9065405891

Committed 13 May 2024 03:14PM UTC coverage: 96.591% (+0.2%) from 96.386%

Build # 9065405891

Build Type

push

github

Committed by

web-flow

Commit Message

Merge pull request #24 from gongo/use_phpstan

Use PHPStan

Run Details

0 of 2 new or added lines in 1 file covered. (0.0%)

85 of 88 relevant lines covered (96.59%)

46.31 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

95.83

/src/Request.php

<?php
namespace Gongo\MercifulPolluter;

class Request extends Base
{
    /** @var bool */
    private $magicQuotesGpc = false;

    /**
     * @return void
     */
    public function pollute()
    {
        if ($this->magicQuotesGpc) {
            $this->applyMagicQuotesGpc();
        }
        $this->injectFileToGlobal();
        $this->injectEGPCSToGlobal();
    }

    /**
     * @return void
     */
    public function enableMagicQuotesGpc()
    {
        $this->magicQuotesGpc = true;
    }

    /**
     * @return void
     */
    public function disableMagicQuotesGpc()
    {
        $this->magicQuotesGpc = false;
    }

    /**
     * Inject $_FILES to global variables.
     *
     * The naming rule when injected
     *
     *     $_FILES['upfile']['tmp_name'] => $upfile
     *     $_FILES['upfile']['size']     => $upfile_size
     *     $_FILES['upfile']['type']     => $upfile_type
     *
     * @return void
     */
    private function injectFileToGlobal()
    {
        foreach ($_FILES as $field => $info) {
            $values = array();

            foreach ($info as $key => $value) {
                if ($key === 'tmp_name') {
                    $name = $field;
                } else {
                    $name = "${field}_${key}";
                }
                $values[$name] = $value;
            }

            $this->injectToGlobal($values);
        }
    }

    /**
     * Inject `EGPCS` to global variables.
     *
     * `EGPCS` means $_ENV, $_GET, $_POST, $_COOKIE and $_SERVER.
     *
     * @return void
     */
    private function injectEGPCSToGlobal()
    {
        $injectedFlag = array(
            'e' => false,
            'g' => false,
            'p' => false,
            'c' => false,
            's' => false
        );

        foreach ($this->getInjectVariables() as $name) {
            if (!isset($injectedFlag[$name]) || $injectedFlag[$name]) {
                continue;
            }

            switch ($name) {
                case 'e':
                    $this->injectToGlobal($_ENV);
                    break;
                case 'g':
                    $this->injectToGlobal($_GET);
                    break;
                case 'p':
                    $this->injectToGlobal($_POST);
                    break;
                case 'c':
                    $this->injectToGlobal($_COOKIE);
                    break;
                case 's':
                    $this->injectToGlobal($_SERVER);
                    break;
            }

            $injectedFlag[$name] = true;
        }
    }

    /**
     * @return string[]
     */
    protected function getInjectVariables()
    {
        return str_split(
            strtolower(ini_get('variables_order')) // @phpstan-ignore argument.type
        );
    }

    /**
     * Recursively applies `addslashes` to each element of the array recursive.
     *
     * This method is **bang** .
     *
     * @param mixed[] $theVariables
     * @return void
     */
    private function addSlashesRecursive(&$theVariables)
    {
        array_walk_recursive(
            $theVariables,
            function (&$value) {
                $value = addslashes($value);
            }
        );
    }

    /**
     * @param mixed[] $theVariables
     * @return void
     */
    protected function injectToGlobal(array $theVariables)
    {
        foreach ($theVariables as $name => $value) {
            if ($this->ignoringVariable($name)) {
                continue;
            }

            if (isset($GLOBALS[$name]) && is_array($GLOBALS[$name]) && is_array($value)) {
                $GLOBALS[$name] = array_replace_recursive($GLOBALS[$name], $value);
            } else {
                $GLOBALS[$name] = $value;
            }
        }
    }

    /**
     * @return void
     */
    private function applyMagicQuotesGpc()
    {
        $this->addSlashesRecursive($_GET);
        $this->addSlashesRecursive($_POST);
        $this->addSlashesRecursive($_COOKIE);
        $this->addSlashesRecursive($_REQUEST);
    }
}

1	<?php
2	namespace Gongo\MercifulPolluter;
3
4	class Request extends Base
5	{
6	/** @var bool */
7	private $magicQuotesGpc = false;
8
9	/**
10	* @return void
11	*/
12	public function pollute()
13	{
14	if ($this->magicQuotesGpc) {	121✔
15	$this->applyMagicQuotesGpc();	11✔
16	}	2✔
17	$this->injectFileToGlobal();	121✔
18	$this->injectEGPCSToGlobal();	121✔
19	}	55✔
20
21	/**
22	* @return void
23	*/
24	public function enableMagicQuotesGpc()
25	{	2✔
26	$this->magicQuotesGpc = true;	11✔
27	}	5✔
28
29	/**
30	* @return void
31	*/
32	public function disableMagicQuotesGpc()
33	{
34	$this->magicQuotesGpc = false;	×
35	}
36
37	/**
38	* Inject $_FILES to global variables.
39	*
40	* The naming rule when injected
41	*
42	* $_FILES['upfile']['tmp_name'] => $upfile
43	* $_FILES['upfile']['size'] => $upfile_size
44	* $_FILES['upfile']['type'] => $upfile_type
45	*
46	* @return void
47	*/
48	private function injectFileToGlobal()
49	{
50	foreach ($_FILES as $field => $info) {	121✔
51	$values = array();	22✔
52
53	foreach ($info as $key => $value) {	22✔
54	if ($key === 'tmp_name') {	22✔
55	$name = $field;	22✔
56	} else {	4✔
57	$name = "${field}_${key}";	22✔
58	}
59	$values[$name] = $value;	22✔
60	}	4✔
61
62	$this->injectToGlobal($values);	16✔
63	}
64	}	55✔
65
66	/**
67	* Inject `EGPCS` to global variables.
68	*
69	* `EGPCS` means $_ENV, $_GET, $_POST, $_COOKIE and $_SERVER.
70	*
71	* @return void
72	*/
73	private function injectEGPCSToGlobal()
74	{
75	$injectedFlag = array(	66✔
76	'e' => false,	121✔
77	'g' => false,	88✔
78	'p' => false,	88✔
79	'c' => false,	88✔
80	's' => false	66✔
81	);	88✔
82
83	foreach ($this->getInjectVariables() as $name) {	121✔
84	if (!isset($injectedFlag[$name]) \|\| $injectedFlag[$name]) {	121✔
85	continue;	11✔
86	}
87
88	switch ($name) {
89	case 'e':	121✔
90	$this->injectToGlobal($_ENV);	33✔
91	break;	33✔
92	case 'g':	121✔
93	$this->injectToGlobal($_GET);	121✔
94	break;	121✔
95	case 'p':	110✔
96	$this->injectToGlobal($_POST);	110✔
97	break;	110✔
98	case 'c':	55✔
99	$this->injectToGlobal($_COOKIE);	55✔
100	break;	55✔
101	case 's':	22✔
102	$this->injectToGlobal($_SERVER);	22✔
103	break;	22✔
104	}
105
106	$injectedFlag[$name] = true;	121✔
107	}	22✔
108	}	55✔
109
110	/**
111	* @return string[]
112	*/
113	protected function getInjectVariables()
114	{
NEW 115	return str_split(	×
NEW 116	strtolower(ini_get('variables_order')) // @phpstan-ignore argument.type	×
117	);
118	}
119
120	/**
121	* Recursively applies `addslashes` to each element of the array recursive.
122	*
123	* This method is bang .
124	*
125	* @param mixed[] $theVariables
126	* @return void
127	*/
128	private function addSlashesRecursive(&$theVariables)
129	{
130	array_walk_recursive(	11✔
131	$theVariables,	11✔
132	function (&$value) {	6✔
133	$value = addslashes($value);	11✔
134	}	11✔
135	);	8✔
136	}	5✔
137
138	/**
139	* @param mixed[] $theVariables
140	* @return void
141	*/
142	protected function injectToGlobal(array $theVariables)
143	{
144	foreach ($theVariables as $name => $value) {	121✔
145	if ($this->ignoringVariable($name)) {	121✔
146	continue;	33✔
147	}
148
149	if (isset($GLOBALS[$name]) && is_array($GLOBALS[$name]) && is_array($value)) {	121✔
150	$GLOBALS[$name] = array_replace_recursive($GLOBALS[$name], $value);	33✔
151	} else {	6✔
152	$GLOBALS[$name] = $value;	121✔
153	}
154	}	22✔
155	}	55✔
156
157	/**
158	* @return void
159	*/
160	private function applyMagicQuotesGpc()
161	{
162	$this->addSlashesRecursive($_GET);	11✔
163	$this->addSlashesRecursive($_POST);	11✔
164	$this->addSlashesRecursive($_COOKIE);	11✔
165	$this->addSlashesRecursive($_REQUEST);	11✔
166	}	5✔
167	}

gongo / merciful-polluter / 9065405891

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous