refactor: change implementation, update tests

install/helpers/TemplateUtils.php

@@ -31,6 +31,9 @@
 class TemplateUtils
 {
 
+    const MIN_STEP_VALUE = 1;
+    const MAX_STEP_VALUE = 7;
+
     public static function initializeTwigEnvironment($language): Environment
     {
         $loader = new FilesystemLoader('templates');
@@ -45,13 +48,19 @@ public static function initializeTwigEnvironment($language): Environment
         return $twig;
     }
 
-    public static function getCurrentStep(): int
+    public static function getCurrentStep(array $postData): int
     {
-        if (isset($_POST['step']) && is_numeric($_POST['step'])) {
-            return $_POST['step'];
+        $sanitizedData = filter_var_array($postData, [
+            'step' => ['filter' => FILTER_VALIDATE_INT, 'options' => ['default' => 1]]
+        ]);
+
+        $step = $sanitizedData['step'];
+
+        if ($step < self::MIN_STEP_VALUE || $step > self::MAX_STEP_VALUE) {
+            return 1;
         }
 
-        return 1;
+        return ($step !== false && $step !== null) ? $step : 1;
     }
 
     public static function renderHeader($twig, $current_step): void

install/index.php

@@ -36,7 +36,7 @@
 setLanguage($language);
 
 $twig = TemplateUtils::initializeTwigEnvironment($language);
-$current_step = TemplateUtils::getCurrentStep();
+$current_step = TemplateUtils::getCurrentStep($_POST);
 TemplateUtils::renderHeader($twig, $current_step);
 checkConfigFile($current_step, $local_config_file, $twig);
 

tests/TemplateUtilsTest.php

@@ -8,78 +8,79 @@ class TemplateUtilsTest extends TestCase
 
     public function testCanGetStepFromPostRequest(): void
     {
-        $_POST['step'] = 3;
-        $this->assertEquals(3, TemplateUtils::getCurrentStep());
+        $postData = ['step' => 3];
+        $this->assertEquals(3, TemplateUtils::getCurrentStep($postData));
 
         unset($_POST['step']);
     }
 
     public function testCanReturnDefaultStepWhenNotInPostRequest(): void
     {
-        $this->assertEquals(1, TemplateUtils::getCurrentStep());
+        $postData = [];
+        $this->assertEquals(1, TemplateUtils::getCurrentStep($postData));
     }
 
     public function testCanHandleNonNumericStepInPostRequest(): void
     {
-        $_POST['step'] = 'non-numeric';
-        $this->assertEquals(1, TemplateUtils::getCurrentStep());
+        $postData = ['step' => 'non-numeric'];
+        $this->assertEquals(1, TemplateUtils::getCurrentStep($postData));
 
         unset($_POST['step']);
     }
 
     public function testGetCurrentStepWithVeryLargeNumber()
     {
-        $_POST['step'] = '999999999999999999999999'; // An extremely large number
-        $result = TemplateUtils::getCurrentStep();
-        $this->assertEquals(999999999999999999999999, $result);
+        $postData = ['step' => '999999999999999999999999'];
+        $result = TemplateUtils::getCurrentStep($postData);
+        $this->assertEquals(1, $result);
     }
 
     public function testGetCurrentStepWithNegativeNumber()
     {
-        $_POST['step'] = '-5'; // A negative number
-        $result = TemplateUtils::getCurrentStep();
-        $this->assertEquals(-5, $result);
+        $postData = ['step' => '-5'];
+        $result = TemplateUtils::getCurrentStep($postData);
+        $this->assertEquals(1, $result);
     }
 
     public function testGetCurrentStepWithZero()
     {
-        $_POST['step'] = '0';
-        $result = TemplateUtils::getCurrentStep();
-        $this->assertEquals(0, $result);
+        $postData = ['step' => '0'];
+        $result = TemplateUtils::getCurrentStep($postData);
+        $this->assertEquals(1, $result);
     }
 
     public function testGetCurrentStepWithFloat()
     {
-        $_POST['step'] = '3.5';
-        $result = TemplateUtils::getCurrentStep();
-        $this->assertEquals(3.5, $result);
+        $postData = ['step' => '3.5'];
+        $result = TemplateUtils::getCurrentStep($postData);
+        $this->assertEquals(1, $result);
     }
 
     public function testGetCurrentStepWithStringNumber()
     {
-        $_POST['step'] = '5';
-        $result = TemplateUtils::getCurrentStep();
+        $postData = ['step' => '5'];
+        $result = TemplateUtils::getCurrentStep($postData);
         $this->assertEquals(5, $result);
     }
 
     public function testGetCurrentStepWithNonAsciiNumbers()
     {
-        $_POST['step'] = '٣';
-        $result = TemplateUtils::getCurrentStep();
+        $postData = ['step' => '٣'];
+        $result = TemplateUtils::getCurrentStep($postData);
         $this->assertEquals(1, $result);
     }
 
     public function testGetCurrentStepWithInjection()
     {
-        $_POST['step'] = '<script>alert("test")</script>';
-        $result = TemplateUtils::getCurrentStep();
+        $postData = ['step' => '<script>alert("test")</script>'];
+        $result = TemplateUtils::getCurrentStep($postData);
         $this->assertEquals(1, $result);
     }
 
     public function testGetCurrentStepWithArray()
     {
-        $_POST['step'] = ['1', '2'];
-        $result = TemplateUtils::getCurrentStep();
+        $postData = ['step' => ['1', '2']];
+        $result = TemplateUtils::getCurrentStep($postData);
         $this->assertEquals(1, $result);
     }
 }

vendor/composer/installed.php

@@ -3,7 +3,7 @@
         'name' => 'poweradmin/poweradmin',
         'pretty_version' => 'dev-master',
         'version' => 'dev-master',
-        'reference' => '3455ba2a4340faf3b2675dfac0ba1e9de69e92df',
+        'reference' => '9427fdb2b90e6929db61cdeac7e60f5a0fc1d0da',
         'type' => 'project',
         'install_path' => __DIR__ . '/../../',
         'aliases' => array(),
@@ -13,7 +13,7 @@
         'poweradmin/poweradmin' => array(
             'pretty_version' => 'dev-master',
             'version' => 'dev-master',
-            'reference' => '3455ba2a4340faf3b2675dfac0ba1e9de69e92df',
+            'reference' => '9427fdb2b90e6929db61cdeac7e60f5a0fc1d0da',
             'type' => 'project',
             'install_path' => __DIR__ . '/../../',
             'aliases' => array(),