This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS |
||
4 | * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT |
||
5 | * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR |
||
6 | * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT |
||
7 | * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, |
||
8 | * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT |
||
9 | * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, |
||
10 | * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY |
||
11 | * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT |
||
12 | * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE |
||
13 | * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
||
14 | * |
||
15 | * This software consists of voluntary contributions made by many individuals |
||
16 | * and is licensed under the MIT license. For more information, see |
||
17 | * <http://www.doctrine-project.org>. |
||
18 | */ |
||
19 | |||
20 | namespace Eccube\Doctrine\ORM\Tools\Pagination; |
||
21 | |||
22 | use Doctrine\ORM\Query\Parser; |
||
23 | use Doctrine\ORM\QueryBuilder; |
||
24 | use Doctrine\ORM\Query; |
||
25 | use Doctrine\ORM\Query\ResultSetMapping; |
||
26 | use Doctrine\ORM\NoResultException; |
||
27 | |||
28 | /** |
||
29 | * The paginator can handle various complex scenarios with DQL. |
||
30 | * |
||
31 | * @author Pablo DÃez <[email protected]> |
||
32 | * @author Benjamin Eberlei <[email protected]> |
||
33 | * @license New BSD |
||
34 | */ |
||
35 | class Paginator implements \Countable, \IteratorAggregate |
||
36 | { |
||
37 | /** |
||
38 | * @var Query |
||
39 | */ |
||
40 | private $query; |
||
41 | |||
42 | /** |
||
43 | * @var bool |
||
44 | */ |
||
45 | private $fetchJoinCollection; |
||
46 | |||
47 | /** |
||
48 | * @var bool|null |
||
49 | */ |
||
50 | private $useOutputWalkers; |
||
51 | |||
52 | /** |
||
53 | * @var int |
||
54 | */ |
||
55 | private $count; |
||
56 | |||
57 | /** |
||
58 | * Constructor. |
||
59 | * |
||
60 | * @param Query|QueryBuilder $query A Doctrine ORM query or query builder. |
||
61 | * @param boolean $fetchJoinCollection Whether the query joins a collection (true by default). |
||
62 | */ |
||
63 | 41 | public function __construct($query, $fetchJoinCollection = true) |
|
64 | { |
||
65 | 41 | if ($query instanceof QueryBuilder) { |
|
66 | $query = $query->getQuery(); |
||
67 | } |
||
68 | |||
69 | 41 | $this->query = $query; |
|
70 | 41 | $this->fetchJoinCollection = (Boolean) $fetchJoinCollection; |
|
71 | } |
||
72 | |||
73 | /** |
||
74 | * Returns the query. |
||
75 | * |
||
76 | * @return Query |
||
77 | */ |
||
78 | public function getQuery() |
||
79 | { |
||
80 | return $this->query; |
||
81 | } |
||
82 | |||
83 | /** |
||
84 | * Returns whether the query joins a collection. |
||
85 | * |
||
86 | * @return boolean Whether the query joins a collection. |
||
87 | */ |
||
88 | public function getFetchJoinCollection() |
||
89 | { |
||
90 | return $this->fetchJoinCollection; |
||
91 | } |
||
92 | |||
93 | /** |
||
94 | * Returns whether the paginator will use an output walker. |
||
95 | * |
||
96 | * @return bool|null |
||
97 | */ |
||
98 | public function getUseOutputWalkers() |
||
99 | { |
||
100 | return $this->useOutputWalkers; |
||
101 | } |
||
102 | |||
103 | /** |
||
104 | * Sets whether the paginator will use an output walker. |
||
105 | * |
||
106 | * @param bool|null $useOutputWalkers |
||
107 | * |
||
108 | * @return $this |
||
109 | */ |
||
110 | 41 | public function setUseOutputWalkers($useOutputWalkers) |
|
111 | { |
||
112 | 41 | $this->useOutputWalkers = $useOutputWalkers; |
|
113 | 41 | return $this; |
|
114 | } |
||
115 | |||
116 | /** |
||
117 | * {@inheritdoc} |
||
118 | */ |
||
119 | 41 | public function count() |
|
120 | { |
||
121 | 41 | if ($this->count === null) { |
|
122 | try { |
||
123 | 41 | $this->count = array_sum(array_map('current', $this->getCountQuery()->getScalarResult())); |
|
0 ignored issues
–
show
|
|||
124 | } catch(NoResultException $e) { |
||
125 | $this->count = 0; |
||
126 | } |
||
127 | } |
||
128 | |||
129 | 41 | return $this->count; |
|
130 | } |
||
131 | |||
132 | /** |
||
133 | * {@inheritdoc} |
||
134 | */ |
||
135 | 41 | public function getIterator() |
|
136 | { |
||
137 | 41 | $offset = $this->query->getFirstResult(); |
|
138 | 41 | $length = $this->query->getMaxResults(); |
|
139 | |||
140 | 41 | if ($this->fetchJoinCollection) { |
|
141 | 41 | $subQuery = $this->cloneQuery($this->query); |
|
142 | |||
143 | 41 | if ($this->useOutputWalker($subQuery)) { |
|
144 | 16 | $subQuery->setHint(Query::HINT_CUSTOM_OUTPUT_WALKER, 'Eccube\Doctrine\ORM\Tools\Pagination\LimitSubqueryOutputWalker'); |
|
145 | } else { |
||
146 | 25 | $this->appendTreeWalker($subQuery, 'Eccube\Doctrine\ORM\Tools\Pagination\LimitSubqueryWalker'); |
|
147 | } |
||
148 | |||
149 | 41 | $subQuery->setFirstResult($offset)->setMaxResults($length); |
|
150 | |||
151 | 41 | $ids = array_map('current', $subQuery->getScalarResult()); |
|
152 | |||
153 | 41 | $whereInQuery = $this->cloneQuery($this->query); |
|
154 | // don't do this for an empty id array |
||
155 | 41 | if (count($ids) == 0) { |
|
156 | 8 | return new \ArrayIterator(array()); |
|
157 | } |
||
158 | |||
159 | 35 | $this->appendTreeWalker($whereInQuery, 'Eccube\Doctrine\ORM\Tools\Pagination\WhereInWalker'); |
|
160 | 35 | $whereInQuery->setHint(WhereInWalker::HINT_PAGINATOR_ID_COUNT, count($ids)); |
|
161 | 35 | $whereInQuery->setFirstResult(null)->setMaxResults(null); |
|
162 | 35 | $whereInQuery->setParameter(WhereInWalker::PAGINATOR_ID_ALIAS, $ids); |
|
163 | //$whereInQuery->setCacheable($this->query->isCacheable()); |
||
0 ignored issues
–
show
Unused Code
Comprehensibility
introduced
by
77% of this comment could be valid code. Did you maybe forget this after debugging?
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. ![]() |
|||
164 | |||
165 | 35 | $result = $whereInQuery->getResult($this->query->getHydrationMode()); |
|
166 | } else { |
||
167 | $result = $this->cloneQuery($this->query) |
||
168 | ->setMaxResults($length) |
||
169 | ->setFirstResult($offset) |
||
170 | //->setCacheable($this->query->isCacheable()) |
||
0 ignored issues
–
show
Unused Code
Comprehensibility
introduced
by
73% of this comment could be valid code. Did you maybe forget this after debugging?
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. ![]() |
|||
171 | ->getResult($this->query->getHydrationMode()) |
||
172 | ; |
||
173 | } |
||
174 | |||
175 | 35 | return new \ArrayIterator($result); |
|
176 | } |
||
177 | |||
178 | /** |
||
179 | * Clones a query. |
||
180 | * |
||
181 | * @param Query $query The query. |
||
182 | * |
||
183 | * @return Query The cloned query. |
||
184 | */ |
||
185 | 41 | private function cloneQuery(Query $query) |
|
186 | { |
||
187 | /* @var $cloneQuery Query */ |
||
188 | 41 | $cloneQuery = clone $query; |
|
189 | |||
190 | 41 | $cloneQuery->setParameters(clone $query->getParameters()); |
|
191 | //$cloneQuery->setCacheable(false); |
||
0 ignored issues
–
show
Unused Code
Comprehensibility
introduced
by
86% of this comment could be valid code. Did you maybe forget this after debugging?
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. ![]() |
|||
192 | |||
193 | 41 | foreach ($query->getHints() as $name => $value) { |
|
194 | 41 | $cloneQuery->setHint($name, $value); |
|
195 | } |
||
196 | |||
197 | 41 | return $cloneQuery; |
|
198 | } |
||
199 | |||
200 | /** |
||
201 | * Determines whether to use an output walker for the query. |
||
202 | * |
||
203 | * @param Query $query The query. |
||
204 | * |
||
205 | * @return bool |
||
206 | */ |
||
207 | 41 | private function useOutputWalker(Query $query) |
|
208 | { |
||
209 | 41 | if ($this->useOutputWalkers === null) { |
|
210 | return (Boolean) $query->getHint(Query::HINT_CUSTOM_OUTPUT_WALKER) == false; |
||
0 ignored issues
–
show
|
|||
211 | } |
||
212 | |||
213 | 41 | return $this->useOutputWalkers; |
|
214 | } |
||
215 | |||
216 | /** |
||
217 | * Appends a custom tree walker to the tree walkers hint. |
||
218 | * |
||
219 | * @param Query $query |
||
220 | * @param string $walkerClass |
||
221 | */ |
||
222 | 37 | private function appendTreeWalker(Query $query, $walkerClass) |
|
223 | { |
||
224 | 37 | $hints = $query->getHint(Query::HINT_CUSTOM_TREE_WALKERS); |
|
225 | |||
226 | 37 | if ($hints === false) { |
|
227 | 37 | $hints = array(); |
|
228 | } |
||
229 | |||
230 | 37 | $hints[] = $walkerClass; |
|
231 | 37 | $query->setHint(Query::HINT_CUSTOM_TREE_WALKERS, $hints); |
|
232 | } |
||
233 | |||
234 | /** |
||
235 | * Returns Query prepared to count. |
||
236 | * |
||
237 | * @return Query |
||
238 | */ |
||
239 | 41 | private function getCountQuery() |
|
240 | { |
||
241 | /* @var $countQuery Query */ |
||
242 | 41 | $countQuery = $this->cloneQuery($this->query); |
|
243 | |||
244 | 41 | if ( ! $countQuery->hasHint(CountWalker::HINT_DISTINCT)) { |
|
245 | $countQuery->setHint(CountWalker::HINT_DISTINCT, true); |
||
246 | } |
||
247 | |||
248 | 41 | if ($this->useOutputWalker($countQuery)) { |
|
249 | 16 | $platform = $countQuery->getEntityManager()->getConnection()->getDatabasePlatform(); // law of demeter win |
|
250 | |||
251 | 16 | $rsm = new ResultSetMapping(); |
|
252 | 16 | $rsm->addScalarResult($platform->getSQLResultCasing('dctrn_count'), 'count'); |
|
253 | |||
254 | 16 | $countQuery->setHint(Query::HINT_CUSTOM_OUTPUT_WALKER, 'Eccube\Doctrine\ORM\Tools\Pagination\CountOutputWalker'); |
|
255 | 16 | $countQuery->setResultSetMapping($rsm); |
|
256 | } else { |
||
257 | 25 | $this->appendTreeWalker($countQuery, 'Eccube\Doctrine\ORM\Tools\Pagination\CountWalker'); |
|
258 | } |
||
259 | |||
260 | 41 | $countQuery->setFirstResult(null)->setMaxResults(null); |
|
261 | |||
262 | 41 | $parser = new Parser($countQuery); |
|
263 | 41 | $parameterMappings = $parser->parse()->getParameterMappings(); |
|
264 | /* @var $parameters \Doctrine\Common\Collections\Collection|\Doctrine\ORM\Query\Parameter[] */ |
||
0 ignored issues
–
show
Unused Code
Comprehensibility
introduced
by
50% of this comment could be valid code. Did you maybe forget this after debugging?
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. ![]() |
|||
265 | 41 | $parameters = $countQuery->getParameters(); |
|
266 | |||
267 | 41 | foreach ($parameters as $key => $parameter) { |
|
268 | 33 | $parameterName = $parameter->getName(); |
|
269 | |||
270 | 33 | if( ! (isset($parameterMappings[$parameterName]) || array_key_exists($parameterName, $parameterMappings))) { |
|
271 | 41 | unset($parameters[$key]); |
|
272 | } |
||
273 | } |
||
274 | |||
275 | 41 | $countQuery->setParameters($parameters); |
|
0 ignored issues
–
show
It seems like
$parameters can also be of type object<Doctrine\Common\Collections\Collection> ; however, Doctrine\ORM\AbstractQuery::setParameters() does only seem to accept object<Doctrine\Common\C...\ArrayCollection>|array , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. ![]() |
|||
276 | |||
277 | 41 | return $countQuery; |
|
278 | } |
||
279 | } |
||
280 |
Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly.
For example, imagine you have a variable
$accountId
that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to theid
property of an instance of theAccount
class. This class holds a proper account, so the id value must no longer be false.Either this assignment is in error or a type check should be added for that assignment.