Issues (15)

Security Analysis    no request data  

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

ActiveRecord.php (6 issues)

duplicate/similar methods.

Duplication Informational

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
/**
3
 * KumbiaPHP web & app Framework.
4
 *
5
 * LICENSE
6
 *
7
 * This source file is subject to the new BSD license that is bundled
8
 * with this package in the file LICENSE.txt.
9
 * It is also available through the world-wide-web at this URL:
10
 * http://wiki.kumbiaphp.com/Licencia
11
 * If you did not receive a copy of the license and are unable to
12
 * obtain it through the world-wide-web, please send an email
13
 * to [email protected] so we can send you a copy immediately.
14
 *
15
 * @category   Kumbia
16
 *
17
 * @copyright  2005 - 2020  Kumbia Team (http://www.kumbiaphp.com)
18
 * @license    http://wiki.kumbiaphp.com/Licencia     New BSD License
19
 */
20
21
namespace Kumbia\ActiveRecord;
22
23
/**
24
 * Implementación de patrón ActiveRecord con ayudantes de consultas sql.
25
 */
26
class ActiveRecord extends LiteRecord implements \JsonSerializable
27
{
28
    const BELONG_TO = 1;
29
    const HAS_MANY = 2;
30
    const HAS_ONE = 3;
31
32
    /**
33
     * Describe the relationships.
34
     *
35
     * @var array
36
     */
37
    protected static $relations = [];
38
39
    public static function resolver($relations, $obj)
40
    {
41
        $model = $relations->model;
42
        if ($relations->type === self::HAS_MANY) {
43
            return $model::allBy($relations->via, $obj->pk());
44
        }
45
46
        return $model::first($relations->via, $obj->pk());
47
    }
48
49 View Code Duplication
    public static function hasMany($name, $class, $via = null)
0 ignored issues
show
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
50
    {
51
        $str = strtolower($name);
52
        $name = static::getTable();
53
        static::$relations[$str] = (object) [
54
            'model' => $class,
55
            'type' => self::HAS_MANY,
56
            'via' => $via ? $via : "{$name}_id",
57
        ];
58
    }
59
60 View Code Duplication
    public static function hasOne($name, $class, $via = null)
0 ignored issues
show
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
61
    {
62
        $str = strtolower($name);
63
        $name = static::getTable();
64
        static::$relations[$str] = (object) [
65
            'model' => $class,
66
            'type' => self::HAS_ONE,
67
            'via' => $via ? $via : "{$name}_id",
68
        ];
69
    }
70
71
    /**
72
     * json_encode() method.
73
     */
74
    public function jsonSerialize()
75
    {
76
        return $this; //TODO: populate relations before
77
    }
78
79
    public function __get($key)
80
    {
81
        if (property_exists($this, $key)) {
82
            return $this->$key;
83
        }
84
        //it's a relationship
85
        if (isset(static::$relations[$key])) {
86
            $this->populate($key);
87
88
            return $this->$key;
89
        }
90
91
        return null; //TODO: change for error
92
    }
93
94
    protected static function getRelationship($rel)
95
    {
96
        if (!isset(static::$relations[$rel])) {
97
            throw new \RuntimeException("Invalid relationship '$rel'", 500);
98
        }
99
100
        return static::$relations[$rel];
101
    }
102
103
    public function populate($rel)
104
    {
105
        $relations = static::getRelationship($rel);
106
        $this->$rel = static::resolver($relations, $this);
107
    }
108
109
    /**
110
     * Pagination of Results.
111
     *
112
     * @param array $params   [description]
113
     * @param array $values   [description]
114
     * @param int   $page     [description]
115
     * @param int   $per_page [description]
116
     *
117
     * @return Paginator [description]
118
     */
119
    public static function pagination($params = [], $values = [], $page = 1, $per_page = 10)
120
    {
121
        $model = static::class;
122
        unset($params['limit'], $params['offset']);
123
        $sql = QueryGenerator::select($model::getSource(), $model::getDriver(), $params);
124
125
        return new Paginator($model, $sql, $page, $per_page, $values);
126
    }
127
128
    /**
129
     * Actualizar registros.
130
     *
131
     * @param array  $fields
132
     * @param string $where  condiciones
133
     * @param array  $values valores para condiciones
134
     *
135
     * @return int numero de registros actualizados
136
     */
137
    public static function updateAll(array $fields, string $where = '', array $values = [])
138
    {
139
        $sql = QueryGenerator::updateAll(static::class, $fields, $values, $where);
140
        $sth = self::prepare($sql);
141
        $sth->execute($values);
142
143
        return $sth->rowCount();
144
    }
145
146
    /**
147
     * Eliminar registro.
148
     *
149
     * @param string        $where  condiciones
150
     * @param array |string $values valores
151
     *
152
     * @return int numero de registros eliminados
153
     */
154
    public static function deleteAll($where = null, $values = null)
155
    {
156
        $source = static::getSource();
157
        $sql = QueryGenerator::deleteAll($source, $where);
158
        $sth = self::query($sql, $values);
159
160
        return $sth->rowCount();
161
    }
162
163
    /**
164
     * Elimina caracteres que podrian ayudar a ejecutar
165
     * un ataque de Inyeccion SQL.
166
     *
167
     * @param string $sqlItem
168
     *
169
     * @return string
170
     * @throws \RuntimeException
171
     */
172
    public static function sqlItemSanitize($sqlItem)
173
    {
174
        $sqlItem = \trim($sqlItem);
175
        if ($sqlItem !== '' && $sqlItem !== null) {
176
            $sql_temp = \preg_replace('/\s+/', '', $sqlItem);
177
            if (!\preg_match('/^[a-zA-Z0-9_\.]+$/', $sql_temp)) {
178
                throw new \RuntimeException('Se está tratando de ejecutar un SQL peligroso!');
179
            }
180
        }
181
182
        return $sqlItem;
183
    }
184
185
    /**
186
     * Obtener la primera coincidencia por el campo indicado.
187
     *
188
     * @param string $field  campo
189
     * @param string $value  valor
190
     * @param array  $params parametros adicionales
191
     *                       order: criterio de ordenamiento
192
     *                       fields: lista de campos
193
     *                       join: joins de tablas
194
     *                       group: agrupar campos
195
     *                       having: condiciones de grupo
196
     *                       offset: valor offset
197
     *
198
     * @return ActiveRecord
199
     */
200 View Code Duplication
    public static function firstBy($field, $value, $params = [])
0 ignored issues
show
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
201
    {
202
        $field = self::sqlItemSanitize($field);
203
        $params['where'] = "$field = ?";
204
205
        return self::first($params, $value);
206
    }
207
208
    /**
209
     * Obtener la primera coincidencia de las condiciones indicadas.
210
     *
211
     * @param array $params parametros adicionales
212
     *                      order: criterio de ordenamiento
213
     *                      fields: lista de campos
214
     *                      group: agrupar campos
215
     *                      join: joins de tablas
216
     *                      having: condiciones de grupo
217
     *                      offset: valor offset queda
218
     * @param array $values valores de busqueda
219
     *
220
     * @return ActiveRecord
221
     */
222
    public static function first($params = [], $values = [])
223
    {
224
        $args = func_get_args();
225
        /*Reescribe el limit*/
226
        $args[0]['limit'] = 1;
227
        $res = self::doQuery($args);
228
229
        return $res->fetch();
230
    }
231
232
    /**
233
     * Obtener todos los registros.
234
     *
235
     * @param array $params
236
     *                      where: condiciones where
237
     *                      order: criterio de ordenamiento
238
     *                      fields: lista de campos
239
     *                      join: joins de tablas
240
     *                      group: agrupar campos
241
     *                      having: condiciones de grupo
242
     *                      limit: valor limit
243
     *                      offset: valor offset
244
     * @param array $values valores de busqueda
245
     *
246
     * @return \PDOStatement
247
     */
248
    public static function all($params = [], $values = [])
249
    {
250
        $res = self::doQuery(func_get_args());
251
252
        return $res->fetchAll();
253
    }
254
255
    /**
256
     * Do a query.
257
     *
258
     * @param array $array params of query
259
     *
260
     * @return \PDOStatement|false
261
     */
262
    protected static function doQuery(array $array)
263
    {
264
        $params = self::getParam($array);
265
        $values = self::getValues($array);
266
        $sql = QueryGenerator::select(static::getSource(), static::getDriver(), $params);
267
        $sth = static::query($sql, $values);
268
269
        return $sth;
270
    }
271
272
    /**
273
     * Retorna los parametros para el doQuery.
274
     *
275
     * @param array $array
276
     *
277
     * @return array
278
     */
279
    protected static function getParam(array &$array)
280
    {
281
        $val = array_shift($array);
282
283
        return is_null($val) ? [] : $val;
284
    }
285
286
    /**
287
     * Retorna los values para el doQuery.
288
     *
289
     * @param array $array
290
     *
291
     * @return array
292
     */
293
    protected static function getValues(array $array)
294
    {
295
        return isset($array[0]) ?
296
        is_array($array[0]) ? $array[0] : [$array[0]] : $array;
297
    }
298
299
    /**
300
     * Obtener todas las coincidencias por el campo indicado.
301
     *
302
     * @param string $field  campo
303
     * @param string $value  valor
304
     * @param array  $params
305
     *                       order: criterio de ordenamiento
306
     *                       fields: lista de campos
307
     *                       join: joins de tablas
308
     *                       group: agrupar campos
309
     *                       having: condiciones de grupo
310
     *                       limit: valor limit
311
     *                       offset: valor offset
312
     *
313
     * @return \PDOStatement
314
     */
315 View Code Duplication
    public static function allBy($field, $value, $params = [])
0 ignored issues
show
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
316
    {
317
        $field = self::sqlItemSanitize($field);
318
        $params['where'] = "$field = ?";
319
320
        return self::all($params, $value);
321
    }
322
323
    /**
324
     * Cuenta los registros que coincidan con las condiciones indicadas.
325
     *
326
     * @param string $where  condiciones
327
     * @param array  $values valores
328
     *
329
     * @return int
330
     */
331
    public static function count(string $where = '', array $values = [])
332
    {
333
        $source = static::getSource();
334
        $sql = QueryGenerator::count($source, $where);
335
336
        $sth = static::query($sql, $values);
337
338
        return $sth->fetch()->count;
339
    }
340
341
    /**
342
     * Paginar.
343
     *
344
     * @param array $params
345
     * @param int   $page    numero de pagina
346
     * @param int   $perPage cantidad de items por pagina
347
     * @param array $values  valores
348
     *
349
     * @return Paginator
350
     */
351
    public static function paginate(array $params, int $page, int $perPage, $values = null)
352
    {
353
        unset($params['limit'], $params['offset']);
354
        $sql = QueryGenerator::select(static::getSource(), static::getDriver(), $params);
355
356
        // Valores para consulta
357
        if ($values !== null && !\is_array($values)) {
358
            $values = \array_slice(func_get_args(), 3);
359
        }
360
361
        return new Paginator(static::class, $sql, $page, $perPage, $values);
362
    }
363
364
    /**
365
     * Obtiene todos los registros de la consulta sql.
366
     *
367
     * @param string         $sql
368
     * @param string | array $values
369
     *
370
     * @return array
371
     */
372 View Code Duplication
    public static function allBySql($sql, $values = null)
0 ignored issues
show
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
373
    {
374
        if (!is_array($values)) {
375
            $values = \array_slice(\func_get_args(), 1);
376
        }
377
378
        return parent::all($sql, $values);
379
    }
380
381
    /**
382
     * Obtiene el primer registro de la consulta sql.
383
     *
384
     * @param string         $sql
385
     * @param string | array $values
386
     *
387
     * @return array
388
     */
389 View Code Duplication
    public static function firstBySql($sql, $values = null)
0 ignored issues
show
This method seems to be duplicated in your project.

Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.

You can also find more detailed suggestions in the “Code” section of your repository.

Loading history...
390
    {
391
        if (!is_array($values)) {
392
            $values = \array_slice(\func_get_args(), 1);
393
        }
394
395
        return parent::first($sql, $values);
396
    }
397
}
398