Passed
Push — master ( c0a3a7...3b84a4 )
by Jeroen
58:51
created

actions/developers/entity_explorer_delete.php (1 issue)

Checks if the types of the passed arguments in a function/method call are compatible.

Bug Minor
1
<?php
2
3
$guid = (int) get_input('guid');
4
$type = get_input('type');
5
$key = get_input('key');
6
7
$show_hidden = access_show_hidden_entities(true);
8
9
$entity = get_entity($guid);
10
if (empty($entity) || empty($type) || $key === null) {
11
	access_show_hidden_entities($show_hidden);
12
	return elgg_error_response(elgg_echo('error:missing_data'));
13
}
14
15
if (!$entity->canEdit()) {
16
	access_show_hidden_entities($show_hidden);
17
	return elgg_error_response(elgg_echo('action:unauthorized'));
18
}
19
20
switch ($type) {
21
	case 'entity':
22
		if (!($entity instanceof ElggSite)) {
23
			$entity->delete();
24
		}
25
		break;
26
	case 'metadata':
27
		unset($entity->$key);
28
		break;
29
	case 'relationship':
30
		get_relationship($key)->delete();
0 ignored issues
show
It seems like $key can also be of type string; however, parameter $id of get_relationship() does only seem to accept integer, maybe add an additional type check? ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-type  annotation

30
		get_relationship(/** @scrutinizer ignore-type */ $key)->delete();
Loading history...
31
		break;
32
	case 'private_setting':
33
		$entity->removePrivateSetting($key);
34
		break;
35
}
36
37
access_show_hidden_entities($show_hidden);
38
39
return elgg_ok_response();
40