Issues in Html.php (master) - Issues in master - spatie/laravel-html - Measure and Improve Code Quality continuously with Scrutinizer

Issues (58)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Html.php (3 issues)

Labels

Severity

EM 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Spatie\Html;

use DateTimeImmutable;
use Illuminate\Contracts\Support\Htmlable;
use Illuminate\Http\Request;
use Illuminate\Support\Collection;
use Illuminate\Support\HtmlString;
use Illuminate\Support\Str;
use Illuminate\Support\Traits\Macroable;
use Spatie\Html\Elements\A;
use Spatie\Html\Elements\Button;
use Spatie\Html\Elements\Div;
use Spatie\Html\Elements\Element;
use Spatie\Html\Elements\Fieldset;
use Spatie\Html\Elements\File;
use Spatie\Html\Elements\Form;
use Spatie\Html\Elements\I;
use Spatie\Html\Elements\Img;
use Spatie\Html\Elements\Input;
use Spatie\Html\Elements\Label;
use Spatie\Html\Elements\Legend;
use Spatie\Html\Elements\Option;
use Spatie\Html\Elements\Select;
use Spatie\Html\Elements\Span;
use Spatie\Html\Elements\Textarea;

class Html
{
    use Macroable;

    const HTML_DATE_FORMAT = 'Y-m-d';
    const HTML_TIME_FORMAT = 'H:i:s';

    /** @var \Illuminate\Http\Request */
    protected $request;

    /** @var \ArrayAccess|array */
    protected $model;

    public function __construct(Request $request)
    {
        $this->request = $request;
    }

    /**
     * @param string|null $href
     * @param string|null $text
     *
     * @return \Spatie\Html\Elements\A
     */
    public function a($href = null, $contents = null)
    {
        return A::create()
            ->attributeIf($href, 'href', $href)
            ->html($contents);
    }

    /**
     * @param string|null $href
     * @param string|null $text
     *
     * @return \Spatie\Html\Elements\I
     */
    public function i($contents = null)
    {
        return I::create()
            ->html($contents);
    }

    /**
     * @param string|null $type
     * @param string|null $text
     *
     * @return \Spatie\Html\Elements\Button
     */
    public function button($contents = null, $type = null, $name = null)
    {
        return Button::create()
            ->attributeIf($type, 'type', $type)
            ->attributeIf($name, 'name', $this->fieldName($name))
            ->html($contents);
    }

    /**
     * @param \Illuminate\Support\Collection|iterable|string $classes
     *
     * @return \Illuminate\Contracts\Support\Htmlable
     */
    public function class($classes): Htmlable
    {
        if ($classes instanceof Collection) {
            $classes = $classes->toArray();
        }

        $attributes = new Attributes();
        $attributes->addClass($classes);

        return new HtmlString(
            $attributes->render()
        );
    }

    /**
     * @param string|null $name
     * @param bool $checked
     * @param string|null $value
     *
     * @return \Spatie\Html\Elements\Input
     */
    public function checkbox($name = null, $checked = null, $value = '1')
    {
        return $this->input('checkbox', $name, $value)
            ->attributeIf(! is_null($value), 'value', $value)
            ->attributeIf((bool) $this->old($name, $checked), 'checked');
    }

    /**
     * @param \Spatie\Html\HtmlElement|string|null $contents
     *
     * @return \Spatie\Html\Elements\Div
     */
    public function div($contents = null)
    {
        return Div::create()->children($contents);
    }

    /**
     * @param string|null $name
     * @param string|null $value
     *
     * @return \Spatie\Html\Elements\Input
     */
    public function email($name = null, $value = null)
    {
        return $this->input('email', $name, $value);
    }

    /**
     * @param string|null $name
     * @param string|null $value
     * @param bool $format
     *
     * @return \Spatie\Html\Elements\Input
     */
    public function date($name = '', $value = null, $format = true)

    {
        $element = $this->input('date', $name, $value);

        if (! $format || empty($element->getAttribute('value'))) {
            return $element;
        }

        return $element->value($this->formatDateTime($element->getAttribute('value'), self::HTML_DATE_FORMAT));
    }

    /**
     * @param string|null $name
     * @param string|null $value
     * @param bool $format
     *
     * @return \Spatie\Html\Elements\Input
     */
    public function datetime($name = '', $value = null, $format = true)

    {
        $element = $this->input('datetime-local', $name, $value);

        if (! $format || empty($element->getAttribute('value'))) {
            return $element;
        }

        return $element->value($this->formatDateTime($element->getAttribute('value'),
            self::HTML_DATE_FORMAT.'\T'.self::HTML_TIME_FORMAT));
    }

    /**
     * @param string|null $name
     * @param string|null $value
     * @param string|null $min
     * @param string|null $max
     * @param string|null $step
     *
     * @return \Spatie\Html\Elements\Input
     */
    public function range($name = '', $value = '', $min = null, $max = null, $step = null)
    {
        return $this->input('range', $name, $value)
class ParentClass {
    private $data = array();

    public function __call($method, array $args) {
        if (0 === strpos($method, 'get')) {
            return $this->data[strtolower(substr($method, 3))];
        }

        throw new \LogicException(sprintf('Unsupported method: %s', $method));
    }
}

/**
 * If this class knows which fields exist, you can specify the methods here:
 *
 * @method string getName()
 */
class SomeClass extends ParentClass { }
            ->attributeIfNotNull($min, 'min', $min)
            ->attributeIfNotNull($max, 'max', $max)
            ->attributeIfNotNull($step, 'step', $step);
    }

    /**
     * @param string|null $name
     * @param string|null $value
     * @param bool $format
     *
     * @return \Spatie\Html\Elements\Input
     */
    public function time($name = '', $value = null, $format = true)
    {
        $element = $this->input('time', $name, $value);

        if (! $format || empty($element->getAttribute('value'))) {
            return $element;
        }

        return $element->value($this->formatDateTime($element->getAttribute('value'), self::HTML_TIME_FORMAT));
    }

    /**
     * @param string $tag
     *
     * @return \Spatie\Html\Elements\Element
     */
    public function element($tag)
    {
        return Element::withTag($tag);
    }

    /**
     * @param string|null $type
     * @param string|null $name
     * @param string|null $value
     *
     * @return \Spatie\Html\Elements\Input
     */
    public function input($type = null, $name = null, $value = null)
    {
        $hasValue = $name && ($type !== 'password' && ! is_null($this->old($name, $value)) || ! is_null($value));

        return Input::create()
            ->attributeIf($type, 'type', $type)
            ->attributeIf($name, 'name', $this->fieldName($name))
            ->attributeIf($name, 'id', $this->fieldName($name))
            ->attributeIf($hasValue, 'value', $this->old($name, $value));
    }

    /**
     * @param \Spatie\Html\HtmlElement|string|null $legend
     *
     * @return \Spatie\Html\Elements\Fieldset
     */
    public function fieldset($legend = null)
    {
        return $legend ?
            Fieldset::create()->legend($legend) : Fieldset::create();
    }

    /**
     * @param string $method
     * @param string|null $action
     *
     * @return \Spatie\Html\Elements\Form
     */
    public function form($method = 'POST', $action = null)
    {
        $method = strtoupper($method);
        $form = Form::create();

        // If Laravel needs to spoof the form's method, we'll append a hidden
        // field containing the actual method
        if (in_array($method, ['DELETE', 'PATCH', 'PUT'])) {
            $form = $form->addChild($this->hidden('_method')->value($method));
        }

        // On any other method that get, the form needs a CSRF token
        if ($method !== 'GET') {
            $form = $form->addChild($this->token());
        }

        return $form
            ->method($method === 'GET' ? 'GET' : 'POST')
            ->attributeIf($action, 'action', $action);
    }

    /**
     * @param string|null $name
     * @param string|null $value
     *
     * @return \Spatie\Html\Elements\Input
     */
    public function hidden($name = null, $value = null)
    {
        return $this->input('hidden', $name, $value);
    }

    /**
     * @param string|null $src
     * @param string|null $alt
     *
     * @return \Spatie\Html\Elements\Img
     */
    public function img($src = null, $alt = null)
    {
        return Img::create()
            ->attributeIf($src, 'src', $src)
            ->attributeIf($alt, 'alt', $alt);
    }

    /**
     * @param \Spatie\Html\HtmlElement|iterable|string|null $contents
     * @param string|null $for
     *
     * @return \Spatie\Html\Elements\Label
     */
    public function label($contents = null, $for = null)
    {
        return Label::create()
            ->attributeIf($for, 'for', $this->fieldName($for))
            ->children($contents);
    }

    /**
     * @param \Spatie\Html\HtmlElement|string|null $contents
     *
     * @return \Spatie\Html\Elements\Legend
     */
    public function legend($contents = null)
    {
        return Legend::create()->html($contents);
    }

    /**
     * @param string $email
     * @param string|null $text
     *
     * @return \Spatie\Html\Elements\A
     */
    public function mailto($email, $text = null)
    {
        return $this->a('mailto:'.$email, $text ?: $email);
    }

    /**
     * @param string|null $name
     * @param iterable $options
     * @param string|iterable|null $value
     *
     * @return \Spatie\Html\Elements\Select
     */
    public function multiselect($name = null, $options = [], $value = null)
    {
        return Select::create()
            ->attributeIf($name, 'name', $this->fieldName($name))
            ->attributeIf($name, 'id', $this->fieldName($name))
            ->options($options)
            ->value($name ? $this->old($name, $value) : $value)
            ->multiple();
    }

    /**
     * @param string|null $name
     * @param string|null $value
     * @param string|null $min
     * @param string|null $max
     * @param string|null $step
     *
     * @return \Spatie\Html\Elements\Input
     */
    public function number($name = null, $value = null, $min = null, $max = null, $step = null)
    {
        return $this->input('number', $name, $value)
                ->attributeIfNotNull($min, 'min', $min)
                ->attributeIfNotNull($max, 'max', $max)
                ->attributeIfNotNull($step, 'step', $step);
    }

    /**
     * @param string|null $text
     * @param string|null $value
     * @param bool $selected
     *
     * @return \Spatie\Html\Elements\Option
     */
    public function option($text = null, $value = null, $selected = false)
    {
        return Option::create()
            ->text($text)
            ->value($value)
            ->selectedIf($selected);
    }

    /**
     * @param string|null $value
     *
     * @return \Spatie\Html\Elements\Input
     */
    public function password($name = null)
    {
        return $this->input('password', $name);
    }

    /**
     * @param string|null $name
     * @param bool $checked
     * @param string|null $value
     *
     * @return \Spatie\Html\Elements\Input
     */
    public function radio($name = null, $checked = null, $value = null)
    {
        return $this->input('radio', $name, $value)
            ->attributeIf($name, 'id', $value === null ? $name : ($name.'_'.Str::slug($value)))
            ->attributeIf(! is_null($value), 'value', $value)
            ->attributeIf((! is_null($value) && $this->old($name) == $value) || $checked, 'checked');
    }

    /**
     * @param string|null $name
     * @param iterable $options
     * @param string|iterable|null $value
     *
     * @return \Spatie\Html\Elements\Select
     */
    public function select($name = null, $options = [], $value = null)
    {
        return Select::create()
            ->attributeIf($name, 'name', $this->fieldName($name))
            ->attributeIf($name, 'id', $this->fieldName($name))
            ->options($options)
            ->value($name ? $this->old($name, $value) : $value);
    }

    /**
     * @param \Spatie\Html\HtmlElement|string|null $contents
     *
     * @return \Spatie\Html\Elements\Span
     */
    public function span($contents = null)
    {
        return Span::create()->children($contents);
    }

    /**
     * @param string|null $text
     *
     * @return \Spatie\Html\Elements\Button
     */
    public function submit($text = null)
    {
        return $this->button($text, 'submit');
    }

    /**
     * @param string|null $text
     *
     * @return \Spatie\Html\Elements\Button
     */
    public function reset($text = null)
    {
        return $this->button($text, 'reset');
    }

    /**
     * @param string $number
     * @param string|null $text
     *
     * @return \Spatie\Html\Elements\A
     */
    public function tel($number, $text = null)
    {
        return $this->a('tel:'.$number, $text ?: $number);
    }

    /**
     * @param string|null $name
     * @param string|null $value
     *
     * @return \Spatie\Html\Elements\Input
     */
    public function text($name = null, $value = null)
    {
        return $this->input('text', $name, $value);
    }

    /**
     * @param string|null $name
     *
     * @return \Spatie\Html\Elements\File
     */
    public function file($name = null)
    {
        return File::create()
            ->attributeIf($name, 'name', $this->fieldName($name))
            ->attributeIf($name, 'id', $this->fieldName($name));
    }

    /**
     * @param string|null $name
     * @param string|null $value
     *
     * @return \Spatie\Html\Elements\Textarea
     */
    public function textarea($name = null, $value = null)
    {
        return Textarea::create()
            ->attributeIf($name, 'name', $this->fieldName($name))
            ->attributeIf($name, 'id', $this->fieldName($name))
            ->value($this->old($name, $value));
    }

    /**
     * @return \Spatie\Html\Elements\Input
     */
    public function token()
    {
        return $this
            ->hidden()
            ->name('_token')
            ->value($this->request->session()->token());
    }

    /**
     * @param \ArrayAccess|array $model
     *
     * @return $this
     */
    public function model($model)
    {
        $this->model = $model;

        return $this;
    }

    /**
     * @param \ArrayAccess|array $model
     * @param string|null $method
     * @param string|null $action
     *
     * @return \Spatie\Html\Elements\Form
     */
    public function modelForm($model, $method = 'POST', $action = null): Form
    {
        $this->model($model);

        return $this->form($method, $action);
    }

    /**
     * @return $this
     */
    public function endModel()
    {
        $this->model = null;

        return $this;
    }

    /**
     * @return \Illuminate\Contracts\Support\Htmlable
     */
    public function closeModelForm(): Htmlable
    {
        $this->endModel();

        return $this->form()->close();
    }

    /**
     * @param string $name
     * @param mixed $value
     *
     * @return mixed
     */
    protected function old($name, $value = null)
    {
        if (empty($name)) {
            return;
        }

        // Convert array format (sth[1]) to dot notation (sth.1)
        $name = preg_replace('/\[(.+)\]/U', '.$1', $name);

        // If there's no default value provided, the html builder currently
        // has a model assigned and there aren't old input items,
        // try to retrieve a value from the model.
        if (is_null($value) && $this->model && empty($this->request->old())) {
            $value = data_get($this->model, $name) ?? '';
        }

        return $this->request->old($name, $value);
    }

    /**
     * Retrieve the value from the current session or assigned model. This is
     * a public alias for `old`.
     *
     * @param string $name
     * @param mixed $value
     *
     * @return mixed
     */
    public function value($name, $default = null)
    {
        return $this->old($name, $default);
    }

    /**
     * @param string $name
     *
     * @return string
     */
    protected function fieldName($name)
    {
        return $name;
    }

    protected function ensureModelIsAvailable()
    {
        if (empty($this->model)) {
            throw new Exception('Method requires a model to be set on the html builder');
        }
    }

    /**
     * @param string $value
     * @param string $format DateTime formatting string supported by date_format()
     * @return string
     */
    protected function formatDateTime($value, $format)
    {
        if (empty($value)) {
            return $value;
        }

        try {
            $date = new DateTimeImmutable($value);

            return $date->format($format);
        } catch (\Exception $e) {
            return $value;
        }
    }
}


1		<?php
2
3		namespace Spatie\Html;
4
5		use DateTimeImmutable;
6		use Illuminate\Contracts\Support\Htmlable;
7		use Illuminate\Http\Request;
8		use Illuminate\Support\Collection;
9		use Illuminate\Support\HtmlString;
10		use Illuminate\Support\Str;
11		use Illuminate\Support\Traits\Macroable;
12		use Spatie\Html\Elements\A;
13		use Spatie\Html\Elements\Button;
14		use Spatie\Html\Elements\Div;
15		use Spatie\Html\Elements\Element;
16		use Spatie\Html\Elements\Fieldset;
17		use Spatie\Html\Elements\File;
18		use Spatie\Html\Elements\Form;
19		use Spatie\Html\Elements\I;
20		use Spatie\Html\Elements\Img;
21		use Spatie\Html\Elements\Input;
22		use Spatie\Html\Elements\Label;
23		use Spatie\Html\Elements\Legend;
24		use Spatie\Html\Elements\Option;
25		use Spatie\Html\Elements\Select;
26		use Spatie\Html\Elements\Span;
27		use Spatie\Html\Elements\Textarea;
28
29		class Html
30		{
31		use Macroable;
32
33		const HTML_DATE_FORMAT = 'Y-m-d';
34		const HTML_TIME_FORMAT = 'H:i:s';
35
36		/** @var \Illuminate\Http\Request */
37		protected $request;
38
39		/** @var \ArrayAccess\|array */
40		protected $model;
41
42		public function __construct(Request $request)
43		{
44		$this->request = $request;
45		}
46
47		/**
48		* @param string\|null $href
49		* @param string\|null $text
50		*
51		* @return \Spatie\Html\Elements\A
52		*/
53		public function a($href = null, $contents = null)
54		{
55		return A::create()
56		->attributeIf($href, 'href', $href)
57		->html($contents);
58		}
59
60		/**
61		* @param string\|null $href
62		* @param string\|null $text
63		*
64		* @return \Spatie\Html\Elements\I
65		*/
66		public function i($contents = null)
67		{
68		return I::create()
69		->html($contents);
70		}
71
72		/**
73		* @param string\|null $type
74		* @param string\|null $text
75		*
76		* @return \Spatie\Html\Elements\Button
77		*/
78		public function button($contents = null, $type = null, $name = null)
79		{
80		return Button::create()
81		->attributeIf($type, 'type', $type)
82		->attributeIf($name, 'name', $this->fieldName($name))
83		->html($contents);
84		}
85
86		/**
87		* @param \Illuminate\Support\Collection\|iterable\|string $classes
88		*
89		* @return \Illuminate\Contracts\Support\Htmlable
90		*/
91		public function class($classes): Htmlable
92		{
93		if ($classes instanceof Collection) {
94		$classes = $classes->toArray();
95		}
96
97		$attributes = new Attributes();
98		$attributes->addClass($classes);
99
100		return new HtmlString(
101		$attributes->render()
102		);
103		}
104
105		/**
106		* @param string\|null $name
107		* @param bool $checked
108		* @param string\|null $value
109		*
110		* @return \Spatie\Html\Elements\Input
111		*/
112		public function checkbox($name = null, $checked = null, $value = '1')
113		{
114		return $this->input('checkbox', $name, $value)
115		->attributeIf(! is_null($value), 'value', $value)
116		->attributeIf((bool) $this->old($name, $checked), 'checked');
117		}
118
119		/**
120		* @param \Spatie\Html\HtmlElement\|string\|null $contents
121		*
122		* @return \Spatie\Html\Elements\Div
123		*/
124		public function div($contents = null)
125		{
126		return Div::create()->children($contents);
127		}
128
129		/**
130		* @param string\|null $name
131		* @param string\|null $value
132		*
133		* @return \Spatie\Html\Elements\Input
134		*/
135		public function email($name = null, $value = null)
136		{
137		return $this->input('email', $name, $value);
138		}
139
140		/**
141		* @param string\|null $name
142		* @param string\|null $value
143		* @param bool $format
144		*
145		* @return \Spatie\Html\Elements\Input
146		*/
147	View Code Duplication	public function date($name = '', $value = null, $format = true)
		0 ignored issues – show Duplication introduced 2019-06-03 00:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
148		{
149		$element = $this->input('date', $name, $value);
150
151		if (! $format \|\| empty($element->getAttribute('value'))) {
152		return $element;
153		}
154
155		return $element->value($this->formatDateTime($element->getAttribute('value'), self::HTML_DATE_FORMAT));
156		}
157
158		/**
159		* @param string\|null $name
160		* @param string\|null $value
161		* @param bool $format
162		*
163		* @return \Spatie\Html\Elements\Input
164		*/
165	View Code Duplication	public function datetime($name = '', $value = null, $format = true)
		0 ignored issues – show Duplication introduced 2019-06-03 00:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
166		{
167		$element = $this->input('datetime-local', $name, $value);
168
169		if (! $format \|\| empty($element->getAttribute('value'))) {
170		return $element;
171		}
172
173		return $element->value($this->formatDateTime($element->getAttribute('value'),
174		self::HTML_DATE_FORMAT.'\T'.self::HTML_TIME_FORMAT));
175		}
176
177		/**
178		* @param string\|null $name
179		* @param string\|null $value
180		* @param string\|null $min
181		* @param string\|null $max
182		* @param string\|null $step
183		*
184		* @return \Spatie\Html\Elements\Input
185		*/
186		public function range($name = '', $value = '', $min = null, $max = null, $step = null)
187		{
188		return $this->input('range', $name, $value)
		0 ignored issues – show Documentation Bug introduced 2019-09-03 17:54 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `attributeIfNotNull` does not exist on `object<Spatie\Html\Elements\Input>`? Since you implemented `__call`, maybe consider adding a @method annotation. If you implement `__call` and you know which methods are available, you can improve IDE auto-completion and static analysis by adding a @method annotation to the class. This is often the case, when `__call` is implemented by a parent class and only the child class knows which methods exist: class ParentClass { private $data = array(); public function __call($method, array $args) { if (0 === strpos($method, 'get')) { return $this->data[strtolower(substr($method, 3))]; } throw new \LogicException(sprintf('Unsupported method: %s', $method)); } } /** * If this class knows which fields exist, you can specify the methods here: * * @method string getName() */ class SomeClass extends ParentClass { } Loading history...
189		->attributeIfNotNull($min, 'min', $min)
190		->attributeIfNotNull($max, 'max', $max)
191		->attributeIfNotNull($step, 'step', $step);
192		}
193
194		/**
195		* @param string\|null $name
196		* @param string\|null $value
197		* @param bool $format
198		*
199		* @return \Spatie\Html\Elements\Input
200		*/
201	View Code Duplication	public function time($name = '', $value = null, $format = true)
202		{
203		$element = $this->input('time', $name, $value);
204
205		if (! $format \|\| empty($element->getAttribute('value'))) {
206		return $element;
207		}
208
209		return $element->value($this->formatDateTime($element->getAttribute('value'), self::HTML_TIME_FORMAT));
210		}
211
212		/**
213		* @param string $tag
214		*
215		* @return \Spatie\Html\Elements\Element
216		*/
217		public function element($tag)
218		{
219		return Element::withTag($tag);
220		}
221
222		/**
223		* @param string\|null $type
224		* @param string\|null $name
225		* @param string\|null $value
226		*
227		* @return \Spatie\Html\Elements\Input
228		*/
229		public function input($type = null, $name = null, $value = null)
230		{
231		$hasValue = $name && ($type !== 'password' && ! is_null($this->old($name, $value)) \|\| ! is_null($value));
232
233		return Input::create()
234		->attributeIf($type, 'type', $type)
235		->attributeIf($name, 'name', $this->fieldName($name))
236		->attributeIf($name, 'id', $this->fieldName($name))
237		->attributeIf($hasValue, 'value', $this->old($name, $value));
238		}
239
240		/**
241		* @param \Spatie\Html\HtmlElement\|string\|null $legend
242		*
243		* @return \Spatie\Html\Elements\Fieldset
244		*/
245		public function fieldset($legend = null)
246		{
247		return $legend ?
248		Fieldset::create()->legend($legend) : Fieldset::create();
249		}
250
251		/**
252		* @param string $method
253		* @param string\|null $action
254		*
255		* @return \Spatie\Html\Elements\Form
256		*/
257		public function form($method = 'POST', $action = null)
258		{
259		$method = strtoupper($method);
260		$form = Form::create();
261
262		// If Laravel needs to spoof the form's method, we'll append a hidden
263		// field containing the actual method
264		if (in_array($method, ['DELETE', 'PATCH', 'PUT'])) {
265		$form = $form->addChild($this->hidden('_method')->value($method));
266		}
267
268		// On any other method that get, the form needs a CSRF token
269		if ($method !== 'GET') {
270		$form = $form->addChild($this->token());
271		}
272
273		return $form
274		->method($method === 'GET' ? 'GET' : 'POST')
275		->attributeIf($action, 'action', $action);
276		}
277
278		/**
279		* @param string\|null $name
280		* @param string\|null $value
281		*
282		* @return \Spatie\Html\Elements\Input
283		*/
284		public function hidden($name = null, $value = null)
285		{
286		return $this->input('hidden', $name, $value);
287		}
288
289		/**
290		* @param string\|null $src
291		* @param string\|null $alt
292		*
293		* @return \Spatie\Html\Elements\Img
294		*/
295		public function img($src = null, $alt = null)
296		{
297		return Img::create()
298		->attributeIf($src, 'src', $src)
299		->attributeIf($alt, 'alt', $alt);
300		}
301
302		/**
303		* @param \Spatie\Html\HtmlElement\|iterable\|string\|null $contents
304		* @param string\|null $for
305		*
306		* @return \Spatie\Html\Elements\Label
307		*/
308		public function label($contents = null, $for = null)
309		{
310		return Label::create()
311		->attributeIf($for, 'for', $this->fieldName($for))
312		->children($contents);
313		}
314
315		/**
316		* @param \Spatie\Html\HtmlElement\|string\|null $contents
317		*
318		* @return \Spatie\Html\Elements\Legend
319		*/
320		public function legend($contents = null)
321		{
322		return Legend::create()->html($contents);
323		}
324
325		/**
326		* @param string $email
327		* @param string\|null $text
328		*
329		* @return \Spatie\Html\Elements\A
330		*/
331		public function mailto($email, $text = null)
332		{
333		return $this->a('mailto:'.$email, $text ?: $email);
334		}
335
336		/**
337		* @param string\|null $name
338		* @param iterable $options
339		* @param string\|iterable\|null $value
340		*
341		* @return \Spatie\Html\Elements\Select
342		*/
343	View Code Duplication	public function multiselect($name = null, $options = [], $value = null)
344		{
345		return Select::create()
346		->attributeIf($name, 'name', $this->fieldName($name))
347		->attributeIf($name, 'id', $this->fieldName($name))
348		->options($options)
349		->value($name ? $this->old($name, $value) : $value)
350		->multiple();
351		}
352
353		/**
354		* @param string\|null $name
355		* @param string\|null $value
356		* @param string\|null $min
357		* @param string\|null $max
358		* @param string\|null $step
359		*
360		* @return \Spatie\Html\Elements\Input
361		*/
362		public function number($name = null, $value = null, $min = null, $max = null, $step = null)
363		{
364		return $this->input('number', $name, $value)
365		->attributeIfNotNull($min, 'min', $min)
366		->attributeIfNotNull($max, 'max', $max)
367		->attributeIfNotNull($step, 'step', $step);
368		}
369
370		/**
371		* @param string\|null $text
372		* @param string\|null $value
373		* @param bool $selected
374		*
375		* @return \Spatie\Html\Elements\Option
376		*/
377		public function option($text = null, $value = null, $selected = false)
378		{
379		return Option::create()
380		->text($text)
381		->value($value)
382		->selectedIf($selected);
383		}
384
385		/**
386		* @param string\|null $value
387		*
388		* @return \Spatie\Html\Elements\Input
389		*/
390		public function password($name = null)
391		{
392		return $this->input('password', $name);
393		}
394
395		/**
396		* @param string\|null $name
397		* @param bool $checked
398		* @param string\|null $value
399		*
400		* @return \Spatie\Html\Elements\Input
401		*/
402		public function radio($name = null, $checked = null, $value = null)
403		{
404		return $this->input('radio', $name, $value)
405		->attributeIf($name, 'id', $value === null ? $name : ($name.'_'.Str::slug($value)))
406		->attributeIf(! is_null($value), 'value', $value)
407		->attributeIf((! is_null($value) && $this->old($name) == $value) \|\| $checked, 'checked');
408		}
409
410		/**
411		* @param string\|null $name
412		* @param iterable $options
413		* @param string\|iterable\|null $value
414		*
415		* @return \Spatie\Html\Elements\Select
416		*/
417	View Code Duplication	public function select($name = null, $options = [], $value = null)
418		{
419		return Select::create()
420		->attributeIf($name, 'name', $this->fieldName($name))
421		->attributeIf($name, 'id', $this->fieldName($name))
422		->options($options)
423		->value($name ? $this->old($name, $value) : $value);
424		}
425
426		/**
427		* @param \Spatie\Html\HtmlElement\|string\|null $contents
428		*
429		* @return \Spatie\Html\Elements\Span
430		*/
431		public function span($contents = null)
432		{
433		return Span::create()->children($contents);
434		}
435
436		/**
437		* @param string\|null $text
438		*
439		* @return \Spatie\Html\Elements\Button
440		*/
441		public function submit($text = null)
442		{
443		return $this->button($text, 'submit');
444		}
445
446		/**
447		* @param string\|null $text
448		*
449		* @return \Spatie\Html\Elements\Button
450		*/
451		public function reset($text = null)
452		{
453		return $this->button($text, 'reset');
454		}
455
456		/**
457		* @param string $number
458		* @param string\|null $text
459		*
460		* @return \Spatie\Html\Elements\A
461		*/
462		public function tel($number, $text = null)
463		{
464		return $this->a('tel:'.$number, $text ?: $number);
465		}
466
467		/**
468		* @param string\|null $name
469		* @param string\|null $value
470		*
471		* @return \Spatie\Html\Elements\Input
472		*/
473		public function text($name = null, $value = null)
474		{
475		return $this->input('text', $name, $value);
476		}
477
478		/**
479		* @param string\|null $name
480		*
481		* @return \Spatie\Html\Elements\File
482		*/
483		public function file($name = null)
484		{
485		return File::create()
486		->attributeIf($name, 'name', $this->fieldName($name))
487		->attributeIf($name, 'id', $this->fieldName($name));
488		}
489
490		/**
491		* @param string\|null $name
492		* @param string\|null $value
493		*
494		* @return \Spatie\Html\Elements\Textarea
495		*/
496		public function textarea($name = null, $value = null)
497		{
498		return Textarea::create()
499		->attributeIf($name, 'name', $this->fieldName($name))
500		->attributeIf($name, 'id', $this->fieldName($name))
501		->value($this->old($name, $value));
502		}
503
504		/**
505		* @return \Spatie\Html\Elements\Input
506		*/
507		public function token()
508		{
509		return $this
510		->hidden()
511		->name('_token')
512		->value($this->request->session()->token());
513		}
514
515		/**
516		* @param \ArrayAccess\|array $model
517		*
518		* @return $this
519		*/
520		public function model($model)
521		{
522		$this->model = $model;
523
524		return $this;
525		}
526
527		/**
528		* @param \ArrayAccess\|array $model
529		* @param string\|null $method
530		* @param string\|null $action
531		*
532		* @return \Spatie\Html\Elements\Form
533		*/
534		public function modelForm($model, $method = 'POST', $action = null): Form
535		{
536		$this->model($model);
537
538		return $this->form($method, $action);
539		}
540
541		/**
542		* @return $this
543		*/
544		public function endModel()
545		{
546		$this->model = null;
547
548		return $this;
549		}
550
551		/**
552		* @return \Illuminate\Contracts\Support\Htmlable
553		*/
554		public function closeModelForm(): Htmlable
555		{
556		$this->endModel();
557
558		return $this->form()->close();
559		}
560
561		/**
562		* @param string $name
563		* @param mixed $value
564		*
565		* @return mixed
566		*/
567		protected function old($name, $value = null)
568		{
569		if (empty($name)) {
570		return;
571		}
572
573		// Convert array format (sth[1]) to dot notation (sth.1)
574		$name = preg_replace('/\[(.+)\]/U', '.$1', $name);
575
576		// If there's no default value provided, the html builder currently
577		// has a model assigned and there aren't old input items,
578		// try to retrieve a value from the model.
579		if (is_null($value) && $this->model && empty($this->request->old())) {
580		$value = data_get($this->model, $name) ?? '';
581		}
582
583		return $this->request->old($name, $value);
584		}
585
586		/**
587		* Retrieve the value from the current session or assigned model. This is
588		* a public alias for `old`.
589		*
590		* @param string $name
591		* @param mixed $value
592		*
593		* @return mixed
594		*/
595		public function value($name, $default = null)
596		{
597		return $this->old($name, $default);
598		}
599
600		/**
601		* @param string $name
602		*
603		* @return string
604		*/
605		protected function fieldName($name)
606		{
607		return $name;
608		}
609
610		protected function ensureModelIsAvailable()
611		{
612		if (empty($this->model)) {
613		throw new Exception('Method requires a model to be set on the html builder');
614		}
615		}
616
617		/**
618		* @param string $value
619		* @param string $format DateTime formatting string supported by date_format()
620		* @return string
621		*/
622		protected function formatDateTime($value, $format)
623		{
624		if (empty($value)) {
625		return $value;
626		}
627
628		try {
629		$date = new DateTimeImmutable($value);
630
631		return $date->format($format);
632		} catch (\Exception $e) {
633		return $value;
634		}
635		}
636		}
637

spatie / laravel-html

Issues (58)

Security Analysis not enabled

src/Html.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like