This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Doctrine\ODM\CouchDB\Mapping\Driver; |
||
4 | |||
5 | use Doctrine\Common\Persistence\Mapping\Driver\FileDriver, |
||
6 | Doctrine\Common\Persistence\Mapping\ClassMetadata, |
||
7 | Doctrine\ODM\CouchDB\Mapping\MappingException, |
||
8 | Doctrine\Common\Persistence\Mapping\MappingException as DoctrineMappingException, |
||
9 | SimpleXmlElement; |
||
10 | |||
11 | /** |
||
12 | * XmlDriver is a metadata driver that enables mapping through XML files. |
||
13 | * |
||
14 | * @license http://www.opensource.org/licenses/lgpl-license.php LGPL |
||
15 | * @link www.doctrine-project.org |
||
16 | * @since 1.0 |
||
17 | * @author Benjamin Eberlei <[email protected]> |
||
18 | * @author Jonathan H. Wage <[email protected]> |
||
19 | * @author Roman Borschel <[email protected]> |
||
20 | */ |
||
21 | class XmlDriver extends FileDriver |
||
22 | { |
||
23 | const DEFAULT_FILE_EXTENSION = '.dcm.xml'; |
||
24 | |||
25 | /** |
||
26 | * {@inheritDoc} |
||
27 | */ |
||
28 | public function __construct($locator, $fileExtension = self::DEFAULT_FILE_EXTENSION) |
||
29 | { |
||
30 | parent::__construct($locator, $fileExtension); |
||
31 | } |
||
32 | |||
33 | /** |
||
34 | * {@inheritdoc} |
||
35 | */ |
||
36 | public function loadMetadataForClass($className, ClassMetadata $class) |
||
37 | { |
||
38 | /** @var $class \Doctrine\ODM\CouchDB\Mapping\ClassMetadata */ |
||
39 | try { |
||
40 | $xmlRoot = $this->getElement($className); |
||
41 | } catch (DoctrineMappingException $e) { |
||
42 | // Convert Exception type for consistency with other drivers |
||
43 | throw new MappingException($e->getMessage(), $e->getCode(), $e); |
||
44 | } |
||
45 | |||
46 | if (!$xmlRoot) { |
||
47 | return; |
||
48 | } |
||
49 | |||
50 | if ($xmlRoot->getName() == 'document') { |
||
51 | $class->setCustomRepositoryClass( |
||
52 | isset($xmlRoot['repository-class']) ? (string)$xmlRoot['repository-class'] : null |
||
53 | ); |
||
54 | |||
55 | if (isset($xmlRoot['indexed']) && $xmlRoot['indexed'] == true) { |
||
56 | $class->indexed = true; |
||
57 | } |
||
58 | |||
59 | if (isset($xmlRoot['inheritance-root']) && $xmlRoot['inheritance-root']) { |
||
60 | $class->markInheritanceRoot(); |
||
61 | } |
||
62 | } else if ($xmlRoot->getName() == "embedded-document") { |
||
63 | $class->isEmbeddedDocument = true; |
||
64 | |||
65 | if (isset($xmlRoot['inheritance-root']) && $xmlRoot['inheritance-root']) { |
||
66 | $class->markInheritanceRoot(); |
||
67 | } |
||
68 | } else if ($xmlRoot->getName() == "mapped-superclass") { |
||
69 | $class->isMappedSuperclass = true; |
||
70 | } else { |
||
71 | throw MappingException::classIsNotAValidDocument($className); |
||
72 | } |
||
73 | |||
74 | // Evaluate <field ...> mappings |
||
75 | if (isset($xmlRoot->field)) { |
||
0 ignored issues
–
show
|
|||
76 | View Code Duplication | foreach ($xmlRoot->field as $fieldMapping) { |
|
0 ignored issues
–
show
Accessing
field on the interface Doctrine\Common\Persistence\Mapping\ClassMetadata suggest that you code against a concrete implementation. How about adding an instanceof check?
If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes
Loading history...
|
|||
77 | $class->mapField(array( |
||
78 | 'fieldName' => (string)$fieldMapping['name'], |
||
79 | 'jsonName' => (isset($fieldMapping['json-name'])) ? (string)$fieldMapping['json-name'] : null, |
||
80 | 'indexed' => (isset($fieldMapping['index'])) ? (bool)$fieldMapping['index'] : false, |
||
81 | 'type' => (isset($fieldMapping['type'])) ? (string)$fieldMapping['type'] : null, |
||
82 | 'isVersionField' => (isset($fieldMapping['version'])) ? true : null, |
||
83 | )); |
||
84 | } |
||
85 | } |
||
86 | |||
87 | // Evaluate <id ..> mappings |
||
88 | View Code Duplication | foreach ($xmlRoot->id as $idElement) { |
|
0 ignored issues
–
show
Accessing
id on the interface Doctrine\Common\Persistence\Mapping\ClassMetadata suggest that you code against a concrete implementation. How about adding an instanceof check?
If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes
Loading history...
|
|||
89 | $class->mapField(array( |
||
90 | 'fieldName' => (string)$idElement['name'], |
||
91 | 'indexed' => (isset($idElement['index'])) ? (bool)$idElement['index'] : false, |
||
92 | 'type' => (isset($idElement['type'])) ? (string)$idElement['type'] : null, |
||
93 | 'id' => true, |
||
94 | 'strategy' => (isset($idElement['strategy'])) ? (string)$idElement['strategy'] : null, |
||
95 | )); |
||
96 | } |
||
97 | |||
98 | // Evaluate <version ..> mappings |
||
99 | foreach ($xmlRoot->version as $versionElement) { |
||
0 ignored issues
–
show
Accessing
version on the interface Doctrine\Common\Persistence\Mapping\ClassMetadata suggest that you code against a concrete implementation. How about adding an instanceof check?
If you access a property on an interface, you most likely code against a concrete implementation of the interface. Available Fixes
Loading history...
|
|||
100 | $class->mapField(array( |
||
101 | 'fieldName' => (string)$versionElement['name'], |
||
102 | 'type' => 'string', |
||
103 | 'isVersionField' => true, |
||
104 | 'jsonName' => '_rev', |
||
105 | )); |
||
106 | } |
||
107 | |||
108 | // Evaluate <many-to-one ..> mappings |
||
109 | View Code Duplication | if (isset($xmlRoot->{"reference-one"})) { |
|
110 | foreach ($xmlRoot->{"reference-one"} as $referenceOneElement) { |
||
111 | $class->mapManyToOne(array( |
||
112 | 'cascade' => (isset($referenceOneElement->cascade)) ? $this->getCascadeMode($referenceOneElement->cascade) : 0, |
||
113 | 'targetDocument' => (string)$referenceOneElement['target-document'], |
||
114 | 'fieldName' => (string)$referenceOneElement['field'], |
||
115 | 'jsonName' => (isset($referenceOneElement['json-name'])) ? (string)$referenceOneElement['json-name'] : null, |
||
116 | 'indexed' => (isset($referenceOneElement['index'])) ? (bool)$referenceOneElement['index'] : false, |
||
117 | )); |
||
118 | } |
||
119 | } |
||
120 | |||
121 | // Evaluate <many-to-one ..> mappings |
||
122 | View Code Duplication | if (isset($xmlRoot->{"reference-many"})) { |
|
123 | foreach ($xmlRoot->{"reference-many"} as $referenceManyElement) { |
||
124 | $class->mapManyToMany(array( |
||
125 | 'cascade' => (isset($referenceManyElement->cascade)) ? $this->getCascadeMode($referenceManyElement->cascade) : 0, |
||
126 | 'targetDocument' => (string)$referenceManyElement['target-document'], |
||
127 | 'fieldName' => (string)$referenceManyElement['field'], |
||
128 | 'jsonName' => (isset($referenceManyElement['json-name'])) ? (string)$referenceManyElement['json-name'] : null, |
||
129 | 'mappedBy' => (isset($referenceManyElement['mapped-by'])) ? (string)$referenceManyElement['mapped-by'] : null, |
||
130 | )); |
||
131 | } |
||
132 | } |
||
133 | |||
134 | // Evaluate <attachments ..> mapping |
||
135 | if (isset($xmlRoot->{"attachments"})) { |
||
136 | $class->mapAttachments((string)$xmlRoot->{"attachments"}[0]['field']); |
||
137 | } |
||
138 | |||
139 | // Evaluate <embed-one /> |
||
140 | View Code Duplication | if (isset($xmlRoot->{'embed-one'})) { |
|
141 | foreach ($xmlRoot->{'embed-one'} AS $embedOneElement) { |
||
142 | $class->mapEmbedded(array( |
||
143 | 'targetDocument' => (isset($embedOneElement['target-document']) ? (string)$embedOneElement['target-document'] : null), |
||
144 | 'fieldName' => (string)$embedOneElement['field'], |
||
145 | 'jsonName' => (isset($embedOneElement['json-name'])) ? (string)$embedOneElement['json-name'] : null, |
||
146 | 'embedded' => 'one', |
||
147 | )); |
||
148 | } |
||
149 | } |
||
150 | |||
151 | // Evaluate <embed-many /> |
||
152 | View Code Duplication | if (isset($xmlRoot->{'embed-many'})) { |
|
153 | foreach ($xmlRoot->{'embed-many'} AS $embedManyElement) { |
||
154 | $class->mapEmbedded(array( |
||
155 | 'targetDocument' => (isset($embedManyElement['target-document']) ? (string)$embedManyElement['target-document'] : null), |
||
156 | 'fieldName' => (string)$embedManyElement['field'], |
||
157 | 'jsonName' => (isset($embedManyElement['json-name'])) ? (string)$embedManyElement['json-name'] : null, |
||
158 | 'embedded' => 'many', |
||
159 | )); |
||
160 | } |
||
161 | } |
||
162 | } |
||
163 | |||
164 | protected function loadMappingFile($file) |
||
165 | { |
||
166 | $result = array(); |
||
167 | $entity = libxml_disable_entity_loader(true); |
||
168 | $xmlElement = simplexml_load_string(file_get_contents($file)); |
||
169 | libxml_disable_entity_loader($entity); |
||
170 | |||
171 | foreach (array('document', 'embedded-document', 'mapped-superclass') as $type) { |
||
172 | if (isset($xmlElement->$type)) { |
||
173 | foreach ($xmlElement->$type as $documentElement) { |
||
174 | $documentName = (string) $documentElement['name']; |
||
175 | $result[$documentName] = $documentElement; |
||
176 | } |
||
177 | } |
||
178 | } |
||
179 | |||
180 | return $result; |
||
181 | } |
||
182 | |||
183 | /** |
||
184 | * Gathers a list of cascade options found in the given cascade element. |
||
185 | * |
||
186 | * @param $cascadeElement cascade element. |
||
187 | * @return integer a bitmask of cascade options. |
||
188 | */ |
||
189 | private function getCascadeMode(SimpleXMLElement $cascadeElement) |
||
190 | { |
||
191 | $cascade = 0; |
||
192 | foreach ($cascadeElement->children() as $action) { |
||
193 | // According to the JPA specifications, XML uses "cascade-persist" |
||
194 | // instead of "persist". Here, both variations |
||
195 | // are supported because both YAML and Annotation use "persist" |
||
196 | // and we want to make sure that this driver doesn't need to know |
||
197 | // anything about the supported cascading actions |
||
198 | $cascadeMode = str_replace('cascade-', '', $action->getName()); |
||
199 | $constantName = 'Doctrine\ODM\CouchDB\Mapping\ClassMetadata::CASCADE_' . strtoupper($cascadeMode); |
||
200 | if (!defined($constantName)) { |
||
201 | throw new MappingException("Cascade mode '$cascadeMode' not supported."); |
||
202 | } |
||
203 | $cascade |= constant($constantName); |
||
204 | } |
||
205 | |||
206 | return $cascade; |
||
207 | } |
||
208 | } |
||
209 |
If you access a property on an interface, you most likely code against a concrete implementation of the interface.
Available Fixes
Adding an additional type check:
Changing the type hint: