This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Kunstmaan\ConfigBundle\Controller; |
||
4 | |||
5 | use Doctrine\ORM\EntityManagerInterface; |
||
6 | use Kunstmaan\ConfigBundle\Entity\AbstractConfig; |
||
7 | use Symfony\Bundle\FrameworkBundle\Templating\EngineInterface; |
||
8 | use Symfony\Component\DependencyInjection\ContainerInterface; |
||
9 | use Symfony\Component\Form\FormFactoryInterface; |
||
10 | use Symfony\Component\HttpFoundation\RedirectResponse; |
||
11 | use Symfony\Component\HttpFoundation\Request; |
||
12 | use Symfony\Component\HttpFoundation\Response; |
||
13 | use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; |
||
14 | use Symfony\Component\Routing\RouterInterface; |
||
15 | use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface; |
||
16 | use Symfony\Component\Security\Core\Exception\AccessDeniedException; |
||
17 | use Twig\Environment; |
||
18 | |||
19 | /** |
||
20 | * Class ConfigController |
||
21 | */ |
||
22 | class ConfigController |
||
23 | { |
||
24 | /** |
||
25 | * @var RouterInterface |
||
26 | */ |
||
27 | private $router; |
||
28 | |||
29 | /** |
||
30 | * @var EngineInterface|Environment |
||
31 | */ |
||
32 | private $twig; |
||
33 | |||
34 | /** |
||
35 | * @var AuthorizationCheckerInterface |
||
36 | */ |
||
37 | private $authorizationChecker; |
||
38 | |||
39 | /** |
||
40 | * @var EntityManagerInterface |
||
41 | */ |
||
42 | private $em; |
||
43 | |||
44 | /** |
||
45 | * @var array |
||
46 | */ |
||
47 | private $configuration; |
||
48 | |||
49 | /** |
||
50 | * @var FormFactoryInterface |
||
51 | */ |
||
52 | private $formFactory; |
||
53 | |||
54 | /** |
||
55 | * @param RouterInterface $router |
||
56 | * @param EngineInterface|Environment $twig |
||
57 | * @param AuthorizationCheckerInterface $authorizationChecker |
||
58 | * @param EntityManagerInterface $em |
||
59 | * @param array $configuration |
||
60 | * @param ContainerInterface $container |
||
61 | * @param FormFactoryInterface $formFactory |
||
62 | */ |
||
63 | public function __construct( |
||
64 | RouterInterface $router, |
||
65 | /* Environment */ $twig, |
||
66 | AuthorizationCheckerInterface $authorizationChecker, |
||
67 | EntityManagerInterface $em, |
||
68 | array $configuration, |
||
69 | /* ContainerInterface $container, */ |
||
70 | /* FormFactoryInterface */ $formFactory |
||
71 | ) { |
||
72 | $this->router = $router; |
||
73 | $this->twig = $twig; |
||
74 | $this->authorizationChecker = $authorizationChecker; |
||
75 | $this->em = $em; |
||
76 | $this->configuration = $configuration; |
||
77 | |||
78 | if ($twig instanceof EngineInterface) { |
||
79 | @trigger_error('Passing the "@templating" service as the 2nd argument is deprecated since KunstmaanConfigBundle 5.4 and will be replaced by the Twig renderer in KunstmaanConfigBundle 6.0. Injected the "@twig" service instead.', E_USER_DEPRECATED); |
||
0 ignored issues
–
show
|
|||
80 | } |
||
81 | |||
82 | View Code Duplication | if (\func_num_args() > 6) { |
|
83 | @trigger_error(sprintf('Passing the "container" as the sixth argument in "%s" is deprecated in KunstmaanConfigBundle 5.1 and will be removed in KunstmaanConfigBundle 6.0. Remove the "container" argument from your service definition.', __METHOD__), E_USER_DEPRECATED); |
||
0 ignored issues
–
show
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||
84 | |||
85 | $this->formFactory = func_get_arg(6); |
||
86 | |||
87 | return; |
||
88 | } |
||
89 | |||
90 | $this->formFactory = $formFactory; |
||
91 | } |
||
92 | |||
93 | /** |
||
94 | * Generates the site config administration form and fills it with a default value if needed. |
||
95 | * |
||
96 | * @param Request $request |
||
97 | * @param string $internalName |
||
98 | * |
||
99 | * @return Response |
||
100 | */ |
||
101 | public function indexAction(Request $request, $internalName) |
||
102 | { |
||
103 | /** |
||
104 | * @var AbstractConfig |
||
105 | */ |
||
106 | $entity = $this->getConfigEntityByInternalName($internalName); |
||
107 | $entityClass = \get_class($entity); |
||
108 | |||
109 | // Check if current user has permission for the site config. |
||
110 | foreach ($entity->getRoles() as $role) { |
||
111 | $this->checkPermission($role); |
||
112 | } |
||
113 | |||
114 | $repo = $this->em->getRepository($entityClass); |
||
115 | $config = $repo->findOneBy(array()); |
||
116 | |||
117 | if (!$config) { |
||
118 | $config = new $entityClass(); |
||
119 | } |
||
120 | |||
121 | $form = $this->formFactory->create( |
||
122 | $entity->getDefaultAdminType(), |
||
123 | $config |
||
124 | ); |
||
125 | |||
126 | if ($request->isMethod('POST')) { |
||
127 | $form->handleRequest($request); |
||
128 | |||
129 | if ($form->isSubmitted() && $form->isValid()) { |
||
130 | $this->em->persist($config); |
||
131 | $this->em->flush(); |
||
132 | |||
133 | return new RedirectResponse($this->router->generate('kunstmaanconfigbundle_default', array('internalName' => $internalName))); |
||
134 | } |
||
135 | } |
||
136 | |||
137 | return new Response( |
||
138 | $this->twig->render('@KunstmaanConfig/Settings/configSettings.html.twig', ['form' => $form->createView()]) |
||
139 | ); |
||
140 | } |
||
141 | |||
142 | /** |
||
143 | * Get site config entity by a given internal name |
||
144 | * If entity not found, throw new NotFoundHttpException() |
||
145 | * |
||
146 | * @param string $internalName |
||
147 | * |
||
148 | * @return AbstractConfig |
||
149 | * |
||
150 | * @throws NotFoundHttpException |
||
151 | */ |
||
152 | private function getConfigEntityByInternalName($internalName) |
||
153 | { |
||
154 | foreach ($this->configuration['entities'] as $class) { |
||
155 | /** @var AbstractConfig $entity */ |
||
156 | $entity = new $class(); |
||
157 | |||
158 | if ($entity->getInternalName() == $internalName) { |
||
159 | return $entity; |
||
160 | } |
||
161 | } |
||
162 | |||
163 | throw new NotFoundHttpException(); |
||
164 | } |
||
165 | |||
166 | /** |
||
167 | * Check permission |
||
168 | * |
||
169 | * @param string $roleToCheck |
||
170 | * |
||
171 | * @throws AccessDeniedException |
||
172 | */ |
||
173 | private function checkPermission($roleToCheck = 'ROLE_SUPER_ADMIN') |
||
174 | { |
||
175 | if (false === $this->authorizationChecker->isGranted($roleToCheck)) { |
||
176 | throw new AccessDeniedException(); |
||
177 | } |
||
178 | } |
||
179 | } |
||
180 |
If you suppress an error, we recommend checking for the error condition explicitly: