These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /* |
||
4 | * This file is part of EC-CUBE |
||
5 | * |
||
6 | * Copyright(c) EC-CUBE CO.,LTD. All Rights Reserved. |
||
7 | * |
||
8 | * http://www.ec-cube.co.jp/ |
||
9 | * |
||
10 | * For the full copyright and license information, please view the LICENSE |
||
11 | * file that was distributed with this source code. |
||
12 | */ |
||
13 | |||
14 | namespace Eccube\Controller; |
||
15 | |||
16 | use Doctrine\ORM\EntityManagerInterface; |
||
17 | use Eccube\Common\Constant; |
||
18 | use Eccube\Common\EccubeConfig; |
||
19 | use Symfony\Bundle\FrameworkBundle\Controller\Controller; |
||
20 | use Symfony\Component\EventDispatcher\EventDispatcherInterface; |
||
21 | use Symfony\Component\Form\FormFactoryInterface; |
||
22 | use Symfony\Component\HttpFoundation\Request; |
||
23 | use Symfony\Component\HttpFoundation\Session\Session; |
||
24 | use Symfony\Component\HttpFoundation\Session\SessionInterface; |
||
25 | use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException; |
||
26 | use Symfony\Component\Routing\Exception\RouteNotFoundException; |
||
27 | use Symfony\Component\Translation\TranslatorInterface; |
||
28 | |||
29 | class AbstractController extends Controller |
||
30 | { |
||
31 | /** |
||
32 | * @var EccubeConfig |
||
33 | */ |
||
34 | protected $eccubeConfig; |
||
35 | |||
36 | /** |
||
37 | * @var EntityManagerInterface |
||
38 | */ |
||
39 | protected $entityManager; |
||
40 | |||
41 | /** |
||
42 | * @var TranslatorInterface |
||
43 | */ |
||
44 | protected $translator; |
||
45 | |||
46 | /** |
||
47 | * @var FormFactoryInterface |
||
48 | */ |
||
49 | protected $formFactory; |
||
50 | |||
51 | /** |
||
52 | * @var EventDispatcherInterface |
||
53 | */ |
||
54 | protected $eventDispatcher; |
||
55 | |||
56 | /** |
||
57 | * @var Session |
||
58 | */ |
||
59 | protected $session; |
||
60 | |||
61 | /** |
||
62 | * @param EccubeConfig $eccubeConfig |
||
63 | * @required |
||
64 | */ |
||
65 | 429 | public function setEccubeConfig(EccubeConfig $eccubeConfig) |
|
66 | { |
||
67 | 429 | $this->eccubeConfig = $eccubeConfig; |
|
68 | } |
||
69 | |||
70 | /** |
||
71 | * @param EntityManagerInterface $entityManager |
||
72 | * @required |
||
73 | */ |
||
74 | 429 | public function setEntityManager(EntityManagerInterface $entityManager) |
|
75 | { |
||
76 | 429 | $this->entityManager = $entityManager; |
|
77 | } |
||
78 | |||
79 | /** |
||
80 | * @param TranslatorInterface $translator |
||
81 | * @required |
||
82 | */ |
||
83 | 429 | public function setTranslator(TranslatorInterface $translator) |
|
84 | { |
||
85 | 429 | $this->translator = $translator; |
|
86 | } |
||
87 | |||
88 | /** |
||
89 | * @param SessionInterface $session |
||
90 | * @required |
||
91 | */ |
||
92 | 429 | public function setSession(SessionInterface $session) |
|
93 | { |
||
94 | 429 | $this->session = $session; |
|
0 ignored issues
–
show
|
|||
95 | } |
||
96 | |||
97 | /** |
||
98 | * @param FormFactoryInterface $formFactory |
||
99 | * @required |
||
100 | */ |
||
101 | 429 | public function setFormFactory(FormFactoryInterface $formFactory) |
|
102 | { |
||
103 | 429 | $this->formFactory = $formFactory; |
|
104 | } |
||
105 | |||
106 | /** |
||
107 | * @param EventDispatcherInterface $eventDispatcher |
||
108 | * @required |
||
109 | */ |
||
110 | 429 | public function setEventDispatcher(EventDispatcherInterface $eventDispatcher) |
|
111 | { |
||
112 | 429 | $this->eventDispatcher = $eventDispatcher; |
|
113 | } |
||
114 | |||
115 | 95 | public function addSuccess($message, $namespace = 'front') |
|
116 | { |
||
117 | 95 | $this->session->getFlashBag()->add('eccube.'.$namespace.'.success', $message); |
|
118 | } |
||
119 | |||
120 | 8 | public function addError($message, $namespace = 'front') |
|
121 | { |
||
122 | 8 | $this->session->getFlashBag()->add('eccube.'.$namespace.'.error', $message); |
|
123 | } |
||
124 | |||
125 | public function addDanger($message, $namespace = 'front') |
||
126 | { |
||
127 | $this->session->getFlashBag()->add('eccube.'.$namespace.'.danger', $message); |
||
128 | } |
||
129 | |||
130 | 1 | public function addWarning($message, $namespace = 'front') |
|
131 | { |
||
132 | 1 | $this->session->getFlashBag()->add('eccube.'.$namespace.'.warning', $message); |
|
133 | } |
||
134 | |||
135 | 4 | public function addInfo($message, $namespace = 'front') |
|
136 | { |
||
137 | 4 | $this->session->getFlashBag()->add('eccube.'.$namespace.'.info', $message); |
|
138 | } |
||
139 | |||
140 | 37 | public function addRequestError($message, $namespace = 'front') |
|
141 | { |
||
142 | 37 | $this->session->getFlashBag()->add('eccube.'.$namespace.'.request.error', $message); |
|
143 | } |
||
144 | |||
145 | 1 | public function clearMessage() |
|
146 | { |
||
147 | 1 | $this->session->getFlashBag()->clear(); |
|
148 | } |
||
149 | |||
150 | 1 | public function deleteMessage() |
|
151 | { |
||
152 | 1 | $this->clearMessage(); |
|
153 | 1 | $this->addWarning('admin.common.delete_error_already_deleted', 'admin'); |
|
154 | } |
||
155 | |||
156 | /** |
||
157 | * @param string $targetPath |
||
158 | */ |
||
159 | 1 | public function setLoginTargetPath($targetPath, $namespace = null) |
|
160 | { |
||
161 | 1 | if (is_null($namespace)) { |
|
162 | 1 | $this->session->getFlashBag()->set('eccube.login.target.path', $targetPath); |
|
163 | } else { |
||
164 | $this->session->getFlashBag()->set('eccube.'.$namespace.'.login.target.path', $targetPath); |
||
165 | } |
||
166 | } |
||
167 | |||
168 | /** |
||
169 | * Forwards the request to another controller. |
||
170 | * |
||
171 | * @param string $route The name of the route |
||
172 | * @param array $path An array of path parameters |
||
173 | * @param array $query An array of query parameters |
||
174 | * |
||
175 | * @return \Symfony\Component\HttpFoundation\Response A Response instance |
||
176 | */ |
||
177 | 55 | public function forwardToRoute($route, array $path = [], array $query = []) |
|
178 | { |
||
179 | 55 | $Route = $this->get('router')->getRouteCollection()->get($route); |
|
180 | 55 | if (!$Route) { |
|
181 | throw new RouteNotFoundException(sprintf('The named route "%s" as such route does not exist.', $route)); |
||
182 | } |
||
183 | |||
184 | 55 | return $this->forward($Route->getDefault('_controller'), $path, $query); |
|
185 | } |
||
186 | |||
187 | /** |
||
188 | * Checks the validity of a CSRF token. |
||
189 | * |
||
190 | * if token is invalid, throws AccessDeniedHttpException. |
||
191 | * |
||
192 | * @return bool |
||
193 | * |
||
194 | * @throws AccessDeniedHttpException |
||
195 | */ |
||
196 | 110 | protected function isTokenValid() |
|
197 | { |
||
198 | /** @var Request $request */ |
||
199 | 110 | $request = $this->container->get('request_stack')->getCurrentRequest(); |
|
200 | 110 | $token = $request->get(Constant::TOKEN_NAME) |
|
201 | 49 | ? $request->get(Constant::TOKEN_NAME) |
|
202 | 110 | : $request->headers->get('ECCUBE-CSRF-TOKEN'); |
|
203 | |||
204 | 110 | if (!$this->isCsrfTokenValid(Constant::TOKEN_NAME, $token)) { |
|
205 | throw new AccessDeniedHttpException('CSRF token is invalid.'); |
||
206 | } |
||
207 | |||
208 | 110 | return true; |
|
209 | } |
||
210 | } |
||
211 |
Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a given class or a super-class is assigned to a property that is type hinted more strictly.
Either this assignment is in error or an instanceof check should be added for that assignment.