Issues in CSRFProtectionRenderer.php (master) - Issues in master - templado/engine - Measure and Improve Code Quality continuously with Scrutinizer

Issues (26)

src/csrfprotection/CSRFProtectionRenderer.php (1 issue)

Showing only issues like (Show All)

Checks if the types of returned expressions are compatible with the hinted types.

Best Practice Bug Major

Arne Blankerts 1

<?php declare(strict_types = 1);
namespace Templado\Engine;

use DOMElement;
use DOMXPath;

/** @psalm-suppress MissingConstructor */
class CSRFProtectionRenderer {

    /** @var CSRFProtection */
    private $protection;

    /** @var DOMXPath */
    private $xp;

    public function render(DOMElement $context, CSRFProtection $protection): void {
        $this->protection = $protection;
        $this->xp         = new DOMXPath($context->ownerDocument);

        foreach ($context->getElementsByTagName('form') as $form) {
            $this->getCSRFField($form)->setAttribute(
                'value',
                $protection->getTokenValue()
            );
        }
    }

    private function getCSRFField(DOMElement $form): DOMElement {
        $nodeList = $this->xp->query(
            \sprintf('.//*[local-name() = "input" and @name="%s"]', $this->protection->getFieldName()),
            $form
        );

        if ($nodeList->length === 0) {
            return $this->createField($form);
        }

        /** @psalm-var \DOMElement */
        return $nodeList->item(0);

    }

    private function createField(DOMElement $form): DOMElement {
        if ($form->namespaceURI !== null) {
            $input = $form->ownerDocument->createElementNS($form->namespaceURI, 'input');
        } else {
            $input = $form->ownerDocument->createElement('input');
        }

        $form->insertBefore($input, $form->firstChild);
        $input->setAttribute('type', 'hidden');
        $input->setAttribute('name', $this->protection->getFieldName());

        return $input;
    }
}


1		<?php declare(strict_types = 1);
2		namespace Templado\Engine;
3
4		use DOMElement;
5		use DOMXPath;
6
7		/** @psalm-suppress MissingConstructor */
8		class CSRFProtectionRenderer {
9
10		/** @var CSRFProtection */
11		private $protection;
12
13		/** @var DOMXPath */
14		private $xp;
15
16	12	public function render(DOMElement $context, CSRFProtection $protection): void {
17	12	$this->protection = $protection;
18	12	$this->xp = new DOMXPath($context->ownerDocument);
19
20	12	foreach ($context->getElementsByTagName('form') as $form) {
21	12	$this->getCSRFField($form)->setAttribute(
22	12	'value',
23	12	$protection->getTokenValue()
24		);
25		}
26	12	}
27
28	12	private function getCSRFField(DOMElement $form): DOMElement {
29	12	$nodeList = $this->xp->query(
30	12	\sprintf('.//*[local-name() = "input" and @name="%s"]', $this->protection->getFieldName()),
31	4	$form
32		);
33
34	12	if ($nodeList->length === 0) {
35	6	return $this->createField($form);
36		}
37
38		/** @psalm-var \DOMElement */
39	6	return $nodeList->item(0);
		0 ignored issues – show Bug Best Practice introduced 2020-10-08 00:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $nodeList->item(0)` returns the type `null` which is incompatible with the type-hinted return `DOMElement`. Loading history...
40		}
41
42	6	private function createField(DOMElement $form): DOMElement {
43	6	if ($form->namespaceURI !== null) {
44	3	$input = $form->ownerDocument->createElementNS($form->namespaceURI, 'input');
45		} else {
46	3	$input = $form->ownerDocument->createElement('input');
47		}
48
49	6	$form->insertBefore($input, $form->firstChild);
50	6	$input->setAttribute('type', 'hidden');
51	6	$input->setAttribute('name', $this->protection->getFieldName());
52
53	6	return $input;
54		}
55		}
56

templado / engine

Issues (26)

src/csrfprotection/CSRFProtectionRenderer.php (1 issue)

Showing only issues like (Show All)

Introduced By

Duplication Side-by-Side

Filter issues like