Scanning the Internet for External Cloud Exposures via SSL Certs
LEGACY PHP REFACTORING
1.
2.
3. What do we do with legacy code? We refactor! Refactoring is safely changing the implementation of code without changing the behavior of code.
4.
5.
6.
7.
8. The simplest view class class View { protected static $VIEW_PATH = '/wherever/views/'; public function assign($name, $value) { return $this->$name = $value; } public function render($filename) { $filename = self::$VIEW_PATH . $filename; if (is_file($filename)) { ob_start(); include($filename); return ob_get_clean(); } } }
9.
10.
11.
12.
13.
14.
15. Alternative control structures <?php if ($foo): ?> ... <?php endif; ?> <?php foreach ($this as $that): ?> ... <?php endforeach; ?>
16.
17.
18.
19.
20.
21.
22.
23.
24.
25.
26. Using nested requires instead of function calls <?php require_once('db_setup_inc.php'); require_once('account_auth_inc.php'); require_once('i18n_inc.php'); echo ' <h1>Orders for account #' . $account_id . '</h1>'; require('get_all_orders_inc.php'); ...
27.
28.
29.
30.
31. account_auth_inc.php <?php $auth_token = $_COOKIE['token'] ; if ($auth_token) { $acct_id = $db ->GetOne('SELECT acct_id FROM logins WHERE auth_token = ?', array($auth_token)); } if ($acct_id) { $acct = new Account($acct_id); } else { $acct = null; } $_COOKIE['token'] = gen_new_token($auth_token);
32.
33. Function-wrapped <?php function account_auth($db, $auth_token) { if ( $auth_token ) { $acct_id = $db->GetOne('SELECT acct_id FROM logins WHERE auth_token = ?', array($auth_token)); } if ($acct_id) { $acct = new Account($acct_id); } else { $acct = null; } return array($acct, gen_new_token($auth_token)); } list($acct, $_COOKIE['token']) = account_auth($db, $_COOKIE['token']);
34.
35. Moved token handling to Account <?php function account_auth($db, $auth_token) { // Instead of null, we now return an unloaded Account. $acct = new Account(); if ($auth_token) { // SQL code from before $acct->loadFromToken($auth_token); // Token generation and cookie setting $acct->genNewToken($auth_token); } return $acct; } $acct = account_auth($db, $_COOKIE['token']);
36.
37. Global variables everywhere <?php $account_id = $_POST['acct_id']; $account = new Account($account_id); function getPurchases() { global $account; global $database; ... } function getLanguage() { global $account; global $database; global $i18n; ... }
38.
39.
40.
41.
42.
43. Parameterizing globals <?php $account_id = $_POST['acct_id']; $account = new Account( $database , $account_id); function getPurchases( $account ) { global $account; global $database; ... } function getLanguage( $account, $i18n ) { global $account; global $database; global $i18n; ... }