These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | use Symfony\Component\HttpFoundation\JsonResponse; |
||
4 | use Symfony\Component\HttpFoundation\RedirectResponse; |
||
5 | use Symfony\Component\HttpFoundation\Request; |
||
6 | use Symfony\Component\HttpFoundation\Session\Flash\FlashBag; |
||
7 | |||
8 | class SearchController extends JSONController |
||
9 | { |
||
10 | /** |
||
11 | * The maximum number of objects to allow being excluded |
||
12 | * |
||
13 | * @var int |
||
14 | */ |
||
15 | const MAX_EXCLUDED_OBJECTS = 10; |
||
16 | |||
17 | /** |
||
18 | * A list of types that can be returned when searching |
||
19 | * |
||
20 | * @var array |
||
21 | */ |
||
22 | private static $acceptableTypes = array('player', 'team'); |
||
23 | |||
24 | public function searchAction(Request $request) |
||
25 | { |
||
26 | if (!$request->query->has('types')) { |
||
27 | throw new \BadRequestException(); |
||
28 | } |
||
29 | |||
30 | $types = explode(',', $request->query->get('types')); |
||
31 | $excludeQuery = $request->query->get('exclude'); |
||
32 | |||
33 | $queries = $results = array(); |
||
34 | |||
35 | foreach ($types as &$type) { |
||
36 | if (!in_array($type, self::$acceptableTypes)) { |
||
37 | throw new \BadRequestException("An invalid type was provided"); |
||
38 | } |
||
39 | |||
40 | $type = ucfirst($type); |
||
41 | $queries[$type] = $type::getQueryBuilder(); |
||
42 | } |
||
43 | |||
44 | $excluded = $this->decompose($excludeQuery, $types, false, self::MAX_EXCLUDED_OBJECTS); |
||
45 | |||
46 | foreach ($queries as $type => $query) { |
||
47 | if ($startsWith = $request->query->get('startsWith')) { |
||
48 | $query->where('name')->startsWith($startsWith); |
||
49 | } |
||
50 | |||
51 | $query->active()->sortBy('name'); |
||
52 | |||
53 | foreach ($excluded[$type] as $exclude) { |
||
0 ignored issues
–
show
|
|||
54 | $query->except($exclude); |
||
55 | } |
||
56 | |||
57 | if ($type === 'Player') { |
||
58 | $result = $this->playerQuery($query, $request); |
||
59 | } else { |
||
60 | $result = $query->getArray(array('name')); |
||
61 | } |
||
62 | |||
63 | foreach ($result as $model) { |
||
64 | $model['type'] = $type; |
||
65 | $results[] = $model; |
||
66 | } |
||
67 | } |
||
68 | |||
69 | return new JsonResponse(array( |
||
70 | 'results' => $results |
||
71 | )); |
||
72 | } |
||
73 | |||
74 | private function playerQuery(\QueryBuilder $query, Request $request) |
||
75 | { |
||
76 | if ($team = $request->query->get('team')) { |
||
77 | $query->where('team')->is($team); |
||
78 | } |
||
79 | |||
80 | return $query->getArray(array('name', 'outdated')); |
||
81 | } |
||
82 | |||
83 | public function playerByBzidAction(Player $me, Request $request, FlashBag $flashBag, $bzid = null) |
||
84 | { |
||
85 | if (!$me->hasPermission(Permission::VIEW_VISITOR_LOG)) { |
||
86 | throw new ForbiddenException(); |
||
87 | } |
||
88 | |||
89 | if ($bzid === null) { |
||
90 | if (!$request->query->has('bzid')) { |
||
91 | throw new BadRequestException("Please provide the BZID to search for"); |
||
92 | } |
||
93 | |||
94 | $bzid = $request->query->get('bzid'); |
||
95 | } |
||
96 | |||
97 | $player = Player::getFromBZID($bzid); |
||
98 | |||
99 | if (!$player->isValid()) { |
||
100 | $flashBag->add('error', "Player with BZID $bzid not found"); |
||
101 | |||
102 | return $this->goBack(); |
||
103 | } |
||
104 | |||
105 | return new RedirectResponse($player->getURL()); |
||
106 | } |
||
107 | } |
||
108 |
There are different options of fixing this problem.
If you want to be on the safe side, you can add an additional type-check:
If you are sure that the expression is traversable, you might want to add a doc comment cast to improve IDE auto-completion and static analysis:
Mark the issue as a false-positive: Just hover the remove button, in the top-right corner of this issue for more options.