This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* |
||
3 | * WellCommerce Open-Source E-Commerce Platform |
||
4 | * |
||
5 | * This file is part of the WellCommerce package. |
||
6 | * |
||
7 | * (c) Adam Piotrowski <[email protected]> |
||
8 | * |
||
9 | * For the full copyright and license information, |
||
10 | * please view the LICENSE file that was distributed with this source code. |
||
11 | */ |
||
12 | |||
13 | namespace WellCommerce\Bundle\OrderBundle\Controller\Front; |
||
14 | |||
15 | use Symfony\Component\HttpFoundation\ParameterBag; |
||
16 | use Symfony\Component\HttpFoundation\Request; |
||
17 | use Symfony\Component\HttpFoundation\Response; |
||
18 | use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken; |
||
19 | use Symfony\Component\Security\Http\Event\InteractiveLoginEvent; |
||
20 | use WellCommerce\Bundle\AppBundle\Entity\Client; |
||
21 | use WellCommerce\Bundle\CoreBundle\Controller\Front\AbstractFrontController; |
||
22 | use WellCommerce\Bundle\OrderBundle\Entity\Order; |
||
23 | |||
24 | /** |
||
25 | * Class AddressController |
||
26 | * |
||
27 | * @author Adam Piotrowski <[email protected]> |
||
28 | */ |
||
29 | class AddressController extends AbstractFrontController |
||
30 | { |
||
31 | public function indexAction(Request $request): Response |
||
32 | { |
||
33 | $order = $this->getOrderProvider()->getCurrentOrder(); |
||
34 | |||
35 | if (!$order->isConfirmable()) { |
||
36 | return $this->redirectToRoute('front.cart.index'); |
||
37 | } |
||
38 | |||
39 | $form = $this->formBuilder->createForm($order, [ |
||
40 | 'validation_groups' => $this->getValidationGroupsForRequest($request), |
||
41 | ]); |
||
42 | |||
43 | if ($form->isSubmitted() && $this->isCopyBillingAddress($request)) { |
||
44 | $this->copyShippingAddress($request->request); |
||
45 | } |
||
46 | |||
47 | if ($form->handleRequest()->isSubmitted()) { |
||
48 | if ($form->isValid()) { |
||
49 | if ($this->isCreateAccount($request)) { |
||
50 | $client = $this->autoRegisterClient($order); |
||
51 | $order->setClient($client); |
||
52 | } |
||
53 | $this->getManager()->updateResource($order); |
||
54 | |||
55 | return $this->getRouterHelper()->redirectTo('front.confirm.index'); |
||
56 | } |
||
57 | |||
58 | if (count($form->getError())) { |
||
59 | $this->getFlashHelper()->addError('client.flash.registration.error'); |
||
60 | } |
||
61 | } |
||
62 | |||
63 | return $this->displayTemplate('index', [ |
||
64 | 'form' => $form, |
||
65 | 'elements' => $form->getChildren(), |
||
66 | ]); |
||
67 | } |
||
68 | |||
69 | protected function getValidationGroupsForRequest(Request $request): array |
||
70 | { |
||
71 | $validationGroups = [ |
||
72 | 'order_billing_address', |
||
73 | 'order_client_details', |
||
74 | 'order_contact_details', |
||
75 | ]; |
||
76 | |||
77 | if (false === $this->isCopyBillingAddress($request)) { |
||
78 | $validationGroups[] = 'order_shipping_address'; |
||
79 | } |
||
80 | |||
81 | if ($this->isCreateAccount($request)) { |
||
82 | $validationGroups[] = 'client_registration'; |
||
83 | } |
||
84 | |||
85 | if ($this->isIssueInvoice($request)) { |
||
86 | $validationGroups[] = 'order_issue_invoice'; |
||
87 | } |
||
88 | |||
89 | return $validationGroups; |
||
90 | } |
||
91 | |||
92 | /** |
||
93 | * Copies billing address to shipping address |
||
94 | * |
||
95 | * @param ParameterBag $parameters |
||
96 | */ |
||
97 | protected function copyShippingAddress(ParameterBag $parameters) |
||
98 | { |
||
99 | $billingAddress = $parameters->get('billingAddress'); |
||
100 | |||
101 | $shippingAddress = [ |
||
102 | 'shippingAddress.copyBillingAddress' => true, |
||
103 | ]; |
||
104 | |||
105 | foreach ($billingAddress as $key => $value) { |
||
106 | list(, $fieldName) = explode('.', $key); |
||
107 | $shippingAddress['shippingAddress.' . $fieldName] = $value; |
||
108 | } |
||
109 | |||
110 | $parameters->set('shippingAddress', $shippingAddress); |
||
111 | } |
||
112 | |||
113 | protected function isCopyBillingAddress(Request $request): bool |
||
114 | { |
||
115 | if ($request->isMethod('POST')) { |
||
116 | $shippingAddress = $request->request->filter('shippingAddress'); |
||
117 | |||
118 | return 1 === (int)$shippingAddress['shippingAddress.copyBillingAddress']; |
||
119 | } |
||
120 | |||
121 | return false; |
||
122 | } |
||
123 | |||
124 | protected function isCreateAccount(Request $request): bool |
||
125 | { |
||
126 | if ($request->isMethod('POST')) { |
||
127 | $clientDetails = $request->request->filter('clientDetails'); |
||
128 | $createAccount = $clientDetails['clientDetails.createAccount'] ?? 0; |
||
129 | |||
130 | return 1 === (int)$createAccount; |
||
131 | } |
||
132 | |||
133 | return false; |
||
134 | } |
||
135 | |||
136 | protected function isIssueInvoice(Request $request): bool |
||
137 | { |
||
138 | if ($request->isMethod('POST')) { |
||
139 | return 1 === (int)$request->request->filter('issueInvoice'); |
||
140 | } |
||
141 | |||
142 | return false; |
||
143 | } |
||
144 | |||
145 | protected function autoRegisterClient(Order $order): Client |
||
146 | { |
||
147 | /** @var $client Client */ |
||
148 | $client = $this->get('client.manager')->initResource(); |
||
149 | $client->setClientDetails($order->getClientDetails()); |
||
150 | $client->setContactDetails($order->getContactDetails()); |
||
151 | $client->setBillingAddress($order->getBillingAddress()); |
||
152 | $client->setShippingAddress($order->getShippingAddress()); |
||
153 | |||
154 | $this->get('client.manager')->createResource($client); |
||
155 | |||
156 | $token = new UsernamePasswordToken($client, $client->getPassword(), "client", $client->getRoles()); |
||
157 | $this->get('security.token_storage')->setToken($token); |
||
158 | |||
159 | $event = new InteractiveLoginEvent($this->getRequestHelper()->getCurrentRequest(), $token); |
||
0 ignored issues
–
show
|
|||
160 | $this->get("event_dispatcher")->dispatch('security.interactive_login', $event); |
||
161 | |||
162 | return $client; |
||
163 | } |
||
164 | } |
||
165 |
Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: