9081365110

Committed 14 May 2024 02:41PM UTC coverage: 94.444% (-2.2%) from 96.629%

Build # 9081365110

Build Type

Pull #27

github

Committed by

web-flow

Commit Message

Merge 6dd8a8359 into ad4a8b804

Pull Request Pull Request #27: Migrate phpunit.xml

Run Details

68 of 72 relevant lines covered (94.44%)

20.28 hits per line

Source File
Press 'n' to go to next uncovered line, 'b' for previous

93.22

/src/Request.php

<?php
namespace Gongo\MercifulPolluter;

class Request extends Base
{
    /** @var bool */
    private $magicQuotesGpc = false;

    /**
     * @return void
     */
    public function pollute()
    {
        if ($this->magicQuotesGpc) {
            $this->applyMagicQuotesGpc();
        }
        $this->injectFileToGlobal();
        $this->injectEGPCSToGlobal();
    }

    /**
     * @return void
     */
    public function enableMagicQuotesGpc()
    {
        $this->magicQuotesGpc = true;
    }

    /**
     * @return void
     */
    public function disableMagicQuotesGpc()
    {
        $this->magicQuotesGpc = false;
    }

    /**
     * Inject $_FILES to global variables.
     *
     * The naming rule when injected
     *
     *     $_FILES['upfile']['tmp_name'] => $upfile
     *     $_FILES['upfile']['size']     => $upfile_size
     *     $_FILES['upfile']['type']     => $upfile_type
     *
     * @return void
     */
    private function injectFileToGlobal()
    {
        foreach ($_FILES as $field => $info) {
            $values = array();

            foreach ($info as $key => $value) {
                if ($key === 'tmp_name') {
                    $name = $field;
                } else {
                    $name = "{$field}_{$key}";
                }
                $values[$name] = $value;
            }

            $this->injectToGlobal($values);
        }
    }

    /**
     * Inject `EGPCS` to global variables.
     *
     * `EGPCS` means $_ENV, $_GET, $_POST, $_COOKIE and $_SERVER.
     *
     * @return void
     */
    private function injectEGPCSToGlobal()
    {
        $injectedFlag = array(
            'e' => false,
            'g' => false,
            'p' => false,
            'c' => false,
            's' => false
        );

        foreach ($this->getInjectVariables() as $name) {
            if (!isset($injectedFlag[$name]) || $injectedFlag[$name]) {
                continue;
            }

            switch ($name) {
                case 'e':
                    $this->injectToGlobal($_ENV);
                    break;
                case 'g':
                    $this->injectToGlobal($_GET);
                    break;
                case 'p':
                    $this->injectToGlobal($_POST);
                    break;
                case 'c':
                    $this->injectToGlobal($_COOKIE);
                    break;
                case 's':
                    $this->injectToGlobal($_SERVER);
                    break;
            }

            $injectedFlag[$name] = true;
        }
    }

    /**
     * @return string[]
     */
    protected function getInjectVariables()
    {
        return str_split(
            strtolower(ini_get('variables_order')) // @phpstan-ignore argument.type
        );
    }

    /**
     * Recursively applies `addslashes` to each element of the array recursive.
     *
     * This method is **bang** .
     *
     * @param mixed[] $theVariables
     * @return void
     */
    private function addSlashesRecursive(&$theVariables)
    {
        array_walk_recursive(
            $theVariables,
            function (&$value) {
                $value = addslashes($value);
            }
        );
    }

    /**
     * @param mixed[] $theVariables
     * @return void
     */
    protected function injectToGlobal(array $theVariables)
    {
        foreach ($theVariables as $name => $value) {
            if ($this->ignoringVariable($name)) {
                continue;
            }

            if (isset($GLOBALS[$name]) && is_array($GLOBALS[$name]) && is_array($value)) {
                $GLOBALS[$name] = array_replace_recursive($GLOBALS[$name], $value);
            } else {
                $GLOBALS[$name] = $value;
            }
        }
    }

    /**
     * @return void
     */
    private function applyMagicQuotesGpc()
    {
        $this->addSlashesRecursive($_GET);
        $this->addSlashesRecursive($_POST);
        $this->addSlashesRecursive($_COOKIE);
        $this->addSlashesRecursive($_REQUEST);
    }
}

1	<?php
2	namespace Gongo\MercifulPolluter;
3
4	class Request extends Base
5	{
6	/** @var bool */
7	private $magicQuotesGpc = false;
8
9	/**
10	* @return void
11	*/
12	public function pollute()
13	{
14	if ($this->magicQuotesGpc) {	44✔
15	$this->applyMagicQuotesGpc();	4✔
16	}
17	$this->injectFileToGlobal();	44✔
18	$this->injectEGPCSToGlobal();	44✔
19	}
20
21	/**
22	* @return void
23	*/
24	public function enableMagicQuotesGpc()
25	{
26	$this->magicQuotesGpc = true;	4✔
27	}
28
29	/**
30	* @return void
31	*/
32	public function disableMagicQuotesGpc()
33	{
34	$this->magicQuotesGpc = false;	×
35	}
36
37	/**
38	* Inject $_FILES to global variables.
39	*
40	* The naming rule when injected
41	*
42	* $_FILES['upfile']['tmp_name'] => $upfile
43	* $_FILES['upfile']['size'] => $upfile_size
44	* $_FILES['upfile']['type'] => $upfile_type
45	*
46	* @return void
47	*/
48	private function injectFileToGlobal()
49	{
50	foreach ($_FILES as $field => $info) {	44✔
51	$values = array();	8✔
52
53	foreach ($info as $key => $value) {	8✔
54	if ($key === 'tmp_name') {	8✔
55	$name = $field;	8✔
56	} else {
57	$name = "{$field}_{$key}";	8✔
58	}
59	$values[$name] = $value;	8✔
60	}
61
62	$this->injectToGlobal($values);	8✔
63	}
64	}
65
66	/**
67	* Inject `EGPCS` to global variables.
68	*
69	* `EGPCS` means $_ENV, $_GET, $_POST, $_COOKIE and $_SERVER.
70	*
71	* @return void
72	*/
73	private function injectEGPCSToGlobal()
74	{
75	$injectedFlag = array(	44✔
76	'e' => false,	44✔
77	'g' => false,	44✔
78	'p' => false,	44✔
79	'c' => false,	44✔
80	's' => false	44✔
81	);	44✔
82
83	foreach ($this->getInjectVariables() as $name) {	44✔
84	if (!isset($injectedFlag[$name]) \|\| $injectedFlag[$name]) {	44✔
85	continue;	4✔
86	}
87
88	switch ($name) {
89	case 'e':	44✔
90	$this->injectToGlobal($_ENV);	12✔
91	break;	12✔
92	case 'g':	44✔
93	$this->injectToGlobal($_GET);	44✔
94	break;	44✔
95	case 'p':	40✔
96	$this->injectToGlobal($_POST);	40✔
97	break;	40✔
98	case 'c':	20✔
99	$this->injectToGlobal($_COOKIE);	20✔
100	break;	20✔
101	case 's':	8✔
102	$this->injectToGlobal($_SERVER);	8✔
103	break;	8✔
104	}
105
106	$injectedFlag[$name] = true;	44✔
107	}
108	}
109
110	/**
111	* @return string[]
112	*/
113	protected function getInjectVariables()
114	{
115	return str_split(	×
116	strtolower(ini_get('variables_order')) // @phpstan-ignore argument.type	×
117	);	×
118	}
119
120	/**
121	* Recursively applies `addslashes` to each element of the array recursive.
122	*
123	* This method is bang .
124	*
125	* @param mixed[] $theVariables
126	* @return void
127	*/
128	private function addSlashesRecursive(&$theVariables)
129	{
130	array_walk_recursive(	4✔
131	$theVariables,	4✔
132	function (&$value) {	4✔
133	$value = addslashes($value);	4✔
134	}	4✔
135	);	4✔
136	}
137
138	/**
139	* @param mixed[] $theVariables
140	* @return void
141	*/
142	protected function injectToGlobal(array $theVariables)
143	{
144	foreach ($theVariables as $name => $value) {	44✔
145	if ($this->ignoringVariable($name)) {	44✔
146	continue;	12✔
147	}
148
149	if (isset($GLOBALS[$name]) && is_array($GLOBALS[$name]) && is_array($value)) {	44✔
150	$GLOBALS[$name] = array_replace_recursive($GLOBALS[$name], $value);	12✔
151	} else {
152	$GLOBALS[$name] = $value;	44✔
153	}
154	}
155	}
156
157	/**
158	* @return void
159	*/
160	private function applyMagicQuotesGpc()
161	{
162	$this->addSlashesRecursive($_GET);	4✔
163	$this->addSlashesRecursive($_POST);	4✔
164	$this->addSlashesRecursive($_COOKIE);	4✔
165	$this->addSlashesRecursive($_REQUEST);	4✔
166	}
167	}

gongo / merciful-polluter / 9081365110

Source File Press 'n' to go to next uncovered line, 'b' for previous

Source File
Press 'n' to go to next uncovered line, 'b' for previous