This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
0 ignored issues
–
show
|
|||
2 | |||
3 | use BZIon\Cache\ModelCache; |
||
4 | use BZIon\Session\DatabaseSessionHandler; |
||
5 | use Symfony\Component\Config\Loader\LoaderInterface; |
||
6 | use Symfony\Component\Debug\Debug; |
||
7 | use Symfony\Component\HttpFoundation\Request; |
||
8 | use Symfony\Component\HttpFoundation\Response; |
||
9 | use Symfony\Component\HttpFoundation\Session\Session; |
||
10 | use Symfony\Component\HttpFoundation\Session\Storage\NativeSessionStorage; |
||
11 | use Symfony\Component\HttpKernel\Event\FilterResponseEvent; |
||
12 | use Symfony\Component\HttpKernel\Event\FinishRequestEvent; |
||
13 | use Symfony\Component\HttpKernel\Event\GetResponseEvent; |
||
14 | use Symfony\Component\HttpKernel\Event\GetResponseForExceptionEvent; |
||
15 | use Symfony\Component\HttpKernel\Event\PostResponseEvent; |
||
16 | use Symfony\Component\HttpKernel\Exception\HttpExceptionInterface; |
||
17 | use Symfony\Component\HttpKernel\Kernel; |
||
18 | use Symfony\Component\HttpKernel\KernelEvents; |
||
19 | |||
20 | require_once __DIR__ . '/../bzion-load.php'; |
||
21 | |||
22 | class AppKernel extends Kernel |
||
23 | { |
||
24 | private $request = null; |
||
25 | |||
26 | 1 | public function registerContainerConfiguration(LoaderInterface $loader) |
|
27 | { |
||
28 | 1 | $loader->load(__DIR__ . '/Resource/symfony_' . $this->getEnvironment() . '.yml'); |
|
29 | 1 | } |
|
30 | |||
31 | 1 | public function registerBundles() |
|
32 | { |
||
33 | $bundles = array( |
||
34 | 1 | new BZIon\Config\ConfigBundle(), |
|
35 | 1 | new Symfony\Bundle\FrameworkBundle\FrameworkBundle(), |
|
36 | 1 | new Symfony\Bundle\MonologBundle\MonologBundle(), |
|
37 | 1 | new Symfony\Bundle\TwigBundle\TwigBundle(), |
|
38 | 1 | new Symfony\Bundle\SwiftmailerBundle\SwiftmailerBundle(), |
|
39 | 1 | new Liip\ImagineBundle\LiipImagineBundle(), |
|
40 | 1 | new Sensio\Bundle\FrameworkExtraBundle\SensioFrameworkExtraBundle(), |
|
41 | 1 | new Nelmio\ApiDocBundle\NelmioApiDocBundle(), |
|
42 | ); |
||
43 | |||
44 | 1 | if ($this->getEnvironment() == 'profile') { |
|
45 | $bundles[] = new Symfony\Bundle\WebProfilerBundle\WebProfilerBundle(); |
||
46 | $bundles[] = new Sensio\Bundle\DistributionBundle\SensioDistributionBundle(); |
||
47 | $bundles[] = new Symfony\Bundle\DebugBundle\DebugBundle(); |
||
48 | } |
||
49 | |||
50 | 1 | return $bundles; |
|
51 | } |
||
52 | |||
53 | 1 | public function boot() |
|
54 | { |
||
55 | 1 | Service::setKernel($this); |
|
56 | |||
57 | 1 | parent::boot(); |
|
58 | |||
59 | 1 | if (!$this->container->getParameter('bzion.miscellaneous.development')) { |
|
60 | if ($this->getEnvironment() != 'prod' || $this->isDebug()) { |
||
61 | throw new ForbiddenDeveloperAccessException( |
||
62 | 'You are not allowed to access this page in a non-production ' . |
||
63 | 'environment. Please change the "development" configuration ' . |
||
64 | 'value and clear the cache before proceeding.' |
||
65 | ); |
||
66 | } |
||
67 | } |
||
68 | |||
69 | 1 | if (in_array($this->getEnvironment(), array('profile', 'dev'), true)) { |
|
70 | Debug::enable(); |
||
71 | } |
||
72 | |||
73 | 1 | Service::setGenerator($this->container->get('router')->getGenerator()); |
|
74 | 1 | Service::setEnvironment($this->getEnvironment()); |
|
75 | 1 | Service::setModelCache(new ModelCache()); |
|
76 | |||
77 | // Ratchet doesn't support PHP's native session storage, so use our own |
||
78 | // if we need it |
||
79 | 1 | if (Service::getParameter('bzion.features.websocket.enabled') && |
|
80 | 1 | $this->getEnvironment() !== 'test') { |
|
81 | $storage = new NativeSessionStorage(array(), new DatabaseSessionHandler()); |
||
82 | $session = new Session($storage); |
||
83 | Service::getContainer()->set('session', $session); |
||
84 | } |
||
85 | |||
86 | 1 | Notification::initializeAdapters(); |
|
87 | 1 | } |
|
88 | |||
89 | /** |
||
90 | * Find out whether the `dev` or the `profile` environment should be used |
||
91 | * for development, depending on the existance of the profiler bundle |
||
92 | * |
||
93 | * @return string The suggested kernel environment |
||
94 | */ |
||
95 | public static function guessDevEnvironment() |
||
96 | { |
||
97 | // If there is a profiler, use the environment with the profiler |
||
98 | if (class_exists('Symfony\Bundle\WebProfilerBundle\WebProfilerBundle')) { |
||
99 | return 'profile'; |
||
100 | } |
||
101 | |||
102 | return 'dev'; |
||
103 | } |
||
104 | |||
105 | 23 | public function handle(Request $request, $type = self::MASTER_REQUEST, $catch = true) |
|
106 | { |
||
107 | 23 | if (false === $this->booted) { |
|
108 | 1 | $this->boot(); |
|
109 | } |
||
110 | |||
111 | 23 | if ($catch && !$this->isDebug()) { |
|
112 | try { |
||
113 | 23 | return $this->handleRaw($request, $type, $catch); |
|
114 | 1 | } catch (Exception $e) { |
|
115 | 1 | return $this->handleException($e, $request, $type); |
|
116 | } |
||
117 | } else { |
||
118 | 1 | return $this->handleRaw($request, $type, $catch); |
|
119 | } |
||
120 | } |
||
121 | |||
122 | 23 | private function handleRaw(Request $request, $type = self::MASTER_REQUEST, $catch = true) |
|
123 | { |
||
124 | 23 | $this->container->enterScope('request'); |
|
125 | 23 | $this->container->set('request', $request, 'request'); |
|
126 | 23 | $this->container->get('request_stack')->push($request); |
|
127 | |||
128 | 23 | if ($type === self::MASTER_REQUEST) { |
|
129 | 23 | $this->request = $request; |
|
130 | } |
||
131 | |||
132 | 23 | Service::setRequest($request); |
|
133 | |||
134 | 23 | $event = new GetResponseEvent($this, $request, $type); |
|
135 | 23 | $this->container->get('event_dispatcher')->dispatch(KernelEvents::REQUEST, $event); |
|
136 | |||
137 | 23 | if ($request->attributes->get('_defaultHandler')) { |
|
138 | return parent::handle($request, $type, $catch); |
||
0 ignored issues
–
show
It seems like you call parent on a different method (
handle() instead of handleRaw() ). Are you sure this is correct? If so, you might want to change this to $this->handle() .
This check looks for a call to a parent method whose name is different than the method from which it is called. Consider the following code: class Daddy
{
protected function getFirstName()
{
return "Eidur";
}
protected function getSurName()
{
return "Gudjohnsen";
}
}
class Son
{
public function getFirstName()
{
return parent::getSurname();
}
}
The
Loading history...
|
|||
139 | } |
||
140 | |||
141 | // An event may have given a response |
||
142 | 23 | if ($event->hasResponse()) { |
|
143 | return $this->filterResponse($event->getResponse(), $request, $type); |
||
144 | } |
||
145 | |||
146 | 23 | $session = $this->container->get('session'); |
|
147 | 23 | $session->start(); |
|
148 | 23 | Service::setFormFactory($this->container->get('form.factory')); |
|
149 | |||
150 | 23 | $con = Controller::getController($request->attributes); |
|
151 | 23 | $response = $con->callAction(); |
|
152 | |||
153 | 23 | return $this->filterResponse($response, $request, $type); |
|
154 | } |
||
155 | |||
156 | /** |
||
157 | * Filters a response object. |
||
158 | * |
||
159 | * @param Response $response A Response instance |
||
160 | * @param Request $request An error message in case the response is not a Response object |
||
161 | * @param int $type The type of the request (one of HttpKernelInterface::MASTER_REQUEST or HttpKernelInterface::SUB_REQUEST) |
||
162 | * |
||
163 | * @return Response The filtered Response instance |
||
164 | */ |
||
165 | 23 | private function filterResponse(Response $response, Request $request, $type) |
|
166 | { |
||
167 | 23 | $event = new FilterResponseEvent($this, $request, $type, $response); |
|
168 | 23 | $this->container->get('event_dispatcher')->dispatch(KernelEvents::RESPONSE, $event); |
|
169 | |||
170 | 23 | $requestEvent = new FinishRequestEvent($this, $request, $type); |
|
171 | 23 | $this->container->get('event_dispatcher')->dispatch(KernelEvents::FINISH_REQUEST, $requestEvent); |
|
172 | |||
173 | 23 | return $event->getResponse(); |
|
174 | } |
||
175 | |||
176 | 23 | public function terminate(Request $request, Response $response) |
|
177 | { |
||
178 | 23 | $this->container->get('event_dispatcher')->dispatch( |
|
179 | 23 | KernelEvents::TERMINATE, |
|
180 | 23 | new PostResponseEvent($this, $request, $response) |
|
181 | ); |
||
182 | 23 | } |
|
183 | |||
184 | public function terminateWithException(Exception $exception) |
||
0 ignored issues
–
show
|
|||
185 | { |
||
186 | return false; |
||
187 | } |
||
188 | |||
189 | 1 | private function handleException(Exception $e, $request, $type) |
|
190 | { |
||
191 | 1 | $event = new GetResponseForExceptionEvent($this, $request, $type, $e); |
|
192 | 1 | $this->container->get('event_dispatcher')->dispatch(KernelEvents::EXCEPTION, $event); |
|
193 | |||
194 | // a listener might have replaced the exception |
||
195 | 1 | $e = $event->getException(); |
|
196 | 1 | if (!$event->hasResponse()) { |
|
197 | throw $e; |
||
198 | } |
||
199 | |||
200 | 1 | $response = $event->getResponse(); |
|
201 | |||
202 | 1 | if ($response->headers->has('X-Status-Code')) { |
|
203 | // the developer asked for a specific status code |
||
204 | $response->setStatusCode($response->headers->get('X-Status-Code')); |
||
205 | $response->headers->remove('X-Status-Code'); |
||
206 | 1 | } elseif (!$response->isClientError() && !$response->isServerError() && !$response->isRedirect()) { |
|
207 | // ensure that we actually have an error response |
||
208 | 1 | if ($e instanceof HttpExceptionInterface) { |
|
209 | // keep the HTTP status code and headers |
||
210 | 1 | $response->setStatusCode($e->getStatusCode()); |
|
211 | 1 | $response->headers->add($e->getHeaders()); |
|
212 | } else { |
||
213 | $response->setStatusCode(500); |
||
214 | } |
||
215 | } |
||
216 | |||
217 | 1 | return $response; |
|
218 | } |
||
219 | } |
||
220 |
The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file.
The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place.
To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1.