This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Kunstmaan\FormBundle\Controller; |
||
4 | |||
5 | use Doctrine\ORM\EntityManager; |
||
6 | use Kunstmaan\AdminBundle\Helper\Security\Acl\Permission\PermissionMap; |
||
7 | use Kunstmaan\AdminListBundle\AdminList\AdminList; |
||
8 | use Kunstmaan\AdminListBundle\AdminList\ExportList; |
||
9 | use Kunstmaan\FormBundle\AdminList\FormPageAdminListConfigurator; |
||
10 | use Kunstmaan\FormBundle\AdminList\FormSubmissionAdminListConfigurator; |
||
11 | use Kunstmaan\FormBundle\AdminList\FormSubmissionExportListConfigurator; |
||
12 | use Kunstmaan\FormBundle\Entity\FormSubmission; |
||
13 | use Kunstmaan\FormBundle\Entity\FormSubmissionField; |
||
14 | use Kunstmaan\NodeBundle\Entity\Node; |
||
15 | use Kunstmaan\NodeBundle\Entity\NodeTranslation; |
||
16 | use Symfony\Component\Routing\Annotation\Route; |
||
17 | use Sensio\Bundle\FrameworkExtraBundle\Configuration\Template; |
||
18 | use Symfony\Bundle\FrameworkBundle\Controller\Controller; |
||
19 | use Symfony\Component\HttpFoundation\RedirectResponse; |
||
20 | use Symfony\Component\HttpFoundation\Request; |
||
21 | use Symfony\Component\HttpFoundation\Response; |
||
22 | use Kunstmaan\AdminBundle\FlashMessages\FlashTypes; |
||
23 | |||
24 | /** |
||
25 | * The controller which will handle everything related with form pages and form submissions |
||
26 | */ |
||
27 | class FormSubmissionsController extends Controller |
||
28 | { |
||
29 | /** |
||
30 | * The index action will use an admin list to list all the form pages |
||
31 | * |
||
32 | * @Route("/", name="KunstmaanFormBundle_formsubmissions") |
||
33 | * @Template("@KunstmaanAdminList/Default/list.html.twig") |
||
34 | * |
||
35 | * @return array |
||
36 | */ |
||
37 | View Code Duplication | public function indexAction(Request $request) |
|
38 | { |
||
39 | /* @var EntityManager $em */ |
||
40 | $em = $this->getDoctrine()->getManager(); |
||
41 | $aclHelper = $this->container->get('kunstmaan_admin.acl.helper'); |
||
42 | |||
43 | /* @var AdminList $adminList */ |
||
44 | $adminList = $this->get('kunstmaan_adminlist.factory')->createList( |
||
45 | new FormPageAdminListConfigurator($em, $aclHelper, PermissionMap::PERMISSION_VIEW) |
||
46 | ); |
||
47 | $adminList->bindRequest($request); |
||
48 | |||
49 | return array('adminlist' => $adminList); |
||
50 | } |
||
51 | |||
52 | /** |
||
53 | * The list action will use an admin list to list all the form submissions related to the given $nodeTranslationId |
||
54 | * |
||
55 | * @param int $nodeTranslationId |
||
56 | * |
||
57 | * @Route("/list/{nodeTranslationId}", requirements={"nodeTranslationId" = "\d+"}, |
||
58 | * name="KunstmaanFormBundle_formsubmissions_list", methods={"GET", "POST"}) |
||
59 | * @Template("@KunstmaanForm/FormSubmissions/list.html.twig") |
||
60 | * |
||
61 | * @return array |
||
62 | */ |
||
63 | public function listAction(Request $request, $nodeTranslationId) |
||
64 | { |
||
65 | $em = $this->getDoctrine()->getManager(); |
||
66 | $nodeTranslation = $em->getRepository(NodeTranslation::class)->find($nodeTranslationId); |
||
67 | |||
68 | /** @var AdminList $adminList */ |
||
69 | $adminList = $this->get('kunstmaan_adminlist.factory')->createList( |
||
70 | new FormSubmissionAdminListConfigurator($em, $nodeTranslation, $this->getParameter('kunstmaan_form.deletable_formsubmissions')) |
||
71 | ); |
||
72 | $adminList->bindRequest($request); |
||
73 | |||
74 | return array('nodetranslation' => $nodeTranslation, 'adminlist' => $adminList); |
||
75 | } |
||
76 | |||
77 | /** |
||
78 | * The edit action will be used to edit a given submission. |
||
79 | * |
||
80 | * @param int $nodeTranslationId The node translation id |
||
81 | * @param int $submissionId The submission id |
||
82 | * |
||
83 | * @Route("/list/{nodeTranslationId}/{submissionId}", requirements={"nodeTranslationId" = "\d+", "submissionId" = |
||
84 | * "\d+"}, name="KunstmaanFormBundle_formsubmissions_list_edit", methods={"GET", "POST"}) |
||
85 | * @Template("@KunstmaanForm/FormSubmissions/edit.html.twig") |
||
86 | * |
||
87 | * @return array |
||
88 | */ |
||
89 | public function editAction($nodeTranslationId, $submissionId) |
||
90 | { |
||
91 | $em = $this->getDoctrine()->getManager(); |
||
92 | $nodeTranslation = $em->getRepository(NodeTranslation::class)->find($nodeTranslationId); |
||
93 | $formSubmission = $em->getRepository(FormSubmission::class)->find($submissionId); |
||
94 | $request = $this->container->get('request_stack')->getCurrentRequest(); |
||
95 | $deletableFormsubmission = $this->getParameter('kunstmaan_form.deletable_formsubmissions'); |
||
96 | |||
97 | /** @var AdminList $adminList */ |
||
98 | $adminList = $this->get('kunstmaan_adminlist.factory')->createList( |
||
99 | new FormSubmissionAdminListConfigurator($em, $nodeTranslation, $deletableFormsubmission) |
||
100 | ); |
||
101 | $adminList->bindRequest($request); |
||
102 | |||
103 | return [ |
||
104 | 'nodetranslation' => $nodeTranslation, |
||
105 | 'formsubmission' => $formSubmission, |
||
106 | 'adminlist' => $adminList, |
||
107 | ]; |
||
108 | } |
||
109 | |||
110 | /** |
||
111 | * Export as CSV of all the form submissions for the given $nodeTranslationId |
||
112 | * |
||
113 | * @param int $nodeTranslationId |
||
114 | * |
||
115 | * @Route("/export/{nodeTranslationId}.{_format}", requirements={"nodeTranslationId" = "\d+","_format" = |
||
116 | * "csv|xlsx|ods"}, name="KunstmaanFormBundle_formsubmissions_export", methods={"GET"}) |
||
117 | * |
||
118 | * @return Response |
||
119 | */ |
||
120 | public function exportAction($nodeTranslationId, $_format) |
||
121 | { |
||
122 | $em = $this->getDoctrine()->getManager(); |
||
123 | /** @var NodeTranslation $nodeTranslation */ |
||
124 | $nodeTranslation = $em->getRepository(NodeTranslation::class)->find($nodeTranslationId); |
||
125 | $translator = $this->get('translator'); |
||
126 | |||
127 | /** @var ExportList $exportList */ |
||
128 | $configurator = new FormSubmissionExportListConfigurator($em, $nodeTranslation, $translator); |
||
129 | $exportList = $this->get('kunstmaan_adminlist.factory')->createExportList($configurator); |
||
130 | |||
131 | return $this->get('kunstmaan_adminlist.service.export')->getDownloadableResponse($exportList, $_format); |
||
132 | } |
||
133 | |||
134 | /** |
||
135 | * @Route( |
||
136 | * "/{id}/delete", |
||
137 | * requirements={"id" = "\d+"}, |
||
138 | * name="KunstmaanFormBundle_formsubmissions_delete", |
||
139 | * methods={"POST"} |
||
140 | * ) |
||
141 | * |
||
142 | * @param Request $request |
||
143 | * @param int $id |
||
144 | * |
||
145 | * @return RedirectResponse |
||
146 | * |
||
147 | * @throws AccessDeniedException |
||
148 | */ |
||
149 | public function deleteAction(Request $request, $id) |
||
150 | { |
||
151 | $em = $this->getDoctrine()->getManager(); |
||
152 | $submission = $em->getRepository(FormSubmission::class)->find($id); |
||
153 | |||
154 | $node = $em->getRepository(Node::class)->find($submission->getNode()); |
||
155 | $nt = $node->getNodeTranslation($request->getLocale()); |
||
156 | |||
157 | $this->denyAccessUnlessGranted(PermissionMap::PERMISSION_DELETE, $node); |
||
158 | |||
159 | $url = $this->get('router')->generate( |
||
160 | 'KunstmaanFormBundle_formsubmissions_list', |
||
161 | ['nodeTranslationId' => $nt->getId()] |
||
162 | ); |
||
163 | |||
164 | $fields = $em->getRepository(FormSubmissionField::class)->findBy(['formSubmission' => $submission]); |
||
165 | |||
166 | try { |
||
167 | foreach ($fields as $field) { |
||
168 | $em->remove($field); |
||
169 | } |
||
170 | |||
171 | $em->remove($submission); |
||
0 ignored issues
–
show
|
|||
172 | $em->flush(); |
||
173 | |||
174 | $this->addFlash( |
||
175 | FlashTypes::SUCCESS, |
||
176 | $this->get('translator')->trans('formsubmissions.delete.flash.success') |
||
177 | ); |
||
178 | } catch (\Exception $e) { |
||
179 | $this->get('logger')->error($e->getMessage()); |
||
180 | $this->addFlash( |
||
181 | FlashTypes::DANGER, |
||
182 | $this->get('translator')->trans('formsubmissions.delete.flash.error') |
||
183 | ); |
||
184 | } |
||
185 | |||
186 | return new RedirectResponse($url); |
||
187 | } |
||
188 | } |
||
189 |
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check:
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.