9081258275

Committed 14 May 2024 02:34PM UTC coverage: 95.402% (-1.2%) from 96.629%

Build # 9081258275

Build Type

Pull #26

github

Committed by

web-flow

Commit Message

Merge 9546639ca into ad4a8b804

Pull Request Pull Request #26: Update PHPUnit 10 (for PHP 8.1 or earlier)

Run Details

83 of 87 relevant lines covered (95.4%)

33.95 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

94.37

/src/Request.php

<?php
namespace Gongo\MercifulPolluter;

class Request extends Base
{
    /** @var bool */
    private $magicQuotesGpc = false;

    /**
     * @return void
     */
    public function pollute()
    {
        if ($this->magicQuotesGpc) {
            $this->applyMagicQuotesGpc();
        }
        $this->injectFileToGlobal();
        $this->injectEGPCSToGlobal();
    }

    /**
     * @return void
     */
    public function enableMagicQuotesGpc()
    {
        $this->magicQuotesGpc = true;
    }

    /**
     * @return void
     */
    public function disableMagicQuotesGpc()
    {
        $this->magicQuotesGpc = false;
    }

    /**
     * Inject $_FILES to global variables.
     *
     * The naming rule when injected
     *
     *     $_FILES['upfile']['tmp_name'] => $upfile
     *     $_FILES['upfile']['size']     => $upfile_size
     *     $_FILES['upfile']['type']     => $upfile_type
     *
     * @return void
     */
    private function injectFileToGlobal()
    {
        foreach ($_FILES as $field => $info) {
            $values = array();

            foreach ($info as $key => $value) {
                if ($key === 'tmp_name') {
                    $name = $field;
                } else {
                    $name = "{$field}_{$key}";
                }
                $values[$name] = $value;
            }

            $this->injectToGlobal($values);
        }
    }

    /**
     * Inject `EGPCS` to global variables.
     *
     * `EGPCS` means $_ENV, $_GET, $_POST, $_COOKIE and $_SERVER.
     *
     * @return void
     */
    private function injectEGPCSToGlobal()
    {
        $injectedFlag = array(
            'e' => false,
            'g' => false,
            'p' => false,
            'c' => false,
            's' => false
        );

        foreach ($this->getInjectVariables() as $name) {
            if (!isset($injectedFlag[$name]) || $injectedFlag[$name]) {
                continue;
            }

            switch ($name) {
                case 'e':
                    $this->injectToGlobal($_ENV);
                    break;
                case 'g':
                    $this->injectToGlobal($_GET);
                    break;
                case 'p':
                    $this->injectToGlobal($_POST);
                    break;
                case 'c':
                    $this->injectToGlobal($_COOKIE);
                    break;
                case 's':
                    $this->injectToGlobal($_SERVER);
                    break;
            }

            $injectedFlag[$name] = true;
        }
    }

    /**
     * @return string[]
     */
    protected function getInjectVariables()
    {
        return str_split(
            strtolower(ini_get('variables_order')) // @phpstan-ignore argument.type
        );
    }

    /**
     * Recursively applies `addslashes` to each element of the array recursive.
     *
     * This method is **bang** .
     *
     * @param mixed[] $theVariables
     * @return void
     */
    private function addSlashesRecursive(&$theVariables)
    {
        array_walk_recursive(
            $theVariables,
            function (&$value) {
                $value = addslashes($value);
            }
        );
    }

    /**
     * @param mixed[] $theVariables
     * @return void
     */
    protected function injectToGlobal(array $theVariables)
    {
        foreach ($theVariables as $name => $value) {
            if ($this->ignoringVariable($name)) {
                continue;
            }

            if (isset($GLOBALS[$name]) && is_array($GLOBALS[$name]) && is_array($value)) {
                $GLOBALS[$name] = array_replace_recursive($GLOBALS[$name], $value);
            } else {
                $GLOBALS[$name] = $value;
            }
        }
    }

    /**
     * @return void
     */
    private function applyMagicQuotesGpc()
    {
        $this->addSlashesRecursive($_GET);
        $this->addSlashesRecursive($_POST);
        $this->addSlashesRecursive($_COOKIE);
        $this->addSlashesRecursive($_REQUEST);
    }
}

1	<?php
2	namespace Gongo\MercifulPolluter;
3
4	class Request extends Base
5	{
6	/** @var bool */
7	private $magicQuotesGpc = false;
8
9	/**
10	* @return void
11	*/
12	public function pollute()
13	{
14	if ($this->magicQuotesGpc) {	88✔
15	$this->applyMagicQuotesGpc();	8✔
16	}	2✔
17	$this->injectFileToGlobal();	88✔
18	$this->injectEGPCSToGlobal();	88✔
19	}	88✔
20
21	/**
22	* @return void
23	*/
24	public function enableMagicQuotesGpc()
25	{	2✔
26	$this->magicQuotesGpc = true;	8✔
27	}	8✔
28
29	/**
30	* @return void
31	*/
32	public function disableMagicQuotesGpc()
33	{
34	$this->magicQuotesGpc = false;	×
35	}	×
36
37	/**
38	* Inject $_FILES to global variables.
39	*
40	* The naming rule when injected
41	*
42	* $_FILES['upfile']['tmp_name'] => $upfile
43	* $_FILES['upfile']['size'] => $upfile_size
44	* $_FILES['upfile']['type'] => $upfile_type
45	*
46	* @return void
47	*/
48	private function injectFileToGlobal()
49	{
50	foreach ($_FILES as $field => $info) {	88✔
51	$values = array();	16✔
52
53	foreach ($info as $key => $value) {	16✔
54	if ($key === 'tmp_name') {	16✔
55	$name = $field;	16✔
56	} else {	4✔
57	$name = "{$field}_{$key}";	16✔
58	}
59	$values[$name] = $value;	16✔
60	}	4✔
61
62	$this->injectToGlobal($values);	16✔
63	}	22✔
64	}	88✔
65
66	/**
67	* Inject `EGPCS` to global variables.
68	*
69	* `EGPCS` means $_ENV, $_GET, $_POST, $_COOKIE and $_SERVER.
70	*
71	* @return void
72	*/
73	private function injectEGPCSToGlobal()
74	{
75	$injectedFlag = array(
76	'e' => false,	88✔
77	'g' => false,	22✔
78	'p' => false,	22✔
79	'c' => false,	22✔
80	's' => false
81	);	22✔
82
83	foreach ($this->getInjectVariables() as $name) {	88✔
84	if (!isset($injectedFlag[$name]) \|\| $injectedFlag[$name]) {	88✔
85	continue;	8✔
86	}
87
88	switch ($name) {
89	case 'e':	88✔
90	$this->injectToGlobal($_ENV);	24✔
91	break;	24✔
92	case 'g':	88✔
93	$this->injectToGlobal($_GET);	88✔
94	break;	88✔
95	case 'p':	80✔
96	$this->injectToGlobal($_POST);	80✔
97	break;	80✔
98	case 'c':	40✔
99	$this->injectToGlobal($_COOKIE);	40✔
100	break;	40✔
101	case 's':	16✔
102	$this->injectToGlobal($_SERVER);	16✔
103	break;	16✔
104	}
105
106	$injectedFlag[$name] = true;	88✔
107	}	22✔
108	}	88✔
109
110	/**
111	* @return string[]
112	*/
113	protected function getInjectVariables()
114	{
115	return str_split(	×
116	strtolower(ini_get('variables_order')) // @phpstan-ignore argument.type	×
117	);
118	}
119
120	/**
121	* Recursively applies `addslashes` to each element of the array recursive.
122	*
123	* This method is bang .
124	*
125	* @param mixed[] $theVariables
126	* @return void
127	*/
128	private function addSlashesRecursive(&$theVariables)
129	{
130	array_walk_recursive(	8✔
131	$theVariables,	8✔
132	function (&$value) {
133	$value = addslashes($value);	8✔
134	}	8✔
135	);	2✔
136	}	8✔
137
138	/**
139	* @param mixed[] $theVariables
140	* @return void
141	*/
142	protected function injectToGlobal(array $theVariables)
143	{
144	foreach ($theVariables as $name => $value) {	88✔
145	if ($this->ignoringVariable($name)) {	88✔
146	continue;	24✔
147	}
148
149	if (isset($GLOBALS[$name]) && is_array($GLOBALS[$name]) && is_array($value)) {	88✔
150	$GLOBALS[$name] = array_replace_recursive($GLOBALS[$name], $value);	24✔
151	} else {	6✔
152	$GLOBALS[$name] = $value;	88✔
153	}
154	}	22✔
155	}	88✔
156
157	/**
158	* @return void
159	*/
160	private function applyMagicQuotesGpc()
161	{
162	$this->addSlashesRecursive($_GET);	8✔
163	$this->addSlashesRecursive($_POST);	8✔
164	$this->addSlashesRecursive($_COOKIE);	8✔
165	$this->addSlashesRecursive($_REQUEST);	8✔
166	}	8✔
167	}

gongo / merciful-polluter / 9081258275

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous