This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Addon Controller is used to help installation of your add-on. If your |
||
4 | * add-on needs to perform some specific actions during the installation, |
||
5 | * such as creating a symling for asset access or. |
||
6 | */ |
||
7 | class Controller_Addon extends AbstractController |
||
8 | { |
||
9 | /** @var string */ |
||
10 | public $atk_version = '4.3'; |
||
11 | |||
12 | /** @var string */ |
||
13 | public $namespace = __NAMESPACE__; |
||
14 | |||
15 | /** @var string|object|array */ |
||
16 | public $addon_base_path = null; // should be only string, but $app->locate can return object and array too |
||
17 | |||
18 | /** @var bool */ |
||
19 | public $has_assets = false; |
||
20 | |||
21 | /** @var string */ |
||
22 | public $addon_name; |
||
23 | |||
24 | // object with information from json file |
||
25 | public $addon_obj; |
||
26 | |||
27 | /** @var array */ |
||
28 | public $addon_private_locations = array(); |
||
29 | |||
30 | /** @var array */ |
||
31 | public $addon_public_locations = array(); |
||
32 | |||
33 | /** @var bool */ |
||
34 | public $with_pages = false; |
||
35 | |||
36 | /** @var PathFinder_Location */ |
||
37 | public $location; |
||
38 | |||
39 | public $api_var; // ??? |
||
40 | |||
41 | public $base_path; // ??? |
||
42 | |||
43 | public function init() |
||
44 | { |
||
45 | parent::init(); |
||
46 | $this->app->requires('atk', $this->atk_version); |
||
47 | |||
48 | if (!$this->addon_name) { |
||
49 | throw $this->exception('Addon name must be specified in it\'s Controller'); |
||
50 | } |
||
51 | |||
52 | $this->namespace = substr(get_class($this), 0, strrpos(get_class($this), '\\')); |
||
53 | |||
54 | $this->addon_base_path = $this->app->locatePath('addons', $this->namespace); |
||
55 | |||
56 | if (count($this->addon_private_locations) || count($this->addon_public_locations)) { |
||
57 | $this->addAddonLocations($this->base_path); |
||
58 | } |
||
59 | } |
||
60 | |||
61 | /** |
||
62 | * This routes certain prefixes to an add-on. Call this method explicitly |
||
63 | * from init() if necessary. |
||
64 | */ |
||
65 | public function routePages($page_prefix) |
||
66 | { |
||
67 | if ($this->app instanceof App_Frontend) { |
||
68 | /** @type App_Frontend $this->app */ |
||
69 | $this->app->routePages($page_prefix, $this->namespace); |
||
70 | } |
||
71 | } |
||
72 | |||
73 | public function addAddonLocations($base_path) |
||
74 | { |
||
75 | $this->app->pathfinder->addLocation($this->addon_private_locations) |
||
76 | ->setBasePath($base_path.'/../'.$this->addon_obj->get('addon_full_path')); |
||
77 | |||
78 | $this->app->pathfinder->addLocation($this->addon_public_locations) |
||
79 | ->setBasePath($base_path.'/'.$this->addon_obj->get('addon_public_symlink')) |
||
80 | ->setBaseURL($this->app->url('/').$this->addon_obj->get('addon_symlink_name')); |
||
81 | } |
||
82 | |||
83 | /** |
||
84 | * This defines the location data for the add-on. Call this method |
||
85 | * explicitly from init() if necessary. |
||
86 | */ |
||
87 | public function addLocation($contents, $public_contents = null) |
||
88 | { |
||
89 | $this->location = $this->app->pathfinder->addLocation($contents); |
||
90 | $this->location->setBasePath($this->addon_base_path); |
||
91 | |||
92 | // If class has assets, those have probably been installed |
||
93 | // into the public location |
||
94 | // TODO: test |
||
95 | if ($this->has_assets) { |
||
96 | if (is_null($public_contents)) { |
||
97 | $public_contents = array( |
||
98 | 'public' => '.', |
||
99 | 'js' => 'js', |
||
100 | 'css' => 'css', |
||
101 | ); |
||
102 | } |
||
103 | |||
104 | $this->location = $this->app->pathfinder->public_location |
||
105 | ->addRelativeLocation($this->addon_base_path, $contents); |
||
0 ignored issues
–
show
|
|||
106 | } |
||
107 | |||
108 | return $this->location; |
||
109 | } |
||
110 | |||
111 | /** |
||
112 | * This method will rely on location data to link. |
||
113 | */ |
||
114 | public function installAssets() |
||
115 | { |
||
116 | |||
117 | // Creates symlink inside /public/my-addon/ to /vendor/my/addon/public |
||
118 | |||
119 | // TODO: if $this->namespace contains slash, then created |
||
120 | // this folder under $app->pathfinder->public_location |
||
121 | // |
||
122 | // TODO: create a symlink such as $this->namespace pointing |
||
123 | // to |
||
124 | // |
||
125 | // TODO: if this already exist, don't mess it up. Also, resolve |
||
126 | } |
||
127 | |||
128 | /** |
||
129 | * Addon may requrie user to have license for ATK or some other |
||
130 | * piece of software to function properly. This is will be called |
||
131 | * during installation and then later on ocassionally, but not |
||
132 | * on production environment. |
||
133 | * |
||
134 | * Agile Toolkit provides universal way for checking licenses. If |
||
135 | * you are building commercial product with Agile Toolkit, then |
||
136 | * you need to use unique identifier for $software. Provide the name |
||
137 | * of your public key certificate and also supply md5sum of that |
||
138 | * certificate as last parameter, to make sure developer wouldn't |
||
139 | * simply substitute public key with another one. |
||
140 | * |
||
141 | * Public key must be bundled along with the release of your software |
||
142 | * |
||
143 | * This method will return true / false. If you have multiple public |
||
144 | * keys (expired ones), you can call this method several times. |
||
145 | * |
||
146 | * The information about the private key specifically issued to the |
||
147 | * user will be stored in configuration file. |
||
148 | */ |
||
149 | public function licenseCheck($type, $software = 'atk', $pubkey = null, $pubkey_md5 = null) |
||
150 | { |
||
151 | // TODO: move stuff here from App_Web -> licenseCheck |
||
152 | // |
||
153 | // TODO: we might need to hardcode hey signature or MD |
||
154 | } |
||
155 | |||
156 | public function installDatabase() |
||
157 | { |
||
158 | // TODO: If add-on comes with some database requirement, then this |
||
159 | // method should execute the migrations which will install and/or |
||
160 | // upgrade the database. |
||
161 | } |
||
162 | |||
163 | public function checkConfiguration() |
||
164 | { |
||
165 | // Addon may requrie user to add some stuff into configuration file. |
||
166 | // |
||
167 | // This method must return 'true' or 'false' if some configuration |
||
168 | // options are missing. |
||
169 | // |
||
170 | // This method must not complain about optional arguments. If you are |
||
171 | // introducing a new configuration options in a new version of your |
||
172 | // add-on, then you must always provide reasonable defaults. |
||
173 | // |
||
174 | // This method can still return false, while your defaults should |
||
175 | // prevent application from crashing. |
||
176 | // |
||
177 | // Admin will redirect user to your add-on configuration page |
||
178 | // if admin is logging in or at least provide some useful |
||
179 | // information. |
||
180 | } |
||
181 | } |
||
182 |
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check:
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.