Issues in Addons.php (master) - Issues in master - vanilla/garden - Measure and Improve Code Quality continuously with Scrutinizer

Issues (48)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Addons.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * @author Todd Burry <[email protected]>
 * @copyright 2009-2014 Vanilla Forums Inc.
 * @license MIT
 */

namespace Garden;

/**
 * Contains functionality that allows addons to enhance or change an application's functionality.
 *
 * An addon can do the following.
 *
 * 1. Any classes that the addon defines in its root, /controllers, /library, /models, and /modules
 *    directories are made available.
 * 2. The addon can contain a bootstrap.php which will be included at the app startup.
 * 3. If the addon declares any classes ending in *Plugin then those plugins will automatically
 *    bind their event handlers. (also *Hooks)
 */
class Addons {
    /// Constants ///
    const K_BOOTSTRAP = 'bootstrap'; // bootstrap path key
    const K_CLASSES = 'classes';
    const K_DIR = 'dir';
    const K_INFO = 'info'; // addon info key

    /// Properties ///

    /**
     * @var array An array that maps addon keys to full addon information.
     */
    protected static $all;

    /**
     * @var string The base directory where all of the addons are found.
     */
    protected static $baseDir;

    /**
     * @var array An array that maps class names to their fully namespaced class names.
     */
//    protected static $basenameMap;

    /**
     * @var array|null An array that maps class names to file paths.
     */
    protected static $classMap;

    /**
     * @var array An array that maps addon keys to full addon information for enabled addons.
     */
    protected static $enabled;

    /**
     * @var array An array of enabled addon keys.
     */
    protected static $enabledKeys;

    /**
     * @var bool Signals that the addon framework is in a shared environment and shouldn't use the enabled cache.
     */
    public static $sharedEnvironment;

    /// Methods ///

    /**
     * Get all of the available addons or a single addon from the available list.
     *
     * @param string $addon_key If you supply an addon key then only that addon will be returned.
     * @param string $key Supply one of the Addons::K_* constants to get a specific key from the addon.
     * @return array Returns the addon with the given key or all available addons if no key is passed.
     */
    public static function all($addon_key = null, $key = null) {
        if (self::$all === null) {
            self::$all = static::cacheGet('addons-all', array(get_class(), 'scanAddons'));
        }

        // The array should be built now return the addon.
        if ($addon_key === null) {
            return self::$all;
        } else {
            $addon = val(strtolower($addon_key), self::$all);
            if ($addon && $key) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
                return val($key, $addon);
            } elseif ($addon) {
                return $addon;
            } else {
                return null;
            }
        }
    }

    /**
     * An autoloader that will autoload a class based on which addons are enabled.
     *
     * @param string $classname The name of the class to load.
     */
    public static function autoload($classname) {
        list($fullClass, $path) = static::classMap($classname);
        if ($path) {
            require $path;
        }
    }

    /**
     * Gets/sets the base directory for addons.
     *
     * @param string $value Pass a value to set the new base directory.
     * @return string Returns the base directory for addons.
     */
    public static function baseDir($value = null) {
        if ($value !== null) {
            self::$baseDir = rtrim($value, '/');
        } elseif (self::$baseDir === null) {
            self::$baseDir = PATH_ROOT.'/addons';
        }
    }


    /**
     * Start up the addon framework.
     *
     * @param array $enabled_addons An array of enabled addons.
     */
    public static function bootstrap($enabled_addons = null) {
        // Load the addons from the config if they aren't passed in.
        if (!is_array($enabled_addons)) {
            $enabled_addons = config('addons', array());
        }
        // Reformat the enabled array into the form: array('addon_key' => 'addon_key')
        $enabled_keys = array_keys(array_change_key_case(array_filter($enabled_addons)));
        $enabled_keys = array_combine($enabled_keys, $enabled_keys);
        self::$enabledKeys = $enabled_keys;
        self::$classMap = null; // invalidate so it will rebuild

        // Enable the addon autoloader.
        spl_autoload_register(array(get_class(), 'autoload'), true, true);

        // Bind all of the addon plugin events now.
        foreach (self::enabled() as $addon) {
            if (!isset($addon[self::K_CLASSES])) {
                continue;
            }

            foreach ($addon[self::K_CLASSES] as $class_name => $class_path) {
                if (str_ends($class_name, 'plugin')) {
                    Event::bindClass($class_name);
                } elseif (str_ends($class_name, 'hooks')) {
                    // Vanilla 2 used hooks files for themes and applications.
                    $basename = ucfirst(rtrim_substr($class_name, 'hooks'));
                    deprecated($basename.'Hooks', $basename.'Plugin');
                    Event::bindClass($class_name);
                }
            }
        }

        Event::bind('bootstrap', function () {
            // Start each of the enabled addons.
            foreach (self::enabled() as $key => $value) {
                static::startAddon($key);
            }
        });
    }

    /**
     * Get the cached file or hydrate the cache with a callback.
     *
     * @param string $key The cache key to get.
     * @param callable $cache_cb The function to run when hydrating the cache.
     * @return array Returns the cached array.
     */
    protected static function cacheGet($key, callable $cache_cb) {
        // Salt the cache with the root path so that it will invalidate if the app is moved.
        $salt = substr(md5(static::baseDir()), 0, 10);

        $cache_path = PATH_ROOT."/cache/$key-$salt.json.php";
        if (file_exists($cache_path)) {
            $result = array_load($cache_path);
            return $result;
        } else {
            $result = $cache_cb();
            array_save($result, $cache_path);
        }
        return $result;
    }

    /**
     * A an array that maps class names to physical paths.
     *
     * @param string $classname An optional class name to get the path of.
     * @return array Returns an array in the form `[fullClassname, classPath]`.
     * If no {@link $classname} is passed then the entire class map is returned.
     * @throws \Exception Throws an exception if the class map is corrupt.
     */
    public static function classMap($classname = null) {
        if (self::$classMap === null) {
            // Loop through the enabled addons and grab their classes.
            $class_map = array();
            foreach (static::enabled() as $addon) {
                if (isset($addon[self::K_CLASSES])) {
                    $class_map = array_replace($class_map, $addon[self::K_CLASSES]);
                }
            }
            self::$classMap = $class_map;
        }

        // Now that the class map has been built return the result.
        if ($classname !== null) {
            if (strpos($classname, '\\') === false) {
                $basename = strtolower($classname);
            } else {
                $basename = strtolower(trim(strrchr($classname, '\\'), '\\'));
            }

            $row = val($basename, self::$classMap);

            if ($row === null) {
                return ['', ''];
            } elseif (is_string($row)) {
                return [$classname, $row];
            } elseif (is_array($row)) {
                return  $row;
            } else {
                return ['', ''];
            }
        } else {
            return self::$classMap;
        }
    }

    /**
     * Get all of the enabled addons or a single addon from the enabled list.
     *
     * @param string $addon_key If you supply an addon key then only that addon will be returned.
     * @param string $key Supply one of the Addons::K_* constants to get a specific key from the addon.
     * @return array Returns the addon with the given key or all enabled addons if no key is passed.
     * @throws \Exception Throws an exception if {@link Addons::bootstrap()} hasn't been called yet.
     */
    public static function enabled($addon_key = null, $key = null) {
        // Lazy build the enabled array.
        if (self::$enabled === null) {
            // Make sure the enabled addons have been added first.
            if (self::$enabledKeys === null) {
                throw new \Exception("Addons::boostrap() must be called before Addons::enabled() can be called.", 500);
            }

            if (self::$all !== null || self::$sharedEnvironment) {
                // Build the enabled array by filtering the all array.
                self::$enabled = array();
                foreach (self::all() as $key => $row) {
                    if (isset($key, self::$enabledKeys)) {
                        self::$enabled[$key] = $row;
                    }
                }
            } else {
                // Build the enabled array by walking the addons.
                self::$enabled = static::cacheGet('addons-enabled', function () {
                    return static::scanAddons(null, self::$enabledKeys);
                });
            }
        }

        // The array should be built now return the addon.
        if ($addon_key === null) {
            return self::$enabled;
        } else {
            $addon = val(strtolower($addon_key), self::$enabled);
            if ($addon && $key) {
                return val($key, $addon);
            } elseif ($addon) {
                return $addon;
            } else {
                return null;
            }
        }
    }

    /**
     * Return the info array for an addon.
     *
     * @param string $addon_key The addon key.
     * @return array|null Returns the addon's info array or null if the addon wasn't found.
     */
    public static function info($addon_key) {
        $addon_key = strtolower($addon_key);

        // Check the enabled array first so that we don't load all addons if we don't have to.
        if (isset(self::$enabledKeys[$addon_key])) {
            return static::enabled($addon_key, self::K_INFO);
        } else {
            return static::all($addon_key, self::K_INFO);
        }
    }

    /**
     * Scan an addon directory for information.
     *
     * @param string $dir The addon directory to scan.
     * @param array &$addons The addons array.
     * @param array $enabled An array of enabled addons or null to scan all addons.
     * @return array Returns an array in the form [addonKey, addonInfo].
     */
    protected static function scanAddonRecursive($dir, &$addons, $enabled = null) {
        $dir = rtrim($dir, '/');
        $addonKey = strtolower(basename($dir));

        // Scan the addon if it is enabled.
        if ($enabled === null || in_array($addonKey, $enabled)) {
            list($addonKey, $addon) = static::scanAddon($dir);
        } else {
            $addon = null;
        }

        // Add the addon to the collection array if one was supplied.
        if ($addon !== null) {
            $addons[$addonKey] = $addon;
        }

        // Recurse.
        $addon_subdirs = array('/addons');
        foreach ($addon_subdirs as $addon_subdir) {
            if (is_dir($dir.$addon_subdir)) {
                static::scanAddons($dir.$addon_subdir, $enabled, $addons);
            }
        }

        return array($addonKey, $addon);
    }

    /**
     * Scan an individual addon directory and return the information about that addon.
     *
     * @param string $dir The path to the addon.
     * @return array An array in the form of `[$addon_key, $addon_row]` or `[$addon_key, null]` if the directory doesn't
     * represent an addon.
     */
    protected static function scanAddon($dir) {
        $dir = rtrim($dir, '/');
        $addon_key = strtolower(basename($dir));

        // Look for the addon info array.
        $info_path = $dir.'/addon.json';
        $info = false;
        if (file_exists($info_path)) {
            $info = json_decode(file_get_contents($info_path), true);
        }
        if (!$info) {
            $info = array();
        }
        array_touch('name', $info, $addon_key);
        array_touch('version', $info, '0.0');

        // Look for the bootstrap.
        $bootstrap = $dir.'/bootstrap.php';
        if (!file_exists($dir.'/bootstrap.php')) {
            $bootstrap = null;
        }

        // Scan the appropriate subdirectories  for classes.
        $subdirs = array('', '/library', '/controllers', '/models', '/modules', '/settings');
        $classes = array();
        foreach ($subdirs as $subdir) {
            // Get all of the php files in the subdirectory.
            $paths = glob($dir.$subdir.'/*.php');
            foreach ($paths as $path) {
                $decls = static::scanFile($path);
                foreach ($decls as $namespace_row) {
                    if (isset($namespace_row['namespace']) && $namespace_row) {
                        $namespace = rtrim($namespace_row['namespace'], '\\').'\\';
                        $namespace_classes = $namespace_row['classes'];
                    } else {
                        $namespace = '';
                        $namespace_classes = $namespace_row;
                    }

                    foreach ($namespace_classes as $class_row) {
                        $classes[strtolower($class_row['name'])] = [$namespace.$class_row['name'], $path];
                    }
                }
            }
        }

        $addon = array(
            self::K_BOOTSTRAP => $bootstrap,
            self::K_CLASSES => $classes,
            self::K_DIR => $dir,
            self::K_INFO => $info
        );

        return array($addon_key, $addon);
    }

    /**
     * Scan a directory for addons.
     *
     * @param string $dir The directory to scan.
     * @param array $enabled An array of enabled addons in the form `[addonKey => enabled, ...]`.
     * @param array &$addons The addons will fill this array.
     * @return array Returns all of the addons.
     */
    protected static function scanAddons($dir = null, $enabled = null, &$addons = null) {
        if (!$dir) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            $dir = static::$baseDir;
        }
        if ($addons === null) {
            $addons = array();
        }

        /* @var \DirectoryIterator */
        foreach (new \DirectoryIterator($dir) as $subdir) {
            if ($subdir->isDir() && !$subdir->isDot()) {
//                echo $subdir->getPathname().$subdir->isDir().$subdir->isDot().'<br />';
                static::scanAddonRecursive($subdir->getPathname(), $addons, $enabled);
            }
        }
        return $addons;
    }

    /**
     * Looks what classes and namespaces are defined in a file and returns the first found.
     *
     * @param string $file Path to file.
     * @return array Returns an empty array if no classes are found or an array with namespaces and
     * classes found in the file.
     * @see http://stackoverflow.com/a/11114724/1984219
     */
    protected static function scanFile($file) {
        $classes = $nsPos = $final = array();
        $foundNamespace = false;
        $ii = 0;

        if (!file_exists($file)) {
            return array();
        }

        $er = error_reporting();
        error_reporting(E_ALL ^ E_NOTICE);

        $php_code = file_get_contents($file);
        $tokens = token_get_all($php_code);
        $count = count($tokens);

        for ($i = 0; $i < $count; $i++) {
            if (!$foundNamespace && $tokens[$i][0] == T_NAMESPACE) {
                $nsPos[$ii]['start'] = $i;
                $foundNamespace = true;
            } elseif ($foundNamespace && ($tokens[$i] == ';' || $tokens[$i] == '{')) {
                $nsPos[$ii]['end'] = $i;
                $ii++;
                $foundNamespace = false;
            } elseif ($i - 2 >= 0 && $tokens[$i - 2][0] == T_CLASS && $tokens[$i - 1][0] == T_WHITESPACE && $tokens[$i][0] == T_STRING) {
                if ($i - 4 >= 0 && $tokens[$i - 4][0] == T_ABSTRACT) {
                    $classes[$ii][] = array('name' => $tokens[$i][1], 'type' => 'ABSTRACT CLASS');
                } else {
                    $classes[$ii][] = array('name' => $tokens[$i][1], 'type' => 'CLASS');
                }
            } elseif ($i - 2 >= 0 && $tokens[$i - 2][0] == T_INTERFACE && $tokens[$i - 1][0] == T_WHITESPACE && $tokens[$i][0] == T_STRING) {
                $classes[$ii][] = array('name' => $tokens[$i][1], 'type' => 'INTERFACE');
            }
        }
        error_reporting($er);
        if (empty($classes)) {
            return [];
        }

        if (!empty($nsPos)) {
            foreach ($nsPos as $k => $p) {
                $ns = '';
                for ($i = $p['start'] + 1; $i < $p['end']; $i++) {
                    $ns .= $tokens[$i][1];
                }

                $ns = trim($ns);
                $final[$k] = array('namespace' => $ns, 'classes' => $classes[$k + 1]);
            }
            $classes = $final;
        }
        return $classes;
    }

    /**
     * Start an addon.
     *
     * This function does the following:
     *
     * 1. Make the addon available in the autoloader.
     * 2. Run the addon's bootstrap.php if it exists.
     *
     * @param string $addon_key The key of the addon to enable.
     * @return bool Returns true if the addon was enabled. False otherwise.
     */
    public static function startAddon($addon_key) {
        $addon = static::enabled($addon_key);
        if (!$addon) {

            return false;
        }

        // Run the class' bootstrap.
        if ($bootstrap_path = val(self::K_BOOTSTRAP, $addon)) {
            include_once $bootstrap_path;
        }
        return true;
    }
}

1			<?php
2			/**
3			* @author Todd Burry <[email protected]>
4			* @copyright 2009-2014 Vanilla Forums Inc.
5			* @license MIT
6			*/
7
8			namespace Garden;
9
10			/**
11			* Contains functionality that allows addons to enhance or change an application's functionality.
12			*
13			* An addon can do the following.
14			*
15			* 1. Any classes that the addon defines in its root, /controllers, /library, /models, and /modules
16			* directories are made available.
17			* 2. The addon can contain a bootstrap.php which will be included at the app startup.
18			* 3. If the addon declares any classes ending in *Plugin then those plugins will automatically
19			* bind their event handlers. (also *Hooks)
20			*/
21			class Addons {
22			/// Constants ///
23			const K_BOOTSTRAP = 'bootstrap'; // bootstrap path key
24			const K_CLASSES = 'classes';
25			const K_DIR = 'dir';
26			const K_INFO = 'info'; // addon info key
27
28			/// Properties ///
29
30			/**
31			* @var array An array that maps addon keys to full addon information.
32			*/
33			protected static $all;
34
35			/**
36			* @var string The base directory where all of the addons are found.
37			*/
38			protected static $baseDir;
39
40			/**
41			* @var array An array that maps class names to their fully namespaced class names.
42			*/
43			// protected static $basenameMap;
44
45			/**
46			* @var array\|null An array that maps class names to file paths.
47			*/
48			protected static $classMap;
49
50			/**
51			* @var array An array that maps addon keys to full addon information for enabled addons.
52			*/
53			protected static $enabled;
54
55			/**
56			* @var array An array of enabled addon keys.
57			*/
58			protected static $enabledKeys;
59
60			/**
61			* @var bool Signals that the addon framework is in a shared environment and shouldn't use the enabled cache.
62			*/
63			public static $sharedEnvironment;
64
65			/// Methods ///
66
67			/**
68			* Get all of the available addons or a single addon from the available list.
69			*
70			* @param string $addon_key If you supply an addon key then only that addon will be returned.
71			* @param string $key Supply one of the Addons::K_* constants to get a specific key from the addon.
72			* @return array Returns the addon with the given key or all available addons if no key is passed.
73			*/
74			public static function all($addon_key = null, $key = null) {
75			if (self::$all === null) {
76			self::$all = static::cacheGet('addons-all', array(get_class(), 'scanAddons'));
77			}
78
79			// The array should be built now return the addon.
80		View Code Duplication	if ($addon_key === null) {
81			return self::$all;
82			} else {
83			$addon = val(strtolower($addon_key), self::$all);
84			if ($addon && $key) {
			0 ignored issues – show Bug Best Practice introduced 2015-11-24 19:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$key` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
85			return val($key, $addon);
86			} elseif ($addon) {
87			return $addon;
88			} else {
89			return null;
90			}
91			}
92			}
93
94			/**
95			* An autoloader that will autoload a class based on which addons are enabled.
96			*
97			* @param string $classname The name of the class to load.
98			*/
99	6		public static function autoload($classname) {
100	6		list($fullClass, $path) = static::classMap($classname);
101	6		if ($path) {
102	4		require $path;
103	4		}
104	6		}
105
106			/**
107			* Gets/sets the base directory for addons.
108			*
109			* @param string $value Pass a value to set the new base directory.
110			* @return string Returns the base directory for addons.
111			*/
112	34		public static function baseDir($value = null) {
113	34		if ($value !== null) {
114	34		self::$baseDir = rtrim($value, '/');
115	34		} elseif (self::$baseDir === null) {
116			self::$baseDir = PATH_ROOT.'/addons';
117			}
118	34		}
119
120
121			/**
122			* Start up the addon framework.
123			*
124			* @param array $enabled_addons An array of enabled addons.
125			*/
126	34		public static function bootstrap($enabled_addons = null) {
127			// Load the addons from the config if they aren't passed in.
128	34		if (!is_array($enabled_addons)) {
129			$enabled_addons = config('addons', array());
130			}
131			// Reformat the enabled array into the form: array('addon_key' => 'addon_key')
132	34		$enabled_keys = array_keys(array_change_key_case(array_filter($enabled_addons)));
133	34		$enabled_keys = array_combine($enabled_keys, $enabled_keys);
134	34		self::$enabledKeys = $enabled_keys;
135	34		self::$classMap = null; // invalidate so it will rebuild
136
137			// Enable the addon autoloader.
138	34		spl_autoload_register(array(get_class(), 'autoload'), true, true);
139
140			// Bind all of the addon plugin events now.
141	34		foreach (self::enabled() as $addon) {
142	34		if (!isset($addon[self::K_CLASSES])) {
143			continue;
144			}
145
146	34		foreach ($addon[self::K_CLASSES] as $class_name => $class_path) {
147	34		if (str_ends($class_name, 'plugin')) {
148			Event::bindClass($class_name);
149	34		} elseif (str_ends($class_name, 'hooks')) {
150			// Vanilla 2 used hooks files for themes and applications.
151			$basename = ucfirst(rtrim_substr($class_name, 'hooks'));
152			deprecated($basename.'Hooks', $basename.'Plugin');
153			Event::bindClass($class_name);
154			}
155	34		}
156	34		}
157
158			Event::bind('bootstrap', function () {
159			// Start each of the enabled addons.
160	34		foreach (self::enabled() as $key => $value) {
161	34		static::startAddon($key);
162	34		}
163	34		});
164	34		}
165
166			/**
167			* Get the cached file or hydrate the cache with a callback.
168			*
169			* @param string $key The cache key to get.
170			* @param callable $cache_cb The function to run when hydrating the cache.
171			* @return array Returns the cached array.
172			*/
173	1		protected static function cacheGet($key, callable $cache_cb) {
174			// Salt the cache with the root path so that it will invalidate if the app is moved.
175	1		$salt = substr(md5(static::baseDir()), 0, 10);
176
177	1		$cache_path = PATH_ROOT."/cache/$key-$salt.json.php";
178	1		if (file_exists($cache_path)) {
179			$result = array_load($cache_path);
180			return $result;
181			} else {
182	1		$result = $cache_cb();
183	1		array_save($result, $cache_path);
184			}
185	1		return $result;
186			}
187
188			/**
189			* A an array that maps class names to physical paths.
190			*
191			* @param string $classname An optional class name to get the path of.
192			* @return array Returns an array in the form `[fullClassname, classPath]`.
193			* If no {@link $classname} is passed then the entire class map is returned.
194			* @throws \Exception Throws an exception if the class map is corrupt.
195			*/
196	36		public static function classMap($classname = null) {
197	36		if (self::$classMap === null) {
198			// Loop through the enabled addons and grab their classes.
199	34		$class_map = array();
200	34		foreach (static::enabled() as $addon) {
201	34		if (isset($addon[self::K_CLASSES])) {
202	34		$class_map = array_replace($class_map, $addon[self::K_CLASSES]);
203	34		}
204	34		}
205	34		self::$classMap = $class_map;
206	34		}
207
208			// Now that the class map has been built return the result.
209	36		if ($classname !== null) {
210	36		if (strpos($classname, '\\') === false) {
211	34		$basename = strtolower($classname);
212	34		} else {
213	3		$basename = strtolower(trim(strrchr($classname, '\\'), '\\'));
214			}
215
216	36		$row = val($basename, self::$classMap);
217
218	36		if ($row === null) {
219	3		return ['', ''];
220	34		} elseif (is_string($row)) {
221			return [$classname, $row];
222	34		} elseif (is_array($row)) {
223	34		return $row;
224			} else {
225			return ['', ''];
226			}
227			} else {
228			return self::$classMap;
229			}
230			}
231
232			/**
233			* Get all of the enabled addons or a single addon from the enabled list.
234			*
235			* @param string $addon_key If you supply an addon key then only that addon will be returned.
236			* @param string $key Supply one of the Addons::K_* constants to get a specific key from the addon.
237			* @return array Returns the addon with the given key or all enabled addons if no key is passed.
238			* @throws \Exception Throws an exception if {@link Addons::bootstrap()} hasn't been called yet.
239			*/
240	34		public static function enabled($addon_key = null, $key = null) {
241			// Lazy build the enabled array.
242	34		if (self::$enabled === null) {
243			// Make sure the enabled addons have been added first.
244	1		if (self::$enabledKeys === null) {
245			throw new \Exception("Addons::boostrap() must be called before Addons::enabled() can be called.", 500);
246			}
247
248	1		if (self::$all !== null \|\| self::$sharedEnvironment) {
249			// Build the enabled array by filtering the all array.
250			self::$enabled = array();
251			foreach (self::all() as $key => $row) {
252			if (isset($key, self::$enabledKeys)) {
253			self::$enabled[$key] = $row;
254			}
255			}
256			} else {
257			// Build the enabled array by walking the addons.
258	1		self::$enabled = static::cacheGet('addons-enabled', function () {
259	1		return static::scanAddons(null, self::$enabledKeys);
260	1		});
261			}
262	1		}
263
264			// The array should be built now return the addon.
265	34	View Code Duplication	if ($addon_key === null) {
266	34		return self::$enabled;
267			} else {
268	34		$addon = val(strtolower($addon_key), self::$enabled);
269	34		if ($addon && $key) {
270			return val($key, $addon);
271	34		} elseif ($addon) {
272	34		return $addon;
273			} else {
274			return null;
275			}
276			}
277			}
278
279			/**
280			* Return the info array for an addon.
281			*
282			* @param string $addon_key The addon key.
283			* @return array\|null Returns the addon's info array or null if the addon wasn't found.
284			*/
285			public static function info($addon_key) {
286			$addon_key = strtolower($addon_key);
287
288			// Check the enabled array first so that we don't load all addons if we don't have to.
289			if (isset(self::$enabledKeys[$addon_key])) {
290			return static::enabled($addon_key, self::K_INFO);
291			} else {
292			return static::all($addon_key, self::K_INFO);
293			}
294			}
295
296			/**
297			* Scan an addon directory for information.
298			*
299			* @param string $dir The addon directory to scan.
300			* @param array &$addons The addons array.
301			* @param array $enabled An array of enabled addons or null to scan all addons.
302			* @return array Returns an array in the form [addonKey, addonInfo].
303			*/
304	1		protected static function scanAddonRecursive($dir, &$addons, $enabled = null) {
305	1		$dir = rtrim($dir, '/');
306	1		$addonKey = strtolower(basename($dir));
307
308			// Scan the addon if it is enabled.
309	1		if ($enabled === null \|\| in_array($addonKey, $enabled)) {
310	1		list($addonKey, $addon) = static::scanAddon($dir);
311	1		} else {
312			$addon = null;
313			}
314
315			// Add the addon to the collection array if one was supplied.
316	1		if ($addon !== null) {
317	1		$addons[$addonKey] = $addon;
318	1		}
319
320			// Recurse.
321	1		$addon_subdirs = array('/addons');
322	1		foreach ($addon_subdirs as $addon_subdir) {
323	1		if (is_dir($dir.$addon_subdir)) {
324			static::scanAddons($dir.$addon_subdir, $enabled, $addons);
325			}
326	1		}
327
328	1		return array($addonKey, $addon);
329			}
330
331			/**
332			* Scan an individual addon directory and return the information about that addon.
333			*
334			* @param string $dir The path to the addon.
335			* @return array An array in the form of `[$addon_key, $addon_row]` or `[$addon_key, null]` if the directory doesn't
336			* represent an addon.
337			*/
338	1		protected static function scanAddon($dir) {
339	1		$dir = rtrim($dir, '/');
340	1		$addon_key = strtolower(basename($dir));
341
342			// Look for the addon info array.
343	1		$info_path = $dir.'/addon.json';
344	1		$info = false;
345	1		if (file_exists($info_path)) {
346	1		$info = json_decode(file_get_contents($info_path), true);
347	1		}
348	1		if (!$info) {
349			$info = array();
350			}
351	1		array_touch('name', $info, $addon_key);
352	1		array_touch('version', $info, '0.0');
353
354			// Look for the bootstrap.
355	1		$bootstrap = $dir.'/bootstrap.php';
356	1		if (!file_exists($dir.'/bootstrap.php')) {
357	1		$bootstrap = null;
358	1		}
359
360			// Scan the appropriate subdirectories for classes.
361	1		$subdirs = array('', '/library', '/controllers', '/models', '/modules', '/settings');
362	1		$classes = array();
363	1		foreach ($subdirs as $subdir) {
364			// Get all of the php files in the subdirectory.
365	1		$paths = glob($dir.$subdir.'/*.php');
366	1		foreach ($paths as $path) {
367	1		$decls = static::scanFile($path);
368	1		foreach ($decls as $namespace_row) {
369	1		if (isset($namespace_row['namespace']) && $namespace_row) {
370			$namespace = rtrim($namespace_row['namespace'], '\\').'\\';
371			$namespace_classes = $namespace_row['classes'];
372			} else {
373	1		$namespace = '';
374	1		$namespace_classes = $namespace_row;
375			}
376
377	1		foreach ($namespace_classes as $class_row) {
378	1		$classes[strtolower($class_row['name'])] = [$namespace.$class_row['name'], $path];
379	1		}
380	1		}
381	1		}
382	1		}
383
384			$addon = array(
385	1		self::K_BOOTSTRAP => $bootstrap,
386	1		self::K_CLASSES => $classes,
387	1		self::K_DIR => $dir,
388	1		self::K_INFO => $info
389	1		);
390
391	1		return array($addon_key, $addon);
392			}
393
394			/**
395			* Scan a directory for addons.
396			*
397			* @param string $dir The directory to scan.
398			* @param array $enabled An array of enabled addons in the form `[addonKey => enabled, ...]`.
399			* @param array &$addons The addons will fill this array.
400			* @return array Returns all of the addons.
401			*/
402	1		protected static function scanAddons($dir = null, $enabled = null, &$addons = null) {
403	1		if (!$dir) {
			0 ignored issues – show Bug Best Practice introduced 2015-11-24 19:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$dir` of type `string\|null` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
404	1		$dir = static::$baseDir;
405	1		}
406	1		if ($addons === null) {
407	1		$addons = array();
408	1		}
409
410			/* @var \DirectoryIterator */
411	1		foreach (new \DirectoryIterator($dir) as $subdir) {
412	1		if ($subdir->isDir() && !$subdir->isDot()) {
413			// echo $subdir->getPathname().$subdir->isDir().$subdir->isDot().'<br />';
414	1		static::scanAddonRecursive($subdir->getPathname(), $addons, $enabled);
415	1		}
416	1		}
417	1		return $addons;
418			}
419
420			/**
421			* Looks what classes and namespaces are defined in a file and returns the first found.
422			*
423			* @param string $file Path to file.
424			* @return array Returns an empty array if no classes are found or an array with namespaces and
425			* classes found in the file.
426			* @see http://stackoverflow.com/a/11114724/1984219
427			*/
428	1		protected static function scanFile($file) {
429	1		$classes = $nsPos = $final = array();
430	1		$foundNamespace = false;
431	1		$ii = 0;
432
433	1		if (!file_exists($file)) {
434			return array();
435			}
436
437	1		$er = error_reporting();
438	1		error_reporting(E_ALL ^ E_NOTICE);
439
440	1		$php_code = file_get_contents($file);
441	1		$tokens = token_get_all($php_code);
442	1		$count = count($tokens);
443
444	1		for ($i = 0; $i < $count; $i++) {
445	1		if (!$foundNamespace && $tokens[$i][0] == T_NAMESPACE) {
446			$nsPos[$ii]['start'] = $i;
447			$foundNamespace = true;
448	1		} elseif ($foundNamespace && ($tokens[$i] == ';' \|\| $tokens[$i] == '{')) {
449			$nsPos[$ii]['end'] = $i;
450			$ii++;
451			$foundNamespace = false;
452	1		} elseif ($i - 2 >= 0 && $tokens[$i - 2][0] == T_CLASS && $tokens[$i - 1][0] == T_WHITESPACE && $tokens[$i][0] == T_STRING) {
453	1		if ($i - 4 >= 0 && $tokens[$i - 4][0] == T_ABSTRACT) {
454			$classes[$ii][] = array('name' => $tokens[$i][1], 'type' => 'ABSTRACT CLASS');
455			} else {
456	1		$classes[$ii][] = array('name' => $tokens[$i][1], 'type' => 'CLASS');
457			}
458	1		} elseif ($i - 2 >= 0 && $tokens[$i - 2][0] == T_INTERFACE && $tokens[$i - 1][0] == T_WHITESPACE && $tokens[$i][0] == T_STRING) {
459			$classes[$ii][] = array('name' => $tokens[$i][1], 'type' => 'INTERFACE');
460			}
461	1		}
462	1		error_reporting($er);
463	1		if (empty($classes)) {
464			return [];
465			}
466
467	1		if (!empty($nsPos)) {
468			foreach ($nsPos as $k => $p) {
469			$ns = '';
470			for ($i = $p['start'] + 1; $i < $p['end']; $i++) {
471			$ns .= $tokens[$i][1];
472			}
473
474			$ns = trim($ns);
475			$final[$k] = array('namespace' => $ns, 'classes' => $classes[$k + 1]);
476			}
477			$classes = $final;
478			}
479	1		return $classes;
480			}
481
482			/**
483			* Start an addon.
484			*
485			* This function does the following:
486			*
487			* 1. Make the addon available in the autoloader.
488			* 2. Run the addon's bootstrap.php if it exists.
489			*
490			* @param string $addon_key The key of the addon to enable.
491			* @return bool Returns true if the addon was enabled. False otherwise.
492			*/
493	34		public static function startAddon($addon_key) {
494	34		$addon = static::enabled($addon_key);
495	34		if (!$addon) {
			0 ignored issues – show Bug Best Practice introduced 2015-11-24 19:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$addon` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
496			return false;
497			}
498
499			// Run the class' bootstrap.
500	34		if ($bootstrap_path = val(self::K_BOOTSTRAP, $addon)) {
501			include_once $bootstrap_path;
502			}
503	34		return true;
504			}
505			}

vanilla / garden

Issues (48)

Security Analysis not enabled

src/Addons.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like