Issues in CommentQueryManager.php (master) - Issues in master - Mykees/MkCommentBundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (14)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Manager/CommentQueryManager.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Created by PhpStorm.
 * User: Rafidion Michael
 * Date: 03/09/2015
 * Time: 11:29
 */

namespace Mykees\CommentBundle\Manager;

use Doctrine\Common\Persistence\ManagerRegistry;
use Mykees\CommentBundle\Interfaces\IsCommentable;

class CommentQueryManager extends Manager{

	private $repository;
	private $comment_class;
	private $depth;
	private $depth_reached;

	public function __construct(ManagerRegistry $managerRegistry, $class, $depth)
	{
		$this->comment_class = $class;
		$this->repository = $managerRegistry->getRepository($this->comment_class);
		$this->depth = $depth;
	}


	/**
	 * Find one comment
	 * @param $id
	 * @param null $model_name
	 * @param int $model_id
	 * @return mixed
	 */
	public function findOneComment($id, $model_name=null,$model_id=0)
	{
		$is_join = method_exists($this->comment_class,'getUser') ? true : false;
		$qb = $this->repository->createQueryBuilder('c');

		return $this->oneCommentQueryResult($qb, $id, $model_name, $model_id, $is_join);
	}


	/**
	 * Find a comment by model referer
	 * @param $id
	 * @param IsCommentable $model
	 * @return mixed
	 */
	public function findOneCommentByReferer($id,IsCommentable $model)
	{
		$model_name  = $this->getClassShortName( $model );
		$model_id  = $model->getId();
		$qb = $this->repository->createQueryBuilder('c');
		$is_join = method_exists($this->comment_class,'getUser') ? true : false;

		return $this->oneCommentQueryResult($qb, $id, $model_name, $model_id, $is_join);
	}

	/**
	 * Find all comments for an entity
	 * @param IsCommentable $model
	 * @param bool $get_by_id
	 * @return mixed
	 */
	public function findComments(IsCommentable $model, $get_by_id=false)
	{
		$model_name  = $this->getClassShortName( $model );
		$comments = [];
		$is_join = method_exists($this->comment_class,'getUser') ? true : false;
		$qb = $this->repository->createQueryBuilder('c');

		$comments['comments'] = $this->commentQueryResult($qb, $model_name, $model->getId(), $is_join);
		$comments['count'] = count($comments['comments']);

		return $this->buildCommentStructure($comments,$get_by_id);
	}


	/**
	 * Find all comments for an entity
	 * @param $model_name
	 * @param $model_id
	 * @param bool $get_by_id
	 * @return mixed
	 */
	public function findCommentsByModelAndId($model_name, $model_id, $get_by_id=false)
	{
		$comments = [];
		$is_join = method_exists($this->comment_class,'getUser') ? true : false;
		$qb = $this->repository->createQueryBuilder('c');

		$comments['comments'] = $this->commentQueryResult($qb, $model_name, $model_id, $is_join);
		$comments['count'] = count($comments['comments']);

		return $this->buildCommentStructure($comments,$get_by_id);
	}


	/**
	 * Build Comment Structure
	 * @param $comments
	 * @param bool $get_by_id
	 * @return mixed
	 */
	private function buildCommentStructure($comments, $get_by_id=false)
	{
		$comments_by_id = [];
		return $this->build($comments,$comments_by_id,$get_by_id);
	}


	private function build($comments,$comments_by_id, $get_by_id)
	{
		foreach($comments['comments'] as $comment)
		{
			$comments_by_id[$comment->getId()] = $comment;
			$comment->setDepth($this->depth);
		}

		//Comment parent and children
		foreach($comments['comments'] as $k=>$comment)
		{
			if($this->depth > 0 && $comment->getParentId() > 0)
			{
				$parent_id = $this->depthComment($comments_by_id,$comment->getId());

				//Si la pronfondeur atteinte est plus petite que la profondeur definis
				//alors la réponse aura l'id du commentaire
				//Sinon
				//la réponse aura l'id du parent
				if($this->depth_reached < $this->depth)
				{
					$comment->setDepth($comment->getId());
				}else{
					$comment->setDepth($parent_id);
				}
				$comment->setDepthReached($this->depth_reached);
				$comments_by_id[$parent_id]->setChildren($comment);
				unset($comments['comments'][$k]);

			}else if($this->depth == 0){
				$comment->setDepth(0);
			}else{
				$comment->setDepth($comment->getId());
			}

		}

		if($get_by_id)
		{
			return $comments_by_id;
		}else{
			return $comments;
		}
	}

	/**
	 * config depth of comments
	 * @param $comments_by_id
	 * @param $comment_id
	 * @return mixed
	 */
	private function depthComment($comments_by_id,$comment_id)
	{
		$parent_id=[];
		$index = $comment_id;
		$parent = true;
		$depth_reached = 0;

		while($parent)
		{
			$comment = $comments_by_id[$index];
			if($comment->getParentId())
			{
				$parent_id[] = $comments_by_id[$index]->getParentId();
				$index = $comments_by_id[$index]->getParentId();
				$depth_reached++;
			}else{
				$parent = false;
			}
		}
		$this->depth_reached = $depth_reached;
		$array_reverse = array_reverse($parent_id);

		return $this->depth < count($array_reverse) ? $array_reverse[$this->depth-1] : end($array_reverse);
	}


	/**
	 * Retrieve all comments
	 * @param array $criteria
	 * @param null $orderBy
	 * @param null $limit
	 * @param null $offset
	 * @return array
	 */
	public function findAllComments(array $criteria=[],$orderBy=null,$limit=null,$offset=null)
	{
		if(!empty($criteria) || isset($orderBy) || isset($limit) || isset($offset))
		{
			return $this->repository->findBy($criteria,$orderBy,$limit,$offset);
		}else{
			return $this->repository->findAll();
		}
	}


	/**
	 * @param $qb
	 * @param $model_name
	 * @param $model_id
	 * @param $is_join
	 * @return mixed
	 */
	private function commentQueryResult($qb, $model_name, $model_id, $is_join)
	{
		if($is_join)
		{
			$qb
				->leftJoin('c.user','u')
				->addSelect('u')
			;
		}

		return $qb
			->where("c.model = :ref")
			->setParameter('ref',$model_name)
			->andWhere("c.modelId = :ref_id")
			->setParameter('ref_id',$model_id)
			->orderBy('c.createdAt', 'DESC')
			->getQuery()
			->getResult()
		;
	}

	private function oneCommentQueryResult($qb, $id, $model_name, $model_id, $is_join)
	{
		if($is_join)
		{
			$qb
				->leftJoin('c.user','u')
				->addSelect('u')
			;
		}
		$qb->where('c.id = :id')
			->setParameter('id',$id)
		;

		if($model_name)
		{
			$qb->andWhere("c.model = :ref")
				->setParameter('ref',$model_name)
			;
		}
		if($model_id > 0)
		{
			$qb->andWhere("c.modelId = :ref_id")
				->setParameter('ref_id',$model_id)
			;
		}

		return $qb->getQuery()->getOneOrNullResult();
	}


	/**
	 * @param $ids
	 * @return mixed
	 */
	public function deleteByCommentIds($ids)

	{
		$comment_class = $this->classRepository($this->comment_class);

		return $this->repository
			->createQueryBuilder('c')
			->delete($comment_class,'c')
			->where("c.id IN(:ids)")
			->setParameter('ids', array_values($ids))
			->getQuery()
			->execute()
		;
	}


	/**
	 * Delete a comment by id
	 * @param $id
	 * @return mixed
	 */
	public function deleteComment($id)

	{
		$comment_class = $this->classRepository($this->comment_class);

		return $this->repository
			->createQueryBuilder('c')
			->delete($comment_class,'c')
			->where("c.id = id")
			->setParameter('id', $id)
			->getQuery()
			->execute()
		;
	}



	/**
	 * Remove ccomment children
	 * @param $comment
	 * @return array
	 */
	public function getChildren($comment)
	{
		$children_ids = [];
		foreach($comment->getChildren() as $child)
		{
			$children_ids[] = $child->getId();
			if($child->getChildren())
			{
				$children_ids = array_merge($children_ids, $this->getChildren($child));
			}
		}

		return $children_ids;
	}

	/**
	 * Pre delete comment
	 * @param IsCommentable $referer
	 * @return bool
	 */
	public function preDeleteComment(IsCommentable $referer)
	{
		$comments = $this->findComments($referer, true);
		foreach($comments as $k=>$comment)
		{
			$children_ids = $this->getChildren($comment);
			array_push($children_ids,$k);

			$this->deleteByCommentIds($children_ids);
		}
		return true;
	}
}


1		<?php
2		/**
3		* Created by PhpStorm.
4		* User: Rafidion Michael
5		* Date: 03/09/2015
6		* Time: 11:29
7		*/
8
9		namespace Mykees\CommentBundle\Manager;
10
11		use Doctrine\Common\Persistence\ManagerRegistry;
12		use Mykees\CommentBundle\Interfaces\IsCommentable;
13
14		class CommentQueryManager extends Manager{
15
16		private $repository;
17		private $comment_class;
18		private $depth;
19		private $depth_reached;
20
21		public function __construct(ManagerRegistry $managerRegistry, $class, $depth)
22		{
23		$this->comment_class = $class;
24		$this->repository = $managerRegistry->getRepository($this->comment_class);
25		$this->depth = $depth;
26		}
27
28
29		/**
30		* Find one comment
31		* @param $id
32		* @param null $model_name
33		* @param int $model_id
34		* @return mixed
35		*/
36		public function findOneComment($id, $model_name=null,$model_id=0)
37		{
38		$is_join = method_exists($this->comment_class,'getUser') ? true : false;
39		$qb = $this->repository->createQueryBuilder('c');
40
41		return $this->oneCommentQueryResult($qb, $id, $model_name, $model_id, $is_join);
42		}
43
44
45		/**
46		* Find a comment by model referer
47		* @param $id
48		* @param IsCommentable $model
49		* @return mixed
50		*/
51		public function findOneCommentByReferer($id,IsCommentable $model)
52		{
53		$model_name = $this->getClassShortName( $model );
54		$model_id = $model->getId();
55		$qb = $this->repository->createQueryBuilder('c');
56		$is_join = method_exists($this->comment_class,'getUser') ? true : false;
57
58		return $this->oneCommentQueryResult($qb, $id, $model_name, $model_id, $is_join);
59		}
60
61		/**
62		* Find all comments for an entity
63		* @param IsCommentable $model
64		* @param bool $get_by_id
65		* @return mixed
66		*/
67		public function findComments(IsCommentable $model, $get_by_id=false)
68		{
69		$model_name = $this->getClassShortName( $model );
70		$comments = [];
71		$is_join = method_exists($this->comment_class,'getUser') ? true : false;
72		$qb = $this->repository->createQueryBuilder('c');
73
74		$comments['comments'] = $this->commentQueryResult($qb, $model_name, $model->getId(), $is_join);
75		$comments['count'] = count($comments['comments']);
76
77		return $this->buildCommentStructure($comments,$get_by_id);
78		}
79
80
81		/**
82		* Find all comments for an entity
83		* @param $model_name
84		* @param $model_id
85		* @param bool $get_by_id
86		* @return mixed
87		*/
88		public function findCommentsByModelAndId($model_name, $model_id, $get_by_id=false)
89		{
90		$comments = [];
91		$is_join = method_exists($this->comment_class,'getUser') ? true : false;
92		$qb = $this->repository->createQueryBuilder('c');
93
94		$comments['comments'] = $this->commentQueryResult($qb, $model_name, $model_id, $is_join);
95		$comments['count'] = count($comments['comments']);
96
97		return $this->buildCommentStructure($comments,$get_by_id);
98		}
99
100
101		/**
102		* Build Comment Structure
103		* @param $comments
104		* @param bool $get_by_id
105		* @return mixed
106		*/
107		private function buildCommentStructure($comments, $get_by_id=false)
108		{
109		$comments_by_id = [];
110		return $this->build($comments,$comments_by_id,$get_by_id);
111		}
112
113
114		private function build($comments,$comments_by_id, $get_by_id)
115		{
116		foreach($comments['comments'] as $comment)
117		{
118		$comments_by_id[$comment->getId()] = $comment;
119		$comment->setDepth($this->depth);
120		}
121
122		//Comment parent and children
123		foreach($comments['comments'] as $k=>$comment)
124		{
125		if($this->depth > 0 && $comment->getParentId() > 0)
126		{
127		$parent_id = $this->depthComment($comments_by_id,$comment->getId());
128
129		//Si la pronfondeur atteinte est plus petite que la profondeur definis
130		//alors la réponse aura l'id du commentaire
131		//Sinon
132		//la réponse aura l'id du parent
133		if($this->depth_reached < $this->depth)
134		{
135		$comment->setDepth($comment->getId());
136		}else{
137		$comment->setDepth($parent_id);
138		}
139		$comment->setDepthReached($this->depth_reached);
140		$comments_by_id[$parent_id]->setChildren($comment);
141		unset($comments['comments'][$k]);
142
143		}else if($this->depth == 0){
144		$comment->setDepth(0);
145		}else{
146		$comment->setDepth($comment->getId());
147		}
148
149		}
150
151		if($get_by_id)
152		{
153		return $comments_by_id;
154		}else{
155		return $comments;
156		}
157		}
158
159		/**
160		* config depth of comments
161		* @param $comments_by_id
162		* @param $comment_id
163		* @return mixed
164		*/
165		private function depthComment($comments_by_id,$comment_id)
166		{
167		$parent_id=[];
168		$index = $comment_id;
169		$parent = true;
170		$depth_reached = 0;
171
172		while($parent)
173		{
174		$comment = $comments_by_id[$index];
175		if($comment->getParentId())
176		{
177		$parent_id[] = $comments_by_id[$index]->getParentId();
178		$index = $comments_by_id[$index]->getParentId();
179		$depth_reached++;
180		}else{
181		$parent = false;
182		}
183		}
184		$this->depth_reached = $depth_reached;
185		$array_reverse = array_reverse($parent_id);
186
187		return $this->depth < count($array_reverse) ? $array_reverse[$this->depth-1] : end($array_reverse);
188		}
189
190
191		/**
192		* Retrieve all comments
193		* @param array $criteria
194		* @param null $orderBy
195		* @param null $limit
196		* @param null $offset
197		* @return array
198		*/
199		public function findAllComments(array $criteria=[],$orderBy=null,$limit=null,$offset=null)
200		{
201		if(!empty($criteria) \|\| isset($orderBy) \|\| isset($limit) \|\| isset($offset))
202		{
203		return $this->repository->findBy($criteria,$orderBy,$limit,$offset);
204		}else{
205		return $this->repository->findAll();
206		}
207		}
208
209
210		/**
211		* @param $qb
212		* @param $model_name
213		* @param $model_id
214		* @param $is_join
215		* @return mixed
216		*/
217		private function commentQueryResult($qb, $model_name, $model_id, $is_join)
218		{
219		if($is_join)
220		{
221		$qb
222		->leftJoin('c.user','u')
223		->addSelect('u')
224		;
225		}
226
227		return $qb
228		->where("c.model = :ref")
229		->setParameter('ref',$model_name)
230		->andWhere("c.modelId = :ref_id")
231		->setParameter('ref_id',$model_id)
232		->orderBy('c.createdAt', 'DESC')
233		->getQuery()
234		->getResult()
235		;
236		}
237
238		private function oneCommentQueryResult($qb, $id, $model_name, $model_id, $is_join)
239		{
240		if($is_join)
241		{
242		$qb
243		->leftJoin('c.user','u')
244		->addSelect('u')
245		;
246		}
247		$qb->where('c.id = :id')
248		->setParameter('id',$id)
249		;
250
251		if($model_name)
252		{
253		$qb->andWhere("c.model = :ref")
254		->setParameter('ref',$model_name)
255		;
256		}
257		if($model_id > 0)
258		{
259		$qb->andWhere("c.modelId = :ref_id")
260		->setParameter('ref_id',$model_id)
261		;
262		}
263
264		return $qb->getQuery()->getOneOrNullResult();
265		}
266
267
268		/**
269		* @param $ids
270		* @return mixed
271		*/
272	View Code Duplication	public function deleteByCommentIds($ids)
		0 ignored issues – show Duplication introduced 2016-01-29 11:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
273		{
274		$comment_class = $this->classRepository($this->comment_class);
275
276		return $this->repository
277		->createQueryBuilder('c')
278		->delete($comment_class,'c')
279		->where("c.id IN(:ids)")
280		->setParameter('ids', array_values($ids))
281		->getQuery()
282		->execute()
283		;
284		}
285
286
287		/**
288		* Delete a comment by id
289		* @param $id
290		* @return mixed
291		*/
292	View Code Duplication	public function deleteComment($id)
		0 ignored issues – show Duplication introduced 2016-01-29 11:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
293		{
294		$comment_class = $this->classRepository($this->comment_class);
295
296		return $this->repository
297		->createQueryBuilder('c')
298		->delete($comment_class,'c')
299		->where("c.id = id")
300		->setParameter('id', $id)
301		->getQuery()
302		->execute()
303		;
304		}
305
306
307
308		/**
309		* Remove ccomment children
310		* @param $comment
311		* @return array
312		*/
313		public function getChildren($comment)
314		{
315		$children_ids = [];
316		foreach($comment->getChildren() as $child)
317		{
318		$children_ids[] = $child->getId();
319		if($child->getChildren())
320		{
321		$children_ids = array_merge($children_ids, $this->getChildren($child));
322		}
323		}
324
325		return $children_ids;
326		}
327
328		/**
329		* Pre delete comment
330		* @param IsCommentable $referer
331		* @return bool
332		*/
333		public function preDeleteComment(IsCommentable $referer)
334		{
335		$comments = $this->findComments($referer, true);
336		foreach($comments as $k=>$comment)
337		{
338		$children_ids = $this->getChildren($comment);
339		array_push($children_ids,$k);
340
341		$this->deleteByCommentIds($children_ids);
342		}
343		return true;
344		}
345		}
346

Mykees / MkCommentBundle

Issues (14)

Security Analysis not enabled

Manager/CommentQueryManager.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like