valid url and prevents XSS
135			*
136			* @throws ValidationException
137			* @return ValidationResult
138			*/
139			public function validate()
140			{
141			$result = parent::validate();
142
143			//whitelist allowed URL schemes
144			$allowed_schemes = array('http', 'https');
145			if ($matches = parse_url($this->IFrameURL)) {
146			if (isset($matches['scheme']) && !in_array($matches['scheme'], $allowed_schemes)) {
147			$result->addError(_t(__CLASS__ . '.VALIDATION_BANNEDURLSCHEME', "This URL scheme is not allowed."));
148			}
149			}
150
151			return $result;
152			}
153			}
154

silverstripe / silverstripe-iframe

Issues (8)

src/IFramePage.php (6 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like