This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
Check for suspicious calls to parent methods
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * KumbiaPHP web & app Framework. |
||
4 | * |
||
5 | * LICENSE |
||
6 | * |
||
7 | * This source file is subject to the new BSD license that is bundled |
||
8 | * with this package in the file LICENSE.txt. |
||
9 | * It is also available through the world-wide-web at this URL: |
||
10 | * http://wiki.kumbiaphp.com/Licencia |
||
11 | * If you did not receive a copy of the license and are unable to |
||
12 | * obtain it through the world-wide-web, please send an email |
||
13 | * to [email protected] so we can send you a copy immediately. |
||
14 | * |
||
15 | * @category Kumbia |
||
16 | * |
||
17 | * @copyright 2005 - 2020 Kumbia Team (http://www.kumbiaphp.com) |
||
18 | * @license http://wiki.kumbiaphp.com/Licencia New BSD License |
||
19 | */ |
||
20 | |||
21 | namespace Kumbia\ActiveRecord; |
||
22 | |||
23 | /** |
||
24 | * Implementación de patrón ActiveRecord con ayudantes de consultas sql. |
||
25 | */ |
||
26 | class ActiveRecord extends LiteRecord implements \JsonSerializable |
||
27 | { |
||
28 | const BELONG_TO = 1; |
||
29 | const HAS_MANY = 2; |
||
30 | const HAS_ONE = 3; |
||
31 | |||
32 | /** |
||
33 | * Describe the relationships. |
||
34 | * |
||
35 | * @var array |
||
36 | */ |
||
37 | protected static $relations = []; |
||
38 | |||
39 | public static function resolver($relations, $obj) |
||
40 | { |
||
41 | $model = $relations->model; |
||
42 | if ($relations->type === self::HAS_MANY) { |
||
43 | return $model::allBy($relations->via, $obj->pk()); |
||
44 | } |
||
45 | |||
46 | return $model::first($relations->via, $obj->pk()); |
||
47 | } |
||
48 | |||
49 | View Code Duplication | public static function hasMany($name, $class, $via = null) |
|
50 | { |
||
51 | $str = strtolower($name); |
||
52 | $name = static::getTable(); |
||
53 | static::$relations[$str] = (object) [ |
||
54 | 'model' => $class, |
||
55 | 'type' => self::HAS_MANY, |
||
56 | 'via' => $via ? $via : "{$name}_id", |
||
57 | ]; |
||
58 | } |
||
59 | |||
60 | View Code Duplication | public static function hasOne($name, $class, $via = null) |
|
61 | { |
||
62 | $str = strtolower($name); |
||
63 | $name = static::getTable(); |
||
64 | static::$relations[$str] = (object) [ |
||
65 | 'model' => $class, |
||
66 | 'type' => self::HAS_ONE, |
||
67 | 'via' => $via ? $via : "{$name}_id", |
||
68 | ]; |
||
69 | } |
||
70 | |||
71 | /** |
||
72 | * json_encode() method. |
||
73 | */ |
||
74 | public function jsonSerialize() |
||
75 | { |
||
76 | return $this; //TODO: populate relations before |
||
77 | } |
||
78 | |||
79 | public function __get($key) |
||
80 | { |
||
81 | if (property_exists($this, $key)) { |
||
82 | return $this->$key; |
||
83 | } |
||
84 | //it's a relationship |
||
85 | if (isset(static::$relations[$key])) { |
||
86 | $this->populate($key); |
||
87 | |||
88 | return $this->$key; |
||
89 | } |
||
90 | |||
91 | return null; //TODO: change for error |
||
92 | } |
||
93 | |||
94 | protected static function getRelationship($rel) |
||
95 | { |
||
96 | if (!isset(static::$relations[$rel])) { |
||
97 | throw new \RuntimeException("Invalid relationship '$rel'", 500); |
||
98 | } |
||
99 | |||
100 | return static::$relations[$rel]; |
||
101 | } |
||
102 | |||
103 | public function populate($rel) |
||
104 | { |
||
105 | $relations = static::getRelationship($rel); |
||
106 | $this->$rel = static::resolver($relations, $this); |
||
107 | } |
||
108 | |||
109 | /** |
||
110 | * Pagination of Results. |
||
111 | * |
||
112 | * @param array $params [description] |
||
113 | * @param array $values [description] |
||
114 | * @param int $page [description] |
||
115 | * @param int $per_page [description] |
||
116 | * |
||
117 | * @return Paginator [description] |
||
118 | */ |
||
119 | public static function pagination($params = [], $values = [], $page = 1, $per_page = 10) |
||
120 | { |
||
121 | $model = static::class; |
||
122 | unset($params['limit'], $params['offset']); |
||
123 | $sql = QueryGenerator::select($model::getSource(), $model::getDriver(), $params); |
||
124 | |||
125 | return new Paginator($model, $sql, $page, $per_page, $values); |
||
126 | } |
||
127 | |||
128 | /** |
||
129 | * Actualizar registros. |
||
130 | * |
||
131 | * @param array $fields |
||
132 | * @param string $where condiciones |
||
133 | * @param array $values valores para condiciones |
||
134 | * |
||
135 | * @return int numero de registros actualizados |
||
136 | */ |
||
137 | public static function updateAll(array $fields, string $where = '', array $values = []) |
||
138 | { |
||
139 | $sql = QueryGenerator::updateAll(static::class, $fields, $values, $where); |
||
140 | $sth = self::prepare($sql); |
||
141 | $sth->execute($values); |
||
142 | |||
143 | return $sth->rowCount(); |
||
144 | } |
||
145 | |||
146 | /** |
||
147 | * Eliminar registro. |
||
148 | * |
||
149 | * @param string $where condiciones |
||
150 | * @param array |string $values valores |
||
151 | * |
||
152 | * @return int numero de registros eliminados |
||
153 | */ |
||
154 | public static function deleteAll($where = null, $values = null) |
||
155 | { |
||
156 | $source = static::getSource(); |
||
157 | $sql = QueryGenerator::deleteAll($source, $where); |
||
158 | $sth = self::query($sql, $values); |
||
159 | |||
160 | return $sth->rowCount(); |
||
161 | } |
||
162 | |||
163 | /** |
||
164 | * Elimina caracteres que podrian ayudar a ejecutar |
||
165 | * un ataque de Inyeccion SQL. |
||
166 | * |
||
167 | * @param string $sqlItem |
||
168 | * |
||
169 | * @return string |
||
170 | * @throws \RuntimeException |
||
171 | */ |
||
172 | public static function sqlItemSanitize($sqlItem) |
||
173 | { |
||
174 | $sqlItem = \trim($sqlItem); |
||
175 | if ($sqlItem !== '' && $sqlItem !== null) { |
||
176 | $sql_temp = \preg_replace('/\s+/', '', $sqlItem); |
||
177 | if (!\preg_match('/^[a-zA-Z0-9_\.]+$/', $sql_temp)) { |
||
178 | throw new \RuntimeException('Se está tratando de ejecutar un SQL peligroso!'); |
||
179 | } |
||
180 | } |
||
181 | |||
182 | return $sqlItem; |
||
183 | } |
||
184 | |||
185 | /** |
||
186 | * Obtener la primera coincidencia por el campo indicado. |
||
187 | * |
||
188 | * @param string $field campo |
||
189 | * @param string $value valor |
||
190 | * @param array $params parametros adicionales |
||
191 | * order: criterio de ordenamiento |
||
192 | * fields: lista de campos |
||
193 | * join: joins de tablas |
||
194 | * group: agrupar campos |
||
195 | * having: condiciones de grupo |
||
196 | * offset: valor offset |
||
197 | * |
||
198 | * @return ActiveRecord |
||
199 | */ |
||
200 | View Code Duplication | public static function firstBy($field, $value, $params = []) |
|
201 | { |
||
202 | $field = self::sqlItemSanitize($field); |
||
203 | $params['where'] = "$field = ?"; |
||
204 | |||
205 | return self::first($params, $value); |
||
206 | } |
||
207 | |||
208 | /** |
||
209 | * Obtener la primera coincidencia de las condiciones indicadas. |
||
210 | * |
||
211 | * @param array $params parametros adicionales |
||
212 | * order: criterio de ordenamiento |
||
213 | * fields: lista de campos |
||
214 | * group: agrupar campos |
||
215 | * join: joins de tablas |
||
216 | * having: condiciones de grupo |
||
217 | * offset: valor offset queda |
||
218 | * @param array $values valores de busqueda |
||
219 | * |
||
220 | * @return ActiveRecord |
||
221 | */ |
||
222 | public static function first($params = [], $values = []) |
||
223 | { |
||
224 | $args = func_get_args(); |
||
225 | /*Reescribe el limit*/ |
||
226 | $args[0]['limit'] = 1; |
||
227 | $res = self::doQuery($args); |
||
228 | |||
229 | return $res->fetch(); |
||
230 | } |
||
231 | |||
232 | /** |
||
233 | * Obtener todos los registros. |
||
234 | * |
||
235 | * @param array $params |
||
236 | * where: condiciones where |
||
237 | * order: criterio de ordenamiento |
||
238 | * fields: lista de campos |
||
239 | * join: joins de tablas |
||
240 | * group: agrupar campos |
||
241 | * having: condiciones de grupo |
||
242 | * limit: valor limit |
||
243 | * offset: valor offset |
||
244 | * @param array $values valores de busqueda |
||
245 | * |
||
246 | * @return \PDOStatement |
||
247 | */ |
||
248 | public static function all($params = [], $values = []) |
||
249 | { |
||
250 | $res = self::doQuery(func_get_args()); |
||
251 | |||
252 | return $res->fetchAll(); |
||
253 | } |
||
254 | |||
255 | /** |
||
256 | * Do a query. |
||
257 | * |
||
258 | * @param array $array params of query |
||
259 | * |
||
260 | * @return \PDOStatement|false |
||
261 | */ |
||
262 | protected static function doQuery(array $array) |
||
263 | { |
||
264 | $params = self::getParam($array); |
||
265 | $values = self::getValues($array); |
||
266 | $sql = QueryGenerator::select(static::getSource(), static::getDriver(), $params); |
||
267 | $sth = static::query($sql, $values); |
||
268 | |||
269 | return $sth; |
||
270 | } |
||
271 | |||
272 | /** |
||
273 | * Retorna los parametros para el doQuery. |
||
274 | * |
||
275 | * @param array $array |
||
276 | * |
||
277 | * @return array |
||
278 | */ |
||
279 | protected static function getParam(array &$array) |
||
280 | { |
||
281 | $val = array_shift($array); |
||
282 | |||
283 | return is_null($val) ? [] : $val; |
||
284 | } |
||
285 | |||
286 | /** |
||
287 | * Retorna los values para el doQuery. |
||
288 | * |
||
289 | * @param array $array |
||
290 | * |
||
291 | * @return array |
||
292 | */ |
||
293 | protected static function getValues(array $array) |
||
294 | { |
||
295 | return isset($array[0]) ? |
||
296 | is_array($array[0]) ? $array[0] : [$array[0]] : $array; |
||
297 | } |
||
298 | |||
299 | /** |
||
300 | * Obtener todas las coincidencias por el campo indicado. |
||
301 | * |
||
302 | * @param string $field campo |
||
303 | * @param string $value valor |
||
304 | * @param array $params |
||
305 | * order: criterio de ordenamiento |
||
306 | * fields: lista de campos |
||
307 | * join: joins de tablas |
||
308 | * group: agrupar campos |
||
309 | * having: condiciones de grupo |
||
310 | * limit: valor limit |
||
311 | * offset: valor offset |
||
312 | * |
||
313 | * @return \PDOStatement |
||
314 | */ |
||
315 | View Code Duplication | public static function allBy($field, $value, $params = []) |
|
316 | { |
||
317 | $field = self::sqlItemSanitize($field); |
||
318 | $params['where'] = "$field = ?"; |
||
319 | |||
320 | return self::all($params, $value); |
||
321 | } |
||
322 | |||
323 | /** |
||
324 | * Cuenta los registros que coincidan con las condiciones indicadas. |
||
325 | * |
||
326 | * @param string $where condiciones |
||
327 | * @param array $values valores |
||
328 | * |
||
329 | * @return int |
||
330 | */ |
||
331 | public static function count(string $where = '', array $values = []) |
||
332 | { |
||
333 | $source = static::getSource(); |
||
334 | $sql = QueryGenerator::count($source, $where); |
||
335 | |||
336 | $sth = static::query($sql, $values); |
||
337 | |||
338 | return $sth->fetch()->count; |
||
339 | } |
||
340 | |||
341 | /** |
||
342 | * Paginar. |
||
343 | * |
||
344 | * @param array $params |
||
345 | * @param int $page numero de pagina |
||
346 | * @param int $perPage cantidad de items por pagina |
||
347 | * @param array $values valores |
||
348 | * |
||
349 | * @return Paginator |
||
350 | */ |
||
351 | public static function paginate(array $params, int $page, int $perPage, $values = null) |
||
352 | { |
||
353 | unset($params['limit'], $params['offset']); |
||
354 | $sql = QueryGenerator::select(static::getSource(), static::getDriver(), $params); |
||
355 | |||
356 | // Valores para consulta |
||
357 | if ($values !== null && !\is_array($values)) { |
||
358 | $values = \array_slice(func_get_args(), 3); |
||
359 | } |
||
360 | |||
361 | return new Paginator(static::class, $sql, $page, $perPage, $values); |
||
362 | } |
||
363 | |||
364 | /** |
||
365 | * Obtiene todos los registros de la consulta sql. |
||
366 | * |
||
367 | * @param string $sql |
||
368 | * @param string | array $values |
||
369 | * |
||
370 | * @return array |
||
371 | */ |
||
372 | View Code Duplication | public static function allBySql($sql, $values = null) |
|
373 | { |
||
374 | if (!is_array($values)) { |
||
375 | $values = \array_slice(\func_get_args(), 1); |
||
376 | } |
||
377 | |||
378 | return parent::all($sql, $values); |
||
0 ignored issues
–
show
|
|||
379 | } |
||
380 | |||
381 | /** |
||
382 | * Obtiene el primer registro de la consulta sql. |
||
383 | * |
||
384 | * @param string $sql |
||
385 | * @param string | array $values |
||
386 | * |
||
387 | * @return array |
||
388 | */ |
||
389 | View Code Duplication | public static function firstBySql($sql, $values = null) |
|
390 | { |
||
391 | if (!is_array($values)) { |
||
392 | $values = \array_slice(\func_get_args(), 1); |
||
393 | } |
||
394 | |||
395 | return parent::first($sql, $values); |
||
0 ignored issues
–
show
It seems like you call parent on a different method (
first() instead of firstBySql() ). Are you sure this is correct? If so, you might want to change this to $this->first() .
This check looks for a call to a parent method whose name is different than the method from which it is called. Consider the following code: class Daddy
{
protected function getFirstName()
{
return "Eidur";
}
protected function getSurName()
{
return "Gudjohnsen";
}
}
class Son
{
public function getFirstName()
{
return parent::getSurname();
}
}
The
Loading history...
|
|||
396 | } |
||
397 | } |
||
398 |
This check looks for a call to a parent method whose name is different than the method from which it is called.
Consider the following code:
The
getFirstName()
method in theSon
calls the wrong method in the parent class.