This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of EC-CUBE |
||
4 | * |
||
5 | * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved. |
||
6 | * |
||
7 | * http://www.lockon.co.jp/ |
||
8 | * |
||
9 | * This program is free software; you can redistribute it and/or |
||
10 | * modify it under the terms of the GNU General Public License |
||
11 | * as published by the Free Software Foundation; either version 2 |
||
12 | * of the License, or (at your option) any later version. |
||
13 | * |
||
14 | * This program is distributed in the hope that it will be useful, |
||
15 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
16 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
17 | * GNU General Public License for more details. |
||
18 | * |
||
19 | * You should have received a copy of the GNU General Public License |
||
20 | * along with this program; if not, write to the Free Software |
||
21 | * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. |
||
22 | */ |
||
23 | |||
24 | namespace Eccube\Controller\Admin\Customer; |
||
25 | |||
26 | use Eccube\Application; |
||
27 | use Eccube\Common\Constant; |
||
28 | use Eccube\Controller\AbstractController; |
||
29 | use Eccube\Event\EccubeEvents; |
||
30 | use Eccube\Event\EventArgs; |
||
31 | use Symfony\Component\HttpFoundation\Request; |
||
32 | use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; |
||
33 | |||
34 | class CustomerEditController extends AbstractController |
||
0 ignored issues
–
show
introduced
by
Loading history...
|
|||
35 | { |
||
36 | 8 | public function index(Application $app, Request $request, $id = null) |
|
37 | { |
||
38 | 8 | $app['orm.em']->getFilters()->enable('incomplete_order_status_hidden'); |
|
39 | // 編集 |
||
40 | 8 | if ($id) { |
|
41 | 6 | $Customer = $app['orm.em'] |
|
42 | 6 | ->getRepository('Eccube\Entity\Customer') |
|
43 | 6 | ->find($id); |
|
44 | |||
45 | 6 | if (is_null($Customer)) { |
|
46 | throw new NotFoundHttpException(); |
||
47 | } |
||
48 | // 編集用にデフォルトパスワードをセット |
||
49 | 6 | $previous_password = $Customer->getPassword(); |
|
50 | 6 | $Customer->setPassword($app['config']['default_password']); |
|
51 | // 新規登録 |
||
52 | } else { |
||
53 | 2 | $Customer = $app['eccube.repository.customer']->newCustomer(); |
|
54 | 2 | $CustomerAddress = new \Eccube\Entity\CustomerAddress(); |
|
55 | 2 | $Customer->setBuyTimes(0); |
|
56 | 2 | $Customer->setBuyTotal(0); |
|
57 | } |
||
58 | |||
59 | // 会員登録フォーム |
||
60 | 8 | $builder = $app['form.factory'] |
|
61 | 8 | ->createBuilder('admin_customer', $Customer); |
|
62 | |||
63 | 8 | $event = new EventArgs( |
|
64 | array( |
||
65 | 8 | 'builder' => $builder, |
|
66 | 8 | 'Customer' => $Customer, |
|
67 | ), |
||
68 | $request |
||
69 | ); |
||
70 | 8 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_CUSTOMER_EDIT_INDEX_INITIALIZE, $event); |
|
71 | |||
72 | 8 | $form = $builder->getForm(); |
|
73 | |||
74 | 8 | if ('POST' === $request->getMethod()) { |
|
75 | 3 | $form->handleRequest($request); |
|
76 | 3 | if ($form->isValid()) { |
|
77 | 3 | log_info('会員登録開始', array($Customer->getId())); |
|
78 | |||
79 | 3 | if ($Customer->getId() === null) { |
|
80 | 1 | $Customer->setSalt( |
|
81 | 1 | $app['eccube.repository.customer']->createSalt(5) |
|
82 | ); |
||
83 | 1 | $Customer->setSecretKey( |
|
84 | 1 | $app['eccube.repository.customer']->getUniqueSecretKey($app) |
|
85 | ); |
||
86 | |||
87 | 1 | $CustomerAddress->setName01($Customer->getName01()) |
|
88 | 1 | ->setName02($Customer->getName02()) |
|
89 | 1 | ->setKana01($Customer->getKana01()) |
|
90 | 1 | ->setKana02($Customer->getKana02()) |
|
91 | 1 | ->setCompanyName($Customer->getCompanyName()) |
|
92 | 1 | ->setZip01($Customer->getZip01()) |
|
93 | 1 | ->setZip02($Customer->getZip02()) |
|
94 | 1 | ->setZipcode($Customer->getZip01() . $Customer->getZip02()) |
|
95 | 1 | ->setPref($Customer->getPref()) |
|
96 | 1 | ->setAddr01($Customer->getAddr01()) |
|
97 | 1 | ->setAddr02($Customer->getAddr02()) |
|
98 | 1 | ->setTel01($Customer->getTel01()) |
|
99 | 1 | ->setTel02($Customer->getTel02()) |
|
100 | 1 | ->setTel03($Customer->getTel03()) |
|
101 | 1 | ->setFax01($Customer->getFax01()) |
|
102 | 1 | ->setFax02($Customer->getFax02()) |
|
103 | 1 | ->setFax03($Customer->getFax03()) |
|
104 | 1 | ->setDelFlg(Constant::DISABLED) |
|
105 | 1 | ->setCustomer($Customer); |
|
106 | |||
107 | 1 | $app['orm.em']->persist($CustomerAddress); |
|
108 | } |
||
109 | |||
110 | 3 | View Code Duplication | if ($Customer->getPassword() === $app['config']['default_password']) { |
111 | $Customer->setPassword($previous_password); |
||
0 ignored issues
–
show
The variable
$previous_password does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
Loading history...
|
|||
112 | } else { |
||
113 | 3 | if ($Customer->getSalt() === null) { |
|
114 | $Customer->setSalt($app['eccube.repository.customer']->createSalt(5)); |
||
115 | } |
||
116 | 3 | $Customer->setPassword( |
|
117 | 3 | $app['eccube.repository.customer']->encryptPassword($app, $Customer) |
|
118 | ); |
||
119 | } |
||
120 | |||
121 | 3 | $app['orm.em']->persist($Customer); |
|
122 | 3 | $app['orm.em']->flush(); |
|
123 | |||
124 | 3 | log_info('会員登録完了', array($Customer->getId())); |
|
125 | |||
126 | 3 | $event = new EventArgs( |
|
127 | array( |
||
128 | 3 | 'form' => $form, |
|
129 | 3 | 'Customer' => $Customer, |
|
130 | ), |
||
131 | $request |
||
132 | ); |
||
133 | 3 | $app['eccube.event.dispatcher']->dispatch(EccubeEvents::ADMIN_CUSTOMER_EDIT_INDEX_COMPLETE, $event); |
|
134 | |||
135 | 3 | $app->addSuccess('admin.customer.save.complete', 'admin'); |
|
136 | |||
137 | 3 | return $app->redirect($app->url('admin_customer_edit', array( |
|
138 | 3 | 'id' => $Customer->getId(), |
|
139 | ))); |
||
140 | } else { |
||
141 | $app->addError('admin.customer.save.failed', 'admin'); |
||
142 | } |
||
143 | } |
||
144 | |||
145 | 5 | return $app->render('Customer/edit.twig', array( |
|
146 | 5 | 'form' => $form->createView(), |
|
147 | 5 | 'Customer' => $Customer, |
|
148 | )); |
||
149 | } |
||
150 | } |
||
151 |