fix: removed obsolete session id for captchas

Author: thorsten

phpmyfaq/news.php

@@ -45,7 +45,6 @@
 $faqSession->setCurrentUser($user);
 
 $captcha = $container->get('phpmyfaq.captcha');
-$captcha->setSessionId($sids);
 
 $comment = new Comments($faqConfig);
 

phpmyfaq/src/phpMyFAQ/Captcha/GoogleRecaptcha.php

@@ -50,14 +50,6 @@ public function checkCaptchaCode(string $code): bool
         return $response['success'] === true;
     }
 
-    /**
-     * Setter for session id.
-     */
-    public function setSessionId(string $sessionId): GoogleRecaptcha
-    {
-        return $this;
-    }
-
     public function isUserIsLoggedIn(): bool
     {
         return $this->userIsLoggedIn;

phpmyfaq/src/phpMyFAQ/Controller/Administration/Api/NewsController.php

@@ -152,8 +152,8 @@ public function update(Request $request): JsonResponse
             ->setMessage(html_entity_decode((string) $content))
             ->setAuthor($author)
             ->setEmail($email)
-            ->setActive($active)
-            ->setComment($comment)
+            ->setActive((bool) $active)
+            ->setComment((bool) $comment)
             ->setLink($link ?? '')
             ->setLinkTitle($linkTitle ?? '')
             ->setLinkTarget($target ?? '')

phpmyfaq/src/phpMyFAQ/Controller/Frontend/AutoCompleteController.php

@@ -1,7 +1,5 @@
 <?php
 
-declare(strict_types=1);
-
 /**
  * The Autocomplete Controller
  *
@@ -17,6 +15,8 @@
  * @since     2023-07-29
  */
 
+declare(strict_types=1);
+
 namespace phpMyFAQ\Controller\Frontend;
 
 use phpMyFAQ\Category;
@@ -37,14 +37,14 @@ final class AutoCompleteController extends AbstractController
     #[Route(path: 'api/autocomplete')]
     public function search(Request $request): JsonResponse
     {
-        $searchString = Filter::filterVar($request->query->get('search'), FILTER_SANITIZE_SPECIAL_CHARS);
+        $searchString = Filter::filterVar($request->query->get(key: 'search'), FILTER_SANITIZE_SPECIAL_CHARS);
 
         [$currentUser, $currentGroups] = CurrentUser::getCurrentUserGroupId($this->currentUser);
 
         $category = new Category($this->configuration, $currentGroups);
         $category->setUser($currentUser);
         $category->setGroups($currentGroups);
-        $category->transform(0);
+        $category->transform(categoryId: 0);
         $category->buildCategoryTree();
 
         $faqPermission = $this->container->get(id: 'phpmyfaq.faq.permission');

phpmyfaq/src/phpMyFAQ/Controller/Frontend/CommentController.php

@@ -60,65 +60,70 @@ public function create(Request $request): JsonResponse
             return $this->json(['error' => Translation::get(key: 'msgCaptcha')], Response::HTTP_BAD_REQUEST);
         }
 
-        $data = json_decode($request->getContent(), false, 512, JSON_THROW_ON_ERROR);
+        $data = json_decode($request->getContent(), associative: false, depth: 512, flags: JSON_THROW_ON_ERROR);
 
         if (!Token::getInstance($this->container->get(id: 'session'))->verifyToken(
-            'add-comment',
-            $data->{'pmf-csrf-token'},
+            page: 'add-comment',
+            requestToken: $data->{'pmf-csrf-token'},
         )) {
             return $this->json(['error' => Translation::get(key: 'ad_msg_noauth')], Response::HTTP_UNAUTHORIZED);
         }
 
         $type = Filter::filterVar($data->type, FILTER_SANITIZE_SPECIAL_CHARS);
-        $faqId = Filter::filterVar($data->id ?? null, FILTER_VALIDATE_INT, 0);
+        $faqId = Filter::filterVar($data->id ?? null, FILTER_VALIDATE_INT, default: 0);
         $newsId = Filter::filterVar($data->newsId ?? null, FILTER_VALIDATE_INT);
         $username = Filter::filterVar($data->user, FILTER_SANITIZE_SPECIAL_CHARS);
         $email = Filter::filterVar($data->mail, FILTER_VALIDATE_EMAIL);
         $commentText = Filter::filterVar($data->comment_text, FILTER_SANITIZE_SPECIAL_CHARS);
 
         switch ($type) {
             case 'news':
-                $commentId = $newsId;
+                $commentId = (int) $newsId;
                 break;
             case 'faq':
-                $commentId = $faqId;
+                $commentId = (int) $faqId;
                 break;
+            default:
+                $commentId = 0;
         }
 
-        if (empty($commentId)) {
+        if ($commentId === 0) {
             return $this->json(['error' => Translation::get(key: 'errSaveComment')], Response::HTTP_BAD_REQUEST);
         }
 
         // Check display name and e-mail address for not logged-in users
         if (!$this->currentUser->isLoggedIn()) {
             $user = $this->container->get(id: 'phpmyfaq.user');
             if ($user->checkDisplayName($username) && $user->checkMailAddress($email)) {
-                $this->configuration->getLogger()->error('Name and email already used by registered user.');
+                $this->configuration->getLogger()->error(message: 'Name and email already used by registered user.');
                 return $this->json(['error' => Translation::get(key: 'errSaveComment')], Response::HTTP_CONFLICT);
             }
         }
 
         if (
-            !empty($username)
-            && !empty($email)
-            && !empty($commentText)
+            $username !== ''
+            && $email !== ''
+            && $commentText !== ''
             && $stopWords->checkBannedWord($commentText)
             && $comment->isCommentAllowed($commentId, $languageCode, $type)
             && $faq->isActive($commentId, $languageCode, $type)
         ) {
-            $session->userTracking('save_comment', $commentId);
+            $session->userTracking(
+                action: 'save_comment',
+                data: $commentId,
+            );
             $commentEntity = new Comment();
             $commentEntity
                 ->setRecordId((int) $commentId)
                 ->setType($type)
                 ->setUsername($username)
                 ->setEmail($email)
                 ->setComment(nl2br(strip_tags((string) $commentText)))
-                ->setDate((string) $request->server->get('REQUEST_TIME'));
+                ->setDate((string) $request->server->get(key: 'REQUEST_TIME'));
 
             if ($comment->create($commentEntity)) {
                 $notification = $this->container->get(id: 'phpmyfaq.notification');
-                if ('faq' == $type) {
+                if ('faq' === $type) {
                     $faq->getFaq($commentId);
                     $notification->sendFaqCommentNotification($faq, $commentEntity);
                 } else {
@@ -142,7 +147,10 @@ public function create(Request $request): JsonResponse
                 ], Response::HTTP_OK);
             }
 
-            $session->userTracking('error_save_comment', $commentId);
+            $session->userTracking(
+                action: 'error_save_comment',
+                data: $commentId,
+            );
             return $this->json(['error' => Translation::get(key: 'errSaveComment')], Response::HTTP_BAD_REQUEST);
         }
 

phpmyfaq/src/phpMyFAQ/Controller/Frontend/ContactController.php

@@ -1,7 +1,5 @@
 <?php
 
-declare(strict_types=1);
-
 /**
  * The Contact Controller
  *
@@ -17,6 +15,8 @@
  * @since     2024-03-09
  */
 
+declare(strict_types=1);
+
 namespace phpMyFAQ\Controller\Frontend;
 
 use phpMyFAQ\Controller\AbstractController;
@@ -35,6 +35,8 @@ final class ContactController extends AbstractController
     /**
      * @throws Exception
      * @throws \JsonException
+     * @throws \Exception
+     *
      */
     #[Route(path: 'api/contact', methods: ['POST'])]
     public function create(Request $request): JsonResponse
@@ -54,7 +56,7 @@ public function create(Request $request): JsonResponse
         if (
             $author !== ''
             && $author !== '0'
-            && !empty($email)
+            && $email !== ''
             && $question !== ''
             && $question !== '0'
             && $stopWords->checkBannedWord($question)
@@ -73,7 +75,10 @@ public function create(Request $request): JsonResponse
                 $mailer->setReplyTo($email, $author);
                 $mailer->addTo($this->configuration->getAdminEmail());
                 $mailer->setReplyTo($this->configuration->getNoReplyEmail());
-                $mailer->subject = Utils::resolveMarkers('Feedback: %sitename%', $this->configuration);
+                $mailer->subject = Utils::resolveMarkers(
+                    text: 'Feedback: %sitename%',
+                    configuration: $this->configuration,
+                );
                 $mailer->message = $question;
                 $mailer->send();
                 unset($mailer);
@@ -82,8 +87,8 @@ public function create(Request $request): JsonResponse
             } catch (Exception|TransportExceptionInterface $e) {
                 return $this->json(['error' => $e->getMessage()], Response::HTTP_BAD_REQUEST);
             }
-        } else {
-            return $this->json(['error' => Translation::get(key: 'err_sendMail')], Response::HTTP_BAD_REQUEST);
         }
+
+        return $this->json(['error' => Translation::get(key: 'err_sendMail')], Response::HTTP_BAD_REQUEST);
     }
 }

phpmyfaq/src/phpMyFAQ/Controller/Frontend/QuestionController.php

@@ -1,7 +1,5 @@
 <?php
 
-declare(strict_types=1);
-
 /**
  * The Question & Smart Answer Controller
  *
@@ -17,6 +15,8 @@
  * @since     2024-03-03
  */
 
+declare(strict_types=1);
+
 namespace phpMyFAQ\Controller\Frontend;
 
 use phpMyFAQ\Category;
@@ -53,7 +53,7 @@ public function create(Request $request): JsonResponse
 
         $categories = $category->getAllCategories();
 
-        $data = json_decode($request->getContent(), false, 512, JSON_THROW_ON_ERROR);
+        $data = json_decode($request->getContent(), associative: false, depth: 512, flags: JSON_THROW_ON_ERROR);
 
         $author = trim((string) Filter::filterVar($data->name, FILTER_SANITIZE_SPECIAL_CHARS));
         $email = trim((string) Filter::filterVar($data->email, FILTER_VALIDATE_EMAIL));
@@ -103,7 +103,7 @@ public function create(Request $request): JsonResponse
 
                 $searchResult = array_merge(...array_map(static fn($word) => $faqSearch->search(
                     $word,
-                    false,
+                    allLanguages: false,
                 ), array_filter($cleanQuestion)));
 
                 $searchResultSet->reviewResultSet($searchResult);

tests/phpMyFAQ/Captcha/GoogleRecaptchaTest.php

@@ -101,45 +101,13 @@ public function testCheckCaptchaCodeWhenNotLoggedIn(): void
         $this->expectNotToPerformAssertions(); // Will attempt HTTP call
     }
 
-    /**
-     * Test setSessionId method
-     */
-    public function testSetSessionId(): void
-    {
-        $sessionId = 'test-session-123';
-        $result = $this->googleRecaptcha->setSessionId($sessionId);
-
-        $this->assertInstanceOf(GoogleRecaptcha::class, $result); // Fluent interface
-        // Note: The method currently doesn't store the session ID, just returns $this
-    }
-
-    /**
-     * Test setSessionId with various session ID formats
-     */
-    public function testSetSessionIdWithVariousFormats(): void
-    {
-        $sessionIds = [
-            'simple-session',
-            'session_with_underscores',
-            'session123456',
-            'very-long-session-id-with-many-characters-and-hyphens',
-            ''
-        ];
-
-        foreach ($sessionIds as $sessionId) {
-            $result = $this->googleRecaptcha->setSessionId($sessionId);
-            $this->assertInstanceOf(GoogleRecaptcha::class, $result);
-        }
-    }
-
     /**
      * Test fluent interface chaining
      */
     public function testFluentInterface(): void
     {
         $result = $this->googleRecaptcha
             ->setUserIsLoggedIn(true)
-            ->setSessionId('test-session')
             ->setUserIsLoggedIn(false);
 
         $this->assertInstanceOf(GoogleRecaptcha::class, $result);
@@ -175,11 +143,11 @@ public function testConfigurationIntegration(): void
 
         $this->googleRecaptcha->setUserIsLoggedIn(false);
 
-        // This will attempt to make HTTP request and fail, but we verify config is called
+        // This will attempt to make an HTTP request and fail, but we verify config is called
         try {
             $this->googleRecaptcha->checkCaptchaCode('test-token');
         } catch (\Error $e) {
-            // Expected - file_get_contents will fail in test environment
+            // Expected - file_get_contents will fail in the test environment
             $this->assertStringContainsString('file_get_contents', $e->getMessage());
         }
     }
@@ -216,20 +184,6 @@ public function testObjectStateIndependence(): void
         $this->assertFalse($recaptcha2->isUserIsLoggedIn());
     }
 
-    /**
-     * Test session ID method behavior
-     */
-    public function testSessionIdMethodBehavior(): void
-    {
-        // Test that setSessionId always returns the same instance
-        $instance1 = $this->googleRecaptcha->setSessionId('session1');
-        $instance2 = $this->googleRecaptcha->setSessionId('session2');
-
-        $this->assertSame($this->googleRecaptcha, $instance1);
-        $this->assertSame($this->googleRecaptcha, $instance2);
-        $this->assertSame($instance1, $instance2);
-    }
-
     /**
      * Test authentication bypass security
      */