Issues in Field.php (master) - Issues in master - MarceauKa/laravel-crudable - Measure and Improve Code Quality continuously with Scrutinizer

Issues (31)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Fields/Field.php (3 issues)

Labels

Bug 3

Severity

Major 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Akibatech\Crud\Fields;

use Akibatech\Crud\Services\CrudFields;
use Akibatech\Crud\Traits\FieldHasUiModifiers;
use Illuminate\Validation\Validator;
use Illuminate\View\View;

/**
 * Class Field
 *
 * @package Akibatech\Crud\Fields
 */
abstract class Field
{
    use FieldHasUiModifiers;

    /**
     * @var string
     */
    const TYPE = 'type';

    /**
     * @var bool
     */
    const MULTIPART = false;

    /**
     * @var CrudFields
     */
    protected $fields;

    /**
     * @var string
     */
    protected $identifier;

    /**
     * @var array
     */
    protected $rules;

    /**
     * Field constructor.
     *
     * @param   string       $identifier
     * @param   array|string $rules
     */
    public function __construct($identifier, $rules = null)
    {
        $this->identifier = $identifier;

        if (!is_null($rules))
        {
            $this->withRules($rules);
        }
    }

    /**
     * Constructs staticly.
     *
     * @param   string $idenfitier
     * @param   null|string|array $rules
     * @return  static
     */
    public static function handle($idenfitier, $rules = null)
    {
        return (new static($idenfitier, $rules));
    }


    /**
     * Add validation rules to the field.
     *
     * @param   string|array $rules
     * @return  mixed
     */
    public function withRules($rules)
    {
        if (is_array($rules))
        {
            foreach ($rules as $rule)
            {
                $this->addRule($rule);
            }
        }
        else
        {
            if (is_string($rules))
            {
                if (stripos($rules, '|') !== false)
                {
                    $rules = explode('|', $rules);

                    return $this->withRules($rules);
                }

                return $this->withRules([$rules]);
            }
        }

        return $this;
    }

    /**
     * Add a validation rule.
     *
     * @param   string $rule
     * @return  self
     */
    public function addRule($rule)
    {
        $this->rules[] = $rule;

        return $this;
    }

    /**
     * @param   CrudFields $fields
     * @return  self
     */
    public function setFields(CrudFields $fields)
    {
        $this->fields = $fields;

        return $this;
    }

    /**
     * @param   void
     * @return  CrudFields
     */
    public function getFields()
    {
        return $this->fields;
    }

    /**
     * Get the field identifier.
     *
     * @param   void
     * @return  string
     */
    public function getIdentifier()
    {
        return $this->identifier;
    }

    /**
     * Render the field form.
     *
     * @param   void
     * @return  string
     */
    public function form()
    {
        return $this->getForm()->render();
    }

    /**
     * Get the form view.
     *
     * @param   void
     * @return  View
     */
    protected function getForm()
    {
        return view()->make($this->getViewName())->with($this->getViewBaseVariables());
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
    }

    /**
     * Get the field view name.
     *
     * @param   void
     * @return  string
     */
    abstract public function getViewName();

    /**
     * Returns additionnal variables to the views.
     *
     * @param   void
     * @return  array
     */
    protected function getViewVariables()
    {
        return [];
    }

    /**
     * Returns all base variables for the view.
     *
     * @param   void
     * @return  array
     */
    protected function getViewBaseVariables()
    {
        $base_variables = [
            'field'       => $this,
            'has_error'   => $this->hasError(),
            'error'       => $this->getError(),
            'placeholder' => $this->getPlaceholder(),
            'help'        => $this->getHelp(),
            'has_old'     => $this->hasOld(),
            'old'         => $this->getOld(),
            'label'       => $this->getLabel(),
            'name'        => $this->identifier,
            'id'          => 'field-' . $this->identifier,
            'value'       => $this->getValue()
        ];

        return array_merge($base_variables, $this->getViewVariables());
    }

    /**
     * Checks if the field has an error.
     *
     * @param   void
     * @return  bool
     */
    public function hasError()
    {
        return $this->fields->getErrors()->has($this->identifier);
    }

    /**
     * Returns the error.
     *
     * @param   void
     * @return  null|string
     */
    public function getError()
    {
        if ($this->hasError())
        {
            return $this->fields->getErrors()->first($this->identifier);
        }

        return null;
    }

    /**
     * Checks if the field has a previous value.
     *
     * @param   void
     * @return  bool
     */
    public function hasOld()
    {
        return $this->fields->getOldInput()->has($this->identifier);
    }

    /**
     * Returns the old value.
     *
     * @param   void
     * @return  string|null
     */
    public function getOld()
    {
        if ($this->hasOld())
        {
            return $this->fields->getOldInput()->first($this->identifier);
        }

        return null;
    }

    /**
     * Get the field value.
     *
     * @param   void
     * @return  mixed
     */
    public function getValue()
    {
        if ($this->fields->getEntry())
        {
            return $this->fields->getEntry()->getModel()->getAttributeValue($this->identifier);
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
        }

        return null;
    }

    /**
     * Get the value to be displayed on a table.
     *
     * @param   void
     * @return  mixed
     */
    public function getTableValue()
    {
        return $this->getValue();
    }

    /**
     * Set a new value to the model.
     *
     * @param   mixed $value
     * @return  self
     */
    public function newValue($value)
    {
        if ($value != $this->getValue())
        {
            $this->fields->getEntry()->getModel()->setAttribute($this->identifier, $value);
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
        }

        return $this;
    }

    /**
     * @param   void
     * @return  string
     */
    public function getRules()
    {
        return $this->rules;
    }

    /**
     * @param   Validator $validator
     * @return  Validator
     */
    public function beforeValidation(Validator $validator)
    {
        return $validator;
    }

    /**
     * @param   void
     * @return  self
     */
    public function beforeSave()
    {
        return $this;
    }
}


GitHub Access Token became invalid

Issues (31)

Security Analysis not enabled

src/Fields/Field.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Available Fixes

1			<?php
2
3			namespace Akibatech\Crud\Fields;
4
5			use Akibatech\Crud\Services\CrudFields;
6			use Akibatech\Crud\Traits\FieldHasUiModifiers;
7			use Illuminate\Validation\Validator;
8			use Illuminate\View\View;
9
10			/**
11			* Class Field
12			*
13			* @package Akibatech\Crud\Fields
14			*/
15			abstract class Field
16			{
17			use FieldHasUiModifiers;
18
19			/**
20			* @var string
21			*/
22			const TYPE = 'type';
23
24			/**
25			* @var bool
26			*/
27			const MULTIPART = false;
28
29			/**
30			* @var CrudFields
31			*/
32			protected $fields;
33
34			/**
35			* @var string
36			*/
37			protected $identifier;
38
39			/**
40			* @var array
41			*/
42			protected $rules;
43
44			/**
45			* Field constructor.
46			*
47			* @param string $identifier
48			* @param array\|string $rules
49			*/
50			public function __construct($identifier, $rules = null)
51			{
52			$this->identifier = $identifier;
53
54			if (!is_null($rules))
55			{
56			$this->withRules($rules);
57			}
58			}
59
60			/**
61			* Constructs staticly.
62			*
63			* @param string $idenfitier
64			* @param null\|string\|array $rules
65			* @return static
66			*/
67			public static function handle($idenfitier, $rules = null)
68			{
69			return (new static($idenfitier, $rules));
70			}
71
72
73			/**
74			* Add validation rules to the field.
75			*
76			* @param string\|array $rules
77			* @return mixed
78			*/
79			public function withRules($rules)
80			{
81			if (is_array($rules))
82			{
83			foreach ($rules as $rule)
84			{
85			$this->addRule($rule);
86			}
87			}
88			else
89			{
90			if (is_string($rules))
91			{
92			if (stripos($rules, '\|') !== false)
93			{
94			$rules = explode('\|', $rules);
95
96			return $this->withRules($rules);
97			}
98
99			return $this->withRules([$rules]);
100			}
101			}
102
103			return $this;
104			}
105
106			/**
107			* Add a validation rule.
108			*
109			* @param string $rule
110			* @return self
111			*/
112			public function addRule($rule)
113			{
114			$this->rules[] = $rule;
115
116			return $this;
117			}
118
119			/**
120			* @param CrudFields $fields
121			* @return self
122			*/
123			public function setFields(CrudFields $fields)
124			{
125			$this->fields = $fields;
126
127			return $this;
128			}
129
130			/**
131			* @param void
132			* @return CrudFields
133			*/
134			public function getFields()
135			{
136			return $this->fields;
137			}
138
139			/**
140			* Get the field identifier.
141			*
142			* @param void
143			* @return string
144			*/
145			public function getIdentifier()
146			{
147			return $this->identifier;
148			}
149
150			/**
151			* Render the field form.
152			*
153			* @param void
154			* @return string
155			*/
156			public function form()
157			{
158			return $this->getForm()->render();
159			}
160
161			/**
162			* Get the form view.
163			*
164			* @param void
165			* @return View
166			*/
167			protected function getForm()
168			{
169			return view()->make($this->getViewName())->with($this->getViewBaseVariables());
			0 ignored issues – show Bug introduced 2016-11-06 18:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `make` does only exist in `Illuminate\Contracts\View\Factory`, but not in `Illuminate\View\View`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
170			}
171
172			/**
173			* Get the field view name.
174			*
175			* @param void
176			* @return string
177			*/
178			abstract public function getViewName();
179
180			/**
181			* Returns additionnal variables to the views.
182			*
183			* @param void
184			* @return array
185			*/
186			protected function getViewVariables()
187			{
188			return [];
189			}
190
191			/**
192			* Returns all base variables for the view.
193			*
194			* @param void
195			* @return array
196			*/
197			protected function getViewBaseVariables()
198			{
199			$base_variables = [
200			'field' => $this,
201			'has_error' => $this->hasError(),
202			'error' => $this->getError(),
203			'placeholder' => $this->getPlaceholder(),
204			'help' => $this->getHelp(),
205			'has_old' => $this->hasOld(),
206			'old' => $this->getOld(),
207			'label' => $this->getLabel(),
208			'name' => $this->identifier,
209			'id' => 'field-' . $this->identifier,
210			'value' => $this->getValue()
211			];
212
213			return array_merge($base_variables, $this->getViewVariables());
214			}
215
216			/**
217			* Checks if the field has an error.
218			*
219			* @param void
220			* @return bool
221			*/
222			public function hasError()
223			{
224			return $this->fields->getErrors()->has($this->identifier);
225			}
226
227			/**
228			* Returns the error.
229			*
230			* @param void
231			* @return null\|string
232			*/
233			public function getError()
234			{
235			if ($this->hasError())
236			{
237			return $this->fields->getErrors()->first($this->identifier);
238			}
239
240			return null;
241			}
242
243			/**
244			* Checks if the field has a previous value.
245			*
246			* @param void
247			* @return bool
248			*/
249			public function hasOld()
250			{
251			return $this->fields->getOldInput()->has($this->identifier);
252			}
253
254			/**
255			* Returns the old value.
256			*
257			* @param void
258			* @return string\|null
259			*/
260			public function getOld()
261			{
262			if ($this->hasOld())
263			{
264			return $this->fields->getOldInput()->first($this->identifier);
265			}
266
267			return null;
268			}
269
270			/**
271			* Get the field value.
272			*
273			* @param void
274			* @return mixed
275			*/
276			public function getValue()
277			{
278			if ($this->fields->getEntry())
279			{
280			return $this->fields->getEntry()->getModel()->getAttributeValue($this->identifier);
			0 ignored issues – show Bug introduced 2016-11-04 02:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getAttributeValue` does only exist in `Illuminate\Database\Eloquent\Model`, but not in `Akibatech\Crud\Traits\Crudable`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
281			}
282
283			return null;
284			}
285
286			/**
287			* Get the value to be displayed on a table.
288			*
289			* @param void
290			* @return mixed
291			*/
292			public function getTableValue()
293			{
294			return $this->getValue();
295			}
296
297			/**
298			* Set a new value to the model.
299			*
300			* @param mixed $value
301			* @return self
302			*/
303			public function newValue($value)
304			{
305			if ($value != $this->getValue())
306			{
307			$this->fields->getEntry()->getModel()->setAttribute($this->identifier, $value);
			0 ignored issues – show Bug introduced 2016-11-04 02:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `setAttribute` does only exist in `Illuminate\Database\Eloquent\Model`, but not in `Akibatech\Crud\Traits\Crudable`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
308			}
309
310			return $this;
311			}
312
313			/**
314			* @param void
315			* @return string
316			*/
317			public function getRules()
318			{
319			return $this->rules;
320			}
321
322			/**
323			* @param Validator $validator
324			* @return Validator
325			*/
326			public function beforeValidation(Validator $validator)
327			{
328			return $validator;
329			}
330
331			/**
332			* @param void
333			* @return self
334			*/
335			public function beforeSave()
336			{
337			return $this;
338			}
339			}
340

MarceauKa / laravel-crudable

GitHub Access Token became invalid

Issues (31)

Security Analysis not enabled

src/Fields/Field.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Available Fixes

Duplication Side-by-Side

Filter issues like