Issues in Asset.php (2.x) - Issues in 2.x - terrylinooo/shieldon - Measure and Improve Code Quality continuously with Scrutinizer

Issues (31)

src/Firewall/Panel/Asset.php (1 issue)

Labels

Severity

Major 1

<?php
/**
 * This file is part of the Shieldon package.
 *
 * (c) Terry L. <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * php version 7.1.0
 *
 * @category  Web-security
 * @package   Shieldon
 * @author    Terry Lin <[email protected]>
 * @copyright 2019 terrylinooo
 * @license   https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
 * @link      https://github.com/terrylinooo/shieldon
 * @see       https://shieldon.io
 */

declare(strict_types=1);

namespace Shieldon\Firewall\Panel;

use Psr\Http\Message\ResponseInterface;
use Shieldon\Firewall\HttpFactory;
use function Shieldon\Firewall\get_response;

/**
 * The static asset files such as CSS, JavaScript.
 */
class Asset extends BaseController
{
    /**
     *   Public methods       | Desctiotion
     *  ----------------------|---------------------------------------------
     *   css                  | Output the content contains CSS.
     *   js                   | Output the content contains JavaScript.
     *   favicon              | Output the content contains favicon's binary string.
     *   logo                 | Output the content contains logo's binary string.
     *  ----------------------|---------------------------------------------
     */

    /**
     * The directory in where the static assets of the firewall panel are placed.
     */
    const PANEL_ASSET_DIR = __DIR__ . '/../../../assets';

    /**
     * Constructor.
     */
    public function __construct()
    {
        parent::__construct();
    }

    /**
     * Output the content contains CSS to the browser.
     *
     * @return ResponseInterface
     */
    public function css(): ResponseInterface
    {
        return $this->getResponseWithContentType(
            'text/css; charset=UTF-8',
            $this->loadCss()
        );
    }

    /**
     * Output the content contains JavaScript to the browser.
     *
     * @return ResponseInterface
     */
    public function js(): ResponseInterface
    {
        return $this->getResponseWithContentType(
            'text/javascript; charset=UTF-8',
            $this->loadJs()
        );
    }

    /**
     * Output the content contains image binary string to the browser.
     *
     * @return ResponseInterface
     */
    public function favicon(): ResponseInterface
    {
        return $this->getResponseWithContentType(
            'image/x-icon',
            $this->loadFavicon()
        );
    }

    /**
     * Output the content contains logo's binary string to the browser.
     *
     * @return ResponseInterface
     */
    public function logo(): ResponseInterface
    {
        return $this->getResponseWithContentType(
            'image/png',
            $this->loadLogo()
        );
    }

    /**
     * Load CSS content.
     *
     * @return string
     */
    protected function loadJs(): string
    {
        ob_start();
        echo file_get_contents(self::PANEL_ASSET_DIR . '/dist/app-packed.js');
        $output = ob_get_contents();
        ob_end_clean();
    
        return $this->filterString($output);
    }

    /**
     * Load CSS content.
     *
     * @return string
     */
    protected function loadCss(): string
    {
        ob_start();
        echo file_get_contents(self::PANEL_ASSET_DIR . '/dist/app-packed.css');
        $output = ob_get_contents();
        ob_end_clean();
    
        return $this->filterString($output);
    }

    /**
     * Load Shieldon's favicon.
     *
     * @return string
     */
    protected function loadFavicon(): string
    {
        ob_start();
        echo file_get_contents(self::PANEL_ASSET_DIR . '/src/images/favicon.ico');
        $output = ob_get_contents();
        ob_end_clean();

        return $output;
    }

    /**
     * Load Shieldon's logo.
     *
     * @return string
     */
    protected function loadLogo(): string
    {
        ob_start();
        echo file_get_contents(self::PANEL_ASSET_DIR . '/src/images/logo.png');
        $output = ob_get_contents();
        ob_end_clean();

        return $output;
    }

    /**
     * Get server response with content.
     *
     * @param string $contentType The content type.
     * @param string $body        The data sring.
     *
     * @return ResponseInterface
     */
    private function getResponseWithContentType(string $contentType, string $body): ResponseInterface
    {
        $response = get_response();
        $response = $response->withHeader('Content-Type', $contentType);
        $stream = HttpFactory::createStream();
        $stream->write($body);
        $stream->rewind();
        $response = $response->withBody($stream);

        return $this->withCacheHeader($response);
    }

    /**
     * Return the header with cache parameters.
     *
     * @param ResponseInterface $response The PSR-7 server response.
     *
     * @return ResponseInterface
     */
    private function withCacheHeader(ResponseInterface $response): ResponseInterface
    {
        $seconds = 86400; // 24 hours
        $response = $response->withHeader('Expires', gmdate('D, d M Y H:i:s', time() + $seconds) . ' GMT');
        $response = $response->withHeader('Pragma', 'cache');
        $response = $response->withHeader('Cache-Control', 'max-age=' . $seconds);

        return $response;

    }

    /**
     * Remove the PHP syntax, prevent the possible security issues.
     *
     * @param string $string
     *
     * @return string
     */
    private function filterString(string $string): string
    {
        return str_replace(['<?php', '<?', '?>'], '', $string);
    }
}


1		<?php
2		/**
3		* This file is part of the Shieldon package.
4		*
5		* (c) Terry L. <[email protected]>
6		*
7		* For the full copyright and license information, please view the LICENSE
8		* file that was distributed with this source code.
9		*
10		* php version 7.1.0
11		*
12		* @category Web-security
13		* @package Shieldon
14		* @author Terry Lin <[email protected]>
15		* @copyright 2019 terrylinooo
16		* @license https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
17		* @link https://github.com/terrylinooo/shieldon
18		* @see https://shieldon.io
19		*/
20
21		declare(strict_types=1);
22
23		namespace Shieldon\Firewall\Panel;
24
25		use Psr\Http\Message\ResponseInterface;
26		use Shieldon\Firewall\HttpFactory;
27		use function Shieldon\Firewall\get_response;
28
29		/**
30		* The static asset files such as CSS, JavaScript.
31		*/
32		class Asset extends BaseController
33		{
34		/**
35		* Public methods \| Desctiotion
36		* ----------------------\|---------------------------------------------
37		* css \| Output the content contains CSS.
38		* js \| Output the content contains JavaScript.
39		* favicon \| Output the content contains favicon's binary string.
40		* logo \| Output the content contains logo's binary string.
41		* ----------------------\|---------------------------------------------
42		*/
43
44		/**
45		* The directory in where the static assets of the firewall panel are placed.
46		*/
47		const PANEL_ASSET_DIR = __DIR__ . '/../../../assets';
48
49		/**
50		* Constructor.
51		*/
52	4	public function __construct()
53		{
54	4	parent::__construct();
55		}
56
57		/**
58		* Output the content contains CSS to the browser.
59		*
60		* @return ResponseInterface
61		*/
62	1	public function css(): ResponseInterface
63		{
64	1	return $this->getResponseWithContentType(
65	1	'text/css; charset=UTF-8',
66	1	$this->loadCss()
67	1	);
68		}
69
70		/**
71		* Output the content contains JavaScript to the browser.
72		*
73		* @return ResponseInterface
74		*/
75	1	public function js(): ResponseInterface
76		{
77	1	return $this->getResponseWithContentType(
78	1	'text/javascript; charset=UTF-8',
79	1	$this->loadJs()
80	1	);
81		}
82
83		/**
84		* Output the content contains image binary string to the browser.
85		*
86		* @return ResponseInterface
87		*/
88	1	public function favicon(): ResponseInterface
89		{
90	1	return $this->getResponseWithContentType(
91	1	'image/x-icon',
92	1	$this->loadFavicon()
93	1	);
94		}
95
96		/**
97		* Output the content contains logo's binary string to the browser.
98		*
99		* @return ResponseInterface
100		*/
101	1	public function logo(): ResponseInterface
102		{
103	1	return $this->getResponseWithContentType(
104	1	'image/png',
105	1	$this->loadLogo()
106	1	);
107		}
108
109		/**
110		* Load CSS content.
111		*
112		* @return string
113		*/
114	1	protected function loadJs(): string
115		{
116	1	ob_start();
117	1	echo file_get_contents(self::PANEL_ASSET_DIR . '/dist/app-packed.js');
118	1	$output = ob_get_contents();
119	1	ob_end_clean();
120
121	1	return $this->filterString($output);
122		}
123
124		/**
125		* Load CSS content.
126		*
127		* @return string
128		*/
129	1	protected function loadCss(): string
130		{
131	1	ob_start();
132	1	echo file_get_contents(self::PANEL_ASSET_DIR . '/dist/app-packed.css');
133	1	$output = ob_get_contents();
134	1	ob_end_clean();
135
136	1	return $this->filterString($output);
137		}
138
139		/**
140		* Load Shieldon's favicon.
141		*
142		* @return string
143		*/
144	1	protected function loadFavicon(): string
145		{
146	1	ob_start();
147	1	echo file_get_contents(self::PANEL_ASSET_DIR . '/src/images/favicon.ico');
148	1	$output = ob_get_contents();
149	1	ob_end_clean();
150
151	1	return $output;
152		}
153
154		/**
155		* Load Shieldon's logo.
156		*
157		* @return string
158		*/
159	1	protected function loadLogo(): string
160		{
161	1	ob_start();
162	1	echo file_get_contents(self::PANEL_ASSET_DIR . '/src/images/logo.png');
163	1	$output = ob_get_contents();
164	1	ob_end_clean();
165
166	1	return $output;
167		}
168
169		/**
170		* Get server response with content.
171		*
172		* @param string $contentType The content type.
173		* @param string $body The data sring.
174		*
175		* @return ResponseInterface
176		*/
177	4	private function getResponseWithContentType(string $contentType, string $body): ResponseInterface
178		{
179	4	$response = get_response();
180	4	$response = $response->withHeader('Content-Type', $contentType);
181	4	$stream = HttpFactory::createStream();
182	4	$stream->write($body);
183	4	$stream->rewind();
184	4	$response = $response->withBody($stream);
185
186	4	return $this->withCacheHeader($response);
187		}
188
189		/**
190		* Return the header with cache parameters.
191		*
192		* @param ResponseInterface $response The PSR-7 server response.
193		*
194		* @return ResponseInterface
195		*/
196	4	private function withCacheHeader(ResponseInterface $response): ResponseInterface
197		{
198	4	$seconds = 86400; // 24 hours
199	4	$response = $response->withHeader('Expires', gmdate('D, d M Y H:i:s', time() + $seconds) . ' GMT');
200	4	$response = $response->withHeader('Pragma', 'cache');
201	4	$response = $response->withHeader('Cache-Control', 'max-age=' . $seconds);
202
203	4	return $response;
		0 ignored issues – show Bug Best Practice introduced 2023-06-09 05:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $response` returns the type `Psr\Http\Message\MessageInterface` which includes types incompatible with the type-hinted return `Psr\Http\Message\ResponseInterface`. Loading history...
204		}
205
206		/**
207		* Remove the PHP syntax, prevent the possible security issues.
208		*
209		* @param string $string
210		*
211		* @return string
212		*/
213	2	private function filterString(string $string): string
214		{
215	2	return str_replace(['<?php', '<?', '?>'], '', $string);
216		}
217		}
218

terrylinooo / shieldon

Issues (31)

src/Firewall/Panel/Asset.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like