Issues in Setting.php (2.x) - Issues in 2.x - terrylinooo/shieldon - Measure and Improve Code Quality continuously with Scrutinizer

Issues (31)

src/Firewall/Panel/Setting.php (4 issues)

Labels

Severity

Major 4

<?php
/**
 * This file is part of the Shieldon package.
 *
 * (c) Terry L. <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * php version 7.1.0
 *
 * @category  Web-security
 * @package   Shieldon
 * @author    Terry Lin <[email protected]>
 * @copyright 2019 terrylinooo
 * @license   https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
 * @link      https://github.com/terrylinooo/shieldon
 * @see       https://shieldon.io
 */

declare(strict_types=1);

namespace Shieldon\Firewall\Panel;

use Psr\Http\Message\ResponseInterface;
use Shieldon\Firewall\Panel\BaseController;
use function Shieldon\Firewall\__;
use function Shieldon\Firewall\get_request;
use function Shieldon\Firewall\get_response;
use function Shieldon\Firewall\get_session_instance;
use function Shieldon\Firewall\unset_superglobal;
use function array_keys;
use function array_values;
use function explode;
use function filter_var;
use function json_decode;
use function json_last_error;
use const JSON_PRETTY_PRINT;

/**
 * Home
 */
class Setting extends BaseController
{
    /**
     *   Public methods       | Desctiotion
     *  ----------------------|---------------------------------------------
     *   basic                | The page for managing page authentication.
     *   ipManager            | The page for managing XSS protection.
     *   exclusion            | The page for managing excluded list.
     *   export               | Export the settings as a JSON file.
     *   import               | Improt the setting by a JSON file.
     *  ----------------------|---------------------------------------------
     */

    /**
     * Constructor
     */
    public function __construct()
    {
        parent::__construct();
    }

    /**
     * Set up basic settings.
     *
     * @return ResponseInterface
     */
    public function basic(): ResponseInterface
    {
        $data = [];

        $postParams = get_request()->getParsedBody();

        if (isset($postParams['tab'])) {
            unset_superglobal('tab', 'post');
            $this->saveConfig();
        }

        $data['title'] = __('panel', 'title_basic_setting', 'Basic Settings');

        return $this->renderPage('panel/setting', $data);
    }

    /**
     * Set up basic settings.
     *
     * @return ResponseInterface
     */
    public function messenger(): ResponseInterface
    {
        $data = [];

        $postParams = get_request()->getParsedBody();

        $data['ajaxUrl'] = $this->url('ajax/tryMessenger');

        if (isset($postParams['tab'])) {
            unset_superglobal('tab', 'post');
            $this->saveConfig();
        }

        $data['title'] = __('panel', 'title_messenger', 'Messenger');

        return $this->renderPage('panel/messenger', $data);
    }

    /**
     * IP manager.
     *
     * @return ResponseInterface
     */
    public function ipManager(): ResponseInterface
    {
        $postParams = get_request()->getParsedBody();

        if (isset($postParams['ip']) &&
            filter_var(explode('/', $postParams['ip'])[0], FILTER_VALIDATE_IP)
        ) {
            $url = $postParams['url'];
            $ip = $postParams['ip'];
            $rule = $postParams['action'];
            $order = (int) $postParams['order'];

            if ($order > 0) {
                $order--;
            }

            $ipList = (array) $this->getConfig('ip_manager');

            if ('allow' === $rule || 'deny' === $rule) {
                $newIpList = [];
                $newIpList[$order]['url'] = $url;
                $newIpList[$order]['ip'] = $ip;
                $newIpList[$order]['rule'] = $rule;
                array_splice($ipList, $order, 0, $newIpList);
                $this->setConfig('ip_manager', $ipList);
            } elseif ('remove' === $rule) {
                unset($ipList[$order]);
                $ipList = array_values($ipList);
                $this->setConfig('ip_manager', $ipList);
            }

            unset_superglobal('url', 'post');
            unset_superglobal('ip', 'post');
            unset_superglobal('action', 'post');
            unset_superglobal('order', 'post');

            $this->saveConfig();
        }

        $data = [];

        $data['ip_list'] = $this->getConfig('ip_manager');

        $data['title'] = __('panel', 'title_ip_manager', 'IP Manager');

        return $this->renderPage('panel/ip_manager', $data);
    }

    /**
     * Exclude the URLs that they don't need protection.
     *
     * @return ResponseInterface
     */
    public function exclusion(): ResponseInterface
    {
        $postParams = get_request()->getParsedBody();

        if (isset($postParams['url'])) {
            $url = $postParams['url'];
            $action = $postParams['action'];
            $order = (int) $postParams['order'];

            $excludedUrls = (array) $this->getConfig('excluded_urls');

            if ('add' === $action) {
                array_push(
                    $excludedUrls,
                    [
                        'url' => $url,
                    ]
                );
            } elseif ('remove' === $action) {
                unset($excludedUrls[$order]);

                $excludedUrls = array_values($excludedUrls);
            }

            $this->setConfig('excluded_urls', $excludedUrls);

            unset_superglobal('url', 'post');
            unset_superglobal('action', 'post');
            unset_superglobal('order', 'post');

            $this->saveConfig();
        }

        $data = [];

        $data['exclusion_list'] = $this->getConfig('excluded_urls');

        $data['title'] = __('panel', 'title_exclusion_list', 'Exclusion List');

        return $this->renderPage('panel/exclusion', $data);
    }

    /**
     * Export settings.
     *
     * @return ResponseInterface
     */
    public function export(): ResponseInterface
    {
        $response = get_response();

        $stream = $response->getBody();
        $stream->write(json_encode($this->configuration, JSON_PRETTY_PRINT));
        $stream->rewind();

        $filename = 'shieldon_' . date('Y-m-d-Hi') . '.json';

        $response = $response->withHeader('Content-Type', 'text/plain');
        $response = $response->withHeader('Content-Disposition', 'attachment; filename=' . $filename);
        $response = $response->withHeader('Expires', '0');
        $response = $response->withHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0');
        $response = $response->withHeader('Pragma', 'public');
        $response = $response->withBody($stream);

        return $response;

    }

    /**
     * Import settings.
     *
     * @return ResponseInterface
     */
    public function import(): ResponseInterface
    {
        $request = get_request();
        $response = get_response();

        $uploadedFileArr = $request->getUploadedFiles();
        $importedFileContent = $uploadedFileArr['json_file']->getStream()->getContents();

        if (!empty($importedFileContent)) {
            $jsonData = json_decode($importedFileContent, true);

            if (json_last_error() !== JSON_ERROR_NONE) {
                $this->pushMessage(
                    'error',
                    __(
                        'panel',
                        'error_invalid_json_file',
                        'Invalid JSON file.'
                    )
                );
                get_session_instance()->set('flash_messages', $this->messages);

                // Return failed result message.
                return $response->withHeader('Location', $this->url('setting/basic'));

            }

            $checkFileVaild = true;

            foreach (array_keys($this->configuration) as $key) {
                if (!isset($jsonData[$key])) {
                    $checkFileVaild = false;
                }
            }

            if ($checkFileVaild) {
                foreach (array_keys($jsonData) as $key) {
                    if (isset($this->configuration[$key])) {
                        unset($this->configuration[$key]);
                    }
                }

                $this->configuration = $this->configuration + $jsonData;

                // Save settings into a configuration file.
                $configFilePath = $this->directory . '/' . $this->filename;
                file_put_contents($configFilePath, json_encode($this->configuration));

                $this->pushMessage(
                    'success',
                    __(
                        'panel',
                        'success_json_imported',
                        'JSON file imported successfully.'
                    )
                );

                get_session_instance()->set('flash_messages', $this->messages);

                // Return succesfull result message.
                return $response->withHeader('Location', $this->url('setting/basic'));

            }
        }

        $this->pushMessage(
            'error',
            __(
                'panel',
                'error_invalid_config_file',
                'Invalid Shieldon configuration file.'
            )
        );

        get_session_instance()->set('flash_messages', $this->messages);

        return $response->withHeader('Location', $this->url('setting/basic'));

    }
}


1		<?php
2		/**
3		* This file is part of the Shieldon package.
4		*
5		* (c) Terry L. <[email protected]>
6		*
7		* For the full copyright and license information, please view the LICENSE
8		* file that was distributed with this source code.
9		*
10		* php version 7.1.0
11		*
12		* @category Web-security
13		* @package Shieldon
14		* @author Terry Lin <[email protected]>
15		* @copyright 2019 terrylinooo
16		* @license https://github.com/terrylinooo/shieldon/blob/2.x/LICENSE MIT
17		* @link https://github.com/terrylinooo/shieldon
18		* @see https://shieldon.io
19		*/
20
21		declare(strict_types=1);
22
23		namespace Shieldon\Firewall\Panel;
24
25		use Psr\Http\Message\ResponseInterface;
26		use Shieldon\Firewall\Panel\BaseController;
27		use function Shieldon\Firewall\__;
28		use function Shieldon\Firewall\get_request;
29		use function Shieldon\Firewall\get_response;
30		use function Shieldon\Firewall\get_session_instance;
31		use function Shieldon\Firewall\unset_superglobal;
32		use function array_keys;
33		use function array_values;
34		use function explode;
35		use function filter_var;
36		use function json_decode;
37		use function json_last_error;
38		use const JSON_PRETTY_PRINT;
39
40		/**
41		* Home
42		*/
43		class Setting extends BaseController
44		{
45		/**
46		* Public methods \| Desctiotion
47		* ----------------------\|---------------------------------------------
48		* basic \| The page for managing page authentication.
49		* ipManager \| The page for managing XSS protection.
50		* exclusion \| The page for managing excluded list.
51		* export \| Export the settings as a JSON file.
52		* import \| Improt the setting by a JSON file.
53		* ----------------------\|---------------------------------------------
54		*/
55
56		/**
57		* Constructor
58		*/
59	16	public function __construct()
60		{
61	16	parent::__construct();
62		}
63
64		/**
65		* Set up basic settings.
66		*
67		* @return ResponseInterface
68		*/
69	2	public function basic(): ResponseInterface
70		{
71	2	$data = [];
72
73	2	$postParams = get_request()->getParsedBody();
74
75	2	if (isset($postParams['tab'])) {
76	1	unset_superglobal('tab', 'post');
77	1	$this->saveConfig();
78		}
79
80	2	$data['title'] = __('panel', 'title_basic_setting', 'Basic Settings');
81
82	2	return $this->renderPage('panel/setting', $data);
83		}
84
85		/**
86		* Set up basic settings.
87		*
88		* @return ResponseInterface
89		*/
90	2	public function messenger(): ResponseInterface
91		{
92	2	$data = [];
93
94	2	$postParams = get_request()->getParsedBody();
95
96	2	$data['ajaxUrl'] = $this->url('ajax/tryMessenger');
97
98	2	if (isset($postParams['tab'])) {
99	1	unset_superglobal('tab', 'post');
100	1	$this->saveConfig();
101		}
102
103	2	$data['title'] = __('panel', 'title_messenger', 'Messenger');
104
105	2	return $this->renderPage('panel/messenger', $data);
106		}
107
108		/**
109		* IP manager.
110		*
111		* @return ResponseInterface
112		*/
113	5	public function ipManager(): ResponseInterface
114		{
115	5	$postParams = get_request()->getParsedBody();
116
117		if (isset($postParams['ip']) &&
118	5	filter_var(explode('/', $postParams['ip'])[0], FILTER_VALIDATE_IP)
119	5	) {
120		$url = $postParams['url'];
121		$ip = $postParams['ip'];
122	4	$rule = $postParams['action'];
123	4	$order = (int) $postParams['order'];
124	4
125	4	if ($order > 0) {
126		$order--;
127	4	}
128	1
129		$ipList = (array) $this->getConfig('ip_manager');
130
131	4	if ('allow' === $rule \|\| 'deny' === $rule) {
132		$newIpList = [];
133	4	$newIpList[$order]['url'] = $url;
134		$newIpList[$order]['ip'] = $ip;
135	2	$newIpList[$order]['rule'] = $rule;
136	2	array_splice($ipList, $order, 0, $newIpList);
137	2	$this->setConfig('ip_manager', $ipList);
138	2	} elseif ('remove' === $rule) {
139		unset($ipList[$order]);
140	2	$ipList = array_values($ipList);
141		$this->setConfig('ip_manager', $ipList);
142	2	}
143
144	2	unset_superglobal('url', 'post');
145	2	unset_superglobal('ip', 'post');
146	2	unset_superglobal('action', 'post');
147	2	unset_superglobal('order', 'post');
148
149		$this->saveConfig();
150	4	}
151	4
152	4	$data = [];
153	4
154		$data['ip_list'] = $this->getConfig('ip_manager');
155	4
156		$data['title'] = __('panel', 'title_ip_manager', 'IP Manager');
157
158	5	return $this->renderPage('panel/ip_manager', $data);
159		}
160	5
161		/**
162	5	* Exclude the URLs that they don't need protection.
163		*
164	5	* @return ResponseInterface
165		*/
166		public function exclusion(): ResponseInterface
167		{
168		$postParams = get_request()->getParsedBody();
169
170		if (isset($postParams['url'])) {
171		$url = $postParams['url'];
172	3	$action = $postParams['action'];
173		$order = (int) $postParams['order'];
174	3
175		$excludedUrls = (array) $this->getConfig('excluded_urls');
176	3
177		if ('add' === $action) {
178	2	array_push(
179	2	$excludedUrls,
180	2	[
181		'url' => $url,
182	2	]
183		);
184	2	} elseif ('remove' === $action) {
185	1	unset($excludedUrls[$order]);
186	1
187	1	$excludedUrls = array_values($excludedUrls);
188	1	}
189	1
190	1	$this->setConfig('excluded_urls', $excludedUrls);
191
192	1	unset_superglobal('url', 'post');
193	1	unset_superglobal('action', 'post');
194		unset_superglobal('order', 'post');
195	1
196		$this->saveConfig();
197		}
198	2
199		$data = [];
200	2
201	2	$data['exclusion_list'] = $this->getConfig('excluded_urls');
202	2
203		$data['title'] = __('panel', 'title_exclusion_list', 'Exclusion List');
204	2
205		return $this->renderPage('panel/exclusion', $data);
206		}
207	3
208		/**
209	3	* Export settings.
210		*
211	3	* @return ResponseInterface
212		*/
213	3	public function export(): ResponseInterface
214		{
215		$response = get_response();
216
217		$stream = $response->getBody();
218		$stream->write(json_encode($this->configuration, JSON_PRETTY_PRINT));
219		$stream->rewind();
220
221	1	$filename = 'shieldon_' . date('Y-m-d-Hi') . '.json';
222
223	1	$response = $response->withHeader('Content-Type', 'text/plain');
224		$response = $response->withHeader('Content-Disposition', 'attachment; filename=' . $filename);
225	1	$response = $response->withHeader('Expires', '0');
226	1	$response = $response->withHeader('Cache-Control', 'must-revalidate, post-check=0, pre-check=0');
227	1	$response = $response->withHeader('Pragma', 'public');
228		$response = $response->withBody($stream);
229	1
230		return $response;
		0 ignored issues – show Bug Best Practice introduced 2023-06-09 05:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $response` returns the type `Psr\Http\Message\MessageInterface` which includes types incompatible with the type-hinted return `Psr\Http\Message\ResponseInterface`. Loading history...
231	1	}
232	1
233	1	/**
234	1	* Import settings.
235	1	*
236	1	* @return ResponseInterface
237		*/
238	1	public function import(): ResponseInterface
239		{
240		$request = get_request();
241		$response = get_response();
242
243		$uploadedFileArr = $request->getUploadedFiles();
244		$importedFileContent = $uploadedFileArr['json_file']->getStream()->getContents();
245
246	3	if (!empty($importedFileContent)) {
247		$jsonData = json_decode($importedFileContent, true);
248	3
249	3	if (json_last_error() !== JSON_ERROR_NONE) {
250		$this->pushMessage(
251	3	'error',
252	3	__(
253		'panel',
254	3	'error_invalid_json_file',
255	3	'Invalid JSON file.'
256		)
257	3	);
258	1	get_session_instance()->set('flash_messages', $this->messages);
259	1
260	1	// Return failed result message.
261	1	return $response->withHeader('Location', $this->url('setting/basic'));
		0 ignored issues – show Bug Best Practice introduced 2023-06-09 05:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $response->withHe...->url('setting/basic'))` returns the type `Psr\Http\Message\MessageInterface` which includes types incompatible with the type-hinted return `Psr\Http\Message\ResponseInterface`. Loading history...
262	1	}
263	1
264	1	$checkFileVaild = true;
265	1
266	1	foreach (array_keys($this->configuration) as $key) {
267		if (!isset($jsonData[$key])) {
268		$checkFileVaild = false;
269	1	}
270		}
271
272	2	if ($checkFileVaild) {
273		foreach (array_keys($jsonData) as $key) {
274	2	if (isset($this->configuration[$key])) {
275	2	unset($this->configuration[$key]);
276	2	}
277		}
278
279		$this->configuration = $this->configuration + $jsonData;
280	2
281	1	// Save settings into a configuration file.
282	1	$configFilePath = $this->directory . '/' . $this->filename;
283	1	file_put_contents($configFilePath, json_encode($this->configuration));
284
285		$this->pushMessage(
286		'success',
287	1	__(
288		'panel',
289		'success_json_imported',
290	1	'JSON file imported successfully.'
291	1	)
292		);
293	1
294	1	get_session_instance()->set('flash_messages', $this->messages);
295	1
296	1	// Return succesfull result message.
297	1	return $response->withHeader('Location', $this->url('setting/basic'));
		0 ignored issues – show Bug Best Practice introduced 2023-06-09 05:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $response->withHe...->url('setting/basic'))` returns the type `Psr\Http\Message\MessageInterface` which includes types incompatible with the type-hinted return `Psr\Http\Message\ResponseInterface`. Loading history...
298	1	}
299	1	}
300	1
301		$this->pushMessage(
302	1	'error',
303		__(
304		'panel',
305	1	'error_invalid_config_file',
306		'Invalid Shieldon configuration file.'
307		)
308		);
309	1
310	1	get_session_instance()->set('flash_messages', $this->messages);
311	1
312	1	return $response->withHeader('Location', $this->url('setting/basic'));
		0 ignored issues – show Bug Best Practice introduced 2023-06-09 05:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $response->withHe...->url('setting/basic'))` returns the type `Psr\Http\Message\MessageInterface` which includes types incompatible with the type-hinted return `Psr\Http\Message\ResponseInterface`. Loading history...
313	1	}
314		}
315

terrylinooo / shieldon

Issues (31)

src/Firewall/Panel/Setting.php (4 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like