ODataController::getAppPageSize() - Code Metrics - Inspection of "Merge pull request #129 from CyberiaResurrection/F..." - Algo-Web/POData-Laravel - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 41f657...d3cb7c )

by Christopher

created 2017-10-02 14:22 UTC

ODataController::getAppPageSize() A

↳ Parent: ODataController

Complexity

Conditions	1
Paths	1

Size

Total Lines	4
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	0
CRAP Score	2

Importance

Changes

Metric	Value
dl	0
loc	4
ccs	0
cts	0
cp	0
rs	10
c	0
b	0
f	0
cc	1
eloc	2
nc	1
nop	0
crap	2

<?php

namespace AlgoWeb\PODataLaravel\Controllers;

use AlgoWeb\PODataLaravel\Controllers\Controller as BaseController;
use AlgoWeb\PODataLaravel\Serialisers\IronicSerialiser;
use Carbon\Carbon;
use Illuminate\Http\Request;
use Illuminate\Http\Response;
use Illuminate\Support\Facades\App;
use Illuminate\Support\Facades\DB;
use Illuminate\Support\Facades\Storage;
use POData\OperationContext\ServiceHost as ServiceHost;
use POData\OperationContext\Web\Illuminate\IlluminateOperationContext as OperationContextAdapter;
use POData\SimpleDataService as DataService;

class ODataController extends BaseController
{
    /**
     * Display a listing of the resource.
     *
     * @return \Illuminate\Http\Response
     */
    public function index(Request $request)
    {
        $dump = $this->isDumping();
        $dryRun = $this->isDryRun();
        $commitCall = $dryRun ? 'rollBack' : 'commit';

        try {
            DB::beginTransaction();
            $context = new OperationContextAdapter($request);
            $host = new ServiceHost($context, $request);
            $host->setServiceUri('/odata.svc/');

            $query = App::make('odataquery');
            $meta = App::make('metadata');

            $service = new DataService($query, $meta, $host);
            $cereal = new IronicSerialiser($service, null);
            $service = new DataService($query, $meta, $host, $cereal);
            $pageSize = $this->getAppPageSize();
            if (null !== $pageSize) {
                $service->maxPageSize = intval($pageSize);
            }
            $service->handleRequest();

            $odataResponse = $context->outgoingResponse();

            if (true === $dump) {
                // iff XTest header is set, containing class and method name
                // dump outgoing odataResponse, metadata, and incoming request
                $xTest = $request->header('XTest');
                $date = Carbon::now(0);
                $timeString = $date->toTimeString();
                $xTest = (null !== $xTest) ? $xTest
                    : $request->method() . ';' . str_replace('/', '-', $request->path()) . ';' . $timeString . ';';
                if (null != $xTest) {
                    $reflectionClass = new \ReflectionClass('Illuminate\Http\Request');
                    $reflectionProperty = $reflectionClass->getProperty('userResolver');
                    $reflectionProperty->setAccessible(true);
                    $reflectionProperty->setValue($request, null);
                    $reflectionProperty = $reflectionClass->getProperty('routeResolver');
                    $reflectionProperty->setAccessible(true);
                    $reflectionProperty->setValue($request, null);
                    $cerealRequest = serialize($request);
                    $cerealMeta = serialize($meta);
                    $cerealResponse = serialize($odataResponse);
                    Storage::put($xTest . 'request', $cerealRequest);
                    Storage::put($xTest . 'metadata', $cerealMeta);
                    Storage::put($xTest . 'response', $cerealResponse);
                }
            }

            $content = $odataResponse->getStream();

            $headers = $odataResponse->getHeaders();
            $responseCode = $headers[\POData\Common\ODataConstants::HTTPRESPONSE_HEADER_STATUS_CODE];
            $responseCode = isset($responseCode) ? intval($responseCode) : 200;
            $response = new Response($content, $responseCode);
// for HTML
$sanitized = htmlentities($tainted, ENT_QUOTES);

// for URLs
$sanitized = urlencode($tainted);
            $response->setStatusCode($headers['Status']);

            foreach ($headers as $headerName => $headerValue) {
                if (null !== $headerValue) {
                    $response->headers->set($headerName, $headerValue);
                }
            }
            DB::$commitCall();
        } catch (\Exception $e) {
            DB::rollBack();
            throw $e;
        }
        return $response;
    }

    /**
     * @return bool
     */
    protected function isDumping()
    {
        $configDump = env('APP_DUMP_REQUESTS', false);
        return true === $configDump;
    }

    /**
     * Is application dry-running (ie, not committing) non-READ requests?
     *
     * @return bool
     */
    protected function isDryRun()
    {
        $configDump = env('APP_DRY_RUN', false);
        return true === $configDump;
    }

    /**
     * @return mixed
     */
    protected function getAppPageSize()
    {
        return env('APP_PAGE_SIZE', null);
    }
}


1			<?php
2
3			namespace AlgoWeb\PODataLaravel\Controllers;
4
5			use AlgoWeb\PODataLaravel\Controllers\Controller as BaseController;
6			use AlgoWeb\PODataLaravel\Serialisers\IronicSerialiser;
7			use Carbon\Carbon;
8			use Illuminate\Http\Request;
9			use Illuminate\Http\Response;
10			use Illuminate\Support\Facades\App;
11			use Illuminate\Support\Facades\DB;
12			use Illuminate\Support\Facades\Storage;
13			use POData\OperationContext\ServiceHost as ServiceHost;
14			use POData\OperationContext\Web\Illuminate\IlluminateOperationContext as OperationContextAdapter;
15			use POData\SimpleDataService as DataService;
16
17			class ODataController extends BaseController
18			{
19			/**
20			* Display a listing of the resource.
21			*
22			* @return \Illuminate\Http\Response
23			*/
24			public function index(Request $request)
25			{
26			$dump = $this->isDumping();
27			$dryRun = $this->isDryRun();
28			$commitCall = $dryRun ? 'rollBack' : 'commit';
29
30			try {
31			DB::beginTransaction();
32			$context = new OperationContextAdapter($request);
33			$host = new ServiceHost($context, $request);
34			$host->setServiceUri('/odata.svc/');
35
36			$query = App::make('odataquery');
37			$meta = App::make('metadata');
38
39			$service = new DataService($query, $meta, $host);
40			$cereal = new IronicSerialiser($service, null);
41			$service = new DataService($query, $meta, $host, $cereal);
42			$pageSize = $this->getAppPageSize();
43			if (null !== $pageSize) {
44			$service->maxPageSize = intval($pageSize);
45			}
46			$service->handleRequest();
47
48			$odataResponse = $context->outgoingResponse();
49
50			if (true === $dump) {
51			// iff XTest header is set, containing class and method name
52			// dump outgoing odataResponse, metadata, and incoming request
53			$xTest = $request->header('XTest');
54			$date = Carbon::now(0);
55			$timeString = $date->toTimeString();
56			$xTest = (null !== $xTest) ? $xTest
57			: $request->method() . ';' . str_replace('/', '-', $request->path()) . ';' . $timeString . ';';
58			if (null != $xTest) {
59			$reflectionClass = new \ReflectionClass('Illuminate\Http\Request');
60			$reflectionProperty = $reflectionClass->getProperty('userResolver');
61			$reflectionProperty->setAccessible(true);
62			$reflectionProperty->setValue($request, null);
63			$reflectionProperty = $reflectionClass->getProperty('routeResolver');
64			$reflectionProperty->setAccessible(true);
65			$reflectionProperty->setValue($request, null);
66			$cerealRequest = serialize($request);
67			$cerealMeta = serialize($meta);
68			$cerealResponse = serialize($odataResponse);
69			Storage::put($xTest . 'request', $cerealRequest);
70			Storage::put($xTest . 'metadata', $cerealMeta);
71			Storage::put($xTest . 'response', $cerealResponse);
72			}
73			}
74
75			$content = $odataResponse->getStream();
76
77			$headers = $odataResponse->getHeaders();
78			$responseCode = $headers[\POData\Common\ODataConstants::HTTPRESPONSE_HEADER_STATUS_CODE];
79			$responseCode = isset($responseCode) ? intval($responseCode) : 200;
80			$response = new Response($content, $responseCode);
			0 ignored issues – show Security Cross-Site Scripting introduced 2017-09-12 17:12 UTC by Report Bug Copy Issue Report `$content` can contain request data and is used in output context(s) leading to a potential security vulnerability. 10 paths for user data to reach this point 1. Path: `$this->parameters['HTTP_AUTHORIZATION']` seems to return tainted data, and `$authorizationHeader` is assigned in ServerBag.php on line 62 `$this->parameters['HTTP_AUTHORIZATION']` seems to return tainted data, and `$authorizationHeader` is assigned in vendor/ServerBag.php on line 62 ParameterBag::$parameters is assigned in vendor/ServerBag.php on line 77 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 45 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 47 Iterating property Collection::$items, and `$entry` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 281 QueryResult::$results is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 284 Tainted property QueryResult::$results is read, and `$result` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 415 `$result` is passed to CynicSerialiser::writeBagValue() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 421 `$value` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 540 Data is passed through utf8_encode() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 978 ODataBagContent::$propertyContents is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 545 Tainted property ODataBagContent::$propertyContents is read, and `$content` is assigned in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 290 `$content` is passed to JsonWriter::writeValue() in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 299 `$value` is passed to JsonWriter::writeCore() in vendor/src/POData/Writers/Json/JsonWriter.php on line 124 `$text` is passed to IndentedTextWriter::writeValue() in vendor/src/POData/Writers/Json/JsonWriter.php on line 217 `$value` is passed to IndentedTextWriter::write() in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 59 IndentedTextWriter::$result is assigned in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 143 Tainted property IndentedTextWriter::$result is read in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 122 IndentedTextWriter::getResult() returns tainted data in vendor/src/POData/Writers/Json/JsonWriter.php on line 258 JsonWriter::getJsonOutput() returns tainted data in vendor/src/POData/Writers/Json/JsonODataV1Writer.php on line 431 JsonODataV1Writer::serializeException() returns tainted data, and `$responseBody` is assigned in vendor/src/POData/Common/ErrorHandler.php on line 62 `$responseBody` is passed to OutgoingResponse::setStream() in vendor/src/POData/Common/ErrorHandler.php on line 65 OutgoingResponse::$stream is assigned in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 200 Tainted property OutgoingResponse::$stream is read in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 190 OutgoingResponse::getStream() returns tainted data, and `$content` is assigned in src/Controllers/ODataController.php on line 75 2. Path: Read from `$_POST,` and `$_POST` is passed to Request::createRequestFromFactory() in Request.php on line 317 Read from `$_POST,` and `$_POST` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 317 `$request` is passed to Request::__construct() in vendor/Request.php on line 2052 `$request` is passed to Request::initialize() in vendor/Request.php on line 258 `$request` is passed to ParameterBag::__construct() in vendor/Request.php on line 276 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 35 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 45 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 47 Iterating property Collection::$items, and `$entry` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 281 QueryResult::$results is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 284 Tainted property QueryResult::$results is read, and `$result` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 415 `$result` is passed to CynicSerialiser::writeBagValue() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 421 `$value` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 540 Data is passed through utf8_encode() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 978 ODataBagContent::$propertyContents is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 545 Tainted property ODataBagContent::$propertyContents is read, and `$content` is assigned in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 290 `$content` is passed to JsonWriter::writeValue() in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 299 `$value` is passed to JsonWriter::writeCore() in vendor/src/POData/Writers/Json/JsonWriter.php on line 124 `$text` is passed to IndentedTextWriter::writeValue() in vendor/src/POData/Writers/Json/JsonWriter.php on line 217 `$value` is passed to IndentedTextWriter::write() in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 59 IndentedTextWriter::$result is assigned in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 143 Tainted property IndentedTextWriter::$result is read in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 122 IndentedTextWriter::getResult() returns tainted data in vendor/src/POData/Writers/Json/JsonWriter.php on line 258 JsonWriter::getJsonOutput() returns tainted data in vendor/src/POData/Writers/Json/JsonODataV1Writer.php on line 431 JsonODataV1Writer::serializeException() returns tainted data, and `$responseBody` is assigned in vendor/src/POData/Common/ErrorHandler.php on line 62 `$responseBody` is passed to OutgoingResponse::setStream() in vendor/src/POData/Common/ErrorHandler.php on line 65 OutgoingResponse::$stream is assigned in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 200 Tainted property OutgoingResponse::$stream is read in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 190 OutgoingResponse::getStream() returns tainted data, and `$content` is assigned in src/Controllers/ODataController.php on line 75 3. Path: Read from `$_SERVER,` and `$server` is assigned in Request.php on line 307 Read from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 307 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 317 `$server` is passed to Request::__construct() in vendor/Request.php on line 2052 `$server` is passed to Request::initialize() in vendor/Request.php on line 258 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 281 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 35 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 45 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 47 Iterating property Collection::$items, and `$entry` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 281 QueryResult::$results is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 284 Tainted property QueryResult::$results is read, and `$result` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 415 `$result` is passed to CynicSerialiser::writeBagValue() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 421 `$value` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 540 Data is passed through utf8_encode() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 978 ODataBagContent::$propertyContents is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 545 Tainted property ODataBagContent::$propertyContents is read, and `$content` is assigned in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 290 `$content` is passed to JsonWriter::writeValue() in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 299 `$value` is passed to JsonWriter::writeCore() in vendor/src/POData/Writers/Json/JsonWriter.php on line 124 `$text` is passed to IndentedTextWriter::writeValue() in vendor/src/POData/Writers/Json/JsonWriter.php on line 217 `$value` is passed to IndentedTextWriter::write() in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 59 IndentedTextWriter::$result is assigned in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 143 Tainted property IndentedTextWriter::$result is read in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 122 IndentedTextWriter::getResult() returns tainted data in vendor/src/POData/Writers/Json/JsonWriter.php on line 258 JsonWriter::getJsonOutput() returns tainted data in vendor/src/POData/Writers/Json/JsonODataV1Writer.php on line 431 JsonODataV1Writer::serializeException() returns tainted data, and `$responseBody` is assigned in vendor/src/POData/Common/ErrorHandler.php on line 62 `$responseBody` is passed to OutgoingResponse::setStream() in vendor/src/POData/Common/ErrorHandler.php on line 65 OutgoingResponse::$stream is assigned in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 200 Tainted property OutgoingResponse::$stream is read in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 190 OutgoingResponse::getStream() returns tainted data, and `$content` is assigned in src/Controllers/ODataController.php on line 75 4. Path: Fetching key `HTTP_CONTENT_LENGTH` from `$_SERVER,` and `$server` is assigned in Request.php on line 310 Fetching key `HTTP_CONTENT_LENGTH` from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 310 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 317 `$server` is passed to Request::__construct() in vendor/Request.php on line 2052 `$server` is passed to Request::initialize() in vendor/Request.php on line 258 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 281 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 35 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 45 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 47 Iterating property Collection::$items, and `$entry` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 281 QueryResult::$results is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 284 Tainted property QueryResult::$results is read, and `$result` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 415 `$result` is passed to CynicSerialiser::writeBagValue() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 421 `$value` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 540 Data is passed through utf8_encode() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 978 ODataBagContent::$propertyContents is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 545 Tainted property ODataBagContent::$propertyContents is read, and `$content` is assigned in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 290 `$content` is passed to JsonWriter::writeValue() in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 299 `$value` is passed to JsonWriter::writeCore() in vendor/src/POData/Writers/Json/JsonWriter.php on line 124 `$text` is passed to IndentedTextWriter::writeValue() in vendor/src/POData/Writers/Json/JsonWriter.php on line 217 `$value` is passed to IndentedTextWriter::write() in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 59 IndentedTextWriter::$result is assigned in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 143 Tainted property IndentedTextWriter::$result is read in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 122 IndentedTextWriter::getResult() returns tainted data in vendor/src/POData/Writers/Json/JsonWriter.php on line 258 JsonWriter::getJsonOutput() returns tainted data in vendor/src/POData/Writers/Json/JsonODataV1Writer.php on line 431 JsonODataV1Writer::serializeException() returns tainted data, and `$responseBody` is assigned in vendor/src/POData/Common/ErrorHandler.php on line 62 `$responseBody` is passed to OutgoingResponse::setStream() in vendor/src/POData/Common/ErrorHandler.php on line 65 OutgoingResponse::$stream is assigned in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 200 Tainted property OutgoingResponse::$stream is read in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 190 OutgoingResponse::getStream() returns tainted data, and `$content` is assigned in src/Controllers/ODataController.php on line 75 5. Path: Fetching key `HTTP_CONTENT_TYPE` from `$_SERVER,` and `$server` is assigned in Request.php on line 313 Fetching key `HTTP_CONTENT_TYPE` from `$_SERVER,` and `$server` is assigned in vendor/Request.php on line 313 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 317 `$server` is passed to Request::__construct() in vendor/Request.php on line 2052 `$server` is passed to Request::initialize() in vendor/Request.php on line 258 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 281 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 35 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 45 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 47 Iterating property Collection::$items, and `$entry` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 281 QueryResult::$results is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 284 Tainted property QueryResult::$results is read, and `$result` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 415 `$result` is passed to CynicSerialiser::writeBagValue() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 421 `$value` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 540 Data is passed through utf8_encode() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 978 ODataBagContent::$propertyContents is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 545 Tainted property ODataBagContent::$propertyContents is read, and `$content` is assigned in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 290 `$content` is passed to JsonWriter::writeValue() in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 299 `$value` is passed to JsonWriter::writeCore() in vendor/src/POData/Writers/Json/JsonWriter.php on line 124 `$text` is passed to IndentedTextWriter::writeValue() in vendor/src/POData/Writers/Json/JsonWriter.php on line 217 `$value` is passed to IndentedTextWriter::write() in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 59 IndentedTextWriter::$result is assigned in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 143 Tainted property IndentedTextWriter::$result is read in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 122 IndentedTextWriter::getResult() returns tainted data in vendor/src/POData/Writers/Json/JsonWriter.php on line 258 JsonWriter::getJsonOutput() returns tainted data in vendor/src/POData/Writers/Json/JsonODataV1Writer.php on line 431 JsonODataV1Writer::serializeException() returns tainted data, and `$responseBody` is assigned in vendor/src/POData/Common/ErrorHandler.php on line 62 `$responseBody` is passed to OutgoingResponse::setStream() in vendor/src/POData/Common/ErrorHandler.php on line 65 OutgoingResponse::$stream is assigned in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 200 Tainted property OutgoingResponse::$stream is read in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 190 OutgoingResponse::getStream() returns tainted data, and `$content` is assigned in src/Controllers/ODataController.php on line 75 6. Path: `$server['HTTP_HOST']` seems to return tainted data, and `$server` is assigned in Request.php on line 383 `$server['HTTP_HOST']` seems to return tainted data, and `$server` is assigned in vendor/Request.php on line 383 `$server` is assigned in vendor/Request.php on line 431 `$server` is assigned in vendor/Request.php on line 432 `$server` is passed to Request::createRequestFromFactory() in vendor/Request.php on line 434 `$server` is passed to Request::__construct() in vendor/Request.php on line 2052 `$server` is passed to Request::initialize() in vendor/Request.php on line 258 `$server` is passed to ParameterBag::__construct() in vendor/Request.php on line 281 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 35 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 45 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 47 Iterating property Collection::$items, and `$entry` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 281 QueryResult::$results is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 284 Tainted property QueryResult::$results is read, and `$result` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 415 `$result` is passed to CynicSerialiser::writeBagValue() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 421 `$value` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 540 Data is passed through utf8_encode() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 978 ODataBagContent::$propertyContents is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 545 Tainted property ODataBagContent::$propertyContents is read, and `$content` is assigned in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 290 `$content` is passed to JsonWriter::writeValue() in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 299 `$value` is passed to JsonWriter::writeCore() in vendor/src/POData/Writers/Json/JsonWriter.php on line 124 `$text` is passed to IndentedTextWriter::writeValue() in vendor/src/POData/Writers/Json/JsonWriter.php on line 217 `$value` is passed to IndentedTextWriter::write() in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 59 IndentedTextWriter::$result is assigned in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 143 Tainted property IndentedTextWriter::$result is read in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 122 IndentedTextWriter::getResult() returns tainted data in vendor/src/POData/Writers/Json/JsonWriter.php on line 258 JsonWriter::getJsonOutput() returns tainted data in vendor/src/POData/Writers/Json/JsonODataV1Writer.php on line 431 JsonODataV1Writer::serializeException() returns tainted data, and `$responseBody` is assigned in vendor/src/POData/Common/ErrorHandler.php on line 62 `$responseBody` is passed to OutgoingResponse::setStream() in vendor/src/POData/Common/ErrorHandler.php on line 65 OutgoingResponse::$stream is assigned in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 200 Tainted property OutgoingResponse::$stream is read in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 190 OutgoingResponse::getStream() returns tainted data, and `$content` is assigned in src/Controllers/ODataController.php on line 75 7. Path: `$this->parameters['PHP_AUTH_USER']` seems to return tainted data, and `$headers` is assigned in ServerBag.php on line 43 `$this->parameters['PHP_AUTH_USER']` seems to return tainted data, and `$headers` is assigned in vendor/ServerBag.php on line 43 `$headers` is assigned in vendor/ServerBag.php on line 44 ServerBag::getHeaders() returns tainted data, and `$this->server->getHeaders()` is passed to HeaderBag::__construct() in vendor/Request.php on line 282 `$values` is assigned in vendor/HeaderBag.php on line 31 `$values` is passed to HeaderBag::set() in vendor/HeaderBag.php on line 32 `(array) $values` is passed through array_values(), and `$values` is assigned in vendor/HeaderBag.php on line 143 HeaderBag::$headers is assigned in vendor/HeaderBag.php on line 146 Tainted property HeaderBag::$headers is read in vendor/HeaderBag.php on line 67 HeaderBag::all() returns tainted data, and `$headers` is assigned in vendor/HeaderBag.php on line 115 HeaderBag::get() returns tainted data, and `$requestUri` is assigned in vendor/Request.php on line 1822 `$requestUri` is passed to ParameterBag::set() in vendor/Request.php on line 1853 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 99 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 45 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 47 Iterating property Collection::$items, and `$entry` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 281 QueryResult::$results is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 284 Tainted property QueryResult::$results is read, and `$result` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 415 `$result` is passed to CynicSerialiser::writeBagValue() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 421 `$value` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 540 Data is passed through utf8_encode() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 978 ODataBagContent::$propertyContents is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 545 Tainted property ODataBagContent::$propertyContents is read, and `$content` is assigned in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 290 `$content` is passed to JsonWriter::writeValue() in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 299 `$value` is passed to JsonWriter::writeCore() in vendor/src/POData/Writers/Json/JsonWriter.php on line 124 `$text` is passed to IndentedTextWriter::writeValue() in vendor/src/POData/Writers/Json/JsonWriter.php on line 217 `$value` is passed to IndentedTextWriter::write() in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 59 IndentedTextWriter::$result is assigned in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 143 Tainted property IndentedTextWriter::$result is read in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 122 IndentedTextWriter::getResult() returns tainted data in vendor/src/POData/Writers/Json/JsonWriter.php on line 258 JsonWriter::getJsonOutput() returns tainted data in vendor/src/POData/Writers/Json/JsonODataV1Writer.php on line 431 JsonODataV1Writer::serializeException() returns tainted data, and `$responseBody` is assigned in vendor/src/POData/Common/ErrorHandler.php on line 62 `$responseBody` is passed to OutgoingResponse::setStream() in vendor/src/POData/Common/ErrorHandler.php on line 65 OutgoingResponse::$stream is assigned in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 200 Tainted property OutgoingResponse::$stream is read in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 190 OutgoingResponse::getStream() returns tainted data, and `$content` is assigned in src/Controllers/ODataController.php on line 75 8. Path: `$this->parameters['PHP_AUTH_PW']` seems to return tainted data, and `$headers` is assigned in ServerBag.php on line 44 `$this->parameters['PHP_AUTH_PW']` seems to return tainted data, and `$headers` is assigned in vendor/ServerBag.php on line 44 ServerBag::getHeaders() returns tainted data, and `$this->server->getHeaders()` is passed to HeaderBag::__construct() in vendor/Request.php on line 282 `$values` is assigned in vendor/HeaderBag.php on line 31 `$values` is passed to HeaderBag::set() in vendor/HeaderBag.php on line 32 `(array) $values` is passed through array_values(), and `$values` is assigned in vendor/HeaderBag.php on line 143 HeaderBag::$headers is assigned in vendor/HeaderBag.php on line 146 Tainted property HeaderBag::$headers is read in vendor/HeaderBag.php on line 67 HeaderBag::all() returns tainted data, and `$headers` is assigned in vendor/HeaderBag.php on line 115 HeaderBag::get() returns tainted data, and `$requestUri` is assigned in vendor/Request.php on line 1822 `$requestUri` is passed to ParameterBag::set() in vendor/Request.php on line 1853 ParameterBag::$parameters is assigned in vendor/ParameterBag.php on line 99 Tainted property ParameterBag::$parameters is read in vendor/ParameterBag.php on line 45 ParameterBag::all() returns tainted data, and `$bag->all()` is passed to TransformsRequest::cleanArray() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 58 `$data` is passed to collect() in vendor/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php on line 69 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 47 Iterating property Collection::$items, and `$entry` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 281 QueryResult::$results is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 284 Tainted property QueryResult::$results is read, and `$result` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 415 `$result` is passed to CynicSerialiser::writeBagValue() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 421 `$value` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 540 Data is passed through utf8_encode() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 978 ODataBagContent::$propertyContents is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 545 Tainted property ODataBagContent::$propertyContents is read, and `$content` is assigned in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 290 `$content` is passed to JsonWriter::writeValue() in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 299 `$value` is passed to JsonWriter::writeCore() in vendor/src/POData/Writers/Json/JsonWriter.php on line 124 `$text` is passed to IndentedTextWriter::writeValue() in vendor/src/POData/Writers/Json/JsonWriter.php on line 217 `$value` is passed to IndentedTextWriter::write() in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 59 IndentedTextWriter::$result is assigned in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 143 Tainted property IndentedTextWriter::$result is read in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 122 IndentedTextWriter::getResult() returns tainted data in vendor/src/POData/Writers/Json/JsonWriter.php on line 258 JsonWriter::getJsonOutput() returns tainted data in vendor/src/POData/Writers/Json/JsonODataV1Writer.php on line 431 JsonODataV1Writer::serializeException() returns tainted data, and `$responseBody` is assigned in vendor/src/POData/Common/ErrorHandler.php on line 62 `$responseBody` is passed to OutgoingResponse::setStream() in vendor/src/POData/Common/ErrorHandler.php on line 65 OutgoingResponse::$stream is assigned in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 200 Tainted property OutgoingResponse::$stream is read in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 190 OutgoingResponse::getStream() returns tainted data, and `$content` is assigned in src/Controllers/ODataController.php on line 75 9. Path: Read from `$_SERVER,` and `$server` is assigned in src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 22 Read from `$_SERVER,` and `$server` is assigned in vendor/src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 22 Data is passed through array_replace() in vendor/Request.php on line 360 Data is passed through call_user_func() in vendor/Request.php on line 2043 `\Illuminate\Http\Request::create($uri, 'GET', array(), array(), array(), $server)` is passed to Container::instance() in vendor/src/Illuminate/Foundation/Bootstrap/SetRequestForConsole.php on line 31 Container::$instances is assigned in vendor/src/Illuminate/Container/Container.php on line 394 Tainted property Container::$instances is read in vendor/src/Illuminate/Container/Container.php on line 635 Container::resolve() returns tainted data in vendor/src/Illuminate/Container/Container.php on line 601 Container::make() returns tainted data in vendor/src/Illuminate/Container/Container.php on line 1210 Container::offsetGet() returns tainted data, and `$table` is assigned in vendor/src/Illuminate/Session/SessionManager.php on line 74 `$table` is passed to DatabaseSessionHandler::__construct() in vendor/src/Illuminate/Session/SessionManager.php on line 79 DatabaseSessionHandler::$table is assigned in vendor/src/Illuminate/Session/DatabaseSessionHandler.php on line 64 Tainted property DatabaseSessionHandler::$table is read, and `$this->table` is passed to Connection::table() in vendor/src/Illuminate/Session/DatabaseSessionHandler.php on line 277 `$table` is passed to Builder::from() in vendor/src/Illuminate/Database/Connection.php on line 265 Builder::$from is assigned in vendor/src/Illuminate/Database/Query/Builder.php on line 327 Tainted property Builder::$from is read, and `$query->from` is passed to Grammar::wrapTable() in vendor/src/Illuminate/Database/Query/Grammars/Grammar.php on line 772 `$this->tablePrefix . $table` is passed to Grammar::wrap() in vendor/src/Illuminate/Database/Grammar.php on line 36 `$value` is passed through explode(), and `explode('.', $value)` is passed to Grammar::wrapSegments() in vendor/src/Illuminate/Database/Grammar.php on line 62 `$segments` is passed to collect() in vendor/src/Illuminate/Database/Grammar.php on line 96 `$value` is passed to Collection::__construct() in vendor/src/Illuminate/Support/helpers.php on line 423 Collection::$items is assigned in vendor/src/Illuminate/Support/Collection.php on line 47 Iterating property Collection::$items, and `$entry` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 281 QueryResult::$results is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 284 Tainted property QueryResult::$results is read, and `$result` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 415 `$result` is passed to CynicSerialiser::writeBagValue() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 421 `$value` is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 540 Data is passed through utf8_encode() in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 978 ODataBagContent::$propertyContents is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 545 Tainted property ODataBagContent::$propertyContents is read, and `$content` is assigned in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 290 `$content` is passed to JsonWriter::writeValue() in vendor/src/POData/Writers/Json/JsonLightODataWriter.php on line 299 `$value` is passed to JsonWriter::writeCore() in vendor/src/POData/Writers/Json/JsonWriter.php on line 124 `$text` is passed to IndentedTextWriter::writeValue() in vendor/src/POData/Writers/Json/JsonWriter.php on line 217 `$value` is passed to IndentedTextWriter::write() in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 59 IndentedTextWriter::$result is assigned in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 143 Tainted property IndentedTextWriter::$result is read in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 122 IndentedTextWriter::getResult() returns tainted data in vendor/src/POData/Writers/Json/JsonWriter.php on line 258 JsonWriter::getJsonOutput() returns tainted data in vendor/src/POData/Writers/Json/JsonODataV1Writer.php on line 431 JsonODataV1Writer::serializeException() returns tainted data, and `$responseBody` is assigned in vendor/src/POData/Common/ErrorHandler.php on line 62 `$responseBody` is passed to OutgoingResponse::setStream() in vendor/src/POData/Common/ErrorHandler.php on line 65 OutgoingResponse::$stream is assigned in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 200 Tainted property OutgoingResponse::$stream is read in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 190 OutgoingResponse::getStream() returns tainted data, and `$content` is assigned in src/Controllers/ODataController.php on line 75 10. Path: Fetching key `HTTP_HOST` from `$_SERVER` in src/POData/OperationContext/SimpleRequestAdapter.php on line 23 Fetching key `HTTP_HOST` from `$_SERVER` in vendor/src/POData/OperationContext/SimpleRequestAdapter.php on line 23 SimpleRequestAdapter::getRawUrl() returns tainted data, and ServiceHost::$absoluteRequestUriAsString is assigned in vendor/src/POData/OperationContext/ServiceHost.php on line 120 Tainted property ServiceHost::$absoluteRequestUriAsString is read, and `$this->absoluteRequestUriAsString` is passed to Url::__construct() in vendor/src/POData/OperationContext/ServiceHost.php on line 123 Url::$urlAsString is assigned in vendor/src/POData/Common/Url.php on line 53 Tainted property Url::$urlAsString is read in vendor/src/POData/Common/Url.php on line 63 Url::getUrlAsString() returns tainted data, and CynicSerialiser::$absoluteServiceUri is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 498 Tainted property CynicSerialiser::$absoluteServiceUri is read, and `$this->absoluteServiceUri` is passed through rtrim(), and ODataURL::$url is assigned in vendor/src/POData/ObjectModel/CynicSerialiser.php on line 327 Tainted property ODataURL::$url is read, and `$url->url` is passed to JsonWriter::writeValue() in vendor/src/POData/Writers/Json/JsonODataV1Writer.php on line 105 `$value` is passed to JsonWriter::writeCore() in vendor/src/POData/Writers/Json/JsonWriter.php on line 124 `$text` is passed to IndentedTextWriter::writeValue() in vendor/src/POData/Writers/Json/JsonWriter.php on line 217 `$value` is passed to IndentedTextWriter::write() in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 59 IndentedTextWriter::$result is assigned in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 143 Tainted property IndentedTextWriter::$result is read in vendor/src/POData/Writers/Json/IndentedTextWriter.php on line 122 IndentedTextWriter::getResult() returns tainted data in vendor/src/POData/Writers/Json/JsonWriter.php on line 258 JsonWriter::getJsonOutput() returns tainted data in vendor/src/POData/Writers/Json/JsonODataV1Writer.php on line 431 JsonODataV1Writer::serializeException() returns tainted data, and `$responseBody` is assigned in vendor/src/POData/Common/ErrorHandler.php on line 62 `$responseBody` is passed to OutgoingResponse::setStream() in vendor/src/POData/Common/ErrorHandler.php on line 65 OutgoingResponse::$stream is assigned in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 200 Tainted property OutgoingResponse::$stream is read in vendor/src/POData/OperationContext/Web/OutgoingResponse.php on line 190 OutgoingResponse::getStream() returns tainted data, and `$content` is assigned in src/Controllers/ODataController.php on line 75 Used in output context Response::__construct() uses Response::setContent() ($content) in vendor/Response.php on line 201 Response::setContent() uses property Response::$content for writing in vendor/Response.php on line 402 Property Response::$content is used in echo in vendor/Response.php on line 361 Preventing Cross-Site-Scripting Attacks Cross-Site-Scripting allows an attacker to inject malicious code into your website - in particular Javascript code, and have that code executed with the privileges of a visiting user. This can be used to obtain data, or perform actions on behalf of that visiting user. In order to prevent this, make sure to escape all user-provided data: // for HTML $sanitized = htmlentities($tainted, ENT_QUOTES); // for URLs $sanitized = urlencode($tainted); General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
81			$response->setStatusCode($headers['Status']);
82
83			foreach ($headers as $headerName => $headerValue) {
84			if (null !== $headerValue) {
85			$response->headers->set($headerName, $headerValue);
86			}
87			}
88			DB::$commitCall();
89			} catch (\Exception $e) {
90			DB::rollBack();
91			throw $e;
92			}
93			return $response;
94			}
95
96			/**
97			* @return bool
98			*/
99			protected function isDumping()
100			{
101			$configDump = env('APP_DUMP_REQUESTS', false);
102			return true === $configDump;
103			}
104
105			/**
106			* Is application dry-running (ie, not committing) non-READ requests?
107			*
108			* @return bool
109			*/
110			protected function isDryRun()
111			{
112			$configDump = env('APP_DRY_RUN', false);
113			return true === $configDump;
114			}
115
116			/**
117			* @return mixed
118			*/
119			protected function getAppPageSize()
120			{
121			return env('APP_PAGE_SIZE', null);
122			}
123			}
124

Algo-Web / POData-Laravel

Push — master ( 41f657...d3cb7c )

ODataController::getAppPageSize() A

Complexity

Size

Duplication

Code Coverage

Importance

10 paths for user data to reach this point

Used in output context

Preventing Cross-Site-Scripting Attacks

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like