phpstan for webroot

phpstan.neon

@@ -2,6 +2,7 @@ parameters:
   level: 4
   paths:
     - resources
+    - webroot
     - test
   ignoreErrors:
     # $this, $data comes from UnityMailer
@@ -35,3 +36,8 @@ parameters:
         - '#Property UnityWebPortal\\lib\\UnityWebhook::\$Subject is never written, only read\.#'
       paths:
         - resources/lib/UnityWebhook.php
+    # init.php sets these when the user is logged in
+    - messages:
+        - '#Variable \$(LDAP|SQL|MAILER|WEBHOOK|GITHUB|SSO|OPERATOR|USER|SEND_PIMESG_TO_ADMINS|LOC_HEADER|LOC_FOOTER) might not be defined.#'
+      paths:
+        - webroot/*

resources/lib/UnityHTTPD.php

@@ -228,7 +228,7 @@ public static function errorHandler(int $severity, string $message, string $file
         return false;
     }
 
-    public static function getPostData(string $key): mixed
+    public static function getPostData(string $key): string
     {
         if (!array_key_exists("REQUEST_METHOD", $_SERVER)) {
             throw new RuntimeException('$_SERVER has no array key "REQUEST_METHOD"');
@@ -243,7 +243,7 @@ public static function getPostData(string $key): mixed
     }
 
     /* returns null if not found and not $throw_if_not_found */
-    public static function getQueryParameter(string $key, bool $throw_if_not_found = true): mixed
+    public static function getQueryParameter(string $key, bool $throw_if_not_found = true): ?string
     {
         if (!array_key_exists($key, $_GET)) {
             if ($throw_if_not_found) {

test/functional/PIMemberRequestTest.php

@@ -48,8 +48,8 @@ public function testRequestMembership()
             $this->requestMembership("asdlkjasldkj");
             $this->assertMessageExists(
                 UnityHTTPDMessageLevel::ERROR,
+                "/^This PI Doesn't Exist$/",
                 "/.*/",
-                "/^This PI doesn't exist$/",
             );
             $this->requestMembership($pi_group->getOwner()->getMail());
             $this->assertTrue($SQL->requestExists($uid, $gid));

webroot/admin/ajax/get_group_members.php

@@ -4,6 +4,7 @@
 
 use UnityWebPortal\lib\UnityGroup;
 use UnityWebPortal\lib\UnityHTTPD;
+use UnityWebPortal\lib\UserFlag;
 
 if (!$USER->getFlag(UserFlag::ADMIN)) {
     UnityHTTPD::forbidden("not an admin");

webroot/admin/ajax/get_page_contents.php

@@ -3,6 +3,7 @@
 require_once __DIR__ . "/../../../resources/autoload.php";
 
 use UnityWebPortal\lib\UnityHTTPD;
+use UnityWebPortal\lib\UserFlag;
 
 if (!$USER->getFlag(UserFlag::ADMIN)) {
     UnityHTTPD::forbidden("not an admin");

webroot/admin/pi-mgmt.php

@@ -12,36 +12,37 @@
     UnityHTTPD::forbidden("not an admin");
 }
 
+$getUserFromPost = function () {
+    global $LDAP, $SQL, $MAILER, $WEBHOOK;
+    return new UnityUser(UnityHTTPD::getPostData("uid"), $LDAP, $SQL, $MAILER, $WEBHOOK);
+};
+
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
     UnityHTTPD::validatePostCSRFToken();
-    if (isset($_POST["uid"])) {
-        $form_user = new UnityUser($_POST["uid"], $LDAP, $SQL, $MAILER, $WEBHOOK);
-    }
-
     switch ($_POST["form_type"]) {
         case "req":
+            $form_user = $getUserFromPost();
             if ($_POST["action"] == "Approve") {
                 $group = $form_user->getPIGroup();
                 $group->approveGroup($OPERATOR);
             } elseif ($_POST["action"] == "Deny") {
                 $group = $form_user->getPIGroup();
                 $group->denyGroup($OPERATOR);
             }
-
             break;
         case "reqChild":
+            $form_user = $getUserFromPost();
             $parent_group = new UnityGroup($_POST["pi"], $LDAP, $SQL, $MAILER, $WEBHOOK);
             if ($_POST["action"] == "Approve") {
                 $parent_group->approveUser($form_user);
             } elseif ($_POST["action"] == "Deny") {
                 $parent_group->denyUser($form_user);
             }
-
             break;
         case "remUserChild":
+            $form_user = $getUserFromPost();
             $parent = new UnityGroup($_POST["pi"], $LDAP, $SQL, $MAILER, $WEBHOOK);
             $parent->removeUser($form_user);
-
             break;
     }
 }

webroot/admin/user-mgmt.php

@@ -15,7 +15,7 @@
         case "viewAsUser":
             $_SESSION["viewUser"] = $_POST["uid"];
             UnityHTTPD::redirect(getURL("panel/account.php"));
-            break;
+            break; /** @phpstan-ignore deadCode.unreachable */
     }
 }
 

webroot/panel/groups.php

@@ -6,29 +6,30 @@
 use UnityWebPortal\lib\UnityGroup;
 use UnityWebPortal\lib\UnityHTTPD;
 
+$getPIGroupFromPost = function () {
+    global $LDAP, $SQL, $MAILER, $WEBHOOK;
+    $gid_or_mail = UnityHTTPD::getPostData("pi");
+    if (substr($gid_or_mail, 0, 3) !== "pi_" && str_contains($gid_or_mail, "@")) {
+        try {
+            $gid_or_mail = UnityGroup::ownerMail2GID($gid_or_mail);
+        } catch (EntryNotFoundException) {
+            // oh well, we tried
+        }
+    }
+    $pi_group = new UnityGroup($gid_or_mail, $LDAP, $SQL, $MAILER, $WEBHOOK);
+    if (!$pi_group->exists()) {
+        UnityHTTPD::messageError("This PI Doesn't Exist", $gid_or_mail);
+        UnityHTTPD::redirect();
+    }
+    return $pi_group;
+};
+
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
     UnityHTTPD::validatePostCSRFToken();
     if (isset($_POST["form_type"])) {
-        if (isset($_POST["pi"])) {
-            $pi_groupname = $_POST["pi"];
-            if (substr($pi_groupname, 0, 3) !== "pi_" && str_contains($pi_groupname, "@")) {
-                try {
-                    $pi_groupname = UnityGroup::ownerMail2GID($pi_groupname);
-                } catch (EntryNotFoundException) {
-                }
-            }
-            $pi_account = new UnityGroup($pi_groupname, $LDAP, $SQL, $MAILER, $WEBHOOK);
-            if (!$pi_account->exists()) {
-                UnityHTTPD::messageError(
-                    "Invalid Group Membership Request",
-                    "This PI doesn't exist"
-                );
-                UnityHTTPD::redirect();
-            }
-        }
-
         switch ($_POST["form_type"]) {
             case "addPIform":
+                $pi_account = $getPIGroupFromPost();
                 if (!isset($_POST["tos"]) || $_POST["tos"] != "agree") {
                     UnityHTTPD::badRequest("user did not agree to terms of service");
                 }
@@ -50,15 +51,17 @@
                 }
                 $pi_account->newUserRequest($USER);
                 UnityHTTPD::redirect();
-                break;
+                break; /** @phpstan-ignore deadCode.unreachable */
             case "removePIForm":
+                $pi_account = $getPIGroupFromPost();
                 $pi_account->removeUser($USER);
                 UnityHTTPD::redirect();
-                break;
+                break; /** @phpstan-ignore deadCode.unreachable */
             case "cancelPIForm":
+                $pi_account = $getPIGroupFromPost();
                 $pi_account->cancelGroupJoinRequest($USER);
                 UnityHTTPD::redirect();
-                break;
+                break; /** @phpstan-ignore deadCode.unreachable */
         }
     }
 }

webroot/panel/pi.php

@@ -11,22 +11,24 @@
     UnityHTTPD::forbidden("not a PI");
 }
 
+$getUserFromPost = function () {
+    global $LDAP, $SQL, $MAILER, $WEBHOOK;
+    return new UnityUser(UnityHTTPD::getPostData("uid"), $LDAP, $SQL, $MAILER, $WEBHOOK);
+};
+
 if ($_SERVER["REQUEST_METHOD"] == "POST") {
     UnityHTTPD::validatePostCSRFToken();
-    if (isset($_POST["uid"])) {
-        $form_user = new UnityUser($_POST["uid"], $LDAP, $SQL, $MAILER, $WEBHOOK);
-    }
-
     switch ($_POST["form_type"]) {
         case "userReq":
+            $form_user = $getUserFromPost();
             if ($_POST["action"] == "Approve") {
                 $group->approveUser($form_user);
             } elseif ($_POST["action"] == "Deny") {
                 $group->denyUser($form_user);
             }
-
             break;
         case "remUser":
+            $form_user = $getUserFromPost();
             // remove user button clicked
             $group->removeUser($form_user);