Issues (11)

Security Analysis    not enabled

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Taxonomy/TaxonomyTrait.php (1 issue)

Labels
Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
3
/**
4
 * Trait used to give Taxonomy abilities to another model.
5
 */
6
namespace Rocket\Taxonomy;
7
8
use Illuminate\Database\Eloquent\Builder;
9
use Illuminate\Support\Collection;
10
use Illuminate\Support\Facades\Cache;
11
use Rocket\Taxonomy\Model\TermContainer;
12
use Rocket\Taxonomy\Support\Laravel5\Facade as T;
13
14
/**
15
 * This class is the link between a content and its taxonomies
16
 *
17
 * Including this trait in your model will enable it
18
 * to add and remove taxonomies from any vocabulary
19
 */
20
trait TaxonomyTrait
21
{
22
    /**
23
     * Declared by Eloquent Model
24
     *
25
     * @param  string  $related
26
     * @param  string  $name
27
     * @param  string  $table
28
     * @param  string  $foreignKey
29
     * @param  string  $otherKey
30
     * @param  bool  $inverse
31
     * @return \Illuminate\Database\Eloquent\Relations\MorphToMany
32
     */
33
    abstract public function morphToMany(
34
        $related,
35
        $name,
36
        $table = null,
37
        $foreignKey = null,
38
        $otherKey = null,
39
        $inverse = false
40
    );
41
42
    /**
43
     * Declared by Eloquent Model
44
     */
45
    abstract public function getTable();
46
47
    /**
48
     * Declared by Eloquent Model
49
     */
50
    abstract public function getKey();
51
52
    /**
53
     * The relation configuration
54
     *
55
     * @return \Illuminate\Database\Eloquent\Relations\MorphToMany
56
     */
57 24
    public function taxonomies()
58
    {
59 24
        $class = 'Rocket\Taxonomy\Model\TermContainer';
60
61 24
        return $this->morphToMany($class, 'relationable', 'taxonomy_content', null, 'term_id');
62
    }
63
64
    /**
65
     * Filter the model to return a subset of entries matching the term ID
66
     *
67
     * @param Builder $query
68
     * @param int $term_id
69
     *
70
     * @return Builder
71
     */
72 3
    public function scopeGetAllByTermId(Builder $query, $term_id)
73
    {
74
        return $query->whereHas('taxonomies', function (Builder $q) use ($term_id) {
75 3
            $q->where('term_id', $term_id);
76 3
        });
77
    }
78
79
    /**
80
     * Get the terms from a content
81
     *
82
     * @param  int|string $vocabulary_id
83
     * @return Collection
84
     */
85 6
    public function getTerms($vocabulary_id)
86
    {
87 6
        if (!$data = Cache::get($this->getTaxonomyCacheKey())) {
88 6
            $data = $this->cacheTermsForContent();
89 6
        }
90
91 6
        if (!is_numeric($vocabulary_id)) {
92 6
            $vocabulary_id = T::vocabulary($vocabulary_id);
93 6
        }
94
95 6
        $results = new Collection();
96 6
        if (array_key_exists($vocabulary_id, $data)) {
97 3
            foreach ($data[$vocabulary_id] as $term) {
98 3
                $results[] = T::getTerm($term);
99 3
            }
100 3
        }
101
102 6
        return $results;
103
    }
104
105
    /**
106
     * Link a term to this content
107
     *
108
     * @param int $term_id
109
     */
110 27
    public function addTerm($term_id)
111
    {
112 27
        TermContainer::findOrFail($term_id);
113
114
        // Cancel if the user wants to add the same term again
115 24
        if ($this->getTaxonomyQuery()->where('term_id', $term_id)->count()) {
116 3
            return;
117
        }
118
119 24
        $this->taxonomies()->attach($term_id);
120
121 24
        Cache::forget($this->getTaxonomyCacheKey());
122 24
    }
123
124
    /**
125
     * Set the terms to a content, removes the old ones (only for one vocabulary if specified)
126
     *
127
     * @param array<integer> $terms
128
     * @param int|string $vocabulary_id
129
     */
130 24
    public function setTerms($terms, $vocabulary_id = null)
131
    {
132 24
        $this->removeTerms($vocabulary_id);
133
134 24
        foreach ($terms as $term_id) {
135 24
            $this->addTerm($term_id);
136 24
        }
137 24
    }
138
139
    /**
140
     * Removes terms specified by a vocabulary, or all
141
     *
142
     * @param int|string $vocabulary_id
143
     * @return bool
144
     */
145 24
    public function removeTerms($vocabulary_id = null)
146
    {
147 24
        if ($vocabulary_id === null) {
148 24
            return $this->getTaxonomyQuery()->delete();
149
        }
150
151 3
        if (!is_numeric($vocabulary_id)) {
152 3
            $vocabulary_id = T::vocabulary($vocabulary_id);
153 3
        }
154
155 3
        return $this->getTaxonomyQuery()->whereIn('term_id', function ($query) use ($vocabulary_id) {
156 3
            $query->select('id')->where('vocabulary_id', $vocabulary_id)->from((new TermContainer)->getTable());
157 3
        })->delete();
158
    }
159
160
    /**
161
     * Cache all terms of a content (only ids)
162
     *
163
     * @return array
164
     */
165 6
    private function cacheTermsForContent()
166
    {
167 6
        $term_container = (new TermContainer)->getTable();
168 6
        $terms = $this->taxonomies()
0 ignored issues
show
The method select() does not exist on Illuminate\Database\Eloquent\Relations\MorphToMany. Did you maybe mean getSelectColumns()?

This check marks calls to methods that do not seem to exist on an object.

This is most likely the result of a method being renamed without all references to it being renamed likewise.

Loading history...
169 6
            ->select("$term_container.id", "$term_container.vocabulary_id")
170 6
            ->get();
171
172 6
        if (!count($terms)) {
173 3
            return [];
174
        }
175
176 3
        $results = [];
177 3
        foreach ($terms as $term) {
178 3
            $results[$term->vocabulary_id][] = $term->id;
179 3
        }
180
181
        // a whole week, because it's automatically recached
182 3
        Cache::put($this->getTaxonomyCacheKey(), $results, 60 * 24 * 7);
183
184 3
        return $results;
185
    }
186
187
    /**
188
     * Get the cache key for this content
189
     *
190
     * @return string
191
     */
192 24
    private function getTaxonomyCacheKey()
193
    {
194 24
        return 'Rocket::Taxonomy::Related::' . $this->getTable() . '::' . $this->getKey();
195
    }
196
197
    /**
198
     * Get a new plain query builder for the pivot table.
199
     *
200
     * @return Builder
201
     */
202 24
    private function getTaxonomyQuery()
203
    {
204 24
        $t = $this->taxonomies();
205
206 24
        return $t->newPivotStatement()
207 24
            ->where($t->getForeignKey(), $this->getKey())
208 24
            ->where($t->getMorphType(), $t->getMorphClass());
209
    }
210
}
211