This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * @link https://github.com/2amigos/yii2-file-input-widget |
||
4 | * |
||
5 | * @copyright Copyright (c) 2013-2015 2amigOS! Consulting Group LLC |
||
6 | * @license http://opensource.org/licenses/BSD-3-Clause |
||
7 | */ |
||
8 | |||
9 | namespace dosamigos\fileinput; |
||
10 | |||
11 | use Yii; |
||
12 | use yii\base\InvalidConfigException; |
||
13 | use yii\helpers\Html; |
||
14 | use yii\widgets\InputWidget; |
||
15 | |||
16 | /** |
||
17 | * FileInput renders a Jasny File Input Bootstrap plugin. |
||
18 | * |
||
19 | * @author Antonio Ramirez <[email protected]> |
||
20 | * |
||
21 | * @link http://www.ramirezcobos.com/ |
||
22 | * @link http://www.2amigos.us/ |
||
23 | */ |
||
24 | class FileInput extends InputWidget |
||
25 | { |
||
26 | /** |
||
27 | * To render the template as a file input. |
||
28 | */ |
||
29 | const STYLE_INPUT = 10; |
||
30 | /** |
||
31 | * To render the template as a button. |
||
32 | */ |
||
33 | const STYLE_BUTTON = 20; |
||
34 | /** |
||
35 | * To render the template with thumbnail. |
||
36 | */ |
||
37 | const STYLE_IMAGE = 30; |
||
38 | /** |
||
39 | * To render custom templates. If used, [[$customView]] must be initialized. |
||
40 | */ |
||
41 | const STYLE_CUSTOM = 40; |
||
42 | /** |
||
43 | * @var int the type of Jasny File Input style to render. |
||
44 | * Please, see [Jasny Bootstrap File Input](http://jasny.github.io/bootstrap/javascript/#fileinput) to see the |
||
45 | * different displays. |
||
46 | */ |
||
47 | public $style; |
||
48 | /** |
||
49 | * @var string the custom view to render the field. This view will receive the following variables: |
||
50 | * - $field: The actual file input field |
||
51 | * - $thumbnail: If set the thumbnail to display previous selected image |
||
52 | */ |
||
53 | public $customView; |
||
54 | |||
55 | /** |
||
56 | * @var array additional parameters passed to $customView |
||
57 | */ |
||
58 | public $customParams = []; |
||
59 | /** |
||
60 | * @var string the thumbnail to be displayed if [[STYLE_CUSTOM]] or [[STYLE_IMAGE]] has been selected. Thumbnail |
||
61 | * is used to display an image that was previously loaded. |
||
62 | */ |
||
63 | public $thumbnail; |
||
64 | /** |
||
65 | * @var array the event handlers for the underlying Jasny file input JS plugin. |
||
66 | * Please refer to the [Jasny Bootstrap File Input](http://jasny.github.io/bootstrap/javascript/#fileinput) plugin |
||
67 | * Web page for possible events. |
||
68 | */ |
||
69 | 9 | public $clientEvents = []; |
|
70 | |||
71 | 9 | /** |
|
72 | 3 | * Initializes the widget. |
|
73 | 3 | */ |
|
74 | public function init() |
||
75 | 9 | { |
|
76 | 3 | if ($this->style === null) { |
|
77 | $this->style = self::STYLE_INPUT; |
||
78 | } |
||
79 | 6 | ||
80 | 3 | if (!in_array($this->style, [self::STYLE_INPUT, self::STYLE_BUTTON, self::STYLE_IMAGE, self::STYLE_CUSTOM], true)) { |
|
81 | throw new InvalidConfigException('Unrecognized "FileInput::$style" format. It should be of "FileInput::STYLE_INPUT", "FileInput::STYLE_BUTTON", "FileInput::STYLE_IMAGE" or "FileInput::STYLE_CUSTOM" only.'); |
||
82 | } |
||
83 | 3 | ||
84 | 3 | if ($this->style === self::STYLE_CUSTOM && $this->customView === null) { |
|
85 | throw new InvalidConfigException('"FileInput::$customView" must be set if "FileInput::STYLE_CUSTOM" is used'); |
||
86 | } |
||
87 | |||
88 | \Yii::$app->i18n->translations['file-input*'] = [ |
||
89 | 3 | 'class' => 'yii\i18n\PhpMessageSource', |
|
90 | 'basePath' => '@vendor/2amigos/yii2-file-input-widget/src/messages/', |
||
91 | 3 | 'sourceLanguage' => 'en-US', |
|
92 | 3 | ]; |
|
93 | 3 | ||
94 | 3 | parent::init(); |
|
95 | } |
||
96 | 3 | ||
97 | 3 | /** |
|
98 | 3 | * {@inheritdoc} |
|
99 | */ |
||
100 | public function run() |
||
101 | { |
||
102 | if ($this->hasModel()) { |
||
103 | $field = Html::activeFileInput($this->model, $this->attribute, $this->options); |
||
104 | } else { |
||
105 | $field = Html::fileInput($this->name, $this->value, $this->options); |
||
106 | } |
||
107 | echo $this->renderTemplate($field); |
||
108 | $this->registerClientScript(); |
||
109 | 3 | } |
|
110 | |||
111 | 3 | /** |
|
112 | 3 | * Renders the template according. |
|
113 | 3 | * |
|
114 | 3 | * @param $field |
|
115 | 3 | * |
|
116 | 3 | * @throws \yii\base\InvalidConfigException |
|
117 | 3 | * |
|
118 | 3 | * @return string |
|
119 | 3 | */ |
|
120 | 3 | public function renderTemplate($field) |
|
121 | 3 | { |
|
122 | 3 | $params = ['field' => $field]; |
|
123 | 3 | switch ($this->style) { |
|
124 | 3 | case self::STYLE_INPUT: |
|
125 | 3 | $view = $this->getViewPath() . '/inputField.php'; |
|
126 | 3 | break; |
|
127 | 3 | case self::STYLE_BUTTON: |
|
128 | $view = $this->getViewPath() . '/buttonField.php'; |
||
129 | 3 | break; |
|
130 | case self::STYLE_IMAGE: |
||
131 | $view = $this->getViewPath() . '/imageField.php'; |
||
132 | $params['thumbnail'] = $this->thumbnail; |
||
133 | break; |
||
134 | case self::STYLE_CUSTOM: |
||
135 | 3 | $view = $this->customView; |
|
136 | $params['thumbnail'] = $this->thumbnail; |
||
137 | 3 | $params = array_merge($params, $this->customParams); |
|
138 | break; |
||
139 | 3 | } |
|
140 | |||
141 | 3 | return $this->getView()->renderFile(Yii::getAlias($view), $params); |
|
0 ignored issues
–
show
|
|||
142 | } |
||
143 | 3 | ||
144 | 3 | /** |
|
145 | 3 | * Registers Jasny File Input Bootstrap plugin and the related events. |
|
146 | 3 | */ |
|
147 | 3 | public function registerClientScript() |
|
148 | 3 | { |
|
149 | 3 | $view = $this->getView(); |
|
150 | 3 | ||
151 | FileInputAsset::register($view); |
||
152 | |||
153 | $id = $this->options['id']; |
||
154 | |||
155 | if (!empty($this->clientEvents)) { |
||
156 | $js = []; |
||
157 | foreach ($this->clientEvents as $event => $handler) { |
||
158 | $js[] = ";jQuery('#$id').on('$event', $handler);"; |
||
159 | } |
||
160 | $view->registerJs(implode("\n", $js)); |
||
161 | } |
||
162 | } |
||
163 | } |
||
164 |
This check looks at variables that are passed out again to other methods.
If the outgoing method call has stricter type requirements than the method itself, an issue is raised.
An additional type check may prevent trouble.