- added type-hints
- added documentation
This commit is contained in:
Roland Häder 2022-06-22 05:03:30 +02:00
parent 84bfc37bf1
commit dfa95ea58d
No known key found for this signature in database
GPG Key ID: C82EDE5DDFA0BA77
2 changed files with 21 additions and 10 deletions

View File

@ -102,6 +102,7 @@ abstract class BaseModule implements ICanHandleRequests
* e.g. from protocol implementations.
*
* @param string[] $request The $_REQUEST content
* @return void
*/
protected function rawContent(array $request = [])
{
@ -117,6 +118,7 @@ abstract class BaseModule implements ICanHandleRequests
* XML feed or a JSON output.
*
* @param string[] $request The $_REQUEST content
* @return string
*/
protected function content(array $request = []): string
{
@ -130,6 +132,7 @@ abstract class BaseModule implements ICanHandleRequests
* Doesn't display any content
*
* @param string[] $request The $_REQUEST content
* @return void
*/
protected function delete(array $request = [])
{
@ -142,6 +145,7 @@ abstract class BaseModule implements ICanHandleRequests
* Doesn't display any content
*
* @param string[] $request The $_REQUEST content
* @return void
*/
protected function patch(array $request = [])
{
@ -154,7 +158,7 @@ abstract class BaseModule implements ICanHandleRequests
* Doesn't display any content
*
* @param string[] $request The $_REQUEST content
*
* @return void
*/
protected function post(array $request = [])
{
@ -168,6 +172,7 @@ abstract class BaseModule implements ICanHandleRequests
* Doesn't display any content
*
* @param string[] $request The $_REQUEST content
* @return void
*/
protected function put(array $request = [])
{
@ -279,12 +284,12 @@ abstract class BaseModule implements ICanHandleRequests
/**
* Fetch a request value and apply default values and check against minimal and maximal values
*
* @param array $input
* @param string $parameter
* @param mixed $default
* @param mixed $minimal_value
* @param mixed $maximum_value
* @return mixed
* @param array $input Input viels
* @param string $parameter Parameter
* @param mixed $default Default
* @param mixed $minimal_value Minimal value
* @param mixed $maximum_value Maximum value
* @return mixed null on error anything else on success (?)
*/
public function getRequestValue(array $input, string $parameter, $default = null, $minimal_value = null, $maximum_value = null)
{
@ -320,7 +325,7 @@ abstract class BaseModule implements ICanHandleRequests
return $value;
}
/*
/**
* Functions used to protect against Cross-Site Request Forgery
* The security token has to base on at least one value that an attacker can't know - here it's the session ID and the private key.
* In this implementation, a security token is reusable (if the user submits a form, goes back and resubmits the form, maybe with small changes;
@ -330,8 +335,11 @@ abstract class BaseModule implements ICanHandleRequests
* If the new page contains by any chance external elements, then the used security token is exposed by the referrer.
* Actually, important actions should not be triggered by Links / GET-Requests at all, but sometimes they still are,
* so this mechanism brings in some damage control (the attacker would be able to forge a request to a form of this type, but not to forms of other types).
*
* @param string $typename Type name
* @return string Security hash with timestamp
*/
public static function getFormSecurityToken(string $typename = '')
public static function getFormSecurityToken(string $typename = ''): string
{
$user = User::getById(DI::app()->getLoggedInUserId(), ['guid', 'prvkey']);
$timestamp = time();
@ -404,7 +412,7 @@ abstract class BaseModule implements ICanHandleRequests
}
}
protected static function getContactFilterTabs(string $baseUrl, string $current, bool $displayCommonTab)
protected static function getContactFilterTabs(string $baseUrl, string $current, bool $displayCommonTab): array
{
$tabs = [
[

View File

@ -43,7 +43,10 @@ require_once 'boot.php';
abstract class BaseAdmin extends BaseModule
{
/**
* Checks admin access and throws exceptions if not logged-in administrator
*
* @param bool $interactive
* @return void
* @throws HTTPException\ForbiddenException
* @throws HTTPException\InternalServerErrorException
*/