Merge pull request #38 from paragonie/pre-beta3-audit

Pre-Release Code Review

.gitignore

@@ -22,4 +22,4 @@
 /test/phpunit.phar
 /test/phpunit.phar.asc
 /vendor/
-/composer.lock
+/composer.lock

src/Airship.php

@@ -29,6 +29,7 @@
     'AIRSHIP_BLAKE2B_PERSONALIZATION',
     'ParagonInitiativeEnterprises:Airship-PoweredByHalite:Keyggdrasil'
 );
+\define('AIRSHIP_DATE_FORMAT', 'Y-m-d\TH:i:s');
 
 /**
  * Do all of these keys exist in the target array

src/Alerts/CabinNotFound.php

@@ -9,4 +9,4 @@
 class CabinNotFound extends \Exception
 {
 
-}
+}

src/Alerts/Continuum/ChannelSignatureFailed.php

@@ -8,4 +8,4 @@
 class ChannelSignatureFailed extends \Exception
 {
 
-}
+}

src/Alerts/Continuum/MotifZipFailed.php

@@ -9,4 +9,4 @@
 class MotifZipFailed extends \Exception
 {
 
-}
+}

src/Alerts/Continuum/PeerSignatureFailed.php

@@ -8,4 +8,4 @@
 class PeerSignatureFailed extends \Exception
 {
 
-}
+}

src/Alerts/Database/InvalidIdentifier.php

@@ -8,4 +8,4 @@
 class InvalidIdentifier extends DBException
 {
 
-}
+}

src/Alerts/FileSystem/AccessDenied.php

@@ -8,4 +8,4 @@
 class AccessDenied extends \Exception
 {
 
-}
+}

src/Alerts/FileSystem/FileNotFound.php

@@ -8,4 +8,4 @@
 class FileNotFound extends \Exception
 {
 
-}
+}

src/Alerts/FileSystem/UploadError.php

@@ -8,4 +8,4 @@
 class UploadError extends \Error
 {
 
-}
+}

src/Alerts/GearNotFound.php

@@ -8,4 +8,4 @@
 class GearNotFound extends \Exception
 {
 
-}
+}

src/Alerts/Hail/SignatureFailed.php

@@ -11,4 +11,4 @@
 class SignatureFailed extends SecurityAlert
 {
 
-}
+}

src/Alerts/Router/FallbackLoop.php

@@ -8,4 +8,4 @@
 class FallbackLoop extends \Exception
 {
 
-}
+}

src/Alerts/Security/Filter/UnsupportedOperation.php

@@ -11,4 +11,4 @@
 class UnsupportedOperation extends SecurityAlert
 {
 
-}
+}

src/Alerts/Security/SecurityAlert.php

@@ -8,4 +8,4 @@
 class SecurityAlert extends \Exception
 {
 
-}
+}

src/Alerts/Security/UserNotFound.php

@@ -8,4 +8,4 @@
 class UserNotFound extends SecurityAlert
 {
 
-}
+}

src/Alerts/Security/UserNotLoggedIn.php

@@ -8,4 +8,4 @@
 class UserNotLoggedIn extends SecurityAlert
 {
 
-}
+}

src/Cabin/Bridge/Blueprint/Author.php

@@ -44,8 +44,7 @@ public function addUserByUniqueId(
         int $authorId,
         string $uniqueId,
         bool $inCharge = false
-    ): bool
-    {
+    ): bool {
         $this->db->beginTransaction();
         $userID = (int)$this->db->cell(
             'SELECT userid FROM airship_users WHERE uniqueid = ?',
@@ -286,8 +285,11 @@ public function getById(int $authorId): array
      * @param string $dir
      * @return array
      */
-    public function getForUser(int $userId, string $sortby = 'name', string $dir = 'ASC'): array
-    {
+    public function getForUser(
+        int $userId,
+        string $sortby = 'name',
+        string $dir = 'ASC'
+    ): array {
         $authors = $this->db->run(
             'SELECT * FROM view_hull_users_authors WHERE userid = ?' .
                 $this->orderBy($sortby, $dir, ['name', 'created']),
@@ -307,7 +309,10 @@ public function getForUser(int $userId, string $sortby = 'name', string $dir = '
      */
     public function getName(int $authorId): string
     {
-        $slug = $this->db->cell('SELECT name FROM hull_blog_authors WHERE authorid = ?', $authorId);
+        $slug = $this->db->cell(
+            'SELECT name FROM hull_blog_authors WHERE authorid = ?',
+            $authorId
+        );
         if (!empty($slug)) {
             return $slug;
         }
@@ -388,6 +393,7 @@ public function getNumUsersForAuthor(int $authorId): int
     /**
      * Get the available photo contexts
      *
+     * @param string $label
      * @return int
      */
     public function getPhotoContextId(string $label): int

src/Cabin/Bridge/Blueprint/Blog.php

@@ -30,7 +30,9 @@ class Blog extends BlueprintGear
     use Slug;
     use Cache;
 
-    // Cabin for this blog post (used as a default parameter)
+    /**
+     * @var string Cabin for this blog post (used as a default parameter)
+     */
     protected $cabin = 'Hull';
 
     /**
@@ -60,12 +62,12 @@ public function clearBlogCache(): bool
         if (\extension_loaded('apcu')) {
             return \apcu_clear_cache();
         }
-        foreach (\Airship\list_all_files(ROOT.'/tmp/cache/static') as $f) {
+        foreach (\Airship\list_all_files(ROOT . '/tmp/cache/static') as $f) {
             if (\preg_match('#/([0-9a-z]+)$#', $f)) {
                 \unlink($f);
             }
         }
-        foreach (\Airship\list_all_files(ROOT.'/tmp/cache/csp_static') as $f) {
+        foreach (\Airship\list_all_files(ROOT . '/tmp/cache/csp_static') as $f) {
             if (\preg_match('#/([0-9a-z]+)$#', $f)) {
                 \unlink($f);
             }
@@ -333,6 +335,8 @@ public function deletePost(array $formData, array $blogPost = []): bool
 
 
     /**
+     * Delete this comment and all of its revision history.
+     *
      * @param int $commentId
      * @return bool
      */
@@ -477,7 +481,10 @@ public function getCategoryParents(int $categoryId, int $depth = 0): array
         if ($depth > 100) {
             return [];
         }
-        $parent = $this->db->cell('SELECT parent FROM hull_blog_categories WHERE categoryid = ?', $categoryId);
+        $parent = $this->db->cell(
+            'SELECT parent FROM hull_blog_categories WHERE categoryid = ?',
+            $categoryId
+        );
         if (empty($parent)) {
             return [];
         }
@@ -745,6 +752,20 @@ public function getTags(): array
         return $tags;
     }
 
+    /**
+     * Get a list of all selected blog posts
+     *
+     * @param int $postId
+     * @return array
+     */
+    public function getTagsForPost(int $postId): array
+    {
+        return $this->db->first(
+            'SELECT tagid FROM hull_blog_post_tags WHERE postid = ?',
+            $postId
+        );
+    }
+
     /**
      * Get data on a specific tag
      *
@@ -763,20 +784,6 @@ public function getTagInfo(int $tagId): array
         return $tagInfo;
     }
 
-    /**
-     * Get a list of all selected blog posts
-     *
-     * @param int $postId
-     * @return array
-     */
-    public function getTagsForPost(int $postId): array
-    {
-        return $this->db->first(
-            'SELECT tagid FROM hull_blog_post_tags WHERE postid = ?',
-            $postId
-        );
-    }
-
     /**
      * Make a comment invisible on blog posts.
      *
@@ -849,18 +856,25 @@ public function listComments(int $offset = 0, int $limit = 20): array
      * @param int $limit
      * @return array
      */
-    public function listPosts(bool $showAll = false, int $offset = 0, int $limit = 20): array
-    {
+    public function listPosts(
+        bool $showAll = false,
+        int $offset = 0,
+        int $limit = 20
+    ): array {
         if ($showAll) {
             // You're an admin, so you get to see non-public information
             $posts = $this->db->run(
-                \Airship\queryString('blog.posts.list_all', [
-                    'offset' => $offset,
-                    'limit' => $limit
-                ])
+                \Airship\queryString(
+                    'blog.posts.list_all',
+                    [
+                        'offset' => $offset,
+                        'limit' => $limit
+                    ]
+                )
             );
         } else {
-            // Only show posts that are public or owned by one of the authors this user belongs to
+            // Only show posts that are public or owned by one of
+            // the authors this user belongs to
             $posts = $this->db->safeQuery(
                 \Airship\queryString(
                     'blog.posts.list_mine',
@@ -893,7 +907,7 @@ public function listPostsForAuthor(int $authorId, array $exclude = []): array
         $series = $this->db->run(
             'SELECT * FROM hull_blog_posts WHERE author = ? AND postid NOT IN ' .
                 $this->db->escapeValueSet($exclude, 'int') .
-                ' ORDER BY title ASC',
+            ' ORDER BY title ASC',
             $authorId
         );
         if (empty($series)) {
@@ -960,12 +974,18 @@ public function numItemsInSeries(int $seriesId): int
     public function numComments($published = null): int
     {
         if ($published === null) {
-            return (int) $this->db->cell('SELECT count(commentid) FROM hull_blog_comments');
+            return (int) $this->db->cell(
+                'SELECT count(commentid) FROM hull_blog_comments'
+            );
         }
         if ($published) {
-            return (int) $this->db->cell('SELECT count(commentid) FROM hull_blog_comments WHERE approved');
+            return (int) $this->db->cell(
+                'SELECT count(commentid) FROM hull_blog_comments WHERE approved'
+            );
         }
-        return (int) $this->db->cell('SELECT count(commentid) FROM hull_blog_comments WHERE NOT approved');
+        return (int) $this->db->cell(
+            'SELECT count(commentid) FROM hull_blog_comments WHERE NOT approved'
+        );
     }
 
     /**
@@ -980,12 +1000,18 @@ public function numComments($published = null): int
     public function numPosts($published = null): int
     {
         if ($published === null) {
-            return (int) $this->db->cell('SELECT count(postid) FROM hull_blog_posts');
+            return (int) $this->db->cell(
+                'SELECT count(postid) FROM hull_blog_posts'
+            );
         }
         if ($published) {
-            return (int) $this->db->cell('SELECT count(postid) FROM hull_blog_posts WHERE status');
+            return (int) $this->db->cell(
+                'SELECT count(postid) FROM hull_blog_posts WHERE status'
+            );
         }
-        return (int) $this->db->cell('SELECT count(postid) FROM hull_blog_posts WHERE NOT status');
+        return (int) $this->db->cell(
+            'SELECT count(postid) FROM hull_blog_posts WHERE NOT status'
+        );
     }
 
     /**
@@ -995,7 +1021,9 @@ public function numPosts($published = null): int
      */
     public function numSeries(): int
     {
-        return (int) $this->db->cell('SELECT count(seriesid) FROM hull_blog_series');
+        return (int) $this->db->cell(
+            'SELECT count(seriesid) FROM hull_blog_series'
+        );
     }
 
     /**
@@ -1024,7 +1052,9 @@ public function numSeriesForUser(int $userId): int
      */
     public function numTags(): int
     {
-        return (int) $this->db->cell('SELECT count(tagid) FROM hull_blog_tags');
+        return (int) $this->db->cell(
+            'SELECT count(tagid) FROM hull_blog_tags'
+        );
     }
 
     /**
@@ -1102,8 +1132,11 @@ public function updateCategory(int $id, array $post): bool
      * @param bool $publish
      * @return bool
      */
-    public function updatePost(array $post, array $old, bool $publish = false): bool
-    {
+    public function updatePost(
+        array $post,
+        array $old,
+        bool $publish = false
+    ): bool {
         $this->db->beginTransaction();
         $postUpdates = [];
 
@@ -1163,8 +1196,8 @@ public function updatePost(array $post, array $old, bool $publish = false): bool
         }
         if ($publish && !$old['status']) {
             $postUpdates['status'] = true;
-            $now = new \DateTime('now');
-            $postUpdates['published'] = $now->format('Y-m-d\TH:i:s');
+            $now = new \DateTime();
+            $postUpdates['published'] = $now->format(\AIRSHIP_DATE_FORMAT);
         }
         if ($publish) {
             $postUpdates['cache'] = !empty($post['cache']);