add rules to embedded php and closing tags

Inklings-io · Jul 10, 2017 · 1f253d3 · 1f253d3
1 parent eabdf0a
commit 1f253d3
Show file tree

Hide file tree

Showing 3 changed files with 27 additions and 24 deletions.
diff --git a/index.php b/index.php
@@ -179,25 +179,25 @@ function verify_password($url, $pass)
     </head>
     <body>
     <h1>Authenticate</h1>
-    <div>You are attempting to login with client <pre><?php echo $client_id?></pre></div>
-    <div>It is requesting the following scopes <pre><?php echo $scope?></pre></div>
-    <div>After login you will be redirected to  <pre><?php echo $redirect_uri?></pre></div>
+    <div>You are attempting to login with client <pre><?php echo $client_id; ?></pre></div>
+    <div>It is requesting the following scopes <pre><?php echo $scope; ?></pre></div>
+    <div>After login you will be redirected to  <pre><?php echo $redirect_uri; ?></pre></div>
 
     <form method="POST" action="">
-        <input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($csrf_code)?>" />
-        <input type="hidden" name="redirect_uri" value="<?php echo htmlspecialchars($redirect_uri)?>" />
-        <input type="hidden" name="me" value="<?php echo htmlspecialchars($me)?>" />
-        <input type="hidden" name="response_type" value="<?php echo htmlspecialchars($response_type)?>" />
-        <input type="hidden" name="state" value="<?php echo htmlspecialchars($state)?>" />
-        <input type="hidden" name="scope" value="<?php echo htmlspecialchars($scope)?>" />
-        <input type="hidden" name="client_id" value="<?php echo htmlspecialchars($client_id)?>" />
+        <input type="hidden" name="_csrf" value="<?php echo htmlspecialchars($csrf_code); ?>" />
+        <input type="hidden" name="redirect_uri" value="<?php echo htmlspecialchars($redirect_uri); ?>" />
+        <input type="hidden" name="me" value="<?php echo htmlspecialchars($me); ?>" />
+        <input type="hidden" name="response_type" value="<?php echo htmlspecialchars($response_type); ?>" />
+        <input type="hidden" name="state" value="<?php echo htmlspecialchars($state); ?>" />
+        <input type="hidden" name="scope" value="<?php echo htmlspecialchars($scope); ?>" />
+        <input type="hidden" name="client_id" value="<?php echo htmlspecialchars($client_id); ?>" />
         <div class="form-line"><label for="password">Password:</label> <input type="password" name="password" id="password" /></div>
         <div class="form-line"><input class="submit" type="submit" name="submit" value="Submit" /></div>
     </form>
 
     </body></html>
 <?php
-    exit();
+exit();
 } //end elseif
 
 $csrf_code      = (isset($_POST['_csrf']) ? $_POST['_csrf']           : null );

diff --git a/ruleset.xml b/ruleset.xml
@@ -25,6 +25,7 @@
   </rule>
 
   <rule ref="Squiz.PHP.DisallowMultipleAssignments"/>
+  <rule ref="Squiz.PHP.EmbeddedPhp"/>
 
  <!-- 2.2 Files -->
 

diff --git a/setup.php b/setup.php
@@ -24,41 +24,43 @@
 <body>
 <h1>Setup Selfauth</h1>
 <div class="instructions">In order to configure Selfauth, you need to fill in a few values, this page helps generate those options.</div>
-<?php if (isset($_POST['username'])) :?>
+<?php if (isset($_POST['username'])) : ?>
 <div>
-<?php define('RANDOM_BYTE_COUNT', 32);
+<?php
+define('RANDOM_BYTE_COUNT', 32);
 
-    $app_url = 'http' . (isset($_SERVER['HTTPS']) ? 's' : '') . '://' . $_SERVER['HTTP_HOST']
-      . str_replace('setup.php', '', $_SERVER['REQUEST_URI']);
+$app_url = 'http' . (isset($_SERVER['HTTPS']) ? 's' : '') . '://' . $_SERVER['HTTP_HOST']
+  . str_replace('setup.php', '', $_SERVER['REQUEST_URI']);
 
 if (function_exists('random_bytes')) {
     $bytes = random_bytes(RANDOM_BYTE_COUNT);
 } elseif (function_exists('openssl_random_pseudo_bytes')) {
     $bytes = openssl_random_pseudo_bytes(RANDOM_BYTE_COUNT);
 } else {
-    for ($i=0, $bytes=''; $i < RANDOM_BYTE_COUNT; $i++) {
+    $bytes='';
+    for ($i=0; $i < RANDOM_BYTE_COUNT; $i++) {
         $bytes .= chr(mt_rand(0, 255));
     }
 }
-    $app_key = bin2hex($bytes);
+$app_key = bin2hex($bytes);
 
 
-    $user = $_POST['username'];
+$user = $_POST['username'];
 
-    $user_tmp = trim(preg_replace('/^https?:\/\//', '', $_POST['username']), '/');
-    $pass = md5($user_tmp . $_POST['password'] . $app_key);
+$user_tmp = trim(preg_replace('/^https?:\/\//', '', $_POST['username']), '/');
+$pass = md5($user_tmp . $_POST['password'] . $app_key);
 
-    $config_file_contents = "<?php
+$config_file_contents = "<?php
 define('APP_URL', '$app_url');
 define('APP_KEY', '$app_key');
 define('USER_HASH', '$pass');
 define('USER_URL', '$user');";
 
 
 
-    $configfile= __DIR__ . '/config.php';
+$configfile= __DIR__ . '/config.php';
 
-    $configured = true;
+$configured = true;
 
 if (file_exists($configfile)) {
     require_once $configfile;
@@ -74,7 +76,7 @@
     $configured = false;
 }
 
-    $file_written = false;
+$file_written = false;
 
 if (is_writeable($configfile) && !$configured) {
     $handle = fopen($configfile, 'w');