Issues in BackendMenu.php (master) - Issues in master - DevGroup-ru/dotplant2 - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2170)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

application/backend/models/BackendMenu.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace app\backend\models;

use Yii;
use yii\data\ActiveDataProvider;
use yii\caching\TagDependency;
use yii\db\ActiveRecord;
use app;
use app\behaviors\Tree;

/**
 * This is the model class for table "backend_menu".
 * BackendMenu stores tree of navigation in backend
 *
 * @property integer $id
 * @property integer $parent_id
 * @property string $name Name of item - will be translated against .translation_category attribute
 * @property string $route Route or absolute URL to item
 * @property string $icon Icon for menu item
 * @property string $added_by_ext Identifier of extension that added this menu item
 * @property string $css_class CSS class attribute for menu item
 * @property string $translation_category Translation category for Yii::t()
 * @property integer $sort_order
 * @property string $rbac_check
 */
class BackendMenu extends ActiveRecord
{
    private static $identity_map = [];

    public function behaviors()
    {
        return [
            [
                'class' => \devgroup\TagDependencyHelper\ActiveRecordHelper::className(),

            ],
            [
                'class' => Tree::className(),

                'activeAttribute' => false,
            ],
        ];
    }

    /**
     * @inheritdoc
     */
    public static function tableName()
    {
        return '{{%backend_menu}}';
    }

    /**
     * @inheritdoc
     */
    public function rules()
    {
        return [
            [['parent_id', 'sort_order'], 'integer'],
            [['name'], 'required'],
            [['rbac_check'], 'string', 'max' => 64],
            [['translation_category'], 'default', 'value' => 'app'],
            [['added_by_ext'], 'default', 'value' => 'core'],
            [['name', 'route', 'icon', 'added_by_ext', 'css_class', 'translation_category'], 'string', 'max' => 255],
            ['sort_order', 'default', 'value' => 0],
        ];
    }

    /**
     * Scenarios
     * @return array

     */
    public function scenarios()
    {
        return [
            'default' => [
                'parent_id',
                'name',
                'route',
                'icon',
                'rbac_check',
                'added_by_ext',
                'css_class',
                'sort_order',
                'translation_category',
            ],
            'search' => [
                'id',
                'parent_id',
                'name',
                'route',
                'icon',
                'added_by_ext'
            ],
        ];
    }

    /**
     * @inheritdoc
     */
    public function attributeLabels()
    {
        return [
            'id' => Yii::t('app', 'ID'),
            'parent_id' => Yii::t('app', 'Parent ID'),
            'name' => Yii::t('app', 'Name'),
            'route' => Yii::t('app', 'Route'),
            'icon' => Yii::t('app', 'Icon'),
            'added_by_ext' => Yii::t('app', 'Added by extension'),
            'sort_order' => Yii::t('app', 'Sort order'),
            'rbac_check' => Yii::t('app', 'Rbac role'),
            'translation_category' => Yii::t('app', 'Translation Category'),
        ];
    }

    /**
     * Search support for GridView and etc.
     * @param $params
     * @return ActiveDataProvider
     */
    public function search($params)
    {
        /* @var $query \yii\db\ActiveQuery */
        $query = self::find()
            ->where(['parent_id'=>$this->parent_id]);
        $dataProvider = new ActiveDataProvider(
            [
                'query' => $query,
                'pagination' => [
                    'pageSize' => 10,
                ],
            ]
        );
        if (!($this->load($params))) {
            return $dataProvider;
        }
        $query->andFilterWhere(['id' => $this->id]);
        $query->andFilterWhere(['like', 'name', $this->name]);
        $query->andFilterWhere(['like', 'route', $this->route]);
        $query->andFilterWhere(['like', 'icon', $this->icon]);
        $query->andFilterWhere(['like', 'added_by_ext', $this->added_by_ext]);
        return $dataProvider;
    }

    /**
     * Returns model instance by ID(primary key) with cache support
     * @param  integer $id ID of record
     * @return BackendMenu BackendMenu instance
     */
    public static function findById($id)
    {
        if (!isset(static::$identity_map[$id])) {
            $cacheKey = static::tableName().":$id";
            if (false === $model = Yii::$app->cache->get($cacheKey)) {
                $model = static::find()->where(['id' => $id]);
                
                if (null !== $model = $model->one()) {
                    Yii::$app->cache->set(
                        $cacheKey,
                        $model,
                        86400,
                        new TagDependency([
                            'tags' => [
                                \devgroup\TagDependencyHelper\ActiveRecordHelper::getCommonTag(static::className())

                            ]
                        ])
                    );
                }
            }
            static::$identity_map[$id] = $model;
        }

        return static::$identity_map[$id];
    }

    /**
     * Returns all available to logged user BackendMenu items in yii\widgets\Menu acceptable format
     * @return BackendMenu[] Tree representation of items
     */
    public static function getAllMenu()
    {
        $rows = Yii::$app->cache->get("BackendMenu:all");
        if (false === is_array($rows)) {
            $rows = static::find()
                ->orderBy('parent_id ASC, sort_order ASC')
                ->asArray()
                ->all();
            Yii::$app->cache->set(
                "BackendMenu:all",
                $rows,
                86400,
                new TagDependency([
                    'tags' => [
                        \devgroup\TagDependencyHelper\ActiveRecordHelper::getCommonTag(static::className())

                    ]
                ])
            );
        }
        // rebuild rows to tree $all_menu_items
        $all_menu_items = app\behaviors\Tree::rowsArrayToMenuTree($rows, 1, 1, false);
        return $all_menu_items;
    }
}


GitHub Access Token became invalid

Issues (2170)

Security Analysis not enabled

application/backend/models/BackendMenu.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2
3		namespace app\backend\models;
4
5		use Yii;
6		use yii\data\ActiveDataProvider;
7		use yii\caching\TagDependency;
8		use yii\db\ActiveRecord;
9		use app;
10		use app\behaviors\Tree;
11
12		/**
13		* This is the model class for table "backend_menu".
14		* BackendMenu stores tree of navigation in backend
15		*
16		* @property integer $id
17		* @property integer $parent_id
18		* @property string $name Name of item - will be translated against .translation_category attribute
19		* @property string $route Route or absolute URL to item
20		* @property string $icon Icon for menu item
21		* @property string $added_by_ext Identifier of extension that added this menu item
22		* @property string $css_class CSS class attribute for menu item
23		* @property string $translation_category Translation category for Yii::t()
24		* @property integer $sort_order
25		* @property string $rbac_check
26		*/
27		class BackendMenu extends ActiveRecord
28		{
29		private static $identity_map = [];
30
31	View Code Duplication	public function behaviors()
32		{
33		return [
34		[
35		'class' => \devgroup\TagDependencyHelper\ActiveRecordHelper::className(),
		0 ignored issues – show Deprecated Code introduced 2018-06-05 13:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `yii\base\BaseObject::className()` has been deprecated with message: since 2.0.14. On PHP >=5.5, use `::class` instead. This method has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead. Loading history...
36		],
37		[
38		'class' => Tree::className(),
		0 ignored issues – show Deprecated Code introduced 2018-06-05 13:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `yii\base\BaseObject::className()` has been deprecated with message: since 2.0.14. On PHP >=5.5, use `::class` instead. This method has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead. Loading history...
39		'activeAttribute' => false,
40		],
41		];
42		}
43
44		/**
45		* @inheritdoc
46		*/
47		public static function tableName()
48		{
49		return '{{%backend_menu}}';
50		}
51
52		/**
53		* @inheritdoc
54		*/
55		public function rules()
56		{
57		return [
58		[['parent_id', 'sort_order'], 'integer'],
59		[['name'], 'required'],
60		[['rbac_check'], 'string', 'max' => 64],
61		[['translation_category'], 'default', 'value' => 'app'],
62		[['added_by_ext'], 'default', 'value' => 'core'],
63		[['name', 'route', 'icon', 'added_by_ext', 'css_class', 'translation_category'], 'string', 'max' => 255],
64		['sort_order', 'default', 'value' => 0],
65		];
66		}
67
68		/**
69		* Scenarios
70		* @return array
		0 ignored issues – show Documentation introduced 2017-08-07 06:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider making the return type a bit more specific; maybe use `array<string,string[]>`. This check looks for the generic type `array` as a return type and suggests a more specific type. This type is inferred from the actual code. Loading history...
71		*/
72		public function scenarios()
73		{
74		return [
75		'default' => [
76		'parent_id',
77		'name',
78		'route',
79		'icon',
80		'rbac_check',
81		'added_by_ext',
82		'css_class',
83		'sort_order',
84		'translation_category',
85		],
86		'search' => [
87		'id',
88		'parent_id',
89		'name',
90		'route',
91		'icon',
92		'added_by_ext'
93		],
94		];
95		}
96
97		/**
98		* @inheritdoc
99		*/
100		public function attributeLabels()
101		{
102		return [
103		'id' => Yii::t('app', 'ID'),
104		'parent_id' => Yii::t('app', 'Parent ID'),
105		'name' => Yii::t('app', 'Name'),
106		'route' => Yii::t('app', 'Route'),
107		'icon' => Yii::t('app', 'Icon'),
108		'added_by_ext' => Yii::t('app', 'Added by extension'),
109		'sort_order' => Yii::t('app', 'Sort order'),
110		'rbac_check' => Yii::t('app', 'Rbac role'),
111		'translation_category' => Yii::t('app', 'Translation Category'),
112		];
113		}
114
115		/**
116		* Search support for GridView and etc.
117		* @param $params
118		* @return ActiveDataProvider
119		*/
120	View Code Duplication	public function search($params)
121		{
122		/* @var $query \yii\db\ActiveQuery */
123		$query = self::find()
124		->where(['parent_id'=>$this->parent_id]);
125		$dataProvider = new ActiveDataProvider(
126		[
127		'query' => $query,
128		'pagination' => [
129		'pageSize' => 10,
130		],
131		]
132		);
133		if (!($this->load($params))) {
134		return $dataProvider;
135		}
136		$query->andFilterWhere(['id' => $this->id]);
137		$query->andFilterWhere(['like', 'name', $this->name]);
138		$query->andFilterWhere(['like', 'route', $this->route]);
139		$query->andFilterWhere(['like', 'icon', $this->icon]);
140		$query->andFilterWhere(['like', 'added_by_ext', $this->added_by_ext]);
141		return $dataProvider;
142		}
143
144		/**
145		* Returns model instance by ID(primary key) with cache support
146		* @param integer $id ID of record
147		* @return BackendMenu BackendMenu instance
148		*/
149	View Code Duplication	public static function findById($id)
150		{
151		if (!isset(static::$identity_map[$id])) {
152		$cacheKey = static::tableName().":$id";
153		if (false === $model = Yii::$app->cache->get($cacheKey)) {
154		$model = static::find()->where(['id' => $id]);
155
156		if (null !== $model = $model->one()) {
157		Yii::$app->cache->set(
158		$cacheKey,
159		$model,
160		86400,
161		new TagDependency([
162		'tags' => [
163		\devgroup\TagDependencyHelper\ActiveRecordHelper::getCommonTag(static::className())
		0 ignored issues – show Deprecated Code introduced 2018-06-05 13:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `yii\base\BaseObject::className()` has been deprecated with message: since 2.0.14. On PHP >=5.5, use `::class` instead. This method has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead. Loading history...
164		]
165		])
166		);
167		}
168		}
169		static::$identity_map[$id] = $model;
170		}
171
172		return static::$identity_map[$id];
173		}
174
175		/**
176		* Returns all available to logged user BackendMenu items in yii\widgets\Menu acceptable format
177		* @return BackendMenu[] Tree representation of items
178		*/
179	View Code Duplication	public static function getAllMenu()
180		{
181		$rows = Yii::$app->cache->get("BackendMenu:all");
182		if (false === is_array($rows)) {
183		$rows = static::find()
184		->orderBy('parent_id ASC, sort_order ASC')
185		->asArray()
186		->all();
187		Yii::$app->cache->set(
188		"BackendMenu:all",
189		$rows,
190		86400,
191		new TagDependency([
192		'tags' => [
193		\devgroup\TagDependencyHelper\ActiveRecordHelper::getCommonTag(static::className())
		0 ignored issues – show Deprecated Code introduced 2018-06-05 13:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `yii\base\BaseObject::className()` has been deprecated with message: since 2.0.14. On PHP >=5.5, use `::class` instead. This method has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the method will be removed from the class and what other method or class to use instead. Loading history...
194		]
195		])
196		);
197		}
198		// rebuild rows to tree $all_menu_items
199		$all_menu_items = app\behaviors\Tree::rowsArrayToMenuTree($rows, 1, 1, false);
200		return $all_menu_items;
201		}
202		}
203

DevGroup-ru / dotplant2

GitHub Access Token became invalid

Issues (2170)

Security Analysis not enabled

application/backend/models/BackendMenu.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like