This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * This file is part of the Exchange Rate Bundle, an RunOpenCode project. |
||
4 | * |
||
5 | * (c) 2017 RunOpenCode |
||
6 | * |
||
7 | * For the full copyright and license information, please view the LICENSE |
||
8 | * file that was distributed with this source code. |
||
9 | */ |
||
10 | namespace RunOpenCode\Bundle\ExchangeRate\Controller; |
||
11 | |||
12 | use RunOpenCode\Bundle\ExchangeRate\Form\Dto\Rate as DtoRate; |
||
13 | use RunOpenCode\Bundle\ExchangeRate\Form\FormType; |
||
14 | use RunOpenCode\Bundle\ExchangeRate\Security\AccessVoter; |
||
15 | use RunOpenCode\ExchangeRate\Contract\RateInterface; |
||
16 | use RunOpenCode\ExchangeRate\Contract\RepositoryInterface; |
||
17 | use RunOpenCode\ExchangeRate\Model\Rate; |
||
18 | use Symfony\Bundle\FrameworkBundle\Controller\Controller; |
||
19 | use Symfony\Component\Form\Form; |
||
20 | use Symfony\Component\HttpFoundation\Request; |
||
21 | |||
22 | /** |
||
23 | * Class EditController |
||
24 | * |
||
25 | * @package RunOpenCode\Bundle\ExchangeRate\Controller |
||
26 | */ |
||
27 | class EditController extends Controller |
||
28 | { |
||
29 | /** |
||
30 | * Main controller action |
||
31 | * |
||
32 | * @param Request $request |
||
33 | * |
||
34 | * @return \Symfony\Component\HttpFoundation\RedirectResponse|\Symfony\Component\HttpFoundation\Response|\Symfony\Component\HttpKernel\Exception\NotFoundHttpException |
||
35 | */ |
||
36 | 6 | public function indexAction(Request $request) |
|
37 | { |
||
38 | 6 | $source = $request->get('source'); |
|
39 | 6 | $rateType = $request->get('rate_type'); |
|
40 | 6 | $currencyCode = $request->get('currency_code'); |
|
41 | 6 | $date = \DateTime::createFromFormat('Y-m-d', $request->get('date')); |
|
42 | |||
43 | /** |
||
44 | * @var RepositoryInterface $repository |
||
45 | */ |
||
46 | 6 | $repository = $this->get('runopencode.exchange_rate.repository'); |
|
47 | |||
48 | 6 | if (!$repository->has($source, $currencyCode, $date, $rateType)) { |
|
0 ignored issues
–
show
|
|||
49 | 1 | throw $this->createNotFoundException(); |
|
50 | } |
||
51 | |||
52 | 5 | $rate = $repository->get($source, $currencyCode, $date, $rateType); |
|
0 ignored issues
–
show
It seems like
$date defined by \DateTime::createFromFor... $request->get('date')) on line 41 can also be of type false ; however, RunOpenCode\ExchangeRate...ositoryInterface::get() does only seem to accept null|object<DateTime> , did you maybe forget to handle an error condition?
This check looks for type mismatches where the missing type is Consider the follow example <?php
function getDate($date)
{
if ($date !== null) {
return new DateTime($date);
}
return false;
}
This function either returns a new
Loading history...
|
|||
53 | |||
54 | 5 | if (!$this->isGranted(AccessVoter::EDIT, $rate)) { |
|
55 | 1 | throw $this->createAccessDeniedException(); |
|
56 | } |
||
57 | |||
58 | 4 | $form = $this->getForm($rate); |
|
59 | |||
60 | 4 | if (true === $this->handleForm($form, $request, $rate)) { |
|
61 | 1 | return $this->redirectAfterSuccess(); |
|
62 | } |
||
63 | |||
64 | 4 | return $this->render($this->getTwigTemplate(), [ |
|
65 | 4 | 'form' => $form->createView(), |
|
66 | 4 | 'rate' => $rate |
|
67 | ]); |
||
68 | } |
||
69 | |||
70 | /** |
||
71 | * Handle form submission. |
||
72 | * |
||
73 | * @param Form $form |
||
74 | * @param Request $request |
||
75 | * @param RateInterface $exchangeRate |
||
76 | * |
||
77 | * @return bool TRUE if successful |
||
78 | */ |
||
79 | 4 | protected function handleForm(Form $form, Request $request, RateInterface $exchangeRate) |
|
80 | { |
||
81 | 4 | $form->handleRequest($request); |
|
82 | |||
83 | 4 | if (!$form->isSubmitted()) { |
|
84 | 3 | return false; |
|
85 | } |
||
86 | |||
87 | /** |
||
88 | * @var Rate $rate |
||
89 | */ |
||
90 | 3 | $rate = $form->getData()->toRate($exchangeRate); |
|
91 | |||
92 | 3 | View Code Duplication | if (!$form->isValid()) { |
93 | 1 | $this->addFlash('error', $this->get('translator')->trans('flash.form.error', [], 'runopencode_exchange_rate')); |
|
94 | 1 | return false; |
|
95 | } |
||
96 | |||
97 | 2 | return $this->save($rate); |
|
98 | } |
||
99 | |||
100 | /** |
||
101 | * Get FQCN of FormType form. |
||
102 | * |
||
103 | * @return string |
||
104 | */ |
||
105 | 4 | protected function getFormType() |
|
106 | { |
||
107 | 4 | return FormType::class; |
|
108 | } |
||
109 | |||
110 | /** |
||
111 | * Get form. |
||
112 | * |
||
113 | * @return Form |
||
114 | */ |
||
115 | 4 | protected function getForm(RateInterface $rate) |
|
116 | { |
||
117 | 4 | return $this->createForm($this->getFormType(), DtoRate::fromRateInterface($rate)); |
|
118 | } |
||
119 | |||
120 | /** |
||
121 | * Save rate. |
||
122 | * |
||
123 | * @param RateInterface $rate |
||
124 | * @return TRUE if successful. |
||
125 | */ |
||
126 | 2 | View Code Duplication | protected function save(RateInterface $rate) |
127 | { |
||
128 | try { |
||
129 | 2 | $this->get('runopencode.exchange_rate.repository')->save([$rate]); |
|
130 | 1 | $this->addFlash('success', $this->get('translator')->trans('flash.edit.success', [], 'runopencode_exchange_rate')); |
|
131 | 1 | return true; |
|
132 | 1 | } catch (\Exception $e) { |
|
133 | 1 | $this->addFlash('error', $this->get('translator')->trans('flash.edit.error.unknown', [], 'runopencode_exchange_rate')); |
|
134 | 1 | return false; |
|
135 | } |
||
136 | } |
||
137 | |||
138 | /** |
||
139 | * Redirect after success. |
||
140 | * |
||
141 | * @return \Symfony\Component\HttpFoundation\RedirectResponse |
||
142 | */ |
||
143 | 1 | protected function redirectAfterSuccess() |
|
144 | { |
||
145 | 1 | return $this->redirectToRoute('runopencode_exchange_rate_list'); |
|
146 | } |
||
147 | |||
148 | /** |
||
149 | * Get Twig template path. |
||
150 | * |
||
151 | * @return string |
||
152 | */ |
||
153 | 4 | protected function getTwigTemplate() |
|
154 | { |
||
155 | 4 | return '@ExchangeRate/edit.html.twig'; |
|
156 | } |
||
157 | } |
||
158 |
This check looks for type mismatches where the missing type is
false
. This is usually indicative of an error condtion.Consider the follow example
This function either returns a new
DateTime
object or false, if there was an error. This is a typical pattern in PHP programming to show that an error has occurred without raising an exception. The calling code should check for this returnedfalse
before passing on the value to another function or method that may not be able to handle afalse
.