This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * @link https://github.com/2amigos/yii2-file-input-widget |
||
4 | * |
||
5 | * @copyright Copyright (c) 2013-2015 2amigOS! Consulting Group LLC |
||
6 | * @license http://opensource.org/licenses/BSD-3-Clause |
||
7 | */ |
||
8 | |||
9 | namespace dosamigos\fileinput; |
||
10 | |||
11 | use Yii; |
||
12 | use yii\base\InvalidConfigException; |
||
13 | use yii\helpers\Html; |
||
14 | use yii\widgets\InputWidget; |
||
15 | |||
16 | /** |
||
17 | * FileInput renders a Jasny File Input Bootstrap plugin. |
||
18 | * |
||
19 | * @author Antonio Ramirez <[email protected]> |
||
20 | * |
||
21 | * @link http://www.ramirezcobos.com/ |
||
22 | * @link http://www.2amigos.us/ |
||
23 | */ |
||
24 | class FileInput extends InputWidget |
||
25 | { |
||
26 | /** |
||
27 | * To render the template as a file input. |
||
28 | */ |
||
29 | const STYLE_INPUT = 10; |
||
30 | /** |
||
31 | * To render the template as a button. |
||
32 | */ |
||
33 | const STYLE_BUTTON = 20; |
||
34 | /** |
||
35 | * To render the template with thumbnail. |
||
36 | */ |
||
37 | const STYLE_IMAGE = 30; |
||
38 | /** |
||
39 | * To render custom templates. If used, [[$customView]] must be initialized. |
||
40 | */ |
||
41 | const STYLE_CUSTOM = 40; |
||
42 | /** |
||
43 | * @var int the type of Jasny File Input style to render. |
||
44 | * Please, see [Jasny Bootstrap File Input](http://jasny.github.io/bootstrap/javascript/#fileinput) to see the |
||
45 | * different displays. |
||
46 | */ |
||
47 | public $style; |
||
48 | /** |
||
49 | * @var string the custom view to render the field. This view will receive the following variables: |
||
50 | * - $field: The actual file input field |
||
51 | * - $thumbnail: If set the thumbnail to display previous selected image |
||
52 | */ |
||
53 | public $customView; |
||
54 | |||
55 | /** |
||
56 | * @var array additional parameters passed to $customView |
||
57 | */ |
||
58 | public $customParams = []; |
||
59 | /** |
||
60 | * @var string the thumbnail to be displayed if [[STYLE_CUSTOM]] or [[STYLE_IMAGE]] has been selected. Thumbnail |
||
61 | * is used to display an image that was previously loaded. |
||
62 | */ |
||
63 | public $thumbnail; |
||
64 | /** |
||
65 | * @var array the event handlers for the underlying Jasny file input JS plugin. |
||
66 | * Please refer to the [Jasny Bootstrap File Input](http://jasny.github.io/bootstrap/javascript/#fileinput) plugin |
||
67 | * Web page for possible events. |
||
68 | */ |
||
69 | 9 | public $clientEvents = []; |
|
70 | |||
71 | 9 | /** |
|
72 | 3 | * Initializes the widget. |
|
73 | 3 | */ |
|
74 | public function init() |
||
75 | 9 | { |
|
76 | 3 | if ($this->style === null) { |
|
77 | $this->style = self::STYLE_INPUT; |
||
78 | } |
||
79 | 6 | ||
80 | 3 | if (!in_array($this->style, [self::STYLE_INPUT, self::STYLE_BUTTON, self::STYLE_IMAGE, self::STYLE_CUSTOM], true)) { |
|
81 | throw new InvalidConfigException('Unrecognized "FileInput::$style" format. It should be of "FileInput::STYLE_INPUT", "FileInput::STYLE_BUTTON", "FileInput::STYLE_IMAGE" or "FileInput::STYLE_CUSTOM" only.'); |
||
82 | } |
||
83 | 3 | ||
84 | 3 | if ($this->style === self::STYLE_CUSTOM && $this->customView === null) { |
|
85 | throw new InvalidConfigException('"FileInput::$customView" must be set if "FileInput::STYLE_CUSTOM" is used'); |
||
86 | } |
||
87 | |||
88 | \Yii::$app->i18n->translations['file-input*'] = [ |
||
89 | 3 | 'class' => 'yii\i18n\PhpMessageSource', |
|
90 | 'basePath' => '@vendor/2amigos/yii2-file-input-widget/src/messages/', |
||
91 | 3 | 'sourceLanguage' => 'en-US', |
|
92 | 3 | ]; |
|
93 | 3 | ||
94 | 3 | parent::init(); |
|
95 | } |
||
96 | 3 | ||
97 | 3 | /** |
|
98 | 3 | * {@inheritdoc} |
|
99 | */ |
||
100 | public function run() |
||
101 | { |
||
102 | if ($this->hasModel()) { |
||
103 | $field = Html::activeFileInput($this->model, $this->attribute, $this->options); |
||
104 | } else { |
||
105 | $field = Html::fileInput($this->name, $this->value, $this->options); |
||
106 | } |
||
107 | echo $this->renderTemplate($field); |
||
108 | $this->registerClientScript(); |
||
109 | 3 | } |
|
110 | |||
111 | 3 | /** |
|
112 | 3 | * Renders the template according. |
|
113 | 3 | * |
|
114 | 3 | * @param $field |
|
115 | 3 | * |
|
116 | 3 | * @throws \yii\base\InvalidConfigException |
|
117 | 3 | * |
|
118 | 3 | * @return string |
|
119 | 3 | */ |
|
120 | 3 | public function renderTemplate($field) |
|
121 | 3 | { |
|
122 | 3 | $params = ['field' => $field]; |
|
123 | 3 | switch ($this->style) { |
|
124 | 3 | case self::STYLE_INPUT: |
|
125 | 3 | $view = $this->getViewPath() . '/inputField.php'; |
|
126 | 3 | break; |
|
127 | 3 | case self::STYLE_BUTTON: |
|
128 | $view = $this->getViewPath() . '/buttonField.php'; |
||
129 | 3 | break; |
|
130 | case self::STYLE_IMAGE: |
||
131 | $view = $this->getViewPath() . '/imageField.php'; |
||
132 | $params['thumbnail'] = $this->thumbnail; |
||
133 | break; |
||
134 | case self::STYLE_CUSTOM: |
||
135 | 3 | $view = $this->customView; |
|
136 | $params['thumbnail'] = $this->thumbnail; |
||
137 | 3 | $params = array_merge($params, $this->customParams); |
|
138 | break; |
||
139 | 3 | } |
|
140 | |||
141 | 3 | return $this->getView()->renderFile(Yii::getAlias($view), $params); |
|
0 ignored issues
–
show
|
|||
142 | } |
||
143 | 3 | ||
144 | 3 | /** |
|
145 | 3 | * Registers Jasny File Input Bootstrap plugin and the related events. |
|
146 | 3 | */ |
|
147 | 3 | public function registerClientScript() |
|
148 | 3 | { |
|
149 | 3 | $view = $this->getView(); |
|
150 | 3 | ||
151 | FileInputAsset::register($view); |
||
152 | |||
153 | $id = $this->options['id']; |
||
154 | |||
155 | if (!empty($this->clientEvents)) { |
||
156 | $js = []; |
||
157 | foreach ($this->clientEvents as $event => $handler) { |
||
158 | $js[] = ";jQuery('#$id').on('$event', $handler);"; |
||
159 | } |
||
160 | $view->registerJs(implode("\n", $js)); |
||
161 | } |
||
162 | } |
||
163 | } |
||
164 |
If you define a variable conditionally, it can happen that it is not defined for all execution paths.
Let’s take a look at an example:
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined.
Available Fixes
Check for existence of the variable explicitly:
Define a default value for the variable:
Add a value for the missing path: