#107

Committed 14 May 2024 12:58AM UTC coverage: 94.253% (-2.4%) from 96.629%

Build # #107

Build Type

push

Committed by

Commit Message

:bookmark: Bump version to 0.0.7

Run Details

82 of 87 relevant lines covered (94.25%)

5.01 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

93.06

/src/Request.php

<?php
namespace Gongo\MercifulPolluter;

class Request extends Base
{
    /** @var bool */
    private $magicQuotesGpc = false;

    /**
     * @return void
     */
    public function pollute()
    {
        if ($this->magicQuotesGpc) {
            $this->applyMagicQuotesGpc();
        }
        $this->injectFileToGlobal();
        $this->injectEGPCSToGlobal();
    }

    /**
     * @return void
     */
    public function enableMagicQuotesGpc()
    {
        $this->magicQuotesGpc = true;
    }

    /**
     * @return void
     */
    public function disableMagicQuotesGpc()
    {
        $this->magicQuotesGpc = false;
    }

    /**
     * Inject $_FILES to global variables.
     *
     * The naming rule when injected
     *
     *     $_FILES['upfile']['tmp_name'] => $upfile
     *     $_FILES['upfile']['size']     => $upfile_size
     *     $_FILES['upfile']['type']     => $upfile_type
     *
     * @return void
     */
    private function injectFileToGlobal()
    {
        foreach ($_FILES as $field => $info) {
            $values = array();

            foreach ($info as $key => $value) {
                if ($key === 'tmp_name') {
                    $name = $field;
                } else {
                    $name = "{$field}_{$key}";
                }
                $values[$name] = $value;
            }

            $this->injectToGlobal($values);
        }
    }

    /**
     * Inject `EGPCS` to global variables.
     *
     * `EGPCS` means $_ENV, $_GET, $_POST, $_COOKIE and $_SERVER.
     *
     * @return void
     */
    private function injectEGPCSToGlobal()
    {
        $injectedFlag = array(
            'e' => false,
            'g' => false,
            'p' => false,
            'c' => false,
            's' => false
        );

        foreach ($this->getInjectVariables() as $name) {
            if (!isset($injectedFlag[$name]) || $injectedFlag[$name]) {
                continue;
            }

            switch ($name) {
                case 'e':
                    $this->injectToGlobal($_ENV);
                    break;
                case 'g':
                    $this->injectToGlobal($_GET);
                    break;
                case 'p':
                    $this->injectToGlobal($_POST);
                    break;
                case 'c':
                    $this->injectToGlobal($_COOKIE);
                    break;
                case 's':
                    $this->injectToGlobal($_SERVER);
                    break;
            }

            $injectedFlag[$name] = true;
        }
    }

    /**
     * @return string[]
     */
    protected function getInjectVariables()
    {
        return str_split(
            strtolower(ini_get('variables_order')) // @phpstan-ignore argument.type
        );
    }

    /**
     * Recursively applies `addslashes` to each element of the array recursive.
     *
     * This method is **bang** .
     *
     * @param mixed[] $theVariables
     * @return void
     */
    private function addSlashesRecursive(&$theVariables)
    {
        array_walk_recursive(
            $theVariables,
            function (&$value) {
                $value = addslashes($value);
            }
        );
    }

    /**
     * @param mixed[] $theVariables
     * @return void
     */
    protected function injectToGlobal(array $theVariables)
    {
        foreach ($theVariables as $name => $value) {
            if ($this->ignoringVariable($name)) {
                continue;
            }

            if (isset($GLOBALS[$name]) && is_array($GLOBALS[$name]) && is_array($value)) {
                $GLOBALS[$name] = array_replace_recursive($GLOBALS[$name], $value);
            } else {
                $GLOBALS[$name] = $value;
            }
        }
    }

    /**
     * @return void
     */
    private function applyMagicQuotesGpc()
    {
        $this->addSlashesRecursive($_GET);
        $this->addSlashesRecursive($_POST);
        $this->addSlashesRecursive($_COOKIE);
        $this->addSlashesRecursive($_REQUEST);
    }
}

1	<?php
2	namespace Gongo\MercifulPolluter;
3
4	class Request extends Base
5	{
6	/** @var bool */
7	private $magicQuotesGpc = false;
8
9	/**
10	* @return void
11	*/
12	public function pollute()
13	{
14	if ($this->magicQuotesGpc) {	11✔
15	$this->applyMagicQuotesGpc();	1✔
16	}	1✔
17	$this->injectFileToGlobal();	11✔
18	$this->injectEGPCSToGlobal();	11✔
19	}	11✔
20
21	/**
22	* @return void
23	*/
24	public function enableMagicQuotesGpc()
25	{	1✔
26	$this->magicQuotesGpc = true;	1✔
27	}	1✔
28
29	/**
30	* @return void
31	*/
32	public function disableMagicQuotesGpc()
33	{
34	$this->magicQuotesGpc = false;	×
35	}	×
36
37	/**
38	* Inject $_FILES to global variables.
39	*
40	* The naming rule when injected
41	*
42	* $_FILES['upfile']['tmp_name'] => $upfile
43	* $_FILES['upfile']['size'] => $upfile_size
44	* $_FILES['upfile']['type'] => $upfile_type
45	*
46	* @return void
47	*/
48	private function injectFileToGlobal()
49	{
50	foreach ($_FILES as $field => $info) {	11✔
51	$values = array();	2✔
52
53	foreach ($info as $key => $value) {	2✔
54	if ($key === 'tmp_name') {	2✔
55	$name = $field;	2✔
56	} else {	2✔
57	$name = "{$field}_{$key}";	2✔
58	}
59	$values[$name] = $value;	2✔
60	}	2✔
61
62	$this->injectToGlobal($values);	2✔
63	}	11✔
64	}	11✔
65
66	/**
67	* Inject `EGPCS` to global variables.
68	*
69	* `EGPCS` means $_ENV, $_GET, $_POST, $_COOKIE and $_SERVER.
70	*
71	* @return void
72	*/
73	private function injectEGPCSToGlobal()
74	{
75	$injectedFlag = array(
76	'e' => false,	11✔
77	'g' => false,	11✔
78	'p' => false,	11✔
79	'c' => false,	11✔
80	's' => false
81	);	11✔
82
83	foreach ($this->getInjectVariables() as $name) {	11✔
84	if (!isset($injectedFlag[$name]) \|\| $injectedFlag[$name]) {	11✔
85	continue;	1✔
86	}
87
88	switch ($name) {
89	case 'e':	11✔
90	$this->injectToGlobal($_ENV);	3✔
91	break;	3✔
92	case 'g':	11✔
93	$this->injectToGlobal($_GET);	11✔
94	break;	11✔
95	case 'p':	10✔
96	$this->injectToGlobal($_POST);	10✔
97	break;	10✔
98	case 'c':	5✔
99	$this->injectToGlobal($_COOKIE);	5✔
100	break;	5✔
101	case 's':	2✔
102	$this->injectToGlobal($_SERVER);	2✔
103	break;	2✔
104	}
105
106	$injectedFlag[$name] = true;	11✔
107	}	11✔
108	}	11✔
109
110	/**
111	* @return string[]
112	*/
113	protected function getInjectVariables()
114	{
115	return str_split(	×
116	strtolower(ini_get('variables_order')) // @phpstan-ignore argument.type	×
117	);	×
118	}
119
120	/**
121	* Recursively applies `addslashes` to each element of the array recursive.
122	*
123	* This method is bang .
124	*
125	* @param mixed[] $theVariables
126	* @return void
127	*/
128	private function addSlashesRecursive(&$theVariables)
129	{
130	array_walk_recursive(	1✔
131	$theVariables,	1✔
132	function (&$value) {
133	$value = addslashes($value);	1✔
134	}	1✔
135	);	1✔
136	}	1✔
137
138	/**
139	* @param mixed[] $theVariables
140	* @return void
141	*/
142	protected function injectToGlobal(array $theVariables)
143	{
144	foreach ($theVariables as $name => $value) {	11✔
145	if ($this->ignoringVariable($name)) {	11✔
146	continue;	3✔
147	}
148
149	if (isset($GLOBALS[$name]) && is_array($GLOBALS[$name]) && is_array($value)) {	11✔
150	$GLOBALS[$name] = array_replace_recursive($GLOBALS[$name], $value);	3✔
151	} else {	3✔
152	$GLOBALS[$name] = $value;	11✔
153	}
154	}	11✔
155	}	11✔
156
157	/**
158	* @return void
159	*/
160	private function applyMagicQuotesGpc()
161	{
162	$this->addSlashesRecursive($_GET);	1✔
163	$this->addSlashesRecursive($_POST);	1✔
164	$this->addSlashesRecursive($_COOKIE);	1✔
165	$this->addSlashesRecursive($_REQUEST);	1✔
166	}	1✔
167	}

gongo / merciful-polluter / #107

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous