View GitHub Repository waca

Schedule Inspection
Subscribe
Passed
Push — master ( 3e5dae...8d4e4c )
by Simon
12:37
created
Status
Category
Toggle Patches
includes/SiteConfiguration.php 1 patch
Indentation   +1008 added lines, -1008 removed lines patch added patch discarded remove patch 
@@ -17,1013 +17,1013 @@
 
 block discarded – undo
17 17 
  */
18 18 
 class SiteConfiguration
19 19 
 {
20 
-    private $baseUrl;
21 
-    private $filePath;
22 
-    private $schemaVersion = 42;
23 
-    private $debuggingTraceEnabled;
24 
-    private $debuggingCssBreakpointsEnabled;
25 
-    private $dataClearIp = '127.0.0.1';
26 
-    private $dataClearEmail = '[email protected]';
27 
-    private $dataClearInterval = '15 DAY';
28 
-    private $forceIdentification = true;
29 
-    private $identificationCacheExpiry = '1 DAY';
30 
-    private $metaWikimediaWebServiceEndpoint = 'https://meta.wikimedia.org/w/api.php';
31 
-    private $enforceOAuth = true;
32 
-    private $emailConfirmationEnabled = true;
33 
-    private $emailConfirmationExpiryDays = 7;
34 
-    private $miserModeLimit = 25;
35 
-    private $squidList = array();
36 
-    private $useStrictTransportSecurity = false;
37 
-    private $userAgent = 'Wikipedia-ACC Tool/0.1 (+https://accounts.wmflabs.org/internal.php/team)';
38 
-    private $curlDisableVerifyPeer = false;
39 
-    private $useOAuthSignup = true;
40 
-    private $oauthConsumerToken;
41 
-    /** @var array */
42 
-    private $oauthLegacyConsumerTokens;
43 
-    private $oauthConsumerSecret;
44 
-    private $oauthIdentityGraceTime = '24 hours';
45 
-    private $oauthMediaWikiCanonicalServer = 'http://en.wikipedia.org';
46 
-    private $xffTrustedHostsFile = '../TrustedXFF/trusted-hosts.txt';
47 
-    private $crossOriginResourceSharingHosts = array(
48 
-        "http://en.wikipedia.org",
49 
-        "https://en.wikipedia.org",
50 
-        "http://meta.wikimedia.org",
51 
-        "https://meta.wikimedia.org",
52 
-    );
53 
-    private $ircNotificationsEnabled = true;
54 
-    private $ircNotificationsInstance = 'Development';
55 
-    private $errorLog = 'errorlog';
56 
-    private $titleBlacklistEnabled = false;
57 
-    /** @var null|string $locationProviderApiKey */
58 
-    private $locationProviderApiKey = null;
59 
-    private $torExitPaths = array();
60 
-    private $creationBotUsername = '';
61 
-    private $creationBotPassword = '';
62 
-    private $curlCookieJar = null;
63 
-    private $yubicoApiId = 0;
64 
-    private $yubicoApiKey = "";
65 
-    private $totpEncryptionKey = "1234";
66 
-    private $identificationNoticeboardPage = 'Access to nonpublic personal data policy/Noticeboard';
67 
-    private $registrationAllowed = true;
68 
-    private $cspReportUri = null;
69 
-    private $resourceCacheEpoch = 1;
70 
-    private $commonEmailDomains = [];
71 
-    private $banMaxIpBlockRange = [4 => 20, 6 => 48];
72 
-    private $banMaxIpRange = [4 => 16, 6 => 32];
73 
-    private $jobQueueBatchSize = 10;
74 
-    private $amqpConfiguration = ['host' => 'localhost', 'port' => 5672, 'user' => 'guest', 'password' => 'guest', 'exchange' => ''];
75 
-    private $emailSender = '[email protected]';
76 
-
77 
-    /**
78 
-     * Gets the base URL of the tool
79 
-     *
80 
-     * If the internal page of the tool is at http://localhost/path/internal.php, this would be set to
81 
-     * http://localhost/path
82 
-     * @return string
83 
-     */
84 
-    public function getBaseUrl()
85 
-    {
86 
-        return $this->baseUrl;
87 
-    }
88 
-
89 
-    /**
90 
-     * @param string $baseUrl
91 
-     *
92 
-     * @return SiteConfiguration
93 
-     */
94 
-    public function setBaseUrl($baseUrl)
95 
-    {
96 
-        $this->baseUrl = $baseUrl;
97 
-
98 
-        return $this;
99 
-    }
100 
-
101 
-    /**
102 
-     * Path on disk to the directory containing the tool's code
103 
-     * @return string
104 
-     */
105 
-    public function getFilePath()
106 
-    {
107 
-        return $this->filePath;
108 
-    }
109 
-
110 
-    /**
111 
-     * @param string $filePath
112 
-     *
113 
-     * @return SiteConfiguration
114 
-     */
115 
-    public function setFilePath($filePath)
116 
-    {
117 
-        $this->filePath = $filePath;
118 
-
119 
-        return $this;
120 
-    }
121 
-
122 
-    /**
123 
-     * @return int
124 
-     */
125 
-    public function getSchemaVersion()
126 
-    {
127 
-        return $this->schemaVersion;
128 
-    }
129 
-
130 
-    /**
131 
-     * @param int $schemaVersion
132 
-     *
133 
-     * @return SiteConfiguration
134 
-     */
135 
-    public function setSchemaVersion($schemaVersion)
136 
-    {
137 
-        $this->schemaVersion = $schemaVersion;
138 
-
139 
-        return $this;
140 
-    }
141 
-
142 
-    /**
143 
-     * @return mixed
144 
-     */
145 
-    public function getDebuggingTraceEnabled()
146 
-    {
147 
-        return $this->debuggingTraceEnabled;
148 
-    }
149 
-
150 
-    /**
151 
-     * @param mixed $debuggingTraceEnabled
152 
-     *
153 
-     * @return SiteConfiguration
154 
-     */
155 
-    public function setDebuggingTraceEnabled($debuggingTraceEnabled)
156 
-    {
157 
-        $this->debuggingTraceEnabled = $debuggingTraceEnabled;
158 
-
159 
-        return $this;
160 
-    }
161 
-
162 
-    public function getDebuggingCssBreakpointsEnabled() : bool
163 
-    {
164 
-        return $this->debuggingCssBreakpointsEnabled;
165 
-    }
166 
-
167 
-    public function setDebuggingCssBreakpointsEnabled(bool $debuggingCssBreakpointsEnabled) : SiteConfiguration
168 
-    {
169 
-        $this->debuggingCssBreakpointsEnabled = $debuggingCssBreakpointsEnabled;
170 
-
171 
-        return $this;
172 
-    }
173 
-
174 
-    /**
175 
-     * @return string
176 
-     */
177 
-    public function getDataClearIp()
178 
-    {
179 
-        return $this->dataClearIp;
180 
-    }
181 
-
182 
-    /**
183 
-     * @param string $dataClearIp
184 
-     *
185 
-     * @return SiteConfiguration
186 
-     */
187 
-    public function setDataClearIp($dataClearIp)
188 
-    {
189 
-        $this->dataClearIp = $dataClearIp;
190 
-
191 
-        return $this;
192 
-    }
193 
-
194 
-    /**
195 
-     * @return string
196 
-     */
197 
-    public function getDataClearEmail()
198 
-    {
199 
-        return $this->dataClearEmail;
200 
-    }
201 
-
202 
-    /**
203 
-     * @param string $dataClearEmail
204 
-     *
205 
-     * @return SiteConfiguration
206 
-     */
207 
-    public function setDataClearEmail($dataClearEmail)
208 
-    {
209 
-        $this->dataClearEmail = $dataClearEmail;
210 
-
211 
-        return $this;
212 
-    }
213 
-
214 
-    /**
215 
-     * @return boolean
216 
-     */
217 
-    public function getForceIdentification()
218 
-    {
219 
-        return $this->forceIdentification;
220 
-    }
221 
-
222 
-    /**
223 
-     * @param boolean $forceIdentification
224 
-     *
225 
-     * @return SiteConfiguration
226 
-     */
227 
-    public function setForceIdentification($forceIdentification)
228 
-    {
229 
-        $this->forceIdentification = $forceIdentification;
230 
-
231 
-        return $this;
232 
-    }
233 
-
234 
-    /**
235 
-     * @return string
236 
-     */
237 
-    public function getIdentificationCacheExpiry()
238 
-    {
239 
-        return $this->identificationCacheExpiry;
240 
-    }
241 
-
242 
-    /**
243 
-     * @param string $identificationCacheExpiry
244 
-     *
245 
-     * @return SiteConfiguration
246 
-     */
247 
-    public function setIdentificationCacheExpiry($identificationCacheExpiry)
248 
-    {
249 
-        $this->identificationCacheExpiry = $identificationCacheExpiry;
250 
-
251 
-        return $this;
252 
-    }
253 
-
254 
-    /**
255 
-     * @return string
256 
-     */
257 
-    public function getMetaWikimediaWebServiceEndpoint()
258 
-    {
259 
-        return $this->metaWikimediaWebServiceEndpoint;
260 
-    }
261 
-
262 
-    /**
263 
-     * @param string $metaWikimediaWebServiceEndpoint
264 
-     *
265 
-     * @return SiteConfiguration
266 
-     */
267 
-    public function setMetaWikimediaWebServiceEndpoint($metaWikimediaWebServiceEndpoint)
268 
-    {
269 
-        $this->metaWikimediaWebServiceEndpoint = $metaWikimediaWebServiceEndpoint;
270 
-
271 
-        return $this;
272 
-    }
273 
-
274 
-    /**
275 
-     * @return boolean
276 
-     */
277 
-    public function getEnforceOAuth()
278 
-    {
279 
-        return $this->enforceOAuth;
280 
-    }
281 
-
282 
-    /**
283 
-     * @param boolean $enforceOAuth
284 
-     *
285 
-     * @return SiteConfiguration
286 
-     */
287 
-    public function setEnforceOAuth($enforceOAuth)
288 
-    {
289 
-        $this->enforceOAuth = $enforceOAuth;
290 
-
291 
-        return $this;
292 
-    }
293 
-
294 
-    /**
295 
-     * @return boolean
296 
-     */
297 
-    public function getEmailConfirmationEnabled()
298 
-    {
299 
-        return $this->emailConfirmationEnabled;
300 
-    }
301 
-
302 
-    /**
303 
-     * @param boolean $emailConfirmationEnabled
304 
-     *
305 
-     * @return $this
306 
-     */
307 
-    public function setEmailConfirmationEnabled($emailConfirmationEnabled)
308 
-    {
309 
-        $this->emailConfirmationEnabled = $emailConfirmationEnabled;
310 
-
311 
-        return $this;
312 
-    }
313 
-
314 
-    /**
315 
-     * @return int
316 
-     */
317 
-    public function getMiserModeLimit()
318 
-    {
319 
-        return $this->miserModeLimit;
320 
-    }
321 
-
322 
-    /**
323 
-     * @param int $miserModeLimit
324 
-     *
325 
-     * @return SiteConfiguration
326 
-     */
327 
-    public function setMiserModeLimit($miserModeLimit)
328 
-    {
329 
-        $this->miserModeLimit = $miserModeLimit;
330 
-
331 
-        return $this;
332 
-    }
333 
-
334 
-    /**
335 
-     * @return array
336 
-     */
337 
-    public function getSquidList()
338 
-    {
339 
-        return $this->squidList;
340 
-    }
341 
-
342 
-    /**
343 
-     * @param array $squidList
344 
-     *
345 
-     * @return SiteConfiguration
346 
-     */
347 
-    public function setSquidList($squidList)
348 
-    {
349 
-        $this->squidList = $squidList;
350 
-
351 
-        return $this;
352 
-    }
353 
-
354 
-    /**
355 
-     * @return boolean
356 
-     */
357 
-    public function getUseStrictTransportSecurity()
358 
-    {
359 
-        return $this->useStrictTransportSecurity;
360 
-    }
361 
-
362 
-    /**
363 
-     * @param boolean $useStrictTransportSecurity
364 
-     *
365 
-     * @return SiteConfiguration
366 
-     */
367 
-    public function setUseStrictTransportSecurity($useStrictTransportSecurity)
368 
-    {
369 
-        $this->useStrictTransportSecurity = $useStrictTransportSecurity;
370 
-
371 
-        return $this;
372 
-    }
373 
-
374 
-    /**
375 
-     * @return string
376 
-     */
377 
-    public function getUserAgent()
378 
-    {
379 
-        return $this->userAgent;
380 
-    }
381 
-
382 
-    /**
383 
-     * @param string $userAgent
384 
-     *
385 
-     * @return SiteConfiguration
386 
-     */
387 
-    public function setUserAgent($userAgent)
388 
-    {
389 
-        $this->userAgent = $userAgent;
390 
-
391 
-        return $this;
392 
-    }
393 
-
394 
-    /**
395 
-     * @return boolean
396 
-     */
397 
-    public function getCurlDisableVerifyPeer()
398 
-    {
399 
-        return $this->curlDisableVerifyPeer;
400 
-    }
401 
-
402 
-    /**
403 
-     * @param boolean $curlDisableVerifyPeer
404 
-     *
405 
-     * @return SiteConfiguration
406 
-     */
407 
-    public function setCurlDisableVerifyPeer($curlDisableVerifyPeer)
408 
-    {
409 
-        $this->curlDisableVerifyPeer = $curlDisableVerifyPeer;
410 
-
411 
-        return $this;
412 
-    }
413 
-
414 
-    /**
415 
-     * @return boolean
416 
-     */
417 
-    public function getUseOAuthSignup()
418 
-    {
419 
-        return $this->useOAuthSignup;
420 
-    }
421 
-
422 
-    /**
423 
-     * @param boolean $useOAuthSignup
424 
-     *
425 
-     * @return SiteConfiguration
426 
-     */
427 
-    public function setUseOAuthSignup($useOAuthSignup)
428 
-    {
429 
-        $this->useOAuthSignup = $useOAuthSignup;
430 
-
431 
-        return $this;
432 
-    }
433 
-
434 
-    /**
435 
-     * @return mixed
436 
-     */
437 
-    public function getOAuthConsumerToken()
438 
-    {
439 
-        return $this->oauthConsumerToken;
440 
-    }
441 
-
442 
-    /**
443 
-     * @param mixed $oauthConsumerToken
444 
-     *
445 
-     * @return SiteConfiguration
446 
-     */
447 
-    public function setOAuthConsumerToken($oauthConsumerToken)
448 
-    {
449 
-        $this->oauthConsumerToken = $oauthConsumerToken;
450 
-
451 
-        return $this;
452 
-    }
453 
-
454 
-    /**
455 
-     * @return mixed
456 
-     */
457 
-    public function getOAuthConsumerSecret()
458 
-    {
459 
-        return $this->oauthConsumerSecret;
460 
-    }
461 
-
462 
-    /**
463 
-     * @param mixed $oauthConsumerSecret
464 
-     *
465 
-     * @return SiteConfiguration
466 
-     */
467 
-    public function setOAuthConsumerSecret($oauthConsumerSecret)
468 
-    {
469 
-        $this->oauthConsumerSecret = $oauthConsumerSecret;
470 
-
471 
-        return $this;
472 
-    }
473 
-
474 
-    /**
475 
-     * @return string
476 
-     */
477 
-    public function getDataClearInterval()
478 
-    {
479 
-        return $this->dataClearInterval;
480 
-    }
481 
-
482 
-    /**
483 
-     * @param string $dataClearInterval
484 
-     *
485 
-     * @return SiteConfiguration
486 
-     */
487 
-    public function setDataClearInterval($dataClearInterval)
488 
-    {
489 
-        $this->dataClearInterval = $dataClearInterval;
490 
-
491 
-        return $this;
492 
-    }
493 
-
494 
-    /**
495 
-     * @return string
496 
-     */
497 
-    public function getXffTrustedHostsFile()
498 
-    {
499 
-        return $this->xffTrustedHostsFile;
500 
-    }
501 
-
502 
-    /**
503 
-     * @param string $xffTrustedHostsFile
504 
-     *
505 
-     * @return SiteConfiguration
506 
-     */
507 
-    public function setXffTrustedHostsFile($xffTrustedHostsFile)
508 
-    {
509 
-        $this->xffTrustedHostsFile = $xffTrustedHostsFile;
510 
-
511 
-        return $this;
512 
-    }
513 
-
514 
-    /**
515 
-     * @return array
516 
-     */
517 
-    public function getCrossOriginResourceSharingHosts()
518 
-    {
519 
-        return $this->crossOriginResourceSharingHosts;
520 
-    }
521 
-
522 
-    /**
523 
-     * @param array $crossOriginResourceSharingHosts
524 
-     *
525 
-     * @return SiteConfiguration
526 
-     */
527 
-    public function setCrossOriginResourceSharingHosts($crossOriginResourceSharingHosts)
528 
-    {
529 
-        $this->crossOriginResourceSharingHosts = $crossOriginResourceSharingHosts;
530 
-
531 
-        return $this;
532 
-    }
533 
-
534 
-    /**
535 
-     * @return boolean
536 
-     */
537 
-    public function getIrcNotificationsEnabled()
538 
-    {
539 
-        return $this->ircNotificationsEnabled;
540 
-    }
541 
-
542 
-    /**
543 
-     * @param boolean $ircNotificationsEnabled
544 
-     *
545 
-     * @return SiteConfiguration
546 
-     */
547 
-    public function setIrcNotificationsEnabled($ircNotificationsEnabled)
548 
-    {
549 
-        $this->ircNotificationsEnabled = $ircNotificationsEnabled;
550 
-
551 
-        return $this;
552 
-    }
553 
-
554 
-    /**
555 
-     * @param string $errorLog
556 
-     *
557 
-     * @return SiteConfiguration
558 
-     */
559 
-    public function setErrorLog($errorLog)
560 
-    {
561 
-        $this->errorLog = $errorLog;
562 
-
563 
-        return $this;
564 
-    }
565 
-
566 
-    /**
567 
-     * @return string
568 
-     */
569 
-    public function getErrorLog()
570 
-    {
571 
-        return $this->errorLog;
572 
-    }
573 
-
574 
-    /**
575 
-     * @param int $emailConfirmationExpiryDays
576 
-     *
577 
-     * @return SiteConfiguration
578 
-     */
579 
-    public function setEmailConfirmationExpiryDays($emailConfirmationExpiryDays)
580 
-    {
581 
-        $this->emailConfirmationExpiryDays = $emailConfirmationExpiryDays;
582 
-
583 
-        return $this;
584 
-    }
585 
-
586 
-    /**
587 
-     * @return int
588 
-     */
589 
-    public function getEmailConfirmationExpiryDays()
590 
-    {
591 
-        return $this->emailConfirmationExpiryDays;
592 
-    }
593 
-
594 
-    /**
595 
-     * @param string $ircNotificationsInstance
596 
-     *
597 
-     * @return SiteConfiguration
598 
-     */
599 
-    public function setIrcNotificationsInstance($ircNotificationsInstance)
600 
-    {
601 
-        $this->ircNotificationsInstance = $ircNotificationsInstance;
602 
-
603 
-        return $this;
604 
-    }
605 
-
606 
-    /**
607 
-     * @return string
608 
-     */
609 
-    public function getIrcNotificationsInstance()
610 
-    {
611 
-        return $this->ircNotificationsInstance;
612 
-    }
613 
-
614 
-    /**
615 
-     * @param boolean $titleBlacklistEnabled
616 
-     *
617 
-     * @return SiteConfiguration
618 
-     */
619 
-    public function setTitleBlacklistEnabled($titleBlacklistEnabled)
620 
-    {
621 
-        $this->titleBlacklistEnabled = $titleBlacklistEnabled;
622 
-
623 
-        return $this;
624 
-    }
625 
-
626 
-    /**
627 
-     * @return boolean
628 
-     */
629 
-    public function getTitleBlacklistEnabled()
630 
-    {
631 
-        return $this->titleBlacklistEnabled;
632 
-    }
633 
-
634 
-    /**
635 
-     * @param string|null $locationProviderApiKey
636 
-     *
637 
-     * @return SiteConfiguration
638 
-     */
639 
-    public function setLocationProviderApiKey($locationProviderApiKey)
640 
-    {
641 
-        $this->locationProviderApiKey = $locationProviderApiKey;
642 
-
643 
-        return $this;
644 
-    }
645 
-
646 
-    /**
647 
-     * @return null|string
648 
-     */
649 
-    public function getLocationProviderApiKey()
650 
-    {
651 
-        return $this->locationProviderApiKey;
652 
-    }
653 
-
654 
-    /**
655 
-     * @param array $torExitPaths
656 
-     *
657 
-     * @return SiteConfiguration
658 
-     */
659 
-    public function setTorExitPaths($torExitPaths)
660 
-    {
661 
-        $this->torExitPaths = $torExitPaths;
662 
-
663 
-        return $this;
664 
-    }
665 
-
666 
-    /**
667 
-     * @return array
668 
-     */
669 
-    public function getTorExitPaths()
670 
-    {
671 
-        return $this->torExitPaths;
672 
-    }
673 
-
674 
-    /**
675 
-     * @param string $oauthIdentityGraceTime
676 
-     *
677 
-     * @return SiteConfiguration
678 
-     */
679 
-    public function setOauthIdentityGraceTime($oauthIdentityGraceTime)
680 
-    {
681 
-        $this->oauthIdentityGraceTime = $oauthIdentityGraceTime;
682 
-
683 
-        return $this;
684 
-    }
685 
-
686 
-    /**
687 
-     * @return string
688 
-     */
689 
-    public function getOauthIdentityGraceTime()
690 
-    {
691 
-        return $this->oauthIdentityGraceTime;
692 
-    }
693 
-
694 
-    /**
695 
-     * @param string $oauthMediaWikiCanonicalServer
696 
-     *
697 
-     * @return SiteConfiguration
698 
-     */
699 
-    public function setOauthMediaWikiCanonicalServer($oauthMediaWikiCanonicalServer)
700 
-    {
701 
-        $this->oauthMediaWikiCanonicalServer = $oauthMediaWikiCanonicalServer;
702 
-
703 
-        return $this;
704 
-    }
705 
-
706 
-    /**
707 
-     * @return string
708 
-     */
709 
-    public function getOauthMediaWikiCanonicalServer()
710 
-    {
711 
-        return $this->oauthMediaWikiCanonicalServer;
712 
-    }
713 
-
714 
-    /**
715 
-     * @param string $creationBotUsername
716 
-     *
717 
-     * @return SiteConfiguration
718 
-     */
719 
-    public function setCreationBotUsername($creationBotUsername)
720 
-    {
721 
-        $this->creationBotUsername = $creationBotUsername;
722 
-
723 
-        return $this;
724 
-    }
725 
-
726 
-    /**
727 
-     * @return string
728 
-     */
729 
-    public function getCreationBotUsername()
730 
-    {
731 
-        return $this->creationBotUsername;
732 
-    }
733 
-
734 
-    /**
735 
-     * @param string $creationBotPassword
736 
-     *
737 
-     * @return SiteConfiguration
738 
-     */
739 
-    public function setCreationBotPassword($creationBotPassword)
740 
-    {
741 
-        $this->creationBotPassword = $creationBotPassword;
742 
-
743 
-        return $this;
744 
-    }
745 
-
746 
-    /**
747 
-     * @return string
748 
-     */
749 
-    public function getCreationBotPassword()
750 
-    {
751 
-        return $this->creationBotPassword;
752 
-    }
753 
-
754 
-    /**
755 
-     * @param string|null $curlCookieJar
756 
-     *
757 
-     * @return SiteConfiguration
758 
-     */
759 
-    public function setCurlCookieJar($curlCookieJar)
760 
-    {
761 
-        $this->curlCookieJar = $curlCookieJar;
762 
-
763 
-        return $this;
764 
-    }
765 
-
766 
-    /**
767 
-     * @return string|null
768 
-     */
769 
-    public function getCurlCookieJar()
770 
-    {
771 
-        return $this->curlCookieJar;
772 
-    }
773 
-
774 
-    public function getYubicoApiId()
775 
-    {
776 
-        return $this->yubicoApiId;
777 
-    }
778 
-
779 
-    public function setYubicoApiId($id)
780 
-    {
781 
-        $this->yubicoApiId = $id;
782 
-
783 
-        return $this;
784 
-    }
785 
-
786 
-    public function getYubicoApiKey()
787 
-    {
788 
-        return $this->yubicoApiKey;
789 
-    }
790 
-
791 
-    public function setYubicoApiKey($key)
792 
-    {
793 
-        $this->yubicoApiKey = $key;
794 
-
795 
-        return $this;
796 
-    }
797 
-
798 
-    /**
799 
-     * @return string
800 
-     */
801 
-    public function getTotpEncryptionKey()
802 
-    {
803 
-        return $this->totpEncryptionKey;
804 
-    }
805 
-
806 
-    /**
807 
-     * @param string $totpEncryptionKey
808 
-     *
809 
-     * @return SiteConfiguration
810 
-     */
811 
-    public function setTotpEncryptionKey($totpEncryptionKey)
812 
-    {
813 
-        $this->totpEncryptionKey = $totpEncryptionKey;
814 
-
815 
-        return $this;
816 
-    }
817 
-
818 
-    /**
819 
-     * @return string
820 
-     */
821 
-    public function getIdentificationNoticeboardPage()
822 
-    {
823 
-        return $this->identificationNoticeboardPage;
824 
-    }
825 
-
826 
-    /**
827 
-     * @param string $identificationNoticeboardPage
828 
-     *
829 
-     * @return SiteConfiguration
830 
-     */
831 
-    public function setIdentificationNoticeboardPage($identificationNoticeboardPage)
832 
-    {
833 
-        $this->identificationNoticeboardPage = $identificationNoticeboardPage;
834 
-
835 
-        return $this;
836 
-    }
837 
-
838 
-    public function isRegistrationAllowed(): bool
839 
-    {
840 
-        return $this->registrationAllowed;
841 
-    }
842 
-
843 
-    public function setRegistrationAllowed(bool $registrationAllowed): SiteConfiguration
844 
-    {
845 
-        $this->registrationAllowed = $registrationAllowed;
846 
-
847 
-        return $this;
848 
-    }
849 
-
850 
-    /**
851 
-     * @return string|null
852 
-     */
853 
-    public function getCspReportUri()
854 
-    {
855 
-        return $this->cspReportUri;
856 
-    }
857 
-
858 
-    /**
859 
-     * @param string|null $cspReportUri
860 
-     *
861 
-     * @return SiteConfiguration
862 
-     */
863 
-    public function setCspReportUri($cspReportUri)
864 
-    {
865 
-        $this->cspReportUri = $cspReportUri;
866 
-
867 
-        return $this;
868 
-    }
869 
-
870 
-    /**
871 
-     * @return int
872 
-     */
873 
-    public function getResourceCacheEpoch(): int
874 
-    {
875 
-        return $this->resourceCacheEpoch;
876 
-    }
877 
-
878 
-    /**
879 
-     * @param int $resourceCacheEpoch
880 
-     *
881 
-     * @return SiteConfiguration
882 
-     */
883 
-    public function setResourceCacheEpoch(int $resourceCacheEpoch): SiteConfiguration
884 
-    {
885 
-        $this->resourceCacheEpoch = $resourceCacheEpoch;
886 
-
887 
-        return $this;
888 
-    }
889 
-
890 
-    /**
891 
-     * @return array
892 
-     */
893 
-    public function getCommonEmailDomains(): array
894 
-    {
895 
-        return $this->commonEmailDomains;
896 
-    }
897 
-
898 
-    /**
899 
-     * @param array $commonEmailDomains
900 
-     *
901 
-     * @return SiteConfiguration
902 
-     */
903 
-    public function setCommonEmailDomains(array $commonEmailDomains): SiteConfiguration
904 
-    {
905 
-        $this->commonEmailDomains = $commonEmailDomains;
906 
-
907 
-        return $this;
908 
-    }
909 
-
910 
-    /**
911 
-     * @param int[] $banMaxIpBlockRange
912 
-     *
913 
-     * @return SiteConfiguration
914 
-     */
915 
-    public function setBanMaxIpBlockRange(array $banMaxIpBlockRange): SiteConfiguration
916 
-    {
917 
-        $this->banMaxIpBlockRange = $banMaxIpBlockRange;
918 
-
919 
-        return $this;
920 
-    }
921 
-
922 
-    /**
923 
-     * @return int[]
924 
-     */
925 
-    public function getBanMaxIpBlockRange(): array
926 
-    {
927 
-        return $this->banMaxIpBlockRange;
928 
-    }
929 
-
930 
-    /**
931 
-     * @param int[] $banMaxIpRange
932 
-     *
933 
-     * @return SiteConfiguration
934 
-     */
935 
-    public function setBanMaxIpRange(array $banMaxIpRange): SiteConfiguration
936 
-    {
937 
-        $this->banMaxIpRange = $banMaxIpRange;
938 
-
939 
-        return $this;
940 
-    }
941 
-
942 
-    /**
943 
-     * @return int[]
944 
-     */
945 
-    public function getBanMaxIpRange(): array
946 
-    {
947 
-        return $this->banMaxIpRange;
948 
-    }
949 
-
950 
-    /**
951 
-     * @param array $oauthLegacyConsumerTokens
952 
-     *
953 
-     * @return SiteConfiguration
954 
-     */
955 
-    public function setOauthLegacyConsumerTokens(array $oauthLegacyConsumerTokens): SiteConfiguration
956 
-    {
957 
-        $this->oauthLegacyConsumerTokens = $oauthLegacyConsumerTokens;
958 
-
959 
-        return $this;
960 
-    }
961 
-
962 
-    /**
963 
-     * @return array
964 
-     */
965 
-    public function getOauthLegacyConsumerTokens(): array
966 
-    {
967 
-        return $this->oauthLegacyConsumerTokens;
968 
-    }
969 
-
970 
-    /**
971 
-     * @return int
972 
-     */
973 
-    public function getJobQueueBatchSize(): int
974 
-    {
975 
-        return $this->jobQueueBatchSize;
976 
-    }
977 
-
978 
-    /**
979 
-     * @param int $jobQueueBatchSize
980 
-     *
981 
-     * @return SiteConfiguration
982 
-     */
983 
-    public function setJobQueueBatchSize(int $jobQueueBatchSize): SiteConfiguration
984 
-    {
985 
-        $this->jobQueueBatchSize = $jobQueueBatchSize;
986 
-
987 
-        return $this;
988 
-    }
989 
-
990 
-    /**
991 
-     * @return array
992 
-     */
993 
-    public function getAmqpConfiguration(): array
994 
-    {
995 
-        return $this->amqpConfiguration;
996 
-    }
997 
-
998 
-    /**
999 
-     * @param array $amqpConfiguration
1000 
-     *
1001 
-     * @return SiteConfiguration
1002 
-     */
1003 
-    public function setAmqpConfiguration(array $amqpConfiguration): SiteConfiguration
1004 
-    {
1005 
-        $this->amqpConfiguration = $amqpConfiguration;
1006 
-
1007 
-        return $this;
1008 
-    }
1009 
-
1010 
-    /**
1011 
-     * @return string
1012 
-     */
1013 
-    public function getEmailSender(): string
1014 
-    {
1015 
-        return $this->emailSender;
1016 
-    }
1017 
-
1018 
-    /**
1019 
-     * @param string $emailSender
1020 
-     *
1021 
-     * @return SiteConfiguration
1022 
-     */
1023 
-    public function setEmailSender(string $emailSender): SiteConfiguration
1024 
-    {
1025 
-        $this->emailSender = $emailSender;
1026 
-
1027 
-        return $this;
20 
+	private $baseUrl;
21 
+	private $filePath;
22 
+	private $schemaVersion = 42;
23 
+	private $debuggingTraceEnabled;
24 
+	private $debuggingCssBreakpointsEnabled;
25 
+	private $dataClearIp = '127.0.0.1';
26 
+	private $dataClearEmail = '[email protected]';
27 
+	private $dataClearInterval = '15 DAY';
28 
+	private $forceIdentification = true;
29 
+	private $identificationCacheExpiry = '1 DAY';
30 
+	private $metaWikimediaWebServiceEndpoint = 'https://meta.wikimedia.org/w/api.php';
31 
+	private $enforceOAuth = true;
32 
+	private $emailConfirmationEnabled = true;
33 
+	private $emailConfirmationExpiryDays = 7;
34 
+	private $miserModeLimit = 25;
35 
+	private $squidList = array();
36 
+	private $useStrictTransportSecurity = false;
37 
+	private $userAgent = 'Wikipedia-ACC Tool/0.1 (+https://accounts.wmflabs.org/internal.php/team)';
38 
+	private $curlDisableVerifyPeer = false;
39 
+	private $useOAuthSignup = true;
40 
+	private $oauthConsumerToken;
41 
+	/** @var array */
42 
+	private $oauthLegacyConsumerTokens;
43 
+	private $oauthConsumerSecret;
44 
+	private $oauthIdentityGraceTime = '24 hours';
45 
+	private $oauthMediaWikiCanonicalServer = 'http://en.wikipedia.org';
46 
+	private $xffTrustedHostsFile = '../TrustedXFF/trusted-hosts.txt';
47 
+	private $crossOriginResourceSharingHosts = array(
48 
+		"http://en.wikipedia.org",
49 
+		"https://en.wikipedia.org",
50 
+		"http://meta.wikimedia.org",
51 
+		"https://meta.wikimedia.org",
52 
+	);
53 
+	private $ircNotificationsEnabled = true;
54 
+	private $ircNotificationsInstance = 'Development';
55 
+	private $errorLog = 'errorlog';
56 
+	private $titleBlacklistEnabled = false;
57 
+	/** @var null|string $locationProviderApiKey */
58 
+	private $locationProviderApiKey = null;
59 
+	private $torExitPaths = array();
60 
+	private $creationBotUsername = '';
61 
+	private $creationBotPassword = '';
62 
+	private $curlCookieJar = null;
63 
+	private $yubicoApiId = 0;
64 
+	private $yubicoApiKey = "";
65 
+	private $totpEncryptionKey = "1234";
66 
+	private $identificationNoticeboardPage = 'Access to nonpublic personal data policy/Noticeboard';
67 
+	private $registrationAllowed = true;
68 
+	private $cspReportUri = null;
69 
+	private $resourceCacheEpoch = 1;
70 
+	private $commonEmailDomains = [];
71 
+	private $banMaxIpBlockRange = [4 => 20, 6 => 48];
72 
+	private $banMaxIpRange = [4 => 16, 6 => 32];
73 
+	private $jobQueueBatchSize = 10;
74 
+	private $amqpConfiguration = ['host' => 'localhost', 'port' => 5672, 'user' => 'guest', 'password' => 'guest', 'exchange' => ''];
75 
+	private $emailSender = '[email protected]';
76 
+
77 
+	/**
78 
+	 * Gets the base URL of the tool
79 
+	 *
80 
+	 * If the internal page of the tool is at http://localhost/path/internal.php, this would be set to
81 
+	 * http://localhost/path
82 
+	 * @return string
83 
+	 */
84 
+	public function getBaseUrl()
85 
+	{
86 
+		return $this->baseUrl;
87 
+	}
88 
+
89 
+	/**
90 
+	 * @param string $baseUrl
91 
+	 *
92 
+	 * @return SiteConfiguration
93 
+	 */
94 
+	public function setBaseUrl($baseUrl)
95 
+	{
96 
+		$this->baseUrl = $baseUrl;
97 
+
98 
+		return $this;
99 
+	}
100 
+
101 
+	/**
102 
+	 * Path on disk to the directory containing the tool's code
103 
+	 * @return string
104 
+	 */
105 
+	public function getFilePath()
106 
+	{
107 
+		return $this->filePath;
108 
+	}
109 
+
110 
+	/**
111 
+	 * @param string $filePath
112 
+	 *
113 
+	 * @return SiteConfiguration
114 
+	 */
115 
+	public function setFilePath($filePath)
116 
+	{
117 
+		$this->filePath = $filePath;
118 
+
119 
+		return $this;
120 
+	}
121 
+
122 
+	/**
123 
+	 * @return int
124 
+	 */
125 
+	public function getSchemaVersion()
126 
+	{
127 
+		return $this->schemaVersion;
128 
+	}
129 
+
130 
+	/**
131 
+	 * @param int $schemaVersion
132 
+	 *
133 
+	 * @return SiteConfiguration
134 
+	 */
135 
+	public function setSchemaVersion($schemaVersion)
136 
+	{
137 
+		$this->schemaVersion = $schemaVersion;
138 
+
139 
+		return $this;
140 
+	}
141 
+
142 
+	/**
143 
+	 * @return mixed
144 
+	 */
145 
+	public function getDebuggingTraceEnabled()
146 
+	{
147 
+		return $this->debuggingTraceEnabled;
148 
+	}
149 
+
150 
+	/**
151 
+	 * @param mixed $debuggingTraceEnabled
152 
+	 *
153 
+	 * @return SiteConfiguration
154 
+	 */
155 
+	public function setDebuggingTraceEnabled($debuggingTraceEnabled)
156 
+	{
157 
+		$this->debuggingTraceEnabled = $debuggingTraceEnabled;
158 
+
159 
+		return $this;
160 
+	}
161 
+
162 
+	public function getDebuggingCssBreakpointsEnabled() : bool
163 
+	{
164 
+		return $this->debuggingCssBreakpointsEnabled;
165 
+	}
166 
+
167 
+	public function setDebuggingCssBreakpointsEnabled(bool $debuggingCssBreakpointsEnabled) : SiteConfiguration
168 
+	{
169 
+		$this->debuggingCssBreakpointsEnabled = $debuggingCssBreakpointsEnabled;
170 
+
171 
+		return $this;
172 
+	}
173 
+
174 
+	/**
175 
+	 * @return string
176 
+	 */
177 
+	public function getDataClearIp()
178 
+	{
179 
+		return $this->dataClearIp;
180 
+	}
181 
+
182 
+	/**
183 
+	 * @param string $dataClearIp
184 
+	 *
185 
+	 * @return SiteConfiguration
186 
+	 */
187 
+	public function setDataClearIp($dataClearIp)
188 
+	{
189 
+		$this->dataClearIp = $dataClearIp;
190 
+
191 
+		return $this;
192 
+	}
193 
+
194 
+	/**
195 
+	 * @return string
196 
+	 */
197 
+	public function getDataClearEmail()
198 
+	{
199 
+		return $this->dataClearEmail;
200 
+	}
201 
+
202 
+	/**
203 
+	 * @param string $dataClearEmail
204 
+	 *
205 
+	 * @return SiteConfiguration
206 
+	 */
207 
+	public function setDataClearEmail($dataClearEmail)
208 
+	{
209 
+		$this->dataClearEmail = $dataClearEmail;
210 
+
211 
+		return $this;
212 
+	}
213 
+
214 
+	/**
215 
+	 * @return boolean
216 
+	 */
217 
+	public function getForceIdentification()
218 
+	{
219 
+		return $this->forceIdentification;
220 
+	}
221 
+
222 
+	/**
223 
+	 * @param boolean $forceIdentification
224 
+	 *
225 
+	 * @return SiteConfiguration
226 
+	 */
227 
+	public function setForceIdentification($forceIdentification)
228 
+	{
229 
+		$this->forceIdentification = $forceIdentification;
230 
+
231 
+		return $this;
232 
+	}
233 
+
234 
+	/**
235 
+	 * @return string
236 
+	 */
237 
+	public function getIdentificationCacheExpiry()
238 
+	{
239 
+		return $this->identificationCacheExpiry;
240 
+	}
241 
+
242 
+	/**
243 
+	 * @param string $identificationCacheExpiry
244 
+	 *
245 
+	 * @return SiteConfiguration
246 
+	 */
247 
+	public function setIdentificationCacheExpiry($identificationCacheExpiry)
248 
+	{
249 
+		$this->identificationCacheExpiry = $identificationCacheExpiry;
250 
+
251 
+		return $this;
252 
+	}
253 
+
254 
+	/**
255 
+	 * @return string
256 
+	 */
257 
+	public function getMetaWikimediaWebServiceEndpoint()
258 
+	{
259 
+		return $this->metaWikimediaWebServiceEndpoint;
260 
+	}
261 
+
262 
+	/**
263 
+	 * @param string $metaWikimediaWebServiceEndpoint
264 
+	 *
265 
+	 * @return SiteConfiguration
266 
+	 */
267 
+	public function setMetaWikimediaWebServiceEndpoint($metaWikimediaWebServiceEndpoint)
268 
+	{
269 
+		$this->metaWikimediaWebServiceEndpoint = $metaWikimediaWebServiceEndpoint;
270 
+
271 
+		return $this;
272 
+	}
273 
+
274 
+	/**
275 
+	 * @return boolean
276 
+	 */
277 
+	public function getEnforceOAuth()
278 
+	{
279 
+		return $this->enforceOAuth;
280 
+	}
281 
+
282 
+	/**
283 
+	 * @param boolean $enforceOAuth
284 
+	 *
285 
+	 * @return SiteConfiguration
286 
+	 */
287 
+	public function setEnforceOAuth($enforceOAuth)
288 
+	{
289 
+		$this->enforceOAuth = $enforceOAuth;
290 
+
291 
+		return $this;
292 
+	}
293 
+
294 
+	/**
295 
+	 * @return boolean
296 
+	 */
297 
+	public function getEmailConfirmationEnabled()
298 
+	{
299 
+		return $this->emailConfirmationEnabled;
300 
+	}
301 
+
302 
+	/**
303 
+	 * @param boolean $emailConfirmationEnabled
304 
+	 *
305 
+	 * @return $this
306 
+	 */
307 
+	public function setEmailConfirmationEnabled($emailConfirmationEnabled)
308 
+	{
309 
+		$this->emailConfirmationEnabled = $emailConfirmationEnabled;
310 
+
311 
+		return $this;
312 
+	}
313 
+
314 
+	/**
315 
+	 * @return int
316 
+	 */
317 
+	public function getMiserModeLimit()
318 
+	{
319 
+		return $this->miserModeLimit;
320 
+	}
321 
+
322 
+	/**
323 
+	 * @param int $miserModeLimit
324 
+	 *
325 
+	 * @return SiteConfiguration
326 
+	 */
327 
+	public function setMiserModeLimit($miserModeLimit)
328 
+	{
329 
+		$this->miserModeLimit = $miserModeLimit;
330 
+
331 
+		return $this;
332 
+	}
333 
+
334 
+	/**
335 
+	 * @return array
336 
+	 */
337 
+	public function getSquidList()
338 
+	{
339 
+		return $this->squidList;
340 
+	}
341 
+
342 
+	/**
343 
+	 * @param array $squidList
344 
+	 *
345 
+	 * @return SiteConfiguration
346 
+	 */
347 
+	public function setSquidList($squidList)
348 
+	{
349 
+		$this->squidList = $squidList;
350 
+
351 
+		return $this;
352 
+	}
353 
+
354 
+	/**
355 
+	 * @return boolean
356 
+	 */
357 
+	public function getUseStrictTransportSecurity()
358 
+	{
359 
+		return $this->useStrictTransportSecurity;
360 
+	}
361 
+
362 
+	/**
363 
+	 * @param boolean $useStrictTransportSecurity
364 
+	 *
365 
+	 * @return SiteConfiguration
366 
+	 */
367 
+	public function setUseStrictTransportSecurity($useStrictTransportSecurity)
368 
+	{
369 
+		$this->useStrictTransportSecurity = $useStrictTransportSecurity;
370 
+
371 
+		return $this;
372 
+	}
373 
+
374 
+	/**
375 
+	 * @return string
376 
+	 */
377 
+	public function getUserAgent()
378 
+	{
379 
+		return $this->userAgent;
380 
+	}
381 
+
382 
+	/**
383 
+	 * @param string $userAgent
384 
+	 *
385 
+	 * @return SiteConfiguration
386 
+	 */
387 
+	public function setUserAgent($userAgent)
388 
+	{
389 
+		$this->userAgent = $userAgent;
390 
+
391 
+		return $this;
392 
+	}
393 
+
394 
+	/**
395 
+	 * @return boolean
396 
+	 */
397 
+	public function getCurlDisableVerifyPeer()
398 
+	{
399 
+		return $this->curlDisableVerifyPeer;
400 
+	}
401 
+
402 
+	/**
403 
+	 * @param boolean $curlDisableVerifyPeer
404 
+	 *
405 
+	 * @return SiteConfiguration
406 
+	 */
407 
+	public function setCurlDisableVerifyPeer($curlDisableVerifyPeer)
408 
+	{
409 
+		$this->curlDisableVerifyPeer = $curlDisableVerifyPeer;
410 
+
411 
+		return $this;
412 
+	}
413 
+
414 
+	/**
415 
+	 * @return boolean
416 
+	 */
417 
+	public function getUseOAuthSignup()
418 
+	{
419 
+		return $this->useOAuthSignup;
420 
+	}
421 
+
422 
+	/**
423 
+	 * @param boolean $useOAuthSignup
424 
+	 *
425 
+	 * @return SiteConfiguration
426 
+	 */
427 
+	public function setUseOAuthSignup($useOAuthSignup)
428 
+	{
429 
+		$this->useOAuthSignup = $useOAuthSignup;
430 
+
431 
+		return $this;
432 
+	}
433 
+
434 
+	/**
435 
+	 * @return mixed
436 
+	 */
437 
+	public function getOAuthConsumerToken()
438 
+	{
439 
+		return $this->oauthConsumerToken;
440 
+	}
441 
+
442 
+	/**
443 
+	 * @param mixed $oauthConsumerToken
444 
+	 *
445 
+	 * @return SiteConfiguration
446 
+	 */
447 
+	public function setOAuthConsumerToken($oauthConsumerToken)
448 
+	{
449 
+		$this->oauthConsumerToken = $oauthConsumerToken;
450 
+
451 
+		return $this;
452 
+	}
453 
+
454 
+	/**
455 
+	 * @return mixed
456 
+	 */
457 
+	public function getOAuthConsumerSecret()
458 
+	{
459 
+		return $this->oauthConsumerSecret;
460 
+	}
461 
+
462 
+	/**
463 
+	 * @param mixed $oauthConsumerSecret
464 
+	 *
465 
+	 * @return SiteConfiguration
466 
+	 */
467 
+	public function setOAuthConsumerSecret($oauthConsumerSecret)
468 
+	{
469 
+		$this->oauthConsumerSecret = $oauthConsumerSecret;
470 
+
471 
+		return $this;
472 
+	}
473 
+
474 
+	/**
475 
+	 * @return string
476 
+	 */
477 
+	public function getDataClearInterval()
478 
+	{
479 
+		return $this->dataClearInterval;
480 
+	}
481 
+
482 
+	/**
483 
+	 * @param string $dataClearInterval
484 
+	 *
485 
+	 * @return SiteConfiguration
486 
+	 */
487 
+	public function setDataClearInterval($dataClearInterval)
488 
+	{
489 
+		$this->dataClearInterval = $dataClearInterval;
490 
+
491 
+		return $this;
492 
+	}
493 
+
494 
+	/**
495 
+	 * @return string
496 
+	 */
497 
+	public function getXffTrustedHostsFile()
498 
+	{
499 
+		return $this->xffTrustedHostsFile;
500 
+	}
501 
+
502 
+	/**
503 
+	 * @param string $xffTrustedHostsFile
504 
+	 *
505 
+	 * @return SiteConfiguration
506 
+	 */
507 
+	public function setXffTrustedHostsFile($xffTrustedHostsFile)
508 
+	{
509 
+		$this->xffTrustedHostsFile = $xffTrustedHostsFile;
510 
+
511 
+		return $this;
512 
+	}
513 
+
514 
+	/**
515 
+	 * @return array
516 
+	 */
517 
+	public function getCrossOriginResourceSharingHosts()
518 
+	{
519 
+		return $this->crossOriginResourceSharingHosts;
520 
+	}
521 
+
522 
+	/**
523 
+	 * @param array $crossOriginResourceSharingHosts
524 
+	 *
525 
+	 * @return SiteConfiguration
526 
+	 */
527 
+	public function setCrossOriginResourceSharingHosts($crossOriginResourceSharingHosts)
528 
+	{
529 
+		$this->crossOriginResourceSharingHosts = $crossOriginResourceSharingHosts;
530 
+
531 
+		return $this;
532 
+	}
533 
+
534 
+	/**
535 
+	 * @return boolean
536 
+	 */
537 
+	public function getIrcNotificationsEnabled()
538 
+	{
539 
+		return $this->ircNotificationsEnabled;
540 
+	}
541 
+
542 
+	/**
543 
+	 * @param boolean $ircNotificationsEnabled
544 
+	 *
545 
+	 * @return SiteConfiguration
546 
+	 */
547 
+	public function setIrcNotificationsEnabled($ircNotificationsEnabled)
548 
+	{
549 
+		$this->ircNotificationsEnabled = $ircNotificationsEnabled;
550 
+
551 
+		return $this;
552 
+	}
553 
+
554 
+	/**
555 
+	 * @param string $errorLog
556 
+	 *
557 
+	 * @return SiteConfiguration
558 
+	 */
559 
+	public function setErrorLog($errorLog)
560 
+	{
561 
+		$this->errorLog = $errorLog;
562 
+
563 
+		return $this;
564 
+	}
565 
+
566 
+	/**
567 
+	 * @return string
568 
+	 */
569 
+	public function getErrorLog()
570 
+	{
571 
+		return $this->errorLog;
572 
+	}
573 
+
574 
+	/**
575 
+	 * @param int $emailConfirmationExpiryDays
576 
+	 *
577 
+	 * @return SiteConfiguration
578 
+	 */
579 
+	public function setEmailConfirmationExpiryDays($emailConfirmationExpiryDays)
580 
+	{
581 
+		$this->emailConfirmationExpiryDays = $emailConfirmationExpiryDays;
582 
+
583 
+		return $this;
584 
+	}
585 
+
586 
+	/**
587 
+	 * @return int
588 
+	 */
589 
+	public function getEmailConfirmationExpiryDays()
590 
+	{
591 
+		return $this->emailConfirmationExpiryDays;
592 
+	}
593 
+
594 
+	/**
595 
+	 * @param string $ircNotificationsInstance
596 
+	 *
597 
+	 * @return SiteConfiguration
598 
+	 */
599 
+	public function setIrcNotificationsInstance($ircNotificationsInstance)
600 
+	{
601 
+		$this->ircNotificationsInstance = $ircNotificationsInstance;
602 
+
603 
+		return $this;
604 
+	}
605 
+
606 
+	/**
607 
+	 * @return string
608 
+	 */
609 
+	public function getIrcNotificationsInstance()
610 
+	{
611 
+		return $this->ircNotificationsInstance;
612 
+	}
613 
+
614 
+	/**
615 
+	 * @param boolean $titleBlacklistEnabled
616 
+	 *
617 
+	 * @return SiteConfiguration
618 
+	 */
619 
+	public function setTitleBlacklistEnabled($titleBlacklistEnabled)
620 
+	{
621 
+		$this->titleBlacklistEnabled = $titleBlacklistEnabled;
622 
+
623 
+		return $this;
624 
+	}
625 
+
626 
+	/**
627 
+	 * @return boolean
628 
+	 */
629 
+	public function getTitleBlacklistEnabled()
630 
+	{
631 
+		return $this->titleBlacklistEnabled;
632 
+	}
633 
+
634 
+	/**
635 
+	 * @param string|null $locationProviderApiKey
636 
+	 *
637 
+	 * @return SiteConfiguration
638 
+	 */
639 
+	public function setLocationProviderApiKey($locationProviderApiKey)
640 
+	{
641 
+		$this->locationProviderApiKey = $locationProviderApiKey;
642 
+
643 
+		return $this;
644 
+	}
645 
+
646 
+	/**
647 
+	 * @return null|string
648 
+	 */
649 
+	public function getLocationProviderApiKey()
650 
+	{
651 
+		return $this->locationProviderApiKey;
652 
+	}
653 
+
654 
+	/**
655 
+	 * @param array $torExitPaths
656 
+	 *
657 
+	 * @return SiteConfiguration
658 
+	 */
659 
+	public function setTorExitPaths($torExitPaths)
660 
+	{
661 
+		$this->torExitPaths = $torExitPaths;
662 
+
663 
+		return $this;
664 
+	}
665 
+
666 
+	/**
667 
+	 * @return array
668 
+	 */
669 
+	public function getTorExitPaths()
670 
+	{
671 
+		return $this->torExitPaths;
672 
+	}
673 
+
674 
+	/**
675 
+	 * @param string $oauthIdentityGraceTime
676 
+	 *
677 
+	 * @return SiteConfiguration
678 
+	 */
679 
+	public function setOauthIdentityGraceTime($oauthIdentityGraceTime)
680 
+	{
681 
+		$this->oauthIdentityGraceTime = $oauthIdentityGraceTime;
682 
+
683 
+		return $this;
684 
+	}
685 
+
686 
+	/**
687 
+	 * @return string
688 
+	 */
689 
+	public function getOauthIdentityGraceTime()
690 
+	{
691 
+		return $this->oauthIdentityGraceTime;
692 
+	}
693 
+
694 
+	/**
695 
+	 * @param string $oauthMediaWikiCanonicalServer
696 
+	 *
697 
+	 * @return SiteConfiguration
698 
+	 */
699 
+	public function setOauthMediaWikiCanonicalServer($oauthMediaWikiCanonicalServer)
700 
+	{
701 
+		$this->oauthMediaWikiCanonicalServer = $oauthMediaWikiCanonicalServer;
702 
+
703 
+		return $this;
704 
+	}
705 
+
706 
+	/**
707 
+	 * @return string
708 
+	 */
709 
+	public function getOauthMediaWikiCanonicalServer()
710 
+	{
711 
+		return $this->oauthMediaWikiCanonicalServer;
712 
+	}
713 
+
714 
+	/**
715 
+	 * @param string $creationBotUsername
716 
+	 *
717 
+	 * @return SiteConfiguration
718 
+	 */
719 
+	public function setCreationBotUsername($creationBotUsername)
720 
+	{
721 
+		$this->creationBotUsername = $creationBotUsername;
722 
+
723 
+		return $this;
724 
+	}
725 
+
726 
+	/**
727 
+	 * @return string
728 
+	 */
729 
+	public function getCreationBotUsername()
730 
+	{
731 
+		return $this->creationBotUsername;
732 
+	}
733 
+
734 
+	/**
735 
+	 * @param string $creationBotPassword
736 
+	 *
737 
+	 * @return SiteConfiguration
738 
+	 */
739 
+	public function setCreationBotPassword($creationBotPassword)
740 
+	{
741 
+		$this->creationBotPassword = $creationBotPassword;
742 
+
743 
+		return $this;
744 
+	}
745 
+
746 
+	/**
747 
+	 * @return string
748 
+	 */
749 
+	public function getCreationBotPassword()
750 
+	{
751 
+		return $this->creationBotPassword;
752 
+	}
753 
+
754 
+	/**
755 
+	 * @param string|null $curlCookieJar
756 
+	 *
757 
+	 * @return SiteConfiguration
758 
+	 */
759 
+	public function setCurlCookieJar($curlCookieJar)
760 
+	{
761 
+		$this->curlCookieJar = $curlCookieJar;
762 
+
763 
+		return $this;
764 
+	}
765 
+
766 
+	/**
767 
+	 * @return string|null
768 
+	 */
769 
+	public function getCurlCookieJar()
770 
+	{
771 
+		return $this->curlCookieJar;
772 
+	}
773 
+
774 
+	public function getYubicoApiId()
775 
+	{
776 
+		return $this->yubicoApiId;
777 
+	}
778 
+
779 
+	public function setYubicoApiId($id)
780 
+	{
781 
+		$this->yubicoApiId = $id;
782 
+
783 
+		return $this;
784 
+	}
785 
+
786 
+	public function getYubicoApiKey()
787 
+	{
788 
+		return $this->yubicoApiKey;
789 
+	}
790 
+
791 
+	public function setYubicoApiKey($key)
792 
+	{
793 
+		$this->yubicoApiKey = $key;
794 
+
795 
+		return $this;
796 
+	}
797 
+
798 
+	/**
799 
+	 * @return string
800 
+	 */
801 
+	public function getTotpEncryptionKey()
802 
+	{
803 
+		return $this->totpEncryptionKey;
804 
+	}
805 
+
806 
+	/**
807 
+	 * @param string $totpEncryptionKey
808 
+	 *
809 
+	 * @return SiteConfiguration
810 
+	 */
811 
+	public function setTotpEncryptionKey($totpEncryptionKey)
812 
+	{
813 
+		$this->totpEncryptionKey = $totpEncryptionKey;
814 
+
815 
+		return $this;
816 
+	}
817 
+
818 
+	/**
819 
+	 * @return string
820 
+	 */
821 
+	public function getIdentificationNoticeboardPage()
822 
+	{
823 
+		return $this->identificationNoticeboardPage;
824 
+	}
825 
+
826 
+	/**
827 
+	 * @param string $identificationNoticeboardPage
828 
+	 *
829 
+	 * @return SiteConfiguration
830 
+	 */
831 
+	public function setIdentificationNoticeboardPage($identificationNoticeboardPage)
832 
+	{
833 
+		$this->identificationNoticeboardPage = $identificationNoticeboardPage;
834 
+
835 
+		return $this;
836 
+	}
837 
+
838 
+	public function isRegistrationAllowed(): bool
839 
+	{
840 
+		return $this->registrationAllowed;
841 
+	}
842 
+
843 
+	public function setRegistrationAllowed(bool $registrationAllowed): SiteConfiguration
844 
+	{
845 
+		$this->registrationAllowed = $registrationAllowed;
846 
+
847 
+		return $this;
848 
+	}
849 
+
850 
+	/**
851 
+	 * @return string|null
852 
+	 */
853 
+	public function getCspReportUri()
854 
+	{
855 
+		return $this->cspReportUri;
856 
+	}
857 
+
858 
+	/**
859 
+	 * @param string|null $cspReportUri
860 
+	 *
861 
+	 * @return SiteConfiguration
862 
+	 */
863 
+	public function setCspReportUri($cspReportUri)
864 
+	{
865 
+		$this->cspReportUri = $cspReportUri;
866 
+
867 
+		return $this;
868 
+	}
869 
+
870 
+	/**
871 
+	 * @return int
872 
+	 */
873 
+	public function getResourceCacheEpoch(): int
874 
+	{
875 
+		return $this->resourceCacheEpoch;
876 
+	}
877 
+
878 
+	/**
879 
+	 * @param int $resourceCacheEpoch
880 
+	 *
881 
+	 * @return SiteConfiguration
882 
+	 */
883 
+	public function setResourceCacheEpoch(int $resourceCacheEpoch): SiteConfiguration
884 
+	{
885 
+		$this->resourceCacheEpoch = $resourceCacheEpoch;
886 
+
887 
+		return $this;
888 
+	}
889 
+
890 
+	/**
891 
+	 * @return array
892 
+	 */
893 
+	public function getCommonEmailDomains(): array
894 
+	{
895 
+		return $this->commonEmailDomains;
896 
+	}
897 
+
898 
+	/**
899 
+	 * @param array $commonEmailDomains
900 
+	 *
901 
+	 * @return SiteConfiguration
902 
+	 */
903 
+	public function setCommonEmailDomains(array $commonEmailDomains): SiteConfiguration
904 
+	{
905 
+		$this->commonEmailDomains = $commonEmailDomains;
906 
+
907 
+		return $this;
908 
+	}
909 
+
910 
+	/**
911 
+	 * @param int[] $banMaxIpBlockRange
912 
+	 *
913 
+	 * @return SiteConfiguration
914 
+	 */
915 
+	public function setBanMaxIpBlockRange(array $banMaxIpBlockRange): SiteConfiguration
916 
+	{
917 
+		$this->banMaxIpBlockRange = $banMaxIpBlockRange;
918 
+
919 
+		return $this;
920 
+	}
921 
+
922 
+	/**
923 
+	 * @return int[]
924 
+	 */
925 
+	public function getBanMaxIpBlockRange(): array
926 
+	{
927 
+		return $this->banMaxIpBlockRange;
928 
+	}
929 
+
930 
+	/**
931 
+	 * @param int[] $banMaxIpRange
932 
+	 *
933 
+	 * @return SiteConfiguration
934 
+	 */
935 
+	public function setBanMaxIpRange(array $banMaxIpRange): SiteConfiguration
936 
+	{
937 
+		$this->banMaxIpRange = $banMaxIpRange;
938 
+
939 
+		return $this;
940 
+	}
941 
+
942 
+	/**
943 
+	 * @return int[]
944 
+	 */
945 
+	public function getBanMaxIpRange(): array
946 
+	{
947 
+		return $this->banMaxIpRange;
948 
+	}
949 
+
950 
+	/**
951 
+	 * @param array $oauthLegacyConsumerTokens
952 
+	 *
953 
+	 * @return SiteConfiguration
954 
+	 */
955 
+	public function setOauthLegacyConsumerTokens(array $oauthLegacyConsumerTokens): SiteConfiguration
956 
+	{
957 
+		$this->oauthLegacyConsumerTokens = $oauthLegacyConsumerTokens;
958 
+
959 
+		return $this;
960 
+	}
961 
+
962 
+	/**
963 
+	 * @return array
964 
+	 */
965 
+	public function getOauthLegacyConsumerTokens(): array
966 
+	{
967 
+		return $this->oauthLegacyConsumerTokens;
968 
+	}
969 
+
970 
+	/**
971 
+	 * @return int
972 
+	 */
973 
+	public function getJobQueueBatchSize(): int
974 
+	{
975 
+		return $this->jobQueueBatchSize;
976 
+	}
977 
+
978 
+	/**
979 
+	 * @param int $jobQueueBatchSize
980 
+	 *
981 
+	 * @return SiteConfiguration
982 
+	 */
983 
+	public function setJobQueueBatchSize(int $jobQueueBatchSize): SiteConfiguration
984 
+	{
985 
+		$this->jobQueueBatchSize = $jobQueueBatchSize;
986 
+
987 
+		return $this;
988 
+	}
989 
+
990 
+	/**
991 
+	 * @return array
992 
+	 */
993 
+	public function getAmqpConfiguration(): array
994 
+	{
995 
+		return $this->amqpConfiguration;
996 
+	}
997 
+
998 
+	/**
999 
+	 * @param array $amqpConfiguration
1000 
+	 *
1001 
+	 * @return SiteConfiguration
1002 
+	 */
1003 
+	public function setAmqpConfiguration(array $amqpConfiguration): SiteConfiguration
1004 
+	{
1005 
+		$this->amqpConfiguration = $amqpConfiguration;
1006 
+
1007 
+		return $this;
1008 
+	}
1009 
+
1010 
+	/**
1011 
+	 * @return string
1012 
+	 */
1013 
+	public function getEmailSender(): string
1014 
+	{
1015 
+		return $this->emailSender;
1016 
+	}
1017 
+
1018 
+	/**
1019 
+	 * @param string $emailSender
1020 
+	 *
1021 
+	 * @return SiteConfiguration
1022 
+	 */
1023 
+	public function setEmailSender(string $emailSender): SiteConfiguration
1024 
+	{
1025 
+		$this->emailSender = $emailSender;
1026 
+
1027 
+		return $this;
1028 1028 
 }
1029 1029 
 }
Please login to merge, or discard this patch.
includes/Tasks/InternalPageBase.php 1 patch
Indentation   +241 added lines, -241 removed lines patch added patch discarded remove patch 
@@ -23,245 +23,245 @@
 
 block discarded – undo
23 23
24 24 
 abstract class InternalPageBase extends PageBase
25 25 
 {
26 
-    use NavigationMenuAccessControl;
27 
-
28 
-    /** @var ITypeAheadHelper */
29 
-    private $typeAheadHelper;
30 
-    /** @var SecurityManager */
31 
-    private $securityManager;
32 
-    /** @var IBlacklistHelper */
33 
-    private $blacklistHelper;
34 
-    /** @var DomainAccessManager */
35 
-    private $domainAccessManager;
36 
-
37 
-    /**
38 
-     * @return ITypeAheadHelper
39 
-     */
40 
-    public function getTypeAheadHelper()
41 
-    {
42 
-        return $this->typeAheadHelper;
43 
-    }
44 
-
45 
-    /**
46 
-     * @param ITypeAheadHelper $typeAheadHelper
47 
-     */
48 
-    public function setTypeAheadHelper(ITypeAheadHelper $typeAheadHelper)
49 
-    {
50 
-        $this->typeAheadHelper = $typeAheadHelper;
51 
-    }
52 
-
53 
-    /**
54 
-     * Runs the page code
55 
-     *
56 
-     * @throws Exception
57 
-     * @category Security-Critical
58 
-     */
59 
-    final public function execute()
60 
-    {
61 
-        if ($this->getRouteName() === null) {
62 
-            throw new Exception("Request is unrouted.");
63 
-        }
64 
-
65 
-        if ($this->getSiteConfiguration() === null) {
66 
-            throw new Exception("Page has no configuration!");
67 
-        }
68 
-
69 
-        $this->setupPage();
70 
-
71 
-        $this->touchUserLastActive();
72 
-
73 
-        $currentUser = User::getCurrent($this->getDatabase());
74 
-
75 
-        // Hey, this is also a security barrier, in addition to the below. Separated out for readability.
76 
-        if (!$this->isProtectedPage()) {
77 
-            // This page is /not/ a protected page, as such we can just run it.
78 
-            $this->runPage();
79 
-
80 
-            return;
81 
-        }
82 
-
83 
-        // Security barrier.
84 
-        //
85 
-        // This code essentially doesn't care if the user is logged in or not, as the security manager hides all that
86 
-        // away for us
87 
-        $securityResult = $this->getSecurityManager()->allows(get_called_class(), $this->getRouteName(), $currentUser);
88 
-        if ($securityResult === SecurityManager::ALLOWED) {
89 
-            // We're allowed to run the page, so let's run it.
90 
-            $this->runPage();
91 
-        }
92 
-        else {
93 
-            $this->handleAccessDenied($securityResult);
94 
-
95 
-            // Send the headers
96 
-            $this->sendResponseHeaders();
97 
-        }
98 
-    }
99 
-
100 
-    /**
101 
-     * Performs final tasks needed before rendering the page.
102 
-     */
103 
-    final public function finalisePage()
104 
-    {
105 
-        parent::finalisePage();
106 
-
107 
-        $database = $this->getDatabase();
108 
-        $currentUser = User::getCurrent($database);
109 
-
110 
-        // Load in the badges for the navbar
111 
-        $this->setUpNavBarBadges($currentUser, $database);
112 
-
113 
-        if ($this->barrierTest('viewSiteNotice', User::getCurrent($database), 'GlobalInfo')) {
114 
-            $siteNotice = SiteNotice::get($this->getDatabase());
115 
-            $siteNoticeHash = sha1($siteNotice);
116 
-
117 
-            if (WebRequest::testSiteNoticeCookieValue($siteNoticeHash)) {
118 
-                $this->assign('siteNoticeState', 'd-none');
119 
-            }
120 
-            else {
121 
-                $this->assign('siteNoticeState', 'd-block');
122 
-            }
123 
-
124 
-            $this->assign('siteNoticeText', $siteNotice);
125 
-            $this->assign('siteNoticeVersion', $siteNoticeHash);
126 
-        }
127 
-
128 
-        if ($this->barrierTest('viewOnlineUsers', User::getCurrent($database), 'GlobalInfo')) {
129 
-            $sql = 'SELECT * FROM user WHERE lastactive > DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL 5 MINUTE);';
130 
-            $statement = $database->query($sql);
131 
-            $activeUsers = $statement->fetchAll(PDO::FETCH_CLASS, User::class);
132 
-            $this->assign('onlineusers', $activeUsers);
133 
-        }
134 
-
135 
-        $this->setupNavMenuAccess($currentUser);
136 
-    }
137 
-
138 
-    /**
139 
-     * Configures whether the page respects roles or not. You probably want this to return true.
140 
-     *
141 
-     * Set to false for public pages. You probably want this to return true.
142 
-     *
143 
-     * This defaults to true unless you explicitly set it to false. Setting it to false means anybody can do anything
144 
-     * on this page, so you probably want this to return true.
145 
-     *
146 
-     * @return bool
147 
-     * @category Security-Critical
148 
-     */
149 
-    protected function isProtectedPage()
150 
-    {
151 
-        return true;
152 
-    }
153 
-
154 
-    protected function handleAccessDenied($denyReason)
155 
-    {
156 
-        $currentUser = User::getCurrent($this->getDatabase());
157 
-
158 
-        // Not allowed to access this resource.
159 
-        // Firstly, let's check if we're even logged in.
160 
-        if ($currentUser->isCommunityUser()) {
161 
-            // Not logged in, redirect to login page
162 
-            WebRequest::setPostLoginRedirect();
163 
-            $this->redirect("login");
164 
-
165 
-            return;
166 
-        }
167 
-        else {
168 
-            // Decide whether this was a rights failure, or an identification failure.
169 
-
170 
-            if ($denyReason === SecurityManager::ERROR_NOT_IDENTIFIED) {
171 
-                // Not identified
172 
-                throw new NotIdentifiedException($this->getSecurityManager(), $this->getDomainAccessManager());
173 
-            }
174 
-            elseif ($denyReason === SecurityManager::ERROR_DENIED) {
175 
-                // Nope, plain old access denied
176 
-                throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager());
177 
-            }
178 
-            else {
179 
-                throw new Exception('Unknown response from security manager.');
180 
-            }
181 
-        }
182 
-    }
183 
-
184 
-    /**
185 
-     * Tests the security barrier for a specified action.
186 
-     *
187 
-     * Don't use within templates
188 
-     *
189 
-     * @param string      $action
190 
-     *
191 
-     * @param User        $user
192 
-     * @param null|string $pageName
193 
-     *
194 
-     * @return bool
195 
-     * @category Security-Critical
196 
-     */
197 
-    final public function barrierTest($action, User $user, $pageName = null)
198 
-    {
199 
-        $page = get_called_class();
200 
-        if ($pageName !== null) {
201 
-            $page = $pageName;
202 
-        }
203 
-
204 
-        $securityResult = $this->getSecurityManager()->allows($page, $action, $user);
205 
-
206 
-        return $securityResult === SecurityManager::ALLOWED;
207 
-    }
208 
-
209 
-    /**
210 
-     * Updates the lastactive timestamp
211 
-     */
212 
-    private function touchUserLastActive()
213 
-    {
214 
-        if (WebRequest::getSessionUserId() !== null) {
215 
-            $query = 'UPDATE user SET lastactive = CURRENT_TIMESTAMP() WHERE id = :id;';
216 
-            $this->getDatabase()->prepare($query)->execute(array(":id" => WebRequest::getSessionUserId()));
217 
-        }
218 
-    }
219 
-
220 
-    /**
221 
-     * @return SecurityManager
222 
-     */
223 
-    public function getSecurityManager()
224 
-    {
225 
-        return $this->securityManager;
226 
-    }
227 
-
228 
-    /**
229 
-     * @param SecurityManager $securityManager
230 
-     */
231 
-    public function setSecurityManager(SecurityManager $securityManager)
232 
-    {
233 
-        $this->securityManager = $securityManager;
234 
-    }
235 
-
236 
-    /**
237 
-     * @return IBlacklistHelper
238 
-     */
239 
-    public function getBlacklistHelper()
240 
-    {
241 
-        return $this->blacklistHelper;
242 
-    }
243 
-
244 
-    /**
245 
-     * @param IBlacklistHelper $blacklistHelper
246 
-     */
247 
-    public function setBlacklistHelper(IBlacklistHelper $blacklistHelper)
248 
-    {
249 
-        $this->blacklistHelper = $blacklistHelper;
250 
-    }
251 
-
252 
-    /**
253 
-     * @return DomainAccessManager
254 
-     */
255 
-    public function getDomainAccessManager(): DomainAccessManager
256 
-    {
257 
-        return $this->domainAccessManager;
258 
-    }
259 
-
260 
-    /**
261 
-     * @param DomainAccessManager $domainAccessManager
262 
-     */
263 
-    public function setDomainAccessManager(DomainAccessManager $domainAccessManager): void
264 
-    {
265 
-        $this->domainAccessManager = $domainAccessManager;
266 
-    }
26 
+	use NavigationMenuAccessControl;
27 
+
28 
+	/** @var ITypeAheadHelper */
29 
+	private $typeAheadHelper;
30 
+	/** @var SecurityManager */
31 
+	private $securityManager;
32 
+	/** @var IBlacklistHelper */
33 
+	private $blacklistHelper;
34 
+	/** @var DomainAccessManager */
35 
+	private $domainAccessManager;
36 
+
37 
+	/**
38 
+	 * @return ITypeAheadHelper
39 
+	 */
40 
+	public function getTypeAheadHelper()
41 
+	{
42 
+		return $this->typeAheadHelper;
43 
+	}
44 
+
45 
+	/**
46 
+	 * @param ITypeAheadHelper $typeAheadHelper
47 
+	 */
48 
+	public function setTypeAheadHelper(ITypeAheadHelper $typeAheadHelper)
49 
+	{
50 
+		$this->typeAheadHelper = $typeAheadHelper;
51 
+	}
52 
+
53 
+	/**
54 
+	 * Runs the page code
55 
+	 *
56 
+	 * @throws Exception
57 
+	 * @category Security-Critical
58 
+	 */
59 
+	final public function execute()
60 
+	{
61 
+		if ($this->getRouteName() === null) {
62 
+			throw new Exception("Request is unrouted.");
63 
+		}
64 
+
65 
+		if ($this->getSiteConfiguration() === null) {
66 
+			throw new Exception("Page has no configuration!");
67 
+		}
68 
+
69 
+		$this->setupPage();
70 
+
71 
+		$this->touchUserLastActive();
72 
+
73 
+		$currentUser = User::getCurrent($this->getDatabase());
74 
+
75 
+		// Hey, this is also a security barrier, in addition to the below. Separated out for readability.
76 
+		if (!$this->isProtectedPage()) {
77 
+			// This page is /not/ a protected page, as such we can just run it.
78 
+			$this->runPage();
79 
+
80 
+			return;
81 
+		}
82 
+
83 
+		// Security barrier.
84 
+		//
85 
+		// This code essentially doesn't care if the user is logged in or not, as the security manager hides all that
86 
+		// away for us
87 
+		$securityResult = $this->getSecurityManager()->allows(get_called_class(), $this->getRouteName(), $currentUser);
88 
+		if ($securityResult === SecurityManager::ALLOWED) {
89 
+			// We're allowed to run the page, so let's run it.
90 
+			$this->runPage();
91 
+		}
92 
+		else {
93 
+			$this->handleAccessDenied($securityResult);
94 
+
95 
+			// Send the headers
96 
+			$this->sendResponseHeaders();
97 
+		}
98 
+	}
99 
+
100 
+	/**
101 
+	 * Performs final tasks needed before rendering the page.
102 
+	 */
103 
+	final public function finalisePage()
104 
+	{
105 
+		parent::finalisePage();
106 
+
107 
+		$database = $this->getDatabase();
108 
+		$currentUser = User::getCurrent($database);
109 
+
110 
+		// Load in the badges for the navbar
111 
+		$this->setUpNavBarBadges($currentUser, $database);
112 
+
113 
+		if ($this->barrierTest('viewSiteNotice', User::getCurrent($database), 'GlobalInfo')) {
114 
+			$siteNotice = SiteNotice::get($this->getDatabase());
115 
+			$siteNoticeHash = sha1($siteNotice);
116 
+
117 
+			if (WebRequest::testSiteNoticeCookieValue($siteNoticeHash)) {
118 
+				$this->assign('siteNoticeState', 'd-none');
119 
+			}
120 
+			else {
121 
+				$this->assign('siteNoticeState', 'd-block');
122 
+			}
123 
+
124 
+			$this->assign('siteNoticeText', $siteNotice);
125 
+			$this->assign('siteNoticeVersion', $siteNoticeHash);
126 
+		}
127 
+
128 
+		if ($this->barrierTest('viewOnlineUsers', User::getCurrent($database), 'GlobalInfo')) {
129 
+			$sql = 'SELECT * FROM user WHERE lastactive > DATE_SUB(CURRENT_TIMESTAMP(), INTERVAL 5 MINUTE);';
130 
+			$statement = $database->query($sql);
131 
+			$activeUsers = $statement->fetchAll(PDO::FETCH_CLASS, User::class);
132 
+			$this->assign('onlineusers', $activeUsers);
133 
+		}
134 
+
135 
+		$this->setupNavMenuAccess($currentUser);
136 
+	}
137 
+
138 
+	/**
139 
+	 * Configures whether the page respects roles or not. You probably want this to return true.
140 
+	 *
141 
+	 * Set to false for public pages. You probably want this to return true.
142 
+	 *
143 
+	 * This defaults to true unless you explicitly set it to false. Setting it to false means anybody can do anything
144 
+	 * on this page, so you probably want this to return true.
145 
+	 *
146 
+	 * @return bool
147 
+	 * @category Security-Critical
148 
+	 */
149 
+	protected function isProtectedPage()
150 
+	{
151 
+		return true;
152 
+	}
153 
+
154 
+	protected function handleAccessDenied($denyReason)
155 
+	{
156 
+		$currentUser = User::getCurrent($this->getDatabase());
157 
+
158 
+		// Not allowed to access this resource.
159 
+		// Firstly, let's check if we're even logged in.
160 
+		if ($currentUser->isCommunityUser()) {
161 
+			// Not logged in, redirect to login page
162 
+			WebRequest::setPostLoginRedirect();
163 
+			$this->redirect("login");
164 
+
165 
+			return;
166 
+		}
167 
+		else {
168 
+			// Decide whether this was a rights failure, or an identification failure.
169 
+
170 
+			if ($denyReason === SecurityManager::ERROR_NOT_IDENTIFIED) {
171 
+				// Not identified
172 
+				throw new NotIdentifiedException($this->getSecurityManager(), $this->getDomainAccessManager());
173 
+			}
174 
+			elseif ($denyReason === SecurityManager::ERROR_DENIED) {
175 
+				// Nope, plain old access denied
176 
+				throw new AccessDeniedException($this->getSecurityManager(), $this->getDomainAccessManager());
177 
+			}
178 
+			else {
179 
+				throw new Exception('Unknown response from security manager.');
180 
+			}
181 
+		}
182 
+	}
183 
+
184 
+	/**
185 
+	 * Tests the security barrier for a specified action.
186 
+	 *
187 
+	 * Don't use within templates
188 
+	 *
189 
+	 * @param string      $action
190 
+	 *
191 
+	 * @param User        $user
192 
+	 * @param null|string $pageName
193 
+	 *
194 
+	 * @return bool
195 
+	 * @category Security-Critical
196 
+	 */
197 
+	final public function barrierTest($action, User $user, $pageName = null)
198 
+	{
199 
+		$page = get_called_class();
200 
+		if ($pageName !== null) {
201 
+			$page = $pageName;
202 
+		}
203 
+
204 
+		$securityResult = $this->getSecurityManager()->allows($page, $action, $user);
205 
+
206 
+		return $securityResult === SecurityManager::ALLOWED;
207 
+	}
208 
+
209 
+	/**
210 
+	 * Updates the lastactive timestamp
211 
+	 */
212 
+	private function touchUserLastActive()
213 
+	{
214 
+		if (WebRequest::getSessionUserId() !== null) {
215 
+			$query = 'UPDATE user SET lastactive = CURRENT_TIMESTAMP() WHERE id = :id;';
216 
+			$this->getDatabase()->prepare($query)->execute(array(":id" => WebRequest::getSessionUserId()));
217 
+		}
218 
+	}
219 
+
220 
+	/**
221 
+	 * @return SecurityManager
222 
+	 */
223 
+	public function getSecurityManager()
224 
+	{
225 
+		return $this->securityManager;
226 
+	}
227 
+
228 
+	/**
229 
+	 * @param SecurityManager $securityManager
230 
+	 */
231 
+	public function setSecurityManager(SecurityManager $securityManager)
232 
+	{
233 
+		$this->securityManager = $securityManager;
234 
+	}
235 
+
236 
+	/**
237 
+	 * @return IBlacklistHelper
238 
+	 */
239 
+	public function getBlacklistHelper()
240 
+	{
241 
+		return $this->blacklistHelper;
242 
+	}
243 
+
244 
+	/**
245 
+	 * @param IBlacklistHelper $blacklistHelper
246 
+	 */
247 
+	public function setBlacklistHelper(IBlacklistHelper $blacklistHelper)
248 
+	{
249 
+		$this->blacklistHelper = $blacklistHelper;
250 
+	}
251 
+
252 
+	/**
253 
+	 * @return DomainAccessManager
254 
+	 */
255 
+	public function getDomainAccessManager(): DomainAccessManager
256 
+	{
257 
+		return $this->domainAccessManager;
258 
+	}
259 
+
260 
+	/**
261 
+	 * @param DomainAccessManager $domainAccessManager
262 
+	 */
263 
+	public function setDomainAccessManager(DomainAccessManager $domainAccessManager): void
264 
+	{
265 
+		$this->domainAccessManager = $domainAccessManager;
266 
+	}
267 267 
 }
Please login to merge, or discard this patch.
includes/Tasks/PageBase.php 1 patch
Indentation   +372 added lines, -372 removed lines patch added patch discarded remove patch 
@@ -23,376 +23,376 @@
 
 block discarded – undo
23 23
24 24 
 abstract class PageBase extends TaskBase implements IRoutedTask
25 25 
 {
26 
-    use TemplateOutput;
27 
-    /** @var string Smarty template to display */
28 
-    protected $template = "base.tpl";
29 
-    /** @var string HTML title. Currently unused. */
30 
-    protected $htmlTitle;
31 
-    /** @var bool Determines if the page is a redirect or not */
32 
-    protected $isRedirecting = false;
33 
-    /** @var array Queue of headers to be sent on successful completion */
34 
-    protected $headerQueue = array();
35 
-    /** @var string The name of the route to use, as determined by the request router. */
36 
-    private $routeName = null;
37 
-    /** @var TokenManager */
38 
-    protected $tokenManager;
39 
-    /** @var ContentSecurityPolicyManager */
40 
-    private $cspManager;
41 
-    /** @var string[] Extra JS files to include */
42 
-    private $extraJs = array();
43 
-    /** @var bool Don't show (and hence clear) session alerts when this page is displayed  */
44 
-    private $hideAlerts = false;
45 
-
46 
-    /**
47 
-     * Sets the route the request will take. Only should be called from the request router or barrier test.
48 
-     *
49 
-     * @param string $routeName        The name of the route
50 
-     * @param bool   $skipCallableTest Don't use this unless you know what you're doing, and what the implications are.
51 
-     *
52 
-     * @throws Exception
53 
-     * @category Security-Critical
54 
-     */
55 
-    final public function setRoute($routeName, $skipCallableTest = false)
56 
-    {
57 
-        // Test the new route is callable before adopting it.
58 
-        if (!$skipCallableTest && !is_callable(array($this, $routeName))) {
59 
-            throw new Exception("Proposed route '$routeName' is not callable.");
60 
-        }
61 
-
62 
-        // Adopt the new route
63 
-        $this->routeName = $routeName;
64 
-    }
65 
-
66 
-    /**
67 
-     * Gets the name of the route that has been passed from the request router.
68 
-     * @return string
69 
-     */
70 
-    final public function getRouteName()
71 
-    {
72 
-        return $this->routeName;
73 
-    }
74 
-
75 
-    /**
76 
-     * Performs generic page setup actions
77 
-     */
78 
-    final protected function setupPage()
79 
-    {
80 
-        $this->setUpSmarty();
81 
-
82 
-        $currentUser = User::getCurrent($this->getDatabase());
83 
-        $this->assign('currentUser', $currentUser);
84 
-        $this->assign('currentDomain', Domain::getCurrent($this->getDatabase()));
85 
-        $this->assign('loggedIn', (!$currentUser->isCommunityUser()));
86 
-    }
87 
-
88 
-    /**
89 
-     * Runs the page logic as routed by the RequestRouter
90 
-     *
91 
-     * Only should be called after a security barrier! That means only from execute().
92 
-     */
93 
-    final protected function runPage()
94 
-    {
95 
-        $database = $this->getDatabase();
96 
-
97 
-        // initialise a database transaction
98 
-        if (!$database->beginTransaction()) {
99 
-            throw new Exception('Failed to start transaction on primary database.');
100 
-        }
101 
-
102 
-        try {
103 
-            // run the page code
104 
-            $this->{$this->getRouteName()}();
105 
-
106 
-            $database->commit();
107 
-        }
108 
-        /** @noinspection PhpRedundantCatchClauseInspection */
109 
-        catch (ApplicationLogicException $ex) {
110 
-            // it's an application logic exception, so nothing went seriously wrong with the site. We can use the
111 
-            // standard templating system for this.
112 
-
113 
-            // Firstly, let's undo anything that happened to the database.
114 
-            $database->rollBack();
115 
-
116 
-            // Reset smarty
117 
-            $this->setupPage();
118 
-
119 
-            $this->skipAlerts();
120 
-
121 
-            // Set the template
122 
-            $this->setTemplate('exception/application-logic.tpl');
123 
-            $this->assign('message', $ex->getMessage());
124 
-
125 
-            // Force this back to false
126 
-            $this->isRedirecting = false;
127 
-            $this->headerQueue = array();
128 
-        }
129 
-        /** @noinspection PhpRedundantCatchClauseInspection */
130 
-        catch (OptimisticLockFailedException $ex) {
131 
-            // it's an optimistic lock failure exception, so nothing went seriously wrong with the site. We can use the
132 
-            // standard templating system for this.
133 
-
134 
-            // Firstly, let's undo anything that happened to the database.
135 
-            $database->rollBack();
136 
-
137 
-            // Reset smarty
138 
-            $this->setupPage();
139 
-
140 
-            // Set the template
141 
-            $this->skipAlerts();
142 
-            $this->setTemplate('exception/optimistic-lock-failure.tpl');
143 
-            $this->assign('message', $ex->getMessage());
144 
-
145 
-            $this->assign('debugTrace', false);
146 
-
147 
-            if ($this->getSiteConfiguration()->getDebuggingTraceEnabled()) {
148 
-                ob_start();
149 
-                var_dump(ExceptionHandler::getExceptionData($ex));
150 
-                $textErrorData = ob_get_contents();
151 
-                ob_end_clean();
152 
-
153 
-                $this->assign('exceptionData', $textErrorData);
154 
-                $this->assign('debugTrace', true);
155 
-            }
156 
-
157 
-            // Force this back to false
158 
-            $this->isRedirecting = false;
159 
-            $this->headerQueue = array();
160 
-        }
161 
-        finally {
162 
-            // Catch any hanging on transactions
163 
-            if ($database->hasActiveTransaction()) {
164 
-                $database->rollBack();
165 
-            }
166 
-        }
167 
-
168 
-        // run any finalisation code needed before we send the output to the browser.
169 
-        $this->finalisePage();
170 
-
171 
-        // Send the headers
172 
-        $this->sendResponseHeaders();
173 
-
174 
-        // Check we have a template to use!
175 
-        if ($this->template !== null) {
176 
-            $content = $this->fetchTemplate($this->template);
177 
-            ob_clean();
178 
-            print($content);
179 
-            ob_flush();
180 
-
181 
-            return;
182 
-        }
183 
-    }
184 
-
185 
-    /**
186 
-     * Performs final tasks needed before rendering the page.
187 
-     */
188 
-    protected function finalisePage()
189 
-    {
190 
-        if ($this->isRedirecting) {
191 
-            $this->template = null;
192 
-
193 
-            return;
194 
-        }
195 
-
196 
-        $this->assign('extraJs', $this->extraJs);
197 
-
198 
-        if (!$this->hideAlerts) {
199 
-            // If we're actually displaying content, we want to add the session alerts here!
200 
-            $this->assign('alerts', SessionAlert::getAlerts());
201 
-            SessionAlert::clearAlerts();
202 
-        }
203 
-
204 
-        $this->assign('htmlTitle', $this->htmlTitle);
205 
-    }
206 
-
207 
-    /**
208 
-     * @return TokenManager
209 
-     */
210 
-    public function getTokenManager()
211 
-    {
212 
-        return $this->tokenManager;
213 
-    }
214 
-
215 
-    /**
216 
-     * @param TokenManager $tokenManager
217 
-     */
218 
-    public function setTokenManager($tokenManager)
219 
-    {
220 
-        $this->tokenManager = $tokenManager;
221 
-    }
222 
-
223 
-    /**
224 
-     * @return ContentSecurityPolicyManager
225 
-     */
226 
-    public function getCspManager(): ContentSecurityPolicyManager
227 
-    {
228 
-        return $this->cspManager;
229 
-    }
230 
-
231 
-    /**
232 
-     * @param ContentSecurityPolicyManager $cspManager
233 
-     */
234 
-    public function setCspManager(ContentSecurityPolicyManager $cspManager): void
235 
-    {
236 
-        $this->cspManager = $cspManager;
237 
-    }
238 
-
239 
-    /**
240 
-     * Skip the display of session alerts in this page
241 
-     */
242 
-    public function skipAlerts(): void
243 
-    {
244 
-        $this->hideAlerts = true;
245 
-    }
246 
-
247 
-    /**
248 
-     * Sends the redirect headers to perform a GET at the destination page.
249 
-     *
250 
-     * Also nullifies the set template so Smarty does not render it.
251 
-     *
252 
-     * @param string      $page   The page to redirect requests to (as used in the UR)
253 
-     * @param null|string $action The action to use on the page.
254 
-     * @param null|array  $parameters
255 
-     * @param null|string $script The script (relative to index.php) to redirect to
256 
-     */
257 
-    final protected function redirect($page = '', $action = null, $parameters = null, $script = null)
258 
-    {
259 
-        $currentScriptName = WebRequest::scriptName();
260 
-
261 
-        // Are we changing script?
262 
-        if ($script === null || substr($currentScriptName, -1 * count($script)) === $script) {
263 
-            $targetScriptName = $currentScriptName;
264 
-        }
265 
-        else {
266 
-            $targetScriptName = $this->getSiteConfiguration()->getBaseUrl() . '/' . $script;
267 
-        }
268 
-
269 
-        $pathInfo = array($targetScriptName);
270 
-
271 
-        $pathInfo[1] = $page;
272 
-
273 
-        if ($action !== null) {
274 
-            $pathInfo[2] = $action;
275 
-        }
276 
-
277 
-        $url = implode('/', $pathInfo);
278 
-
279 
-        if (is_array($parameters) && count($parameters) > 0) {
280 
-            $url .= '?' . http_build_query($parameters);
281 
-        }
282 
-
283 
-        $this->redirectUrl($url);
284 
-    }
285 
-
286 
-    /**
287 
-     * Sends the redirect headers to perform a GET at the new address.
288 
-     *
289 
-     * Also nullifies the set template so Smarty does not render it.
290 
-     *
291 
-     * @param string $path URL to redirect to
292 
-     */
293 
-    final protected function redirectUrl($path)
294 
-    {
295 
-        // 303 See Other = re-request at new address with a GET.
296 
-        $this->headerQueue[] = 'HTTP/1.1 303 See Other';
297 
-        $this->headerQueue[] = "Location: $path";
298 
-
299 
-        $this->setTemplate(null);
300 
-        $this->isRedirecting = true;
301 
-    }
302 
-
303 
-    /**
304 
-     * Sets the name of the template this page should display.
305 
-     *
306 
-     * @param string $name
307 
-     *
308 
-     * @throws Exception
309 
-     */
310 
-    final protected function setTemplate($name)
311 
-    {
312 
-        if ($this->isRedirecting) {
313 
-            throw new Exception('This page has been set as a redirect, no template can be displayed!');
314 
-        }
315 
-
316 
-        $this->template = $name;
317 
-    }
318 
-
319 
-    /**
320 
-     * Adds an extra JS file to to the page
321 
-     *
322 
-     * @param string $path The path (relative to the application root) of the file
323 
-     */
324 
-    final protected function addJs($path)
325 
-    {
326 
-        if (in_array($path, $this->extraJs)) {
327 
-            // nothing to do
328 
-            return;
329 
-        }
330 
-
331 
-        $this->extraJs[] = $path;
332 
-    }
333 
-
334 
-    /**
335 
-     * Main function for this page, when no specific actions are called.
336 
-     * @return void
337 
-     */
338 
-    abstract protected function main();
339 
-
340 
-    /**
341 
-     * Takes a smarty template string and sets the HTML title to that value
342 
-     *
343 
-     * @param string $title
344 
-     *
345 
-     * @throws SmartyException
346 
-     */
347 
-    final protected function setHtmlTitle($title)
348 
-    {
349 
-        $this->htmlTitle = $this->smarty->fetch('string:' . $title);
350 
-    }
351 
-
352 
-    public function execute()
353 
-    {
354 
-        if ($this->getRouteName() === null) {
355 
-            throw new Exception('Request is unrouted.');
356 
-        }
357 
-
358 
-        if ($this->getSiteConfiguration() === null) {
359 
-            throw new Exception('Page has no configuration!');
360 
-        }
361 
-
362 
-        $this->setupPage();
363 
-
364 
-        $this->runPage();
365 
-    }
366 
-
367 
-    public function assignCSRFToken()
368 
-    {
369 
-        $token = $this->tokenManager->getNewToken();
370 
-        $this->assign('csrfTokenData', $token->getTokenData());
371 
-    }
372 
-
373 
-    public function validateCSRFToken()
374 
-    {
375 
-        if (!$this->tokenManager->validateToken(WebRequest::postString('csrfTokenData'))) {
376 
-            throw new ApplicationLogicException('Form token is not valid, please reload and try again');
377 
-        }
378 
-    }
379 
-
380 
-    protected function sendResponseHeaders()
381 
-    {
382 
-        if (headers_sent()) {
383 
-            throw new ApplicationLogicException('Headers have already been sent! This is likely a bug in the application.');
384 
-        }
385 
-
386 
-        // send the CSP headers now
387 
-        header($this->getCspManager()->getHeader());
388 
-
389 
-        foreach ($this->headerQueue as $item) {
390 
-            if (mb_strpos($item, "\r") !== false || mb_strpos($item, "\n") !== false) {
391 
-                // Oops. We're not allowed to do this.
392 
-                throw new Exception('Unable to split header');
393 
-            }
394 
-
395 
-            header($item);
396 
-        }
397 
-    }
26 
+	use TemplateOutput;
27 
+	/** @var string Smarty template to display */
28 
+	protected $template = "base.tpl";
29 
+	/** @var string HTML title. Currently unused. */
30 
+	protected $htmlTitle;
31 
+	/** @var bool Determines if the page is a redirect or not */
32 
+	protected $isRedirecting = false;
33 
+	/** @var array Queue of headers to be sent on successful completion */
34 
+	protected $headerQueue = array();
35 
+	/** @var string The name of the route to use, as determined by the request router. */
36 
+	private $routeName = null;
37 
+	/** @var TokenManager */
38 
+	protected $tokenManager;
39 
+	/** @var ContentSecurityPolicyManager */
40 
+	private $cspManager;
41 
+	/** @var string[] Extra JS files to include */
42 
+	private $extraJs = array();
43 
+	/** @var bool Don't show (and hence clear) session alerts when this page is displayed  */
44 
+	private $hideAlerts = false;
45 
+
46 
+	/**
47 
+	 * Sets the route the request will take. Only should be called from the request router or barrier test.
48 
+	 *
49 
+	 * @param string $routeName        The name of the route
50 
+	 * @param bool   $skipCallableTest Don't use this unless you know what you're doing, and what the implications are.
51 
+	 *
52 
+	 * @throws Exception
53 
+	 * @category Security-Critical
54 
+	 */
55 
+	final public function setRoute($routeName, $skipCallableTest = false)
56 
+	{
57 
+		// Test the new route is callable before adopting it.
58 
+		if (!$skipCallableTest && !is_callable(array($this, $routeName))) {
59 
+			throw new Exception("Proposed route '$routeName' is not callable.");
60 
+		}
61 
+
62 
+		// Adopt the new route
63 
+		$this->routeName = $routeName;
64 
+	}
65 
+
66 
+	/**
67 
+	 * Gets the name of the route that has been passed from the request router.
68 
+	 * @return string
69 
+	 */
70 
+	final public function getRouteName()
71 
+	{
72 
+		return $this->routeName;
73 
+	}
74 
+
75 
+	/**
76 
+	 * Performs generic page setup actions
77 
+	 */
78 
+	final protected function setupPage()
79 
+	{
80 
+		$this->setUpSmarty();
81 
+
82 
+		$currentUser = User::getCurrent($this->getDatabase());
83 
+		$this->assign('currentUser', $currentUser);
84 
+		$this->assign('currentDomain', Domain::getCurrent($this->getDatabase()));
85 
+		$this->assign('loggedIn', (!$currentUser->isCommunityUser()));
86 
+	}
87 
+
88 
+	/**
89 
+	 * Runs the page logic as routed by the RequestRouter
90 
+	 *
91 
+	 * Only should be called after a security barrier! That means only from execute().
92 
+	 */
93 
+	final protected function runPage()
94 
+	{
95 
+		$database = $this->getDatabase();
96 
+
97 
+		// initialise a database transaction
98 
+		if (!$database->beginTransaction()) {
99 
+			throw new Exception('Failed to start transaction on primary database.');
100 
+		}
101 
+
102 
+		try {
103 
+			// run the page code
104 
+			$this->{$this->getRouteName()}();
105 
+
106 
+			$database->commit();
107 
+		}
108 
+		/** @noinspection PhpRedundantCatchClauseInspection */
109 
+		catch (ApplicationLogicException $ex) {
110 
+			// it's an application logic exception, so nothing went seriously wrong with the site. We can use the
111 
+			// standard templating system for this.
112 
+
113 
+			// Firstly, let's undo anything that happened to the database.
114 
+			$database->rollBack();
115 
+
116 
+			// Reset smarty
117 
+			$this->setupPage();
118 
+
119 
+			$this->skipAlerts();
120 
+
121 
+			// Set the template
122 
+			$this->setTemplate('exception/application-logic.tpl');
123 
+			$this->assign('message', $ex->getMessage());
124 
+
125 
+			// Force this back to false
126 
+			$this->isRedirecting = false;
127 
+			$this->headerQueue = array();
128 
+		}
129 
+		/** @noinspection PhpRedundantCatchClauseInspection */
130 
+		catch (OptimisticLockFailedException $ex) {
131 
+			// it's an optimistic lock failure exception, so nothing went seriously wrong with the site. We can use the
132 
+			// standard templating system for this.
133 
+
134 
+			// Firstly, let's undo anything that happened to the database.
135 
+			$database->rollBack();
136 
+
137 
+			// Reset smarty
138 
+			$this->setupPage();
139 
+
140 
+			// Set the template
141 
+			$this->skipAlerts();
142 
+			$this->setTemplate('exception/optimistic-lock-failure.tpl');
143 
+			$this->assign('message', $ex->getMessage());
144 
+
145 
+			$this->assign('debugTrace', false);
146 
+
147 
+			if ($this->getSiteConfiguration()->getDebuggingTraceEnabled()) {
148 
+				ob_start();
149 
+				var_dump(ExceptionHandler::getExceptionData($ex));
150 
+				$textErrorData = ob_get_contents();
151 
+				ob_end_clean();
152 
+
153 
+				$this->assign('exceptionData', $textErrorData);
154 
+				$this->assign('debugTrace', true);
155 
+			}
156 
+
157 
+			// Force this back to false
158 
+			$this->isRedirecting = false;
159 
+			$this->headerQueue = array();
160 
+		}
161 
+		finally {
162 
+			// Catch any hanging on transactions
163 
+			if ($database->hasActiveTransaction()) {
164 
+				$database->rollBack();
165 
+			}
166 
+		}
167 
+
168 
+		// run any finalisation code needed before we send the output to the browser.
169 
+		$this->finalisePage();
170 
+
171 
+		// Send the headers
172 
+		$this->sendResponseHeaders();
173 
+
174 
+		// Check we have a template to use!
175 
+		if ($this->template !== null) {
176 
+			$content = $this->fetchTemplate($this->template);
177 
+			ob_clean();
178 
+			print($content);
179 
+			ob_flush();
180 
+
181 
+			return;
182 
+		}
183 
+	}
184 
+
185 
+	/**
186 
+	 * Performs final tasks needed before rendering the page.
187 
+	 */
188 
+	protected function finalisePage()
189 
+	{
190 
+		if ($this->isRedirecting) {
191 
+			$this->template = null;
192 
+
193 
+			return;
194 
+		}
195 
+
196 
+		$this->assign('extraJs', $this->extraJs);
197 
+
198 
+		if (!$this->hideAlerts) {
199 
+			// If we're actually displaying content, we want to add the session alerts here!
200 
+			$this->assign('alerts', SessionAlert::getAlerts());
201 
+			SessionAlert::clearAlerts();
202 
+		}
203 
+
204 
+		$this->assign('htmlTitle', $this->htmlTitle);
205 
+	}
206 
+
207 
+	/**
208 
+	 * @return TokenManager
209 
+	 */
210 
+	public function getTokenManager()
211 
+	{
212 
+		return $this->tokenManager;
213 
+	}
214 
+
215 
+	/**
216 
+	 * @param TokenManager $tokenManager
217 
+	 */
218 
+	public function setTokenManager($tokenManager)
219 
+	{
220 
+		$this->tokenManager = $tokenManager;
221 
+	}
222 
+
223 
+	/**
224 
+	 * @return ContentSecurityPolicyManager
225 
+	 */
226 
+	public function getCspManager(): ContentSecurityPolicyManager
227 
+	{
228 
+		return $this->cspManager;
229 
+	}
230 
+
231 
+	/**
232 
+	 * @param ContentSecurityPolicyManager $cspManager
233 
+	 */
234 
+	public function setCspManager(ContentSecurityPolicyManager $cspManager): void
235 
+	{
236 
+		$this->cspManager = $cspManager;
237 
+	}
238 
+
239 
+	/**
240 
+	 * Skip the display of session alerts in this page
241 
+	 */
242 
+	public function skipAlerts(): void
243 
+	{
244 
+		$this->hideAlerts = true;
245 
+	}
246 
+
247 
+	/**
248 
+	 * Sends the redirect headers to perform a GET at the destination page.
249 
+	 *
250 
+	 * Also nullifies the set template so Smarty does not render it.
251 
+	 *
252 
+	 * @param string      $page   The page to redirect requests to (as used in the UR)
253 
+	 * @param null|string $action The action to use on the page.
254 
+	 * @param null|array  $parameters
255 
+	 * @param null|string $script The script (relative to index.php) to redirect to
256 
+	 */
257 
+	final protected function redirect($page = '', $action = null, $parameters = null, $script = null)
258 
+	{
259 
+		$currentScriptName = WebRequest::scriptName();
260 
+
261 
+		// Are we changing script?
262 
+		if ($script === null || substr($currentScriptName, -1 * count($script)) === $script) {
263 
+			$targetScriptName = $currentScriptName;
264 
+		}
265 
+		else {
266 
+			$targetScriptName = $this->getSiteConfiguration()->getBaseUrl() . '/' . $script;
267 
+		}
268 
+
269 
+		$pathInfo = array($targetScriptName);
270 
+
271 
+		$pathInfo[1] = $page;
272 
+
273 
+		if ($action !== null) {
274 
+			$pathInfo[2] = $action;
275 
+		}
276 
+
277 
+		$url = implode('/', $pathInfo);
278 
+
279 
+		if (is_array($parameters) && count($parameters) > 0) {
280 
+			$url .= '?' . http_build_query($parameters);
281 
+		}
282 
+
283 
+		$this->redirectUrl($url);
284 
+	}
285 
+
286 
+	/**
287 
+	 * Sends the redirect headers to perform a GET at the new address.
288 
+	 *
289 
+	 * Also nullifies the set template so Smarty does not render it.
290 
+	 *
291 
+	 * @param string $path URL to redirect to
292 
+	 */
293 
+	final protected function redirectUrl($path)
294 
+	{
295 
+		// 303 See Other = re-request at new address with a GET.
296 
+		$this->headerQueue[] = 'HTTP/1.1 303 See Other';
297 
+		$this->headerQueue[] = "Location: $path";
298 
+
299 
+		$this->setTemplate(null);
300 
+		$this->isRedirecting = true;
301 
+	}
302 
+
303 
+	/**
304 
+	 * Sets the name of the template this page should display.
305 
+	 *
306 
+	 * @param string $name
307 
+	 *
308 
+	 * @throws Exception
309 
+	 */
310 
+	final protected function setTemplate($name)
311 
+	{
312 
+		if ($this->isRedirecting) {
313 
+			throw new Exception('This page has been set as a redirect, no template can be displayed!');
314 
+		}
315 
+
316 
+		$this->template = $name;
317 
+	}
318 
+
319 
+	/**
320 
+	 * Adds an extra JS file to to the page
321 
+	 *
322 
+	 * @param string $path The path (relative to the application root) of the file
323 
+	 */
324 
+	final protected function addJs($path)
325 
+	{
326 
+		if (in_array($path, $this->extraJs)) {
327 
+			// nothing to do
328 
+			return;
329 
+		}
330 
+
331 
+		$this->extraJs[] = $path;
332 
+	}
333 
+
334 
+	/**
335 
+	 * Main function for this page, when no specific actions are called.
336 
+	 * @return void
337 
+	 */
338 
+	abstract protected function main();
339 
+
340 
+	/**
341 
+	 * Takes a smarty template string and sets the HTML title to that value
342 
+	 *
343 
+	 * @param string $title
344 
+	 *
345 
+	 * @throws SmartyException
346 
+	 */
347 
+	final protected function setHtmlTitle($title)
348 
+	{
349 
+		$this->htmlTitle = $this->smarty->fetch('string:' . $title);
350 
+	}
351 
+
352 
+	public function execute()
353 
+	{
354 
+		if ($this->getRouteName() === null) {
355 
+			throw new Exception('Request is unrouted.');
356 
+		}
357 
+
358 
+		if ($this->getSiteConfiguration() === null) {
359 
+			throw new Exception('Page has no configuration!');
360 
+		}
361 
+
362 
+		$this->setupPage();
363 
+
364 
+		$this->runPage();
365 
+	}
366 
+
367 
+	public function assignCSRFToken()
368 
+	{
369 
+		$token = $this->tokenManager->getNewToken();
370 
+		$this->assign('csrfTokenData', $token->getTokenData());
371 
+	}
372 
+
373 
+	public function validateCSRFToken()
374 
+	{
375 
+		if (!$this->tokenManager->validateToken(WebRequest::postString('csrfTokenData'))) {
376 
+			throw new ApplicationLogicException('Form token is not valid, please reload and try again');
377 
+		}
378 
+	}
379 
+
380 
+	protected function sendResponseHeaders()
381 
+	{
382 
+		if (headers_sent()) {
383 
+			throw new ApplicationLogicException('Headers have already been sent! This is likely a bug in the application.');
384 
+		}
385 
+
386 
+		// send the CSP headers now
387 
+		header($this->getCspManager()->getHeader());
388 
+
389 
+		foreach ($this->headerQueue as $item) {
390 
+			if (mb_strpos($item, "\r") !== false || mb_strpos($item, "\n") !== false) {
391 
+				// Oops. We're not allowed to do this.
392 
+				throw new Exception('Unable to split header');
393 
+			}
394 
+
395 
+			header($item);
396 
+		}
397 
+	}
398 398 
 }
Please login to merge, or discard this patch.
includes/Fragments/RequestData.php 1 patch
Indentation   +339 added lines, -339 removed lines patch added patch discarded remove patch 
@@ -26,343 +26,343 @@
 
 block discarded – undo
26 26
27 27 
 trait RequestData
28 28 
 {
29 
-    /** @return SiteConfiguration */
30 
-    protected abstract function getSiteConfiguration();
31 
-
32 
-    /**
33 
-     * @var array Array of IP address classed as 'private' by RFC1918.
34 
-     */
35 
-    protected static $rfc1918ips = array(
36 
-        "10.0.0.0"    => "10.255.255.255",
37 
-        "172.16.0.0"  => "172.31.255.255",
38 
-        "192.168.0.0" => "192.168.255.255",
39 
-        "169.254.0.0" => "169.254.255.255",
40 
-        "127.0.0.0"   => "127.255.255.255",
41 
-    );
42 
-
43 
-    /**
44 
-     * Gets a request object
45 
-     *
46 
-     * @param PdoDatabase $database  The database connection
47 
-     * @param int|null    $requestId The ID of the request to retrieve
48 
-     *
49 
-     * @return Request
50 
-     * @throws ApplicationLogicException
51 
-     */
52 
-    protected function getRequest(PdoDatabase $database, $requestId)
53 
-    {
54 
-        if ($requestId === null) {
55 
-            throw new ApplicationLogicException("No request specified");
56 
-        }
57 
-
58 
-        $request = Request::getById($requestId, $database);
59 
-        if ($request === false || !is_a($request, Request::class)) {
60 
-            throw new ApplicationLogicException('Could not load the requested request!');
61 
-        }
62 
-
63 
-        return $request;
64 
-    }
65 
-
66 
-    /**
67 
-     * Returns a value stating whether the user is allowed to see private data or not
68 
-     *
69 
-     * @param Request $request
70 
-     * @param User    $currentUser
71 
-     *
72 
-     * @return bool
73 
-     * @category Security-Critical
74 
-     */
75 
-    protected function isAllowedPrivateData(Request $request, User $currentUser)
76 
-    {
77 
-        // Test the main security barrier for private data access using SecurityManager
78 
-        if ($this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData')) {
79 
-            // Tool admins/check-users can always see private data
80 
-            return true;
81 
-        }
82 
-
83 
-        // reserving user is allowed to see the data
84 
-        if ($currentUser->getId() === $request->getReserved()
85 
-            && $request->getReserved() !== null
86 
-            && $this->barrierTest('seePrivateDataWhenReserved', $currentUser, 'RequestData')
87 
-        ) {
88 
-            return true;
89 
-        }
90 
-
91 
-        // user has the reveal hash
92 
-        if (WebRequest::getString('hash') === $request->getRevealHash()
93 
-            && $this->barrierTest('seePrivateDataWithHash', $currentUser, 'RequestData')
94 
-        ) {
95 
-            return true;
96 
-        }
97 
-
98 
-        // nope. Not allowed.
99 
-        return false;
100 
-    }
101 
-
102 
-    /**
103 
-     * Tests the security barrier for a specified action.
104 
-     *
105 
-     * Don't use within templates
106 
-     *
107 
-     * @param string      $action
108 
-     *
109 
-     * @param User        $user
110 
-     * @param null|string $pageName
111 
-     *
112 
-     * @return bool
113 
-     * @category Security-Critical
114 
-     */
115 
-    abstract protected function barrierTest($action, User $user, $pageName = null);
116 
-
117 
-    /**
118 
-     * Gets the name of the route that has been passed from the request router.
119 
-     * @return string
120 
-     */
121 
-    abstract protected function getRouteName();
122 
-
123 
-    /** @return SecurityManager */
124 
-    abstract protected function getSecurityManager();
125 
-
126 
-    /**
127 
-     * Sets the name of the template this page should display.
128 
-     *
129 
-     * @param string $name
130 
-     */
131 
-    abstract protected function setTemplate($name);
132 
-
133 
-    /** @return IXffTrustProvider */
134 
-    abstract protected function getXffTrustProvider();
135 
-
136 
-    /** @return ILocationProvider */
137 
-    abstract protected function getLocationProvider();
138 
-
139 
-    /** @return IRDnsProvider */
140 
-    abstract protected function getRdnsProvider();
141 
-
142 
-    /**
143 
-     * Assigns a Smarty variable
144 
-     *
145 
-     * @param  array|string $name  the template variable name(s)
146 
-     * @param  mixed        $value the value to assign
147 
-     */
148 
-    abstract protected function assign($name, $value);
149 
-
150 
-    /**
151 
-     * @param int|null    $requestReservationId
152 
-     * @param PdoDatabase $database
153 
-     * @param User        $currentUser
154 
-     */
155 
-    protected function setupReservationDetails($requestReservationId, PdoDatabase $database, User $currentUser)
156 
-    {
157 
-        $requestIsReserved = $requestReservationId !== null;
158 
-        $this->assign('requestIsReserved', $requestIsReserved);
159 
-        $this->assign('requestIsReservedByMe', false);
160 
-
161 
-        if ($requestIsReserved) {
162 
-            $this->assign('requestReservedByName', User::getById($requestReservationId, $database)->getUsername());
163 
-            $this->assign('requestReservedById', $requestReservationId);
164 
-
165 
-            if ($requestReservationId === $currentUser->getId()) {
166 
-                $this->assign('requestIsReservedByMe', true);
167 
-            }
168 
-        }
169 
-
170 
-        $this->assign('canBreakReservation', $this->barrierTest('force', $currentUser, PageBreakReservation::class));
171 
-    }
172 
-
173 
-    /**
174 
-     * Adds private request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
175 
-     *
176 
-     * @param Request           $request
177 
-     * @param SiteConfiguration $configuration
178 
-     */
179 
-    protected function setupPrivateData(
180 
-        $request,
181 
-        SiteConfiguration $configuration
182 
-    ) {
183 
-        $xffProvider = $this->getXffTrustProvider();
184 
-
185 
-        $this->assign('requestEmail', $request->getEmail());
186 
-        $emailDomain = explode("@", $request->getEmail())[1];
187 
-        $this->assign("emailurl", $emailDomain);
188 
-        $this->assign('commonEmailDomain', in_array(strtolower($emailDomain), $configuration->getCommonEmailDomains())
189 
-            || $request->getEmail() === $this->getSiteConfiguration()->getDataClearEmail());
190 
-
191 
-        $trustedIp = $xffProvider->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
192 
-        $this->assign('requestTrustedIp', $trustedIp);
193 
-        $this->assign('requestRealIp', $request->getIp());
194 
-        $this->assign('requestForwardedIp', $request->getForwardedIp());
195 
-
196 
-        $trustedIpLocation = $this->getLocationProvider()->getIpLocation($trustedIp);
197 
-        $this->assign('requestTrustedIpLocation', $trustedIpLocation);
198 
-
199 
-        $this->assign('requestHasForwardedIp', $request->getForwardedIp() !== null);
200 
-
201 
-        $this->setupForwardedIpData($request);
202 
-    }
203 
-
204 
-    /**
205 
-     * Adds related request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
206 
-     *
207 
-     * @param Request           $request
208 
-     * @param SiteConfiguration $configuration
209 
-     * @param PdoDatabase       $database
210 
-     */
211 
-    protected function setupRelatedRequests(
212 
-        Request $request,
213 
-        SiteConfiguration $configuration,
214 
-        PdoDatabase $database)
215 
-    {
216 
-        $this->assign('canSeeRelatedRequests', true);
217 
-
218 
-        $relatedEmailRequests = RequestSearchHelper::get($database)
219 
-            ->byEmailAddress($request->getEmail())
220 
-            ->withConfirmedEmail()
221 
-            ->excludingPurgedData($configuration)
222 
-            ->excludingRequest($request->getId())
223 
-            ->fetch();
224 
-
225 
-        $this->assign('requestRelatedEmailRequestsCount', count($relatedEmailRequests));
226 
-        $this->assign('requestRelatedEmailRequests', $relatedEmailRequests);
227 
-
228 
-        $trustedIp = $this->getXffTrustProvider()->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
229 
-        $relatedIpRequests = RequestSearchHelper::get($database)
230 
-            ->byIp($trustedIp)
231 
-            ->withConfirmedEmail()
232 
-            ->excludingPurgedData($configuration)
233 
-            ->excludingRequest($request->getId())
234 
-            ->fetch();
235 
-
236 
-        $this->assign('requestRelatedIpRequestsCount', count($relatedIpRequests));
237 
-        $this->assign('requestRelatedIpRequests', $relatedIpRequests);
238 
-    }
239 
-
240 
-    /**
241 
-     * Adds checkuser request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
242 
-     *
243 
-     * @param Request $request
244 
-     */
245 
-    protected function setupCheckUserData(Request $request)
246 
-    {
247 
-        $this->assign('requestUserAgent', $request->getUserAgent());
248 
-    }
249 
-
250 
-    /**
251 
-     * Sets up the basic data for this request, and adds it to Smarty
252 
-     *
253 
-     * @param Request           $request
254 
-     * @param SiteConfiguration $config
255 
-     */
256 
-    protected function setupBasicData(Request $request, SiteConfiguration $config)
257 
-    {
258 
-        $this->assign('requestId', $request->getId());
259 
-        $this->assign('updateVersion', $request->getUpdateVersion());
260 
-        $this->assign('requestName', $request->getName());
261 
-        $this->assign('requestDate', $request->getDate());
262 
-        $this->assign('requestStatus', $request->getStatus());
263 
-
264 
-        $this->assign('requestQueue', null);
265 
-        if ($request->getQueue() !== null) {
266 
-            /** @var RequestQueue $queue */
267 
-            $queue = RequestQueue::getById($request->getQueue(), $this->getDatabase());
268 
-            $this->assign('requestQueue', $queue->getHeader());
269 
-            $this->assign('requestQueueApiName', $queue->getApiName());
270 
-        }
271 
-
272 
-        $this->assign('canPreviewForm', $this->barrierTest('view', User::getCurrent($this->getDatabase()), PageRequestFormManagement::class));
273 
-        $this->assign('originForm', $request->getOriginFormObject());
274 
-
275 
-        $isClosed = $request->getStatus() === RequestStatus::CLOSED || $request->getStatus() === RequestStatus::JOBQUEUE;
276 
-        $this->assign('requestIsClosed', $isClosed);
277 
-    }
278 
-
279 
-    /**
280 
-     * Sets up the forwarded IP data for this request and adds it to Smarty
281 
-     *
282 
-     * @param Request $request
283 
-     */
284 
-    protected function setupForwardedIpData(Request $request)
285 
-    {
286 
-        if ($request->getForwardedIp() !== null) {
287 
-            $requestProxyData = array(); // Initialize array to store data to be output in Smarty template.
288 
-            $proxyIndex = 0;
289 
-
290 
-            // Assuming [client] <=> [proxy1] <=> [proxy2] <=> [proxy3] <=> [us], we will see an XFF header of [client],
291 
-            // [proxy1], [proxy2], and our actual IP will be [proxy3]
292 
-            $proxies = explode(",", $request->getForwardedIp());
293 
-            $proxies[] = $request->getIp();
294 
-
295 
-            // Origin is the supposed "client" IP.
296 
-            $origin = $proxies[0];
297 
-            $this->assign("forwardedOrigin", $origin);
298 
-
299 
-            // We step through the servers in reverse order, from closest to furthest
300 
-            $proxies = array_reverse($proxies);
301 
-
302 
-            // By default, we have trust, because the first in the chain is now REMOTE_ADDR, which is hardest to spoof.
303 
-            $trust = true;
304 
-
305 
-            /**
306 
-             * @var int    $index     The zero-based index of the proxy.
307 
-             * @var string $proxyData The proxy IP address (although possibly not!)
308 
-             */
309 
-            foreach ($proxies as $index => $proxyData) {
310 
-                $proxyAddress = trim($proxyData);
311 
-                $requestProxyData[$proxyIndex]['ip'] = $proxyAddress;
312 
-
313 
-                // get data on this IP.
314 
-                $thisProxyIsTrusted = $this->getXffTrustProvider()->isTrusted($proxyAddress);
315 
-
316 
-                $proxyIsInPrivateRange = $this->getXffTrustProvider()
317 
-                    ->ipInRange(self::$rfc1918ips, $proxyAddress);
318 
-
319 
-                if (!$proxyIsInPrivateRange) {
320 
-                    $proxyReverseDns = $this->getRdnsProvider()->getReverseDNS($proxyAddress);
321 
-                    $proxyLocation = $this->getLocationProvider()->getIpLocation($proxyAddress);
322 
-                }
323 
-                else {
324 
-                    // this is going to fail, so why bother trying?
325 
-                    $proxyReverseDns = false;
326 
-                    $proxyLocation = false;
327 
-                }
328 
-
329 
-                // current trust chain status BEFORE this link
330 
-                $preLinkTrust = $trust;
331 
-
332 
-                // is *this* link trusted? Note, this will be true even if there is an untrusted link before this!
333 
-                $requestProxyData[$proxyIndex]['trustedlink'] = $thisProxyIsTrusted;
334 
-
335 
-                // set the trust status of the chain to this point
336 
-                $trust = $trust & $thisProxyIsTrusted;
337 
-
338 
-                // If this is the origin address, and the chain was trusted before this point, then we can trust
339 
-                // the origin.
340 
-                if ($preLinkTrust && $proxyAddress == $origin) {
341 
-                    // if this is the origin, then we are at the last point in the chain.
342 
-                    // @todo: this is probably the cause of some bugs when an IP appears twice - we're missing a check
343 
-                    // to see if this is *really* the last in the chain, rather than just the same IP as it.
344 
-                    $trust = true;
345 
-                }
346 
-
347 
-                $requestProxyData[$proxyIndex]['trust'] = $trust;
348 
-
349 
-                $requestProxyData[$proxyIndex]['rdnsfailed'] = $proxyReverseDns === false;
350 
-                $requestProxyData[$proxyIndex]['rdns'] = $proxyReverseDns;
351 
-                $requestProxyData[$proxyIndex]['routable'] = !$proxyIsInPrivateRange;
352 
-
353 
-                $requestProxyData[$proxyIndex]['location'] = $proxyLocation;
354 
-
355 
-                if ($proxyReverseDns === $proxyAddress && $proxyIsInPrivateRange === false) {
356 
-                    $requestProxyData[$proxyIndex]['rdns'] = null;
357 
-                }
358 
-
359 
-                $showLinks = (!$trust || $proxyAddress == $origin) && !$proxyIsInPrivateRange;
360 
-                $requestProxyData[$proxyIndex]['showlinks'] = $showLinks;
361 
-
362 
-                $proxyIndex++;
363 
-            }
364 
-
365 
-            $this->assign("requestProxyData", $requestProxyData);
366 
-        }
367 
-    }
29 
+	/** @return SiteConfiguration */
30 
+	protected abstract function getSiteConfiguration();
31 
+
32 
+	/**
33 
+	 * @var array Array of IP address classed as 'private' by RFC1918.
34 
+	 */
35 
+	protected static $rfc1918ips = array(
36 
+		"10.0.0.0"    => "10.255.255.255",
37 
+		"172.16.0.0"  => "172.31.255.255",
38 
+		"192.168.0.0" => "192.168.255.255",
39 
+		"169.254.0.0" => "169.254.255.255",
40 
+		"127.0.0.0"   => "127.255.255.255",
41 
+	);
42 
+
43 
+	/**
44 
+	 * Gets a request object
45 
+	 *
46 
+	 * @param PdoDatabase $database  The database connection
47 
+	 * @param int|null    $requestId The ID of the request to retrieve
48 
+	 *
49 
+	 * @return Request
50 
+	 * @throws ApplicationLogicException
51 
+	 */
52 
+	protected function getRequest(PdoDatabase $database, $requestId)
53 
+	{
54 
+		if ($requestId === null) {
55 
+			throw new ApplicationLogicException("No request specified");
56 
+		}
57 
+
58 
+		$request = Request::getById($requestId, $database);
59 
+		if ($request === false || !is_a($request, Request::class)) {
60 
+			throw new ApplicationLogicException('Could not load the requested request!');
61 
+		}
62 
+
63 
+		return $request;
64 
+	}
65 
+
66 
+	/**
67 
+	 * Returns a value stating whether the user is allowed to see private data or not
68 
+	 *
69 
+	 * @param Request $request
70 
+	 * @param User    $currentUser
71 
+	 *
72 
+	 * @return bool
73 
+	 * @category Security-Critical
74 
+	 */
75 
+	protected function isAllowedPrivateData(Request $request, User $currentUser)
76 
+	{
77 
+		// Test the main security barrier for private data access using SecurityManager
78 
+		if ($this->barrierTest('alwaysSeePrivateData', $currentUser, 'RequestData')) {
79 
+			// Tool admins/check-users can always see private data
80 
+			return true;
81 
+		}
82 
+
83 
+		// reserving user is allowed to see the data
84 
+		if ($currentUser->getId() === $request->getReserved()
85 
+			&& $request->getReserved() !== null
86 
+			&& $this->barrierTest('seePrivateDataWhenReserved', $currentUser, 'RequestData')
87 
+		) {
88 
+			return true;
89 
+		}
90 
+
91 
+		// user has the reveal hash
92 
+		if (WebRequest::getString('hash') === $request->getRevealHash()
93 
+			&& $this->barrierTest('seePrivateDataWithHash', $currentUser, 'RequestData')
94 
+		) {
95 
+			return true;
96 
+		}
97 
+
98 
+		// nope. Not allowed.
99 
+		return false;
100 
+	}
101 
+
102 
+	/**
103 
+	 * Tests the security barrier for a specified action.
104 
+	 *
105 
+	 * Don't use within templates
106 
+	 *
107 
+	 * @param string      $action
108 
+	 *
109 
+	 * @param User        $user
110 
+	 * @param null|string $pageName
111 
+	 *
112 
+	 * @return bool
113 
+	 * @category Security-Critical
114 
+	 */
115 
+	abstract protected function barrierTest($action, User $user, $pageName = null);
116 
+
117 
+	/**
118 
+	 * Gets the name of the route that has been passed from the request router.
119 
+	 * @return string
120 
+	 */
121 
+	abstract protected function getRouteName();
122 
+
123 
+	/** @return SecurityManager */
124 
+	abstract protected function getSecurityManager();
125 
+
126 
+	/**
127 
+	 * Sets the name of the template this page should display.
128 
+	 *
129 
+	 * @param string $name
130 
+	 */
131 
+	abstract protected function setTemplate($name);
132 
+
133 
+	/** @return IXffTrustProvider */
134 
+	abstract protected function getXffTrustProvider();
135 
+
136 
+	/** @return ILocationProvider */
137 
+	abstract protected function getLocationProvider();
138 
+
139 
+	/** @return IRDnsProvider */
140 
+	abstract protected function getRdnsProvider();
141 
+
142 
+	/**
143 
+	 * Assigns a Smarty variable
144 
+	 *
145 
+	 * @param  array|string $name  the template variable name(s)
146 
+	 * @param  mixed        $value the value to assign
147 
+	 */
148 
+	abstract protected function assign($name, $value);
149 
+
150 
+	/**
151 
+	 * @param int|null    $requestReservationId
152 
+	 * @param PdoDatabase $database
153 
+	 * @param User        $currentUser
154 
+	 */
155 
+	protected function setupReservationDetails($requestReservationId, PdoDatabase $database, User $currentUser)
156 
+	{
157 
+		$requestIsReserved = $requestReservationId !== null;
158 
+		$this->assign('requestIsReserved', $requestIsReserved);
159 
+		$this->assign('requestIsReservedByMe', false);
160 
+
161 
+		if ($requestIsReserved) {
162 
+			$this->assign('requestReservedByName', User::getById($requestReservationId, $database)->getUsername());
163 
+			$this->assign('requestReservedById', $requestReservationId);
164 
+
165 
+			if ($requestReservationId === $currentUser->getId()) {
166 
+				$this->assign('requestIsReservedByMe', true);
167 
+			}
168 
+		}
169 
+
170 
+		$this->assign('canBreakReservation', $this->barrierTest('force', $currentUser, PageBreakReservation::class));
171 
+	}
172 
+
173 
+	/**
174 
+	 * Adds private request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
175 
+	 *
176 
+	 * @param Request           $request
177 
+	 * @param SiteConfiguration $configuration
178 
+	 */
179 
+	protected function setupPrivateData(
180 
+		$request,
181 
+		SiteConfiguration $configuration
182 
+	) {
183 
+		$xffProvider = $this->getXffTrustProvider();
184 
+
185 
+		$this->assign('requestEmail', $request->getEmail());
186 
+		$emailDomain = explode("@", $request->getEmail())[1];
187 
+		$this->assign("emailurl", $emailDomain);
188 
+		$this->assign('commonEmailDomain', in_array(strtolower($emailDomain), $configuration->getCommonEmailDomains())
189 
+			|| $request->getEmail() === $this->getSiteConfiguration()->getDataClearEmail());
190 
+
191 
+		$trustedIp = $xffProvider->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
192 
+		$this->assign('requestTrustedIp', $trustedIp);
193 
+		$this->assign('requestRealIp', $request->getIp());
194 
+		$this->assign('requestForwardedIp', $request->getForwardedIp());
195 
+
196 
+		$trustedIpLocation = $this->getLocationProvider()->getIpLocation($trustedIp);
197 
+		$this->assign('requestTrustedIpLocation', $trustedIpLocation);
198 
+
199 
+		$this->assign('requestHasForwardedIp', $request->getForwardedIp() !== null);
200 
+
201 
+		$this->setupForwardedIpData($request);
202 
+	}
203 
+
204 
+	/**
205 
+	 * Adds related request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
206 
+	 *
207 
+	 * @param Request           $request
208 
+	 * @param SiteConfiguration $configuration
209 
+	 * @param PdoDatabase       $database
210 
+	 */
211 
+	protected function setupRelatedRequests(
212 
+		Request $request,
213 
+		SiteConfiguration $configuration,
214 
+		PdoDatabase $database)
215 
+	{
216 
+		$this->assign('canSeeRelatedRequests', true);
217 
+
218 
+		$relatedEmailRequests = RequestSearchHelper::get($database)
219 
+			->byEmailAddress($request->getEmail())
220 
+			->withConfirmedEmail()
221 
+			->excludingPurgedData($configuration)
222 
+			->excludingRequest($request->getId())
223 
+			->fetch();
224 
+
225 
+		$this->assign('requestRelatedEmailRequestsCount', count($relatedEmailRequests));
226 
+		$this->assign('requestRelatedEmailRequests', $relatedEmailRequests);
227 
+
228 
+		$trustedIp = $this->getXffTrustProvider()->getTrustedClientIp($request->getIp(), $request->getForwardedIp());
229 
+		$relatedIpRequests = RequestSearchHelper::get($database)
230 
+			->byIp($trustedIp)
231 
+			->withConfirmedEmail()
232 
+			->excludingPurgedData($configuration)
233 
+			->excludingRequest($request->getId())
234 
+			->fetch();
235 
+
236 
+		$this->assign('requestRelatedIpRequestsCount', count($relatedIpRequests));
237 
+		$this->assign('requestRelatedIpRequests', $relatedIpRequests);
238 
+	}
239 
+
240 
+	/**
241 
+	 * Adds checkuser request data to Smarty. DO NOT USE WITHOUT FIRST CHECKING THAT THE USER IS AUTHORISED!
242 
+	 *
243 
+	 * @param Request $request
244 
+	 */
245 
+	protected function setupCheckUserData(Request $request)
246 
+	{
247 
+		$this->assign('requestUserAgent', $request->getUserAgent());
248 
+	}
249 
+
250 
+	/**
251 
+	 * Sets up the basic data for this request, and adds it to Smarty
252 
+	 *
253 
+	 * @param Request           $request
254 
+	 * @param SiteConfiguration $config
255 
+	 */
256 
+	protected function setupBasicData(Request $request, SiteConfiguration $config)
257 
+	{
258 
+		$this->assign('requestId', $request->getId());
259 
+		$this->assign('updateVersion', $request->getUpdateVersion());
260 
+		$this->assign('requestName', $request->getName());
261 
+		$this->assign('requestDate', $request->getDate());
262 
+		$this->assign('requestStatus', $request->getStatus());
263 
+
264 
+		$this->assign('requestQueue', null);
265 
+		if ($request->getQueue() !== null) {
266 
+			/** @var RequestQueue $queue */
267 
+			$queue = RequestQueue::getById($request->getQueue(), $this->getDatabase());
268 
+			$this->assign('requestQueue', $queue->getHeader());
269 
+			$this->assign('requestQueueApiName', $queue->getApiName());
270 
+		}
271 
+
272 
+		$this->assign('canPreviewForm', $this->barrierTest('view', User::getCurrent($this->getDatabase()), PageRequestFormManagement::class));
273 
+		$this->assign('originForm', $request->getOriginFormObject());
274 
+
275 
+		$isClosed = $request->getStatus() === RequestStatus::CLOSED || $request->getStatus() === RequestStatus::JOBQUEUE;
276 
+		$this->assign('requestIsClosed', $isClosed);
277 
+	}
278 
+
279 
+	/**
280 
+	 * Sets up the forwarded IP data for this request and adds it to Smarty
281 
+	 *
282 
+	 * @param Request $request
283 
+	 */
284 
+	protected function setupForwardedIpData(Request $request)
285 
+	{
286 
+		if ($request->getForwardedIp() !== null) {
287 
+			$requestProxyData = array(); // Initialize array to store data to be output in Smarty template.
288 
+			$proxyIndex = 0;
289 
+
290 
+			// Assuming [client] <=> [proxy1] <=> [proxy2] <=> [proxy3] <=> [us], we will see an XFF header of [client],
291 
+			// [proxy1], [proxy2], and our actual IP will be [proxy3]
292 
+			$proxies = explode(",", $request->getForwardedIp());
293 
+			$proxies[] = $request->getIp();
294 
+
295 
+			// Origin is the supposed "client" IP.
296 
+			$origin = $proxies[0];
297 
+			$this->assign("forwardedOrigin", $origin);
298 
+
299 
+			// We step through the servers in reverse order, from closest to furthest
300 
+			$proxies = array_reverse($proxies);
301 
+
302 
+			// By default, we have trust, because the first in the chain is now REMOTE_ADDR, which is hardest to spoof.
303 
+			$trust = true;
304 
+
305 
+			/**
306 
+			 * @var int    $index     The zero-based index of the proxy.
307 
+			 * @var string $proxyData The proxy IP address (although possibly not!)
308 
+			 */
309 
+			foreach ($proxies as $index => $proxyData) {
310 
+				$proxyAddress = trim($proxyData);
311 
+				$requestProxyData[$proxyIndex]['ip'] = $proxyAddress;
312 
+
313 
+				// get data on this IP.
314 
+				$thisProxyIsTrusted = $this->getXffTrustProvider()->isTrusted($proxyAddress);
315 
+
316 
+				$proxyIsInPrivateRange = $this->getXffTrustProvider()
317 
+					->ipInRange(self::$rfc1918ips, $proxyAddress);
318 
+
319 
+				if (!$proxyIsInPrivateRange) {
320 
+					$proxyReverseDns = $this->getRdnsProvider()->getReverseDNS($proxyAddress);
321 
+					$proxyLocation = $this->getLocationProvider()->getIpLocation($proxyAddress);
322 
+				}
323 
+				else {
324 
+					// this is going to fail, so why bother trying?
325 
+					$proxyReverseDns = false;
326 
+					$proxyLocation = false;
327 
+				}
328 
+
329 
+				// current trust chain status BEFORE this link
330 
+				$preLinkTrust = $trust;
331 
+
332 
+				// is *this* link trusted? Note, this will be true even if there is an untrusted link before this!
333 
+				$requestProxyData[$proxyIndex]['trustedlink'] = $thisProxyIsTrusted;
334 
+
335 
+				// set the trust status of the chain to this point
336 
+				$trust = $trust & $thisProxyIsTrusted;
337 
+
338 
+				// If this is the origin address, and the chain was trusted before this point, then we can trust
339 
+				// the origin.
340 
+				if ($preLinkTrust && $proxyAddress == $origin) {
341 
+					// if this is the origin, then we are at the last point in the chain.
342 
+					// @todo: this is probably the cause of some bugs when an IP appears twice - we're missing a check
343 
+					// to see if this is *really* the last in the chain, rather than just the same IP as it.
344 
+					$trust = true;
345 
+				}
346 
+
347 
+				$requestProxyData[$proxyIndex]['trust'] = $trust;
348 
+
349 
+				$requestProxyData[$proxyIndex]['rdnsfailed'] = $proxyReverseDns === false;
350 
+				$requestProxyData[$proxyIndex]['rdns'] = $proxyReverseDns;
351 
+				$requestProxyData[$proxyIndex]['routable'] = !$proxyIsInPrivateRange;
352 
+
353 
+				$requestProxyData[$proxyIndex]['location'] = $proxyLocation;
354 
+
355 
+				if ($proxyReverseDns === $proxyAddress && $proxyIsInPrivateRange === false) {
356 
+					$requestProxyData[$proxyIndex]['rdns'] = null;
357 
+				}
358 
+
359 
+				$showLinks = (!$trust || $proxyAddress == $origin) && !$proxyIsInPrivateRange;
360 
+				$requestProxyData[$proxyIndex]['showlinks'] = $showLinks;
361 
+
362 
+				$proxyIndex++;
363 
+			}
364 
+
365 
+			$this->assign("requestProxyData", $requestProxyData);
366 
+		}
367 
+	}
368 368 
 }
Please login to merge, or discard this patch.
includes/Fragments/NavigationMenuAccessControl.php 3 patches
Indentation   +95 added lines, -95 removed lines patch added patch discarded remove patch 
@@ -36,111 +36,111 @@
 
 block discarded – undo
36 36
37 37 
 trait NavigationMenuAccessControl
38 38 
 {
39 
-    protected abstract function assign($name, $value);
39 
+	protected abstract function assign($name, $value);
40 40
41 
-    /**
42 
-     * @return SecurityManager
43 
-     */
44 
-    protected abstract function getSecurityManager();
41 
+	/**
42 
+	 * @return SecurityManager
43 
+	 */
44 
+	protected abstract function getSecurityManager();
45 45
46 
-    public abstract function getDomainAccessManager(): DomainAccessManager;
46 
+	public abstract function getDomainAccessManager(): DomainAccessManager;
47 47
48 
-    /**
49 
-     * @param $currentUser
50 
-     */
51 
-    protected function setupNavMenuAccess($currentUser)
52 
-    {
53 
-        $this->assign('nav__canRequests', $this->getSecurityManager()
54 
-                ->allows(PageMain::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
48 
+	/**
49 
+	 * @param $currentUser
50 
+	 */
51 
+	protected function setupNavMenuAccess($currentUser)
52 
+	{
53 
+		$this->assign('nav__canRequests', $this->getSecurityManager()
54 
+				->allows(PageMain::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
55 55
56 
-        $this->assign('nav__canLogs', $this->getSecurityManager()
57 
-                ->allows(PageLog::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
58 
-        $this->assign('nav__canUsers', $this->getSecurityManager()
59 
-                ->allows(StatsUsers::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
60 
-        $this->assign('nav__canSearch', $this->getSecurityManager()
61 
-                ->allows(PageSearch::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
62 
-        $this->assign('nav__canStats', $this->getSecurityManager()
63 
-                ->allows(StatsMain::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
56 
+		$this->assign('nav__canLogs', $this->getSecurityManager()
57 
+				->allows(PageLog::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
58 
+		$this->assign('nav__canUsers', $this->getSecurityManager()
59 
+				->allows(StatsUsers::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
60 
+		$this->assign('nav__canSearch', $this->getSecurityManager()
61 
+				->allows(PageSearch::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
62 
+		$this->assign('nav__canStats', $this->getSecurityManager()
63 
+				->allows(StatsMain::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
64 64
65 
-        $this->assign('nav__canBan', $this->getSecurityManager()
66 
-                ->allows(PageBan::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
67 
-        $this->assign('nav__canEmailMgmt', $this->getSecurityManager()
68 
-                ->allows(PageEmailManagement::class, RoleConfiguration::MAIN,
69 
-                    $currentUser) === SecurityManager::ALLOWED);
70 
-        $this->assign('nav__canWelcomeMgmt', $this->getSecurityManager()
71 
-                ->allows(PageWelcomeTemplateManagement::class, RoleConfiguration::MAIN,
72 
-                    $currentUser) === SecurityManager::ALLOWED);
73 
-        $this->assign('nav__canSiteNoticeMgmt', $this->getSecurityManager()
74 
-                ->allows(PageSiteNotice::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
75 
-        $this->assign('nav__canUserMgmt', $this->getSecurityManager()
76 
-                ->allows(PageUserManagement::class, RoleConfiguration::MAIN,
77 
-                    $currentUser) === SecurityManager::ALLOWED);
78 
-        $this->assign('nav__canJobQueue', $this->getSecurityManager()
79 
-                ->allows(PageJobQueue::class, RoleConfiguration::MAIN,
80 
-                    $currentUser) === SecurityManager::ALLOWED);
81 
-        $this->assign('nav__canDomainMgmt', $this->getSecurityManager()
82 
-                ->allows(PageDomainManagement::class, RoleConfiguration::MAIN,
83 
-                    $currentUser) === SecurityManager::ALLOWED);
84 
-        $this->assign('nav__canFlaggedComments', $this->getSecurityManager()
85 
-                ->allows(PageListFlaggedComments::class, RoleConfiguration::MAIN,
86 
-                    $currentUser) === SecurityManager::ALLOWED);
87 
-        $this->assign('nav__canQueueMgmt', $this->getSecurityManager()
88 
-                ->allows(PageQueueManagement::class, RoleConfiguration::MAIN,
89 
-                    $currentUser) === SecurityManager::ALLOWED);
90 
-        $this->assign('nav__canFormMgmt', $this->getSecurityManager()
91 
-                ->allows(PageRequestFormManagement::class, RoleConfiguration::MAIN,
92 
-                    $currentUser) === SecurityManager::ALLOWED);
93 
-        $this->assign('nav__canErrorLog', $this->getSecurityManager()
94 
-                ->allows(PageErrorLogViewer::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
65 
+		$this->assign('nav__canBan', $this->getSecurityManager()
66 
+				->allows(PageBan::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
67 
+		$this->assign('nav__canEmailMgmt', $this->getSecurityManager()
68 
+				->allows(PageEmailManagement::class, RoleConfiguration::MAIN,
69 
+					$currentUser) === SecurityManager::ALLOWED);
70 
+		$this->assign('nav__canWelcomeMgmt', $this->getSecurityManager()
71 
+				->allows(PageWelcomeTemplateManagement::class, RoleConfiguration::MAIN,
72 
+					$currentUser) === SecurityManager::ALLOWED);
73 
+		$this->assign('nav__canSiteNoticeMgmt', $this->getSecurityManager()
74 
+				->allows(PageSiteNotice::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
75 
+		$this->assign('nav__canUserMgmt', $this->getSecurityManager()
76 
+				->allows(PageUserManagement::class, RoleConfiguration::MAIN,
77 
+					$currentUser) === SecurityManager::ALLOWED);
78 
+		$this->assign('nav__canJobQueue', $this->getSecurityManager()
79 
+				->allows(PageJobQueue::class, RoleConfiguration::MAIN,
80 
+					$currentUser) === SecurityManager::ALLOWED);
81 
+		$this->assign('nav__canDomainMgmt', $this->getSecurityManager()
82 
+				->allows(PageDomainManagement::class, RoleConfiguration::MAIN,
83 
+					$currentUser) === SecurityManager::ALLOWED);
84 
+		$this->assign('nav__canFlaggedComments', $this->getSecurityManager()
85 
+				->allows(PageListFlaggedComments::class, RoleConfiguration::MAIN,
86 
+					$currentUser) === SecurityManager::ALLOWED);
87 
+		$this->assign('nav__canQueueMgmt', $this->getSecurityManager()
88 
+				->allows(PageQueueManagement::class, RoleConfiguration::MAIN,
89 
+					$currentUser) === SecurityManager::ALLOWED);
90 
+		$this->assign('nav__canFormMgmt', $this->getSecurityManager()
91 
+				->allows(PageRequestFormManagement::class, RoleConfiguration::MAIN,
92 
+					$currentUser) === SecurityManager::ALLOWED);
93 
+		$this->assign('nav__canErrorLog', $this->getSecurityManager()
94 
+				->allows(PageErrorLogViewer::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
95 95
96 
-        $this->assign('nav__canViewRequest', $this->getSecurityManager()
97 
-                ->allows(PageViewRequest::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
96 
+		$this->assign('nav__canViewRequest', $this->getSecurityManager()
97 
+				->allows(PageViewRequest::class, RoleConfiguration::MAIN, $currentUser) === SecurityManager::ALLOWED);
98 98
99 
-        $this->assign('nav__domainList', []);
100 
-        if ($this->getDomainAccessManager() !== null) {
101 
-            $this->assign('nav__domainList', $this->getDomainAccessManager()->getAllowedDomains($currentUser));
102 
-        }
103 
-    }
99 
+		$this->assign('nav__domainList', []);
100 
+		if ($this->getDomainAccessManager() !== null) {
101 
+			$this->assign('nav__domainList', $this->getDomainAccessManager()->getAllowedDomains($currentUser));
102 
+		}
103 
+	}
104 104
105 
-    /**
106 
-     * Sets up the badges to draw attention to issues on various admin pages.
107 
-     *
108 
-     * This function checks to see if a user can access the pages, and if so checks the count of problem areas.
109 
-     * If problem areas are found, a number greater than 0 will cause the badge to show up.
110 
-     *
111 
-     * @param User        $currentUser The current user
112 
-     * @param PdoDatabase $database    Database instance
113 
-     *
114 
-     * @return void
115 
-     */
116 
-    public function setUpNavBarBadges(User $currentUser, PdoDatabase $database) {
117 
-        // Set up some variables.
118 
-        // A size of 0 causes nothing to show up on the page (checked on navigation-menu.tpl) so leaving it 0 here is fine.
119 
-        $countOfFlagged = 0;
120 
-        $countOfJobQueue = 0;
105 
+	/**
106 
+	 * Sets up the badges to draw attention to issues on various admin pages.
107 
+	 *
108 
+	 * This function checks to see if a user can access the pages, and if so checks the count of problem areas.
109 
+	 * If problem areas are found, a number greater than 0 will cause the badge to show up.
110 
+	 *
111 
+	 * @param User        $currentUser The current user
112 
+	 * @param PdoDatabase $database    Database instance
113 
+	 *
114 
+	 * @return void
115 
+	 */
116 
+	public function setUpNavBarBadges(User $currentUser, PdoDatabase $database) {
117 
+		// Set up some variables.
118 
+		// A size of 0 causes nothing to show up on the page (checked on navigation-menu.tpl) so leaving it 0 here is fine.
119 
+		$countOfFlagged = 0;
120 
+		$countOfJobQueue = 0;
121 121
122 
-        // Count of flagged comments:
123 
-        if($this->barrierTest(RoleConfiguration::MAIN, $currentUser, PageListFlaggedComments::class)) {
124 
-            // We want all flagged comments that haven't been acknowledged if we can visit the page.
125 
-            $countOfFlagged = sizeof(Comment::getFlaggedComments($database));
126 
-        }
122 
+		// Count of flagged comments:
123 
+		if($this->barrierTest(RoleConfiguration::MAIN, $currentUser, PageListFlaggedComments::class)) {
124 
+			// We want all flagged comments that haven't been acknowledged if we can visit the page.
125 
+			$countOfFlagged = sizeof(Comment::getFlaggedComments($database));
126 
+		}
127 127
128 
-        // Count of failed job queue changes:
129 
-        if($this->barrierTest(RoleConfiguration::MAIN, $currentUser, PageJobQueue::class)) {
130 
-            // We want all failed jobs that haven't been acknowledged if we can visit the page.
131 
-            JobQueueSearchHelper::get($database)
132 
-                ->statusIn([JobQueue::STATUS_FAILED])
133 
-                ->notAcknowledged()
134 
-                ->getRecordCount($countOfJobQueue);
135 
-        }
128 
+		// Count of failed job queue changes:
129 
+		if($this->barrierTest(RoleConfiguration::MAIN, $currentUser, PageJobQueue::class)) {
130 
+			// We want all failed jobs that haven't been acknowledged if we can visit the page.
131 
+			JobQueueSearchHelper::get($database)
132 
+				->statusIn([JobQueue::STATUS_FAILED])
133 
+				->notAcknowledged()
134 
+				->getRecordCount($countOfJobQueue);
135 
+		}
136 136
137 
-        // To generate the main badge, add both up.
138 
-        // If we add more badges in the future, don't forget to add them here!
139 
-        $countOfAll = $countOfFlagged + $countOfJobQueue;
137 
+		// To generate the main badge, add both up.
138 
+		// If we add more badges in the future, don't forget to add them here!
139 
+		$countOfAll = $countOfFlagged + $countOfJobQueue;
140 140
141 
-        // Set badge variables
142 
-        $this->assign("nav__numFlaggedComments", $countOfFlagged);
143 
-        $this->assign("nav__numJobQueueFailed", $countOfJobQueue);
144 
-        $this->assign("nav__numAdmin", $countOfAll);
145 
-    }
141 
+		// Set badge variables
142 
+		$this->assign("nav__numFlaggedComments", $countOfFlagged);
143 
+		$this->assign("nav__numJobQueueFailed", $countOfJobQueue);
144 
+		$this->assign("nav__numAdmin", $countOfAll);
145 
+	}
146 146 
 }
Please login to merge, or discard this patch.
Spacing   +2 added lines, -2 removed lines patch added patch discarded remove patch 
@@ -120,13 +120,13 @@
 
 block discarded – undo
120 120 
         $countOfJobQueue = 0;
121 121
122 122 
         // Count of flagged comments:
123 
-        if($this->barrierTest(RoleConfiguration::MAIN, $currentUser, PageListFlaggedComments::class)) {
123 
+        if ($this->barrierTest(RoleConfiguration::MAIN, $currentUser, PageListFlaggedComments::class)) {
124 124 
             // We want all flagged comments that haven't been acknowledged if we can visit the page.
125 125 
             $countOfFlagged = sizeof(Comment::getFlaggedComments($database));
126 126 
         }
127 127
128 128 
         // Count of failed job queue changes:
129 
-        if($this->barrierTest(RoleConfiguration::MAIN, $currentUser, PageJobQueue::class)) {
129 
+        if ($this->barrierTest(RoleConfiguration::MAIN, $currentUser, PageJobQueue::class)) {
130 130 
             // We want all failed jobs that haven't been acknowledged if we can visit the page.
131 131 
             JobQueueSearchHelper::get($database)
132 132 
                 ->statusIn([JobQueue::STATUS_FAILED])
Please login to merge, or discard this patch.
Braces   +2 added lines, -1 removed lines patch added patch discarded remove patch 
@@ -113,7 +113,8 @@
 
 block discarded – undo
113 113 
      *
114 114 
      * @return void
115 115 
      */
116 
-    public function setUpNavBarBadges(User $currentUser, PdoDatabase $database) {
116 
+    public function setUpNavBarBadges(User $currentUser, PdoDatabase $database)
117 
+    {
117 118 
         // Set up some variables.
118 119 
         // A size of 0 causes nothing to show up on the page (checked on navigation-menu.tpl) so leaving it 0 here is fine.
119 120 
         $countOfFlagged = 0;
Please login to merge, or discard this patch.
includes/Fragments/TemplateOutput.php 1 patch
Indentation   +105 added lines, -105 removed lines patch added patch discarded remove patch 
@@ -15,109 +15,109 @@
 
 block discarded – undo
15 15
16 16 
 trait TemplateOutput
17 17 
 {
18 
-    /** @var Smarty */
19 
-    private $smarty;
20 
-    /** @var string Extra JavaScript to include at the end of the page's execution */
21 
-    private $tailScript;
22 
-    /** @var string */
23 
-    private $tailScriptNonce;
24 
-
25 
-    /**
26 
-     * @return SiteConfiguration
27 
-     */
28 
-    protected abstract function getSiteConfiguration();
29 
-
30 
-    /**
31 
-     * Include extra JavaScript at the end of the page's execution
32 
-     *
33 
-     * @param $nonce string CSP Nonce generated by ContentSecurityPolicyManager::getNonce()
34 
-     * @param $script string JavaScript to include at the end of the page
35 
-     */
36 
-    final protected function setTailScript($nonce, $script)
37 
-    {
38 
-        $this->tailScriptNonce = $nonce;
39 
-        $this->tailScript = $script;
40 
-    }
41 
-
42 
-    /**
43 
-     * Assigns a Smarty variable
44 
-     *
45 
-     * @param  array|string $name  the template variable name(s)
46 
-     * @param  mixed        $value the value to assign
47 
-     */
48 
-    final protected function assign($name, $value)
49 
-    {
50 
-        $this->smarty->assign($name, $value);
51 
-    }
52 
-
53 
-    /**
54 
-     * Sets up the variables used by the main Smarty base template.
55 
-     *
56 
-     * This list is getting kinda long.
57 
-     */
58 
-    final protected function setUpSmarty()
59 
-    {
60 
-        $this->smarty = new Smarty();
61 
-        $this->smarty->addPluginsDir($this->getSiteConfiguration()->getFilePath() . '/smarty-plugins');
62 
-
63 
-        $this->assign('currentUser', User::getCommunity());
64 
-        $this->assign('currentDomain', null);
65 
-        $this->assign('loggedIn', false);
66 
-        $this->assign('baseurl', $this->getSiteConfiguration()->getBaseUrl());
67 
-        $this->assign('resourceCacheEpoch', $this->getSiteConfiguration()->getResourceCacheEpoch());
68 
-
69 
-        $this->assign('siteNoticeText', '');
70 
-        $this->assign('siteNoticeVersion', 0);
71 
-        $this->assign('siteNoticeState', 'd-none');
72 
-        $this->assign('toolversion', Environment::getToolVersion());
73 
-
74 
-        // default these
75 
-        $this->assign('onlineusers', array());
76 
-        $this->assign('typeAheadBlock', '');
77 
-        $this->assign('extraJs', array());
78 
-
79 
-        // nav menu access control
80 
-        $this->assign('nav__canRequests', false);
81 
-        $this->assign('nav__canLogs', false);
82 
-        $this->assign('nav__canUsers', false);
83 
-        $this->assign('nav__canSearch', false);
84 
-        $this->assign('nav__canStats', false);
85 
-        $this->assign('nav__canBan', false);
86 
-        $this->assign('nav__canEmailMgmt', false);
87 
-        $this->assign('nav__canWelcomeMgmt', false);
88 
-        $this->assign('nav__canSiteNoticeMgmt', false);
89 
-        $this->assign('nav__canUserMgmt', false);
90 
-        $this->assign('nav__canViewRequest', false);
91 
-        $this->assign('nav__canJobQueue', false);
92 
-        $this->assign('nav__canFlaggedComments', false);
93 
-        $this->assign('nav__canDomainMgmt', false);
94 
-        $this->assign('nav__canQueueMgmt', false);
95 
-        $this->assign('nav__canFormMgmt', false);
96 
-        $this->assign('nav__canErrorLog', false);
97 
-
98 
-        // Navigation badges for concern areas.
99 
-        $this->assign("nav__numAdmin", 0);
100 
-        $this->assign("nav__numFlaggedComments", 0);
101 
-        $this->assign("nav__numJobQueueFailed", 0);
102 
-
103 
-        // debug helpers
104 
-        $this->assign('showDebugCssBreakpoints', $this->getSiteConfiguration()->getDebuggingCssBreakpointsEnabled());
105 
-
106 
-        $this->assign('page', $this);
107 
-    }
108 
-
109 
-    /**
110 
-     * Fetches a rendered Smarty template
111 
-     *
112 
-     * @param $template string Template file path, relative to /templates/
113 
-     *
114 
-     * @return string Templated HTML
115 
-     */
116 
-    final protected function fetchTemplate($template)
117 
-    {
118 
-        $this->assign('tailScript', $this->tailScript);
119 
-        $this->assign('tailScriptNonce', $this->tailScriptNonce);
120 
-
121 
-        return $this->smarty->fetch($template);
122 
-    }
18 
+	/** @var Smarty */
19 
+	private $smarty;
20 
+	/** @var string Extra JavaScript to include at the end of the page's execution */
21 
+	private $tailScript;
22 
+	/** @var string */
23 
+	private $tailScriptNonce;
24 
+
25 
+	/**
26 
+	 * @return SiteConfiguration
27 
+	 */
28 
+	protected abstract function getSiteConfiguration();
29 
+
30 
+	/**
31 
+	 * Include extra JavaScript at the end of the page's execution
32 
+	 *
33 
+	 * @param $nonce string CSP Nonce generated by ContentSecurityPolicyManager::getNonce()
34 
+	 * @param $script string JavaScript to include at the end of the page
35 
+	 */
36 
+	final protected function setTailScript($nonce, $script)
37 
+	{
38 
+		$this->tailScriptNonce = $nonce;
39 
+		$this->tailScript = $script;
40 
+	}
41 
+
42 
+	/**
43 
+	 * Assigns a Smarty variable
44 
+	 *
45 
+	 * @param  array|string $name  the template variable name(s)
46 
+	 * @param  mixed        $value the value to assign
47 
+	 */
48 
+	final protected function assign($name, $value)
49 
+	{
50 
+		$this->smarty->assign($name, $value);
51 
+	}
52 
+
53 
+	/**
54 
+	 * Sets up the variables used by the main Smarty base template.
55 
+	 *
56 
+	 * This list is getting kinda long.
57 
+	 */
58 
+	final protected function setUpSmarty()
59 
+	{
60 
+		$this->smarty = new Smarty();
61 
+		$this->smarty->addPluginsDir($this->getSiteConfiguration()->getFilePath() . '/smarty-plugins');
62 
+
63 
+		$this->assign('currentUser', User::getCommunity());
64 
+		$this->assign('currentDomain', null);
65 
+		$this->assign('loggedIn', false);
66 
+		$this->assign('baseurl', $this->getSiteConfiguration()->getBaseUrl());
67 
+		$this->assign('resourceCacheEpoch', $this->getSiteConfiguration()->getResourceCacheEpoch());
68 
+
69 
+		$this->assign('siteNoticeText', '');
70 
+		$this->assign('siteNoticeVersion', 0);
71 
+		$this->assign('siteNoticeState', 'd-none');
72 
+		$this->assign('toolversion', Environment::getToolVersion());
73 
+
74 
+		// default these
75 
+		$this->assign('onlineusers', array());
76 
+		$this->assign('typeAheadBlock', '');
77 
+		$this->assign('extraJs', array());
78 
+
79 
+		// nav menu access control
80 
+		$this->assign('nav__canRequests', false);
81 
+		$this->assign('nav__canLogs', false);
82 
+		$this->assign('nav__canUsers', false);
83 
+		$this->assign('nav__canSearch', false);
84 
+		$this->assign('nav__canStats', false);
85 
+		$this->assign('nav__canBan', false);
86 
+		$this->assign('nav__canEmailMgmt', false);
87 
+		$this->assign('nav__canWelcomeMgmt', false);
88 
+		$this->assign('nav__canSiteNoticeMgmt', false);
89 
+		$this->assign('nav__canUserMgmt', false);
90 
+		$this->assign('nav__canViewRequest', false);
91 
+		$this->assign('nav__canJobQueue', false);
92 
+		$this->assign('nav__canFlaggedComments', false);
93 
+		$this->assign('nav__canDomainMgmt', false);
94 
+		$this->assign('nav__canQueueMgmt', false);
95 
+		$this->assign('nav__canFormMgmt', false);
96 
+		$this->assign('nav__canErrorLog', false);
97 
+
98 
+		// Navigation badges for concern areas.
99 
+		$this->assign("nav__numAdmin", 0);
100 
+		$this->assign("nav__numFlaggedComments", 0);
101 
+		$this->assign("nav__numJobQueueFailed", 0);
102 
+
103 
+		// debug helpers
104 
+		$this->assign('showDebugCssBreakpoints', $this->getSiteConfiguration()->getDebuggingCssBreakpointsEnabled());
105 
+
106 
+		$this->assign('page', $this);
107 
+	}
108 
+
109 
+	/**
110 
+	 * Fetches a rendered Smarty template
111 
+	 *
112 
+	 * @param $template string Template file path, relative to /templates/
113 
+	 *
114 
+	 * @return string Templated HTML
115 
+	 */
116 
+	final protected function fetchTemplate($template)
117 
+	{
118 
+		$this->assign('tailScript', $this->tailScript);
119 
+		$this->assign('tailScriptNonce', $this->tailScriptNonce);
120 
+
121 
+		return $this->smarty->fetch($template);
122 
+	}
123 123 
 }
Please login to merge, or discard this patch.
includes/ConsoleTasks/RecreateTrustedIpTableTask.php 1 patch
Indentation   +148 added lines, -148 removed lines patch added patch discarded remove patch 
@@ -16,152 +16,152 @@
 
 block discarded – undo
16 16
17 17 
 class RecreateTrustedIpTableTask extends ConsoleTaskBase
18 18 
 {
19 
-    public function execute()
20 
-    {
21 
-
22 
-        echo "Fetching file...\n";
23 
-
24 
-        $htmlfile = file($this->getSiteConfiguration()->getXffTrustedHostsFile(),
25 
-            FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
26 
-
27 
-        $ip = array();
28 
-        $iprange = array();
29 
-        $dnsdomain = array();
30 
-
31 
-        echo "Sorting file...\n";
32 
-        $this->readFile($htmlfile, $iprange, $ip, $dnsdomain);
33 
-
34 
-        echo "Exploding CIDRs...\n";
35 
-        $this->explodeCidrs($iprange, $ip);
36 
-
37 
-        echo "Resolving DNS...\n";
38 
-        $this->resolveDns($dnsdomain, $ip);
39 
-
40 
-        echo "Uniq-ing array...\n";
41 
-
42 
-        $ip = array_unique($ip);
43 
-
44 
-        $database = $this->getDatabase();
45 
-
46 
-        $database->exec('DELETE FROM xfftrustcache;');
47 
-
48 
-        $insert = $database->prepare('INSERT INTO xfftrustcache (ip) VALUES (:ip);');
49 
-
50 
-        $this->doInserts($ip, $insert);
51 
-    }
52 
-
53 
-    /**
54 
-     * @param string[] $dnsDomains  the DNS domains to resolve
55 
-     * @param string[] $ipAddresses existing array of IPs to add to
56 
-     */
57 
-    protected function resolveDns($dnsDomains, &$ipAddresses)
58 
-    {
59 
-        foreach ($dnsDomains as $domain) {
60 
-            $ipList = gethostbynamel($domain);
61 
-
62 
-            if ($ipList === false) {
63 
-                echo "Invalid DNS name $domain\n";
64 
-                continue;
65 
-            }
66 
-
67 
-            foreach ($ipList as $ipAddress) {
68 
-                $ipAddresses[] = $ipAddress;
69 
-            }
70 
-
71 
-            // don't DoS
72 
-            usleep(10000);
73 
-        }
74 
-    }
75 
-
76 
-    /**
77 
-     * @param $iprange
78 
-     * @param $ip
79 
-     */
80 
-    protected function explodeCidrs($iprange, &$ip)
81 
-    {
82 
-        foreach ($iprange as $r) {
83 
-            $ips = $this->getXffTrustProvider()->explodeCidr($r);
84 
-
85 
-            foreach ($ips as $i) {
86 
-                $ip[] = $i;
87 
-            }
88 
-        }
89 
-    }
90 
-
91 
-    /**
92 
-     * @param $htmlfile
93 
-     * @param $iprange
94 
-     * @param $ip
95 
-     * @param $dnsdomain
96 
-     */
97 
-    protected function readFile($htmlfile, &$iprange, &$ip, &$dnsdomain)
98 
-    {
99 
-        foreach ($htmlfile as $line_num => $rawline) {
100 
-            // remove the comments
101 
-            $hashPos = strpos($rawline, '#');
102 
-            if ($hashPos !== false) {
103 
-                $line = substr($rawline, 0, $hashPos);
104 
-            }
105 
-            else {
106 
-                $line = $rawline;
107 
-            }
108 
-
109 
-            $line = trim($line);
110 
-
111 
-            // this was a comment or empty line...
112 
-            if ($line == "") {
113 
-                continue;
114 
-            }
115 
-
116 
-            // match a regex of an CIDR range:
117 
-            $ipcidr = '@' . RegexConstants::IPV4 . RegexConstants::IPV4_CIDR . '@';
118 
-            if (preg_match($ipcidr, $line) === 1) {
119 
-                $iprange[] = $line;
120 
-                continue;
121 
-            }
122 
-
123 
-            $ipnoncidr = '@' . RegexConstants::IPV4 . '@';
124 
-            if (preg_match($ipnoncidr, $line) === 1) {
125 
-                $ip[] = $line;
126 
-                continue;
127 
-            }
128 
-
129 
-            // it's probably a DNS name.
130 
-            $dnsdomain[] = $line;
131 
-        }
132 
-    }
133 
-
134 
-    /**
135 
-     * @param array        $ip
136 
-     * @param PDOStatement $insert
137 
-     *
138 
-     * @throws Exception
139 
-     */
140 
-    protected function doInserts($ip, PDOStatement $insert)
141 
-    {
142 
-        $successful = true;
143 
-
144 
-        foreach ($ip as $i) {
145 
-            if (strlen($i) > 15) {
146 
-                echo "Rejected $i\n";
147 
-                $successful = false;
148 
-
149 
-                continue;
150 
-            }
151 
-
152 
-            try {
153 
-                $insert->execute(array(':ip' => $i));
154 
-            }
155 
-            catch (PDOException $ex) {
156 
-                echo "Exception on $i :\n";
157 
-                echo $ex->getMessage();
158 
-                $successful = false;
159 
-                break;
160 
-            }
161 
-        }
162 
-
163 
-        if (!$successful) {
164 
-            throw new Exception('Encountered errors during transaction processing');
165 
-        }
166 
-    }
19 
+	public function execute()
20 
+	{
21 
+
22 
+		echo "Fetching file...\n";
23 
+
24 
+		$htmlfile = file($this->getSiteConfiguration()->getXffTrustedHostsFile(),
25 
+			FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
26 
+
27 
+		$ip = array();
28 
+		$iprange = array();
29 
+		$dnsdomain = array();
30 
+
31 
+		echo "Sorting file...\n";
32 
+		$this->readFile($htmlfile, $iprange, $ip, $dnsdomain);
33 
+
34 
+		echo "Exploding CIDRs...\n";
35 
+		$this->explodeCidrs($iprange, $ip);
36 
+
37 
+		echo "Resolving DNS...\n";
38 
+		$this->resolveDns($dnsdomain, $ip);
39 
+
40 
+		echo "Uniq-ing array...\n";
41 
+
42 
+		$ip = array_unique($ip);
43 
+
44 
+		$database = $this->getDatabase();
45 
+
46 
+		$database->exec('DELETE FROM xfftrustcache;');
47 
+
48 
+		$insert = $database->prepare('INSERT INTO xfftrustcache (ip) VALUES (:ip);');
49 
+
50 
+		$this->doInserts($ip, $insert);
51 
+	}
52 
+
53 
+	/**
54 
+	 * @param string[] $dnsDomains  the DNS domains to resolve
55 
+	 * @param string[] $ipAddresses existing array of IPs to add to
56 
+	 */
57 
+	protected function resolveDns($dnsDomains, &$ipAddresses)
58 
+	{
59 
+		foreach ($dnsDomains as $domain) {
60 
+			$ipList = gethostbynamel($domain);
61 
+
62 
+			if ($ipList === false) {
63 
+				echo "Invalid DNS name $domain\n";
64 
+				continue;
65 
+			}
66 
+
67 
+			foreach ($ipList as $ipAddress) {
68 
+				$ipAddresses[] = $ipAddress;
69 
+			}
70 
+
71 
+			// don't DoS
72 
+			usleep(10000);
73 
+		}
74 
+	}
75 
+
76 
+	/**
77 
+	 * @param $iprange
78 
+	 * @param $ip
79 
+	 */
80 
+	protected function explodeCidrs($iprange, &$ip)
81 
+	{
82 
+		foreach ($iprange as $r) {
83 
+			$ips = $this->getXffTrustProvider()->explodeCidr($r);
84 
+
85 
+			foreach ($ips as $i) {
86 
+				$ip[] = $i;
87 
+			}
88 
+		}
89 
+	}
90 
+
91 
+	/**
92 
+	 * @param $htmlfile
93 
+	 * @param $iprange
94 
+	 * @param $ip
95 
+	 * @param $dnsdomain
96 
+	 */
97 
+	protected function readFile($htmlfile, &$iprange, &$ip, &$dnsdomain)
98 
+	{
99 
+		foreach ($htmlfile as $line_num => $rawline) {
100 
+			// remove the comments
101 
+			$hashPos = strpos($rawline, '#');
102 
+			if ($hashPos !== false) {
103 
+				$line = substr($rawline, 0, $hashPos);
104 
+			}
105 
+			else {
106 
+				$line = $rawline;
107 
+			}
108 
+
109 
+			$line = trim($line);
110 
+
111 
+			// this was a comment or empty line...
112 
+			if ($line == "") {
113 
+				continue;
114 
+			}
115 
+
116 
+			// match a regex of an CIDR range:
117 
+			$ipcidr = '@' . RegexConstants::IPV4 . RegexConstants::IPV4_CIDR . '@';
118 
+			if (preg_match($ipcidr, $line) === 1) {
119 
+				$iprange[] = $line;
120 
+				continue;
121 
+			}
122 
+
123 
+			$ipnoncidr = '@' . RegexConstants::IPV4 . '@';
124 
+			if (preg_match($ipnoncidr, $line) === 1) {
125 
+				$ip[] = $line;
126 
+				continue;
127 
+			}
128 
+
129 
+			// it's probably a DNS name.
130 
+			$dnsdomain[] = $line;
131 
+		}
132 
+	}
133 
+
134 
+	/**
135 
+	 * @param array        $ip
136 
+	 * @param PDOStatement $insert
137 
+	 *
138 
+	 * @throws Exception
139 
+	 */
140 
+	protected function doInserts($ip, PDOStatement $insert)
141 
+	{
142 
+		$successful = true;
143 
+
144 
+		foreach ($ip as $i) {
145 
+			if (strlen($i) > 15) {
146 
+				echo "Rejected $i\n";
147 
+				$successful = false;
148 
+
149 
+				continue;
150 
+			}
151 
+
152 
+			try {
153 
+				$insert->execute(array(':ip' => $i));
154 
+			}
155 
+			catch (PDOException $ex) {
156 
+				echo "Exception on $i :\n";
157 
+				echo $ex->getMessage();
158 
+				$successful = false;
159 
+				break;
160 
+			}
161 
+		}
162 
+
163 
+		if (!$successful) {
164 
+			throw new Exception('Encountered errors during transaction processing');
165 
+		}
166 
+	}
167 167 
 }
168 168 
\ No newline at end of file
Please login to merge, or discard this patch.
includes/ConsoleTasks/RunJobQueueTask.php 1 patch
Indentation   +168 added lines, -168 removed lines patch added patch discarded remove patch 
@@ -23,172 +23,172 @@
 
 block discarded – undo
23 23
24 24 
 class RunJobQueueTask extends ConsoleTaskBase
25 25 
 {
26 
-    private $taskList = array(
27 
-        WelcomeUserTask::class,
28 
-        BotCreationTask::class,
29 
-        UserCreationTask::class
30 
-    );
31 
-
32 
-    public function execute()
33 
-    {
34 
-        $database = $this->getDatabase();
35 
-
36 
-        // ensure we're running inside a tx here.
37 
-        if (!$database->hasActiveTransaction()) {
38 
-            $database->beginTransaction();
39 
-        }
40 
-
41 
-        $sql = 'SELECT * FROM jobqueue WHERE status = :status ORDER BY enqueue LIMIT :lim';
42 
-        $statement = $database->prepare($sql);
43 
-        $statement->execute(array(
44 
-            ':status' => JobQueue::STATUS_READY,
45 
-            ':lim' => $this->getSiteConfiguration()->getJobQueueBatchSize()
46 
-        ));
47 
-
48 
-        /** @var JobQueue[] $queuedJobs */
49 
-        $queuedJobs = $statement->fetchAll(PDO::FETCH_CLASS, JobQueue::class);
50 
-
51 
-        // mark all the jobs as running, and commit the txn so we're not holding onto long-running transactions.
52 
-        // We'll re-lock the row when we get to it.
53 
-        foreach ($queuedJobs as $job) {
54 
-            $job->setDatabase($database);
55 
-            $job->setStatus(JobQueue::STATUS_WAITING);
56 
-            $job->setError(null);
57 
-            $job->setAcknowledged(null);
58 
-            $job->save();
59 
-        }
60 
-
61 
-        $database->commit();
62 
-
63 
-        set_error_handler(array(RunJobQueueTask::class, 'errorHandler'), E_ALL);
64 
-
65 
-        foreach ($queuedJobs as $job) {
66 
-            try {
67 
-                // refresh from the database
68 
-                /** @var JobQueue $job */
69 
-                $job = JobQueue::getById($job->getId(), $database);
70 
-
71 
-                if ($job->getStatus() !== JobQueue::STATUS_WAITING) {
72 
-                    continue;
73 
-                }
74 
-
75 
-                $database->beginTransaction();
76 
-                $job->setStatus(JobQueue::STATUS_RUNNING);
77 
-                $job->save();
78 
-                $database->commit();
79 
-
80 
-                $database->beginTransaction();
81 
-
82 
-                // re-lock the job
83 
-                $job->setStatus(JobQueue::STATUS_RUNNING);
84 
-                $job->save();
85 
-
86 
-                // validate we're allowed to run the requested task (whitelist)
87 
-                if (!in_array($job->getTask(), $this->taskList)) {
88 
-                    throw new ApplicationLogicException('Job task not registered');
89 
-                }
90 
-
91 
-                // Create a task.
92 
-                $taskName = $job->getTask();
93 
-
94 
-                if (!class_exists($taskName)) {
95 
-                    throw new ApplicationLogicException('Job task does not exist');
96 
-                }
97 
-
98 
-                /** @var BackgroundTaskBase $task */
99 
-                $task = new $taskName;
100 
-
101 
-                $this->setupTask($task, $job);
102 
-                $task->run();
103 
-            }
104 
-            catch (Exception $ex) {
105 
-                $database->rollBack();
106 
-                try {
107 
-                    $database->beginTransaction();
108 
-
109 
-                    /** @var JobQueue $job */
110 
-                    $job = JobQueue::getById($job->getId(), $database);
111 
-                    $job->setDatabase($database);
112 
-                    $job->setStatus(JobQueue::STATUS_FAILED);
113 
-                    $job->setError($ex->getMessage());
114 
-                    $job->setAcknowledged(0);
115 
-                    $job->save();
116 
-
117 
-                    Logger::backgroundJobIssue($this->getDatabase(), $job);
118 
-
119 
-                    $database->commit();
120 
-                }
121 
-                catch (Exception $ex) {
122 
-                    // oops, something went horribly wrong trying to handle this in a nice way; let's just fall back to
123 
-                    // logging this to disk for a tool root to investigate.
124 
-                    ExceptionHandler::logExceptionToDisk($ex, $this->getSiteConfiguration());
125 
-                }
126 
-            }
127 
-            finally {
128 
-                $database->commit();
129 
-            }
130 
-        }
131 
-
132 
-        $this->stageQueuedTasks($database);
133 
-    }
134 
-
135 
-    /**
136 
-     * @param BackgroundTaskBase $task
137 
-     * @param JobQueue           $job
138 
-     */
139 
-    private function setupTask(BackgroundTaskBase $task, JobQueue $job)
140 
-    {
141 
-        $task->setJob($job);
142 
-        $task->setDatabase($this->getDatabase());
143 
-        $task->setHttpHelper($this->getHttpHelper());
144 
-        $task->setOauthProtocolHelper($this->getOAuthProtocolHelper());
145 
-        $task->setEmailHelper($this->getEmailHelper());
146 
-        $task->setSiteConfiguration($this->getSiteConfiguration());
147 
-        $task->setNotificationHelper($this->getNotificationHelper());
148 
-    }
149 
-
150 
-    /** @noinspection PhpUnusedParameterInspection */
151 
-    public static function errorHandler($errno, $errstr, $errfile, $errline)
152 
-    {
153 
-        throw new Exception($errfile . "@" . $errline . ": " . $errstr);
154 
-    }
155 
-
156 
-    /**
157 
-     * Stages tasks for execution during the *next* jobqueue run.
158 
-     *
159 
-     * This is to build in some delay between enqueue and execution to allow for accidentally-triggered tasks to be
160 
-     * cancelled.
161 
-     *
162 
-     * @param PdoDatabase $database
163 
-     */
164 
-    protected function stageQueuedTasks(PdoDatabase $database): void
165 
-    {
166 
-        try {
167 
-            $database->beginTransaction();
168 
-
169 
-            $sql = 'SELECT * FROM jobqueue WHERE status = :status ORDER BY enqueue LIMIT :lim';
170 
-            $statement = $database->prepare($sql);
171 
-
172 
-            // use a larger batch size than the main runner, but still keep it limited in case things go crazy.
173 
-            $statement->execute(array(
174 
-                ':status' => JobQueue::STATUS_QUEUED,
175 
-                ':lim' => $this->getSiteConfiguration()->getJobQueueBatchSize() * 2
176 
-            ));
177 
-
178 
-            /** @var JobQueue[] $queuedJobs */
179 
-            $queuedJobs = $statement->fetchAll(PDO::FETCH_CLASS, JobQueue::class);
180 
-
181 
-            foreach ($queuedJobs as $job) {
182 
-                $job->setDatabase($database);
183 
-                $job->setStatus(JobQueue::STATUS_READY);
184 
-                $job->save();
185 
-            }
186 
-
187 
-            $database->commit();
188 
-        }
189 
-        catch (Exception $ex) {
190 
-            $database->rollBack();
191 
-            ExceptionHandler::logExceptionToDisk($ex, $this->getSiteConfiguration());
192 
-        }
193 
-    }
26 
+	private $taskList = array(
27 
+		WelcomeUserTask::class,
28 
+		BotCreationTask::class,
29 
+		UserCreationTask::class
30 
+	);
31 
+
32 
+	public function execute()
33 
+	{
34 
+		$database = $this->getDatabase();
35 
+
36 
+		// ensure we're running inside a tx here.
37 
+		if (!$database->hasActiveTransaction()) {
38 
+			$database->beginTransaction();
39 
+		}
40 
+
41 
+		$sql = 'SELECT * FROM jobqueue WHERE status = :status ORDER BY enqueue LIMIT :lim';
42 
+		$statement = $database->prepare($sql);
43 
+		$statement->execute(array(
44 
+			':status' => JobQueue::STATUS_READY,
45 
+			':lim' => $this->getSiteConfiguration()->getJobQueueBatchSize()
46 
+		));
47 
+
48 
+		/** @var JobQueue[] $queuedJobs */
49 
+		$queuedJobs = $statement->fetchAll(PDO::FETCH_CLASS, JobQueue::class);
50 
+
51 
+		// mark all the jobs as running, and commit the txn so we're not holding onto long-running transactions.
52 
+		// We'll re-lock the row when we get to it.
53 
+		foreach ($queuedJobs as $job) {
54 
+			$job->setDatabase($database);
55 
+			$job->setStatus(JobQueue::STATUS_WAITING);
56 
+			$job->setError(null);
57 
+			$job->setAcknowledged(null);
58 
+			$job->save();
59 
+		}
60 
+
61 
+		$database->commit();
62 
+
63 
+		set_error_handler(array(RunJobQueueTask::class, 'errorHandler'), E_ALL);
64 
+
65 
+		foreach ($queuedJobs as $job) {
66 
+			try {
67 
+				// refresh from the database
68 
+				/** @var JobQueue $job */
69 
+				$job = JobQueue::getById($job->getId(), $database);
70 
+
71 
+				if ($job->getStatus() !== JobQueue::STATUS_WAITING) {
72 
+					continue;
73 
+				}
74 
+
75 
+				$database->beginTransaction();
76 
+				$job->setStatus(JobQueue::STATUS_RUNNING);
77 
+				$job->save();
78 
+				$database->commit();
79 
+
80 
+				$database->beginTransaction();
81 
+
82 
+				// re-lock the job
83 
+				$job->setStatus(JobQueue::STATUS_RUNNING);
84 
+				$job->save();
85 
+
86 
+				// validate we're allowed to run the requested task (whitelist)
87 
+				if (!in_array($job->getTask(), $this->taskList)) {
88 
+					throw new ApplicationLogicException('Job task not registered');
89 
+				}
90 
+
91 
+				// Create a task.
92 
+				$taskName = $job->getTask();
93 
+
94 
+				if (!class_exists($taskName)) {
95 
+					throw new ApplicationLogicException('Job task does not exist');
96 
+				}
97 
+
98 
+				/** @var BackgroundTaskBase $task */
99 
+				$task = new $taskName;
100 
+
101 
+				$this->setupTask($task, $job);
102 
+				$task->run();
103 
+			}
104 
+			catch (Exception $ex) {
105 
+				$database->rollBack();
106 
+				try {
107 
+					$database->beginTransaction();
108 
+
109 
+					/** @var JobQueue $job */
110 
+					$job = JobQueue::getById($job->getId(), $database);
111 
+					$job->setDatabase($database);
112 
+					$job->setStatus(JobQueue::STATUS_FAILED);
113 
+					$job->setError($ex->getMessage());
114 
+					$job->setAcknowledged(0);
115 
+					$job->save();
116 
+
117 
+					Logger::backgroundJobIssue($this->getDatabase(), $job);
118 
+
119 
+					$database->commit();
120 
+				}
121 
+				catch (Exception $ex) {
122 
+					// oops, something went horribly wrong trying to handle this in a nice way; let's just fall back to
123 
+					// logging this to disk for a tool root to investigate.
124 
+					ExceptionHandler::logExceptionToDisk($ex, $this->getSiteConfiguration());
125 
+				}
126 
+			}
127 
+			finally {
128 
+				$database->commit();
129 
+			}
130 
+		}
131 
+
132 
+		$this->stageQueuedTasks($database);
133 
+	}
134 
+
135 
+	/**
136 
+	 * @param BackgroundTaskBase $task
137 
+	 * @param JobQueue           $job
138 
+	 */
139 
+	private function setupTask(BackgroundTaskBase $task, JobQueue $job)
140 
+	{
141 
+		$task->setJob($job);
142 
+		$task->setDatabase($this->getDatabase());
143 
+		$task->setHttpHelper($this->getHttpHelper());
144 
+		$task->setOauthProtocolHelper($this->getOAuthProtocolHelper());
145 
+		$task->setEmailHelper($this->getEmailHelper());
146 
+		$task->setSiteConfiguration($this->getSiteConfiguration());
147 
+		$task->setNotificationHelper($this->getNotificationHelper());
148 
+	}
149 
+
150 
+	/** @noinspection PhpUnusedParameterInspection */
151 
+	public static function errorHandler($errno, $errstr, $errfile, $errline)
152 
+	{
153 
+		throw new Exception($errfile . "@" . $errline . ": " . $errstr);
154 
+	}
155 
+
156 
+	/**
157 
+	 * Stages tasks for execution during the *next* jobqueue run.
158 
+	 *
159 
+	 * This is to build in some delay between enqueue and execution to allow for accidentally-triggered tasks to be
160 
+	 * cancelled.
161 
+	 *
162 
+	 * @param PdoDatabase $database
163 
+	 */
164 
+	protected function stageQueuedTasks(PdoDatabase $database): void
165 
+	{
166 
+		try {
167 
+			$database->beginTransaction();
168 
+
169 
+			$sql = 'SELECT * FROM jobqueue WHERE status = :status ORDER BY enqueue LIMIT :lim';
170 
+			$statement = $database->prepare($sql);
171 
+
172 
+			// use a larger batch size than the main runner, but still keep it limited in case things go crazy.
173 
+			$statement->execute(array(
174 
+				':status' => JobQueue::STATUS_QUEUED,
175 
+				':lim' => $this->getSiteConfiguration()->getJobQueueBatchSize() * 2
176 
+			));
177 
+
178 
+			/** @var JobQueue[] $queuedJobs */
179 
+			$queuedJobs = $statement->fetchAll(PDO::FETCH_CLASS, JobQueue::class);
180 
+
181 
+			foreach ($queuedJobs as $job) {
182 
+				$job->setDatabase($database);
183 
+				$job->setStatus(JobQueue::STATUS_READY);
184 
+				$job->save();
185 
+			}
186 
+
187 
+			$database->commit();
188 
+		}
189 
+		catch (Exception $ex) {
190 
+			$database->rollBack();
191 
+			ExceptionHandler::logExceptionToDisk($ex, $this->getSiteConfiguration());
192 
+		}
193 
+	}
194 194 
 }
Please login to merge, or discard this patch.
includes/ConsoleTasks/MigrateToDomains.php 1 patch
Indentation   +4 added lines, -4 removed lines patch added patch discarded remove patch 
@@ -14,8 +14,8 @@
 
 block discarded – undo
14 14
15 15 
 class MigrateToDomains extends ConsoleTaskBase
16 16 
 {
17 
-    public function execute()
18 
-    {
19 
-        echo "This migration script must be run with the entire application at an earlier version.";
20 
-    }
17 
+	public function execute()
18 
+	{
19 
+		echo "This migration script must be run with the entire application at an earlier version.";
20 
+	}
21 21 
 }
Please login to merge, or discard this patch.