diff --git a/library/Icinga/Web/Form.php b/library/Icinga/Web/Form.php index 66c256774..fffd152ab 100644 --- a/library/Icinga/Web/Form.php +++ b/library/Icinga/Web/Form.php @@ -39,9 +39,9 @@ abstract class Form extends \Zend_Form { /** * The form's request object - * @var null + * @var \Zend_Controller_Request_Abstract */ - private $request = null; + private $request; /** * Whether this form should NOT add random generated "challenge" tokens that are associated @@ -98,14 +98,6 @@ abstract class Form extends \Zend_Form $this->sessionId = $sessionId; } - /** - * @see Zend_Form::init - */ - public function init() - { - - } - /** * Returns the html-element name of the CSRF token * field @@ -126,6 +118,7 @@ abstract class Form extends \Zend_Form public function render(Zend_View_Interface $view = null) { // Elements must be there to render the form + $this->buildForm(); return parent::render($view); } @@ -177,8 +170,6 @@ abstract class Form extends \Zend_Form } } - - /** * Test if data from array or request is valid * @@ -199,16 +190,16 @@ abstract class Form extends \Zend_Form return parent::isValid($checkData); } - - /** * Disable CSRF counter measure and remove its field if already added + * @param boolean $value Flag */ - final public function setTokenDisabled($value) + final public function setTokenDisabled($value = true) { - $this->tokenDisabled = $value; - if ($value == true) + $this->tokenDisabled = (boolean)$value; + if ($value == true) { $this->removeElement($this->tokenElementName); + } } /** @@ -242,7 +233,9 @@ abstract class Form extends \Zend_Form return; } - if (!isset($checkData[$this->tokenElementName]) || !$this->hasValidCsrfToken($checkData[$this->tokenElementName])) { + if (!isset($checkData[$this->tokenElementName]) + || !$this->hasValidCsrfToken($checkData[$this->tokenElementName]) + ) { throw new InvalidCSRFTokenException(); } } @@ -250,18 +243,16 @@ abstract class Form extends \Zend_Form /** * Check whether the form's CSRF token-field has a valid value * - * @param int $maxAge Max allowed token age - * + * @param string $elementValue Value from the form element * @return bool */ - final private function hasValidCsrfToken($checkData) + final private function hasValidCsrfToken($elementValue) { if ($this->getElement($this->tokenElementName) === null) { return false; } - $elementValue = $checkData; if (strpos($elementValue, '|') === false) { return false; } @@ -280,9 +271,6 @@ abstract class Form extends \Zend_Form /** * Generate a new (seed, token) pair - * - * @param int $maxAge Max allowed token age - * * @return array */ final public function generateCsrfToken() diff --git a/library/Icinga/Web/Form/InvalidCSRFTokenException.php b/library/Icinga/Web/Form/InvalidCSRFTokenException.php index 1b33f4fb6..22b18246c 100644 --- a/library/Icinga/Web/Form/InvalidCSRFTokenException.php +++ b/library/Icinga/Web/Form/InvalidCSRFTokenException.php @@ -1,8 +1,36 @@ + * @license http://www.gnu.org/licenses/gpl-2.0.txt GPL, version 2 + * @author Icinga Development Team + */ +// {{{ICINGA_LICENSE_HEADER}}} namespace Icinga\Web\Form; - -class InvalidCSRFTokenException extends \Exception { - -} \ No newline at end of file +/** + * Exceptions for invalid form tokens + */ +class InvalidCSRFTokenException extends \Exception +{ +} diff --git a/modules/monitoring/application/controllers/CommandController.php b/modules/monitoring/application/controllers/CommandController.php index 314b60838..043a49c14 100644 --- a/modules/monitoring/application/controllers/CommandController.php +++ b/modules/monitoring/application/controllers/CommandController.php @@ -79,22 +79,13 @@ class Monitoring_CommandController extends ModuleActionController $this->form = $form; } - /** - * Getter for form - * @return Form - */ - public function getForm() - { - return $this->form; - } - /** * Test if we have a valid form object * @return bool */ public function issetForm() { - return $this->getForm() !== null && ($this->getForm() instanceof Form); + return $this->form !== null && ($this->form instanceof Form); } /** @@ -105,11 +96,11 @@ class Monitoring_CommandController extends ModuleActionController public function postDispatch() { if ($this->issetForm()) { - if ($this->getRequest()->isPost() && $this->getForm()->isValid(null) === true) { + if ($this->form->isPostAndValid()) { $this->_helper->viewRenderer->setNoRender(true); $this->_helper->layout()->disableLayout(); } - $this->view->form = $this->getForm(); + $this->view->form = $this->form; } parent::postDispatch(); @@ -208,7 +199,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Disable active checks for this object.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -225,7 +216,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Enable active checks for this object.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -241,7 +232,7 @@ class Monitoring_CommandController extends ModuleActionController $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -260,7 +251,7 @@ class Monitoring_CommandController extends ModuleActionController $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -277,7 +268,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Stop obsessing over this object.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -294,7 +285,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Start obsessing over this object.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -311,7 +302,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Passive checks for this object will be omitted.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -328,7 +319,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Passive checks for this object will be accepted.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -345,7 +336,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Notifications for this object will be disabled.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -362,7 +353,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Notifications for this object will be enabled.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -377,7 +368,7 @@ class Monitoring_CommandController extends ModuleActionController $form->setRequest($this->getRequest()); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -393,7 +384,7 @@ class Monitoring_CommandController extends ModuleActionController $form->setWithChildren(false); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -409,7 +400,7 @@ class Monitoring_CommandController extends ModuleActionController $form->setWithChildren(true); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -426,7 +417,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Remove downtime(s) from this host and its services.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -443,7 +434,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Notifications for this host and its services will be disabled.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -460,7 +451,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Notifications for this host and its services will be enabled.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -478,7 +469,7 @@ class Monitoring_CommandController extends ModuleActionController $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -495,7 +486,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Disable active checks for this host and its services.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -512,7 +503,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Enable active checks for this host and its services.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -529,7 +520,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Disable event handler for this object.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -546,7 +537,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Enable event handler for this object.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -563,7 +554,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Disable flapping detection for this object.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -580,7 +571,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Enable flapping detection for this object.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -596,7 +587,7 @@ class Monitoring_CommandController extends ModuleActionController $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -613,7 +604,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Reset modified attributes to its default.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -629,7 +620,7 @@ class Monitoring_CommandController extends ModuleActionController $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -646,7 +637,7 @@ class Monitoring_CommandController extends ModuleActionController $form->addNote(t('Remove problem acknowledgement for this object.')); $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -662,7 +653,7 @@ class Monitoring_CommandController extends ModuleActionController $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } @@ -683,7 +674,7 @@ class Monitoring_CommandController extends ModuleActionController $this->setForm($form); - if ($this->getRequest()->isPost() && $form->isValid(null)) { + if ($form->isPostAndValid() === true) { throw new \Icinga\Exception\ProgrammingError('Command sender not implemented: '. __FUNCTION__); } } diff --git a/modules/monitoring/application/forms/Command/AcknowledgeForm.php b/modules/monitoring/application/forms/Command/AcknowledgeForm.php index 62fce9cb1..36deee5db 100644 --- a/modules/monitoring/application/forms/Command/AcknowledgeForm.php +++ b/modules/monitoring/application/forms/Command/AcknowledgeForm.php @@ -136,8 +136,7 @@ class AcknowledgeForm extends ConfirmationForm */ protected function preValidation(array $data) { - - if (isset($data['expire']) && intval($data['expire']) === 1 ) { + if (isset($data['expire']) && intval($data['expire']) === 1) { $expireTime = $this->getElement('expiretime'); $expireTime->setRequired(true); $expireTime->addValidator($this->createDateTimeValidator(), true);