This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Kunstmaan\NodeSearchBundle\Services; |
||
4 | |||
5 | use Elastica\Aggregation\Terms; |
||
6 | use Kunstmaan\NodeBundle\Helper\RenderContext; |
||
7 | use Kunstmaan\NodeSearchBundle\PagerFanta\Adapter\SearcherRequestAdapter; |
||
8 | use Kunstmaan\NodeSearchBundle\Search\AbstractElasticaSearcher; |
||
9 | use Pagerfanta\Exception\NotValidCurrentPageException; |
||
10 | use Pagerfanta\Pagerfanta; |
||
11 | use Symfony\Component\DependencyInjection\Container; |
||
12 | use Symfony\Component\DependencyInjection\ContainerInterface; |
||
13 | use Symfony\Component\HttpFoundation\Request; |
||
14 | use Symfony\Component\HttpFoundation\RequestStack; |
||
15 | use Symfony\Component\HttpKernel\Exception\NotFoundHttpException; |
||
16 | |||
17 | /** |
||
18 | * Class SearchService |
||
19 | */ |
||
20 | class SearchService |
||
21 | { |
||
22 | /** |
||
23 | * @var RenderContext |
||
24 | */ |
||
25 | protected $renderContext; |
||
26 | |||
27 | /** |
||
28 | * @var Container |
||
29 | */ |
||
30 | protected $container; |
||
31 | |||
32 | /** |
||
33 | * @var RequestStack |
||
34 | */ |
||
35 | protected $requestStack; |
||
36 | |||
37 | /** |
||
38 | * @var int |
||
39 | */ |
||
40 | protected $defaultPerPage; |
||
41 | |||
42 | /** |
||
43 | * @var array |
||
44 | */ |
||
45 | private $searchers; |
||
46 | |||
47 | /** |
||
48 | * @param ContainerInterface $container |
||
49 | * @param RequestStack $requestStack |
||
50 | * @param int $defaultPerPage |
||
51 | * @param array $searchers |
||
52 | */ |
||
53 | 2 | public function __construct(ContainerInterface $container, RequestStack $requestStack, $defaultPerPage = 10, array $searchers = []) |
|
54 | { |
||
55 | 2 | $this->container = $container; |
|
0 ignored issues
–
show
|
|||
56 | 2 | $this->requestStack = $requestStack; |
|
57 | 2 | $this->defaultPerPage = $defaultPerPage; |
|
58 | 2 | $this->renderContext = new RenderContext(); |
|
59 | 2 | $this->searchers = $searchers; |
|
60 | 2 | } |
|
61 | |||
62 | /** |
||
63 | * @param int $defaultPerPage |
||
64 | */ |
||
65 | public function setDefaultPerPage($defaultPerPage) |
||
66 | { |
||
67 | $this->defaultPerPage = $defaultPerPage; |
||
68 | } |
||
69 | |||
70 | /** |
||
71 | * @return RenderContext |
||
72 | */ |
||
73 | public function getRenderContext() |
||
74 | { |
||
75 | return $this->renderContext; |
||
76 | } |
||
77 | |||
78 | /** |
||
79 | * @param RenderContext $renderContext |
||
80 | */ |
||
81 | public function setRenderContext($renderContext) |
||
82 | { |
||
83 | $this->renderContext = $renderContext; |
||
84 | } |
||
85 | |||
86 | /** |
||
87 | * @return int |
||
88 | */ |
||
89 | 1 | public function getDefaultPerPage() |
|
90 | { |
||
91 | 1 | return $this->defaultPerPage; |
|
92 | } |
||
93 | |||
94 | /** |
||
95 | * @return Container |
||
96 | */ |
||
97 | public function getContainer() |
||
98 | { |
||
99 | return $this->container; |
||
100 | } |
||
101 | |||
102 | /** |
||
103 | * @param Container $container |
||
104 | */ |
||
105 | public function setContainer($container) |
||
106 | { |
||
107 | $this->container = $container; |
||
108 | } |
||
109 | |||
110 | /** |
||
111 | * @return Request |
||
112 | */ |
||
113 | public function getRequest() |
||
114 | { |
||
115 | return $this->requestStack->getCurrentRequest(); |
||
116 | } |
||
117 | |||
118 | /** |
||
119 | * @return Pagerfanta |
||
120 | */ |
||
121 | 2 | public function search() |
|
122 | { |
||
123 | 2 | $request = $this->requestStack->getCurrentRequest(); |
|
124 | |||
125 | // Retrieve the current page number from the URL, if not present of lower than 1, set it to 1 |
||
126 | 2 | $entity = $request->attributes->get('_entity'); |
|
127 | |||
128 | 2 | $pageNumber = $this->getRequestedPage($request); |
|
129 | |||
130 | 2 | $searcher = $this->searchers[$entity->getSearcher()] ?? null; |
|
131 | 2 | if (null === $searcher) { |
|
132 | 2 | $searcher = $this->container->get($entity->getSearcher()); |
|
133 | |||
134 | 1 | @trigger_error( |
|
0 ignored issues
–
show
It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended.
If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of
@mkdir($dir);
// Better use
if (@mkdir($dir) === false) {
throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
|
|||
135 | 1 | sprintf( |
|
136 | 1 | 'Getting the node searcher "%s" from the container is deprecated in KunstmaanNodeSearchBundle 5.2 and will be removed in KunstmaanNodeSearchBundle 6.0. Tag your searcher service with the "kunstmaan_node_search.node_searcher" tag to add a searcher.', |
|
137 | 1 | $entity->getSearcher() |
|
138 | ), |
||
139 | 1 | E_USER_DEPRECATED |
|
140 | ); |
||
141 | } |
||
142 | |||
143 | 1 | $this->applySearchParams($searcher, $request, $this->renderContext); |
|
144 | |||
145 | 1 | $adapter = new SearcherRequestAdapter($searcher); |
|
146 | 1 | $pagerfanta = new Pagerfanta($adapter); |
|
147 | |||
148 | try { |
||
149 | $pagerfanta |
||
150 | 1 | ->setMaxPerPage($this->getDefaultPerPage()) |
|
151 | 1 | ->setCurrentPage($pageNumber); |
|
152 | } catch (NotValidCurrentPageException $e) { |
||
153 | throw new NotFoundHttpException(); |
||
154 | } |
||
155 | |||
156 | 1 | return $pagerfanta; |
|
157 | } |
||
158 | |||
159 | /** |
||
160 | * @param AbstractElasticaSearcher $searcher |
||
161 | * @param Request $request |
||
162 | * @param RenderContext $context |
||
163 | */ |
||
164 | 1 | protected function applySearchParams(AbstractElasticaSearcher $searcher, Request $request, RenderContext $context) |
|
165 | { |
||
166 | // Retrieve the search parameters |
||
167 | 1 | $queryString = trim($request->query->get('query')); |
|
168 | 1 | $queryType = $request->query->get('type'); |
|
169 | 1 | $lang = $request->getLocale(); |
|
170 | |||
171 | 1 | $context['q_query'] = $queryString; |
|
172 | 1 | $context['q_type'] = $queryType; |
|
173 | |||
174 | $searcher |
||
175 | 1 | ->setData($this->sanitizeSearchQuery($queryString)) |
|
176 | 1 | ->setContentType($queryType) |
|
177 | 1 | ->setLanguage($lang); |
|
178 | |||
179 | 1 | $query = $searcher->getQuery(); |
|
180 | |||
181 | // Aggregations |
||
182 | 1 | $termsAggregation = new Terms('type'); |
|
183 | 1 | $termsAggregation->setField('type'); |
|
184 | |||
185 | 1 | $query->addAggregation($termsAggregation); |
|
186 | 1 | } |
|
187 | |||
188 | /** |
||
189 | * Currently we just search for a complete match... |
||
190 | * |
||
191 | * @param string $query |
||
192 | * |
||
193 | * @return string |
||
194 | */ |
||
195 | 1 | protected function sanitizeSearchQuery($query) |
|
196 | { |
||
197 | 1 | return '"' . $query . '"'; |
|
198 | } |
||
199 | |||
200 | /** |
||
201 | * @param Request $request |
||
202 | * |
||
203 | * @return int |
||
204 | */ |
||
205 | 2 | private function getRequestedPage(Request $request) |
|
206 | { |
||
207 | 2 | $pageNumber = $request->query->getInt('page', 1); |
|
208 | 2 | if (!$pageNumber || $pageNumber < 1) { |
|
209 | $pageNumber = 1; |
||
210 | } |
||
211 | |||
212 | 2 | return $pageNumber; |
|
213 | } |
||
214 | } |
||
215 |
Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a given class or a super-class is assigned to a property that is type hinted more strictly.
Either this assignment is in error or an instanceof check should be added for that assignment.