This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * KumbiaPHP web & app Framework. |
||
4 | * |
||
5 | * LICENSE |
||
6 | * |
||
7 | * This source file is subject to the new BSD license that is bundled |
||
8 | * with this package in the file LICENSE.txt. |
||
9 | * It is also available through the world-wide-web at this URL: |
||
10 | * http://wiki.kumbiaphp.com/Licencia |
||
11 | * If you did not receive a copy of the license and are unable to |
||
12 | * obtain it through the world-wide-web, please send an email |
||
13 | * to [email protected] so we can send you a copy immediately. |
||
14 | * |
||
15 | * @category Kumbia |
||
16 | * |
||
17 | * @copyright 2005 - 2020 Kumbia Team (http://www.kumbiaphp.com) |
||
18 | * @license http://wiki.kumbiaphp.com/Licencia New BSD License |
||
19 | */ |
||
20 | |||
21 | namespace Kumbia\ActiveRecord; |
||
22 | |||
23 | /** |
||
24 | * Implementación de patrón ActiveRecord con ayudantes de consultas sql. |
||
25 | */ |
||
26 | class ActiveRecord extends LiteRecord implements \JsonSerializable |
||
27 | { |
||
28 | const BELONG_TO = 1; |
||
29 | const HAS_MANY = 2; |
||
30 | const HAS_ONE = 3; |
||
31 | |||
32 | /** |
||
33 | * Describe the relationships. |
||
34 | * |
||
35 | * @var array |
||
36 | */ |
||
37 | protected static $relations = []; |
||
38 | |||
39 | public static function resolver($relations, $obj) |
||
40 | { |
||
41 | $model = $relations->model; |
||
42 | if ($relations->type === self::HAS_MANY) { |
||
43 | return $model::allBy($relations->via, $obj->pk()); |
||
44 | } |
||
45 | |||
46 | return $model::first($relations->via, $obj->pk()); |
||
47 | } |
||
48 | |||
49 | View Code Duplication | public static function hasMany($name, $class, $via = null) |
|
0 ignored issues
–
show
|
|||
50 | { |
||
51 | $str = strtolower($name); |
||
52 | $name = static::getTable(); |
||
53 | static::$relations[$str] = (object) [ |
||
54 | 'model' => $class, |
||
55 | 'type' => self::HAS_MANY, |
||
56 | 'via' => $via ? $via : "{$name}_id", |
||
57 | ]; |
||
58 | } |
||
59 | |||
60 | View Code Duplication | public static function hasOne($name, $class, $via = null) |
|
61 | { |
||
62 | $str = strtolower($name); |
||
63 | $name = static::getTable(); |
||
64 | static::$relations[$str] = (object) [ |
||
65 | 'model' => $class, |
||
66 | 'type' => self::HAS_ONE, |
||
67 | 'via' => $via ? $via : "{$name}_id", |
||
68 | ]; |
||
69 | } |
||
70 | |||
71 | /** |
||
72 | * json_encode() method. |
||
73 | */ |
||
74 | public function jsonSerialize() |
||
75 | { |
||
76 | return $this; //TODO: populate relations before |
||
77 | } |
||
78 | |||
79 | public function __get($key) |
||
80 | { |
||
81 | if (property_exists($this, $key)) { |
||
82 | return $this->$key; |
||
83 | } |
||
84 | //it's a relationship |
||
85 | if (isset(static::$relations[$key])) { |
||
86 | $this->populate($key); |
||
87 | |||
88 | return $this->$key; |
||
89 | } |
||
90 | |||
91 | return null; //TODO: change for error |
||
92 | } |
||
93 | |||
94 | protected static function getRelationship($rel) |
||
95 | { |
||
96 | if (!isset(static::$relations[$rel])) { |
||
97 | throw new \RuntimeException("Invalid relationship '$rel'", 500); |
||
98 | } |
||
99 | |||
100 | return static::$relations[$rel]; |
||
101 | } |
||
102 | |||
103 | public function populate($rel) |
||
104 | { |
||
105 | $relations = static::getRelationship($rel); |
||
106 | $this->$rel = static::resolver($relations, $this); |
||
107 | } |
||
108 | |||
109 | /** |
||
110 | * Pagination of Results. |
||
111 | * |
||
112 | * @param array $params [description] |
||
113 | * @param array $values [description] |
||
114 | * @param int $page [description] |
||
115 | * @param int $per_page [description] |
||
116 | * |
||
117 | * @return Paginator [description] |
||
118 | */ |
||
119 | public static function pagination($params = [], $values = [], $page = 1, $per_page = 10) |
||
120 | { |
||
121 | $model = static::class; |
||
122 | unset($params['limit'], $params['offset']); |
||
123 | $sql = QueryGenerator::select($model::getSource(), $model::getDriver(), $params); |
||
124 | |||
125 | return new Paginator($model, $sql, $page, $per_page, $values); |
||
126 | } |
||
127 | |||
128 | /** |
||
129 | * Actualizar registros. |
||
130 | * |
||
131 | * @param array $fields |
||
132 | * @param string $where condiciones |
||
133 | * @param array $values valores para condiciones |
||
134 | * |
||
135 | * @return int numero de registros actualizados |
||
136 | */ |
||
137 | public static function updateAll(array $fields, string $where = '', array $values = []) |
||
138 | { |
||
139 | $sql = QueryGenerator::updateAll(static::class, $fields, $values, $where); |
||
140 | $sth = self::prepare($sql); |
||
141 | $sth->execute($values); |
||
142 | |||
143 | return $sth->rowCount(); |
||
144 | } |
||
145 | |||
146 | /** |
||
147 | * Eliminar registro. |
||
148 | * |
||
149 | * @param string $where condiciones |
||
150 | * @param array |string $values valores |
||
151 | * |
||
152 | * @return int numero de registros eliminados |
||
153 | */ |
||
154 | public static function deleteAll($where = null, $values = null) |
||
155 | { |
||
156 | $source = static::getSource(); |
||
157 | $sql = QueryGenerator::deleteAll($source, $where); |
||
158 | $sth = self::query($sql, $values); |
||
159 | |||
160 | return $sth->rowCount(); |
||
161 | } |
||
162 | |||
163 | /** |
||
164 | * Elimina caracteres que podrian ayudar a ejecutar |
||
165 | * un ataque de Inyeccion SQL. |
||
166 | * |
||
167 | * @param string $sqlItem |
||
168 | * |
||
169 | * @return string |
||
170 | * @throws \RuntimeException |
||
171 | */ |
||
172 | public static function sqlItemSanitize($sqlItem) |
||
173 | { |
||
174 | $sqlItem = \trim($sqlItem); |
||
175 | if ($sqlItem !== '' && $sqlItem !== null) { |
||
176 | $sql_temp = \preg_replace('/\s+/', '', $sqlItem); |
||
177 | if (!\preg_match('/^[a-zA-Z0-9_\.]+$/', $sql_temp)) { |
||
178 | throw new \RuntimeException('Se está tratando de ejecutar un SQL peligroso!'); |
||
179 | } |
||
180 | } |
||
181 | |||
182 | return $sqlItem; |
||
183 | } |
||
184 | |||
185 | /** |
||
186 | * Obtener la primera coincidencia por el campo indicado. |
||
187 | * |
||
188 | * @param string $field campo |
||
189 | * @param string $value valor |
||
190 | * @param array $params parametros adicionales |
||
191 | * order: criterio de ordenamiento |
||
192 | * fields: lista de campos |
||
193 | * join: joins de tablas |
||
194 | * group: agrupar campos |
||
195 | * having: condiciones de grupo |
||
196 | * offset: valor offset |
||
197 | * |
||
198 | * @return ActiveRecord |
||
199 | */ |
||
200 | View Code Duplication | public static function firstBy($field, $value, $params = []) |
|
201 | { |
||
202 | $field = self::sqlItemSanitize($field); |
||
203 | $params['where'] = "$field = ?"; |
||
204 | |||
205 | return self::first($params, $value); |
||
206 | } |
||
207 | |||
208 | /** |
||
209 | * Obtener la primera coincidencia de las condiciones indicadas. |
||
210 | * |
||
211 | * @param array $params parametros adicionales |
||
212 | * order: criterio de ordenamiento |
||
213 | * fields: lista de campos |
||
214 | * group: agrupar campos |
||
215 | * join: joins de tablas |
||
216 | * having: condiciones de grupo |
||
217 | * offset: valor offset queda |
||
218 | * @param array $values valores de busqueda |
||
219 | * |
||
220 | * @return ActiveRecord |
||
221 | */ |
||
222 | public static function first($params = [], $values = []) |
||
223 | { |
||
224 | $args = func_get_args(); |
||
225 | /*Reescribe el limit*/ |
||
226 | $args[0]['limit'] = 1; |
||
227 | $res = self::doQuery($args); |
||
228 | |||
229 | return $res->fetch(); |
||
230 | } |
||
231 | |||
232 | /** |
||
233 | * Obtener todos los registros. |
||
234 | * |
||
235 | * @param array $params |
||
236 | * where: condiciones where |
||
237 | * order: criterio de ordenamiento |
||
238 | * fields: lista de campos |
||
239 | * join: joins de tablas |
||
240 | * group: agrupar campos |
||
241 | * having: condiciones de grupo |
||
242 | * limit: valor limit |
||
243 | * offset: valor offset |
||
244 | * @param array $values valores de busqueda |
||
245 | * |
||
246 | * @return \PDOStatement |
||
247 | */ |
||
248 | public static function all($params = [], $values = []) |
||
249 | { |
||
250 | $res = self::doQuery(func_get_args()); |
||
251 | |||
252 | return $res->fetchAll(); |
||
253 | } |
||
254 | |||
255 | /** |
||
256 | * Do a query. |
||
257 | * |
||
258 | * @param array $array params of query |
||
259 | * |
||
260 | * @return \PDOStatement|false |
||
261 | */ |
||
262 | protected static function doQuery(array $array) |
||
263 | { |
||
264 | $params = self::getParam($array); |
||
265 | $values = self::getValues($array); |
||
266 | $sql = QueryGenerator::select(static::getSource(), static::getDriver(), $params); |
||
267 | $sth = static::query($sql, $values); |
||
268 | |||
269 | return $sth; |
||
270 | } |
||
271 | |||
272 | /** |
||
273 | * Retorna los parametros para el doQuery. |
||
274 | * |
||
275 | * @param array $array |
||
276 | * |
||
277 | * @return array |
||
278 | */ |
||
279 | protected static function getParam(array &$array) |
||
280 | { |
||
281 | $val = array_shift($array); |
||
282 | |||
283 | return is_null($val) ? [] : $val; |
||
284 | } |
||
285 | |||
286 | /** |
||
287 | * Retorna los values para el doQuery. |
||
288 | * |
||
289 | * @param array $array |
||
290 | * |
||
291 | * @return array |
||
292 | */ |
||
293 | protected static function getValues(array $array) |
||
294 | { |
||
295 | return isset($array[0]) ? |
||
296 | is_array($array[0]) ? $array[0] : [$array[0]] : $array; |
||
297 | } |
||
298 | |||
299 | /** |
||
300 | * Obtener todas las coincidencias por el campo indicado. |
||
301 | * |
||
302 | * @param string $field campo |
||
303 | * @param string $value valor |
||
304 | * @param array $params |
||
305 | * order: criterio de ordenamiento |
||
306 | * fields: lista de campos |
||
307 | * join: joins de tablas |
||
308 | * group: agrupar campos |
||
309 | * having: condiciones de grupo |
||
310 | * limit: valor limit |
||
311 | * offset: valor offset |
||
312 | * |
||
313 | * @return \PDOStatement |
||
314 | */ |
||
315 | View Code Duplication | public static function allBy($field, $value, $params = []) |
|
316 | { |
||
317 | $field = self::sqlItemSanitize($field); |
||
318 | $params['where'] = "$field = ?"; |
||
319 | |||
320 | return self::all($params, $value); |
||
321 | } |
||
322 | |||
323 | /** |
||
324 | * Cuenta los registros que coincidan con las condiciones indicadas. |
||
325 | * |
||
326 | * @param string $where condiciones |
||
327 | * @param array $values valores |
||
328 | * |
||
329 | * @return int |
||
330 | */ |
||
331 | public static function count(string $where = '', array $values = []) |
||
332 | { |
||
333 | $source = static::getSource(); |
||
334 | $sql = QueryGenerator::count($source, $where); |
||
335 | |||
336 | $sth = static::query($sql, $values); |
||
337 | |||
338 | return $sth->fetch()->count; |
||
339 | } |
||
340 | |||
341 | /** |
||
342 | * Paginar. |
||
343 | * |
||
344 | * @param array $params |
||
345 | * @param int $page numero de pagina |
||
346 | * @param int $perPage cantidad de items por pagina |
||
347 | * @param array $values valores |
||
348 | * |
||
349 | * @return Paginator |
||
350 | */ |
||
351 | public static function paginate(array $params, int $page, int $perPage, $values = null) |
||
352 | { |
||
353 | unset($params['limit'], $params['offset']); |
||
354 | $sql = QueryGenerator::select(static::getSource(), static::getDriver(), $params); |
||
355 | |||
356 | // Valores para consulta |
||
357 | if ($values !== null && !\is_array($values)) { |
||
358 | $values = \array_slice(func_get_args(), 3); |
||
359 | } |
||
360 | |||
361 | return new Paginator(static::class, $sql, $page, $perPage, $values); |
||
362 | } |
||
363 | |||
364 | /** |
||
365 | * Obtiene todos los registros de la consulta sql. |
||
366 | * |
||
367 | * @param string $sql |
||
368 | * @param string | array $values |
||
369 | * |
||
370 | * @return array |
||
371 | */ |
||
372 | View Code Duplication | public static function allBySql($sql, $values = null) |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
373 | { |
||
374 | if (!is_array($values)) { |
||
375 | $values = \array_slice(\func_get_args(), 1); |
||
376 | } |
||
377 | |||
378 | return parent::all($sql, $values); |
||
379 | } |
||
380 | |||
381 | /** |
||
382 | * Obtiene el primer registro de la consulta sql. |
||
383 | * |
||
384 | * @param string $sql |
||
385 | * @param string | array $values |
||
386 | * |
||
387 | * @return array |
||
388 | */ |
||
389 | View Code Duplication | public static function firstBySql($sql, $values = null) |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
390 | { |
||
391 | if (!is_array($values)) { |
||
392 | $values = \array_slice(\func_get_args(), 1); |
||
393 | } |
||
394 | |||
395 | return parent::first($sql, $values); |
||
396 | } |
||
397 | } |
||
398 |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.