Issues in Organization.php (master) - Issues in master - flipbox/organization - Measure and Improve Code Quality continuously with Scrutinizer

Issues (60)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Organization.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * @copyright  Copyright (c) Flipbox Digital Limited
 * @license    https://flipboxfactory.com/software/organization/license
 * @link       https://www.flipboxfactory.com/software/organization/
 */

namespace flipbox\organization;

use Craft;
use craft\base\Plugin as BasePlugin;
use craft\events\RegisterComponentTypesEvent;
use craft\events\RegisterUrlRulesEvent;
use craft\helpers\UrlHelper;
use craft\models\FieldLayout as FieldLayoutModel;
use craft\services\Elements;
use craft\services\Fields;
use craft\web\twig\variables\CraftVariable;
use craft\web\UrlManager;
use flipbox\organization\controllers\OrganizationController;
use flipbox\organization\elements\Organization as OrganizationElement;
use flipbox\organization\fields\Organization as OrganizationField;
use flipbox\organization\fields\User as UserField;
use flipbox\organization\models\Settings as OrganizationSettings;
use flipbox\organization\models\Type as OrganizationType;
use flipbox\organization\web\twig\variables\Organization as OrganizationVariable;
use yii\base\Event;

/**
 * @author Flipbox Factory <[email protected]>
 * @since 1.0.0
 */
class Organization extends BasePlugin
{

    /**
     * @var array
     */
    public $controllerMap = [
        'save' => [
            'class' => OrganizationController::class,
            'defaultAction' => 'save'
        ],
        'delete' => [
            'class' => OrganizationController::class,
            'defaultAction' => 'delete'
        ]
    ];

    /**
     * @inheritdoc
     */
    public function init()
    {

        // Do parent
        parent::init();

        // Register our fields
        Event::on(
            Fields::class,
            Fields::EVENT_REGISTER_FIELD_TYPES,
            function (RegisterComponentTypesEvent $event) {
                $event->types[] = OrganizationField::class;
                $event->types[] = UserField::class;
            }
        );

        // Register our elements
        Event::on(
            Elements::class,
            Elements::EVENT_REGISTER_ELEMENT_TYPES,
            function (RegisterComponentTypesEvent $event) {
                $event->types[] = OrganizationElement::class;
            }
        );

        // Register our CP routes
        Event::on(
            UrlManager::class,
            UrlManager::EVENT_REGISTER_CP_URL_RULES,
            [self::class, 'onRegisterCpUrlRules']
        );

        // Twig variables
        Event::on(
            CraftVariable::class,
            CraftVariable::EVENT_INIT,
            function (Event $event) {
                /** @var CraftVariable $variable */
                $variable = $event->sender;
                $variable->set('organization', OrganizationVariable::class);
            }
        );
    }


    /*******************************************
     * EVENTS
     *******************************************/

    /**
     * @param RegisterUrlRulesEvent $event
     */
    public static function onRegisterCpUrlRules(RegisterUrlRulesEvent $event)
    {

        $event->rules = array_merge(
            $event->rules,
            [
                // SETTINGS
                'organization/configuration' => 'organization/configuration/view/general/index',
                'organization/configuration/layout' => 'organization/configuration/view/layout/index',
                'organization/configuration/type' => 'organization/configuration/view/type/index',
                'organization/configuration/type/new' => 'organization/configuration/view/type/upsert',
                'organization/configuration/type/<typeIdentifier:\d+>' => 'organization/configuration/view/type/upsert',

                // ORGANIZATION
                'organization' => 'organization/view/organization/index',
                'organization/new/<typeIdentifier:{handle}>' => 'organization/view/organization/upsert',
                'organization/new' => 'organization/view/organization/upsert',
                'organization/<identifier:\d+>' => 'organization/view/organization/upsert',
                'organization/<identifier:\d+>/<typeIdentifier:{handle}>' => 'organization/view/organization/upsert'

            ]
        );
    }

    /**
     * @inheritdoc
     *
     * @return OrganizationSettings
     */
    public function getSettings()
    {
        return parent::getSettings();

    }

    /**
     * @return OrganizationSettings
     */
    protected function createSettingsModel()
    {
        return new OrganizationSettings();
    }

    /**
     * @inheritdoc
     */
    public function getSettingsResponse()
    {

        Craft::$app->getResponse()->redirect(
            UrlHelper::cpUrl('organization/configuration')
        );

        Craft::$app->end();
    }

    /**
     * Delete any existing field layouts, and create default settings
     */
    public function afterInstall()
    {

        // Create default field layout
        $fieldLayout = new FieldLayoutModel();
        $fieldLayout->type = self::class;

        // Delete existing layouts
        Craft::$app->getFields()->deleteLayoutsByType($fieldLayout->type);

        // Delete existing layouts
        Craft::$app->getFields()->deleteLayoutsByType(OrganizationType::class);

        // Save layout
        Craft::$app->getFields()->saveLayout($fieldLayout);

        // Set settings array
        $settings = [
            'fieldLayoutId' => $fieldLayout->id
        ];

        Craft::$app->getPlugins()->savePluginSettings(
            $this,
            $settings
        );

        // Do parent
        parent::afterInstall();
    }

    /**
     * Remove all field layouts
     */
    public function afterUninstall()
    {

        // Delete existing layouts
        Craft::$app->getFields()->deleteLayoutsByType(self::class);

        // Delete existing layouts
        Craft::$app->getFields()->deleteLayoutsByType(OrganizationType::class);

        // Do parent
        parent::afterUninstall();
    }

    /*******************************************
     * MODULES
     *******************************************/
    /**
     * @return modules\configuration\Module
     */
    public function getConfiguration()
    {
        return $this->getModule('configuration');
    }


    /*******************************************
     * SERVICES
     *******************************************/

    /**
     * @return services\Field
     */
    public function getField()
    {
        return $this->get('field');
    }

    /**
     * @return services\Organization
     */
    public function getOrganization()
    {
        return $this->get('organization');
    }

    /**
     * @return services\Permission
     */
    public function getPermission()
    {
        return $this->get('permission');
    }

    /**
     * @return services\Type
     */
    public function getType()
    {
        return $this->get('type');
    }

    /**
     * @return services\User
     */
    public function getUser()
    {
        return $this->get('user');
    }
}


1			<?php
2
3			/**
4			* @copyright Copyright (c) Flipbox Digital Limited
5			* @license https://flipboxfactory.com/software/organization/license
6			* @link https://www.flipboxfactory.com/software/organization/
7			*/
8
9			namespace flipbox\organization;
10
11			use Craft;
12			use craft\base\Plugin as BasePlugin;
13			use craft\events\RegisterComponentTypesEvent;
14			use craft\events\RegisterUrlRulesEvent;
15			use craft\helpers\UrlHelper;
16			use craft\models\FieldLayout as FieldLayoutModel;
17			use craft\services\Elements;
18			use craft\services\Fields;
19			use craft\web\twig\variables\CraftVariable;
20			use craft\web\UrlManager;
21			use flipbox\organization\controllers\OrganizationController;
22			use flipbox\organization\elements\Organization as OrganizationElement;
23			use flipbox\organization\fields\Organization as OrganizationField;
24			use flipbox\organization\fields\User as UserField;
25			use flipbox\organization\models\Settings as OrganizationSettings;
26			use flipbox\organization\models\Type as OrganizationType;
27			use flipbox\organization\web\twig\variables\Organization as OrganizationVariable;
28			use yii\base\Event;
29
30			/**
31			* @author Flipbox Factory <[email protected]>
32			* @since 1.0.0
33			*/
34			class Organization extends BasePlugin
35			{
36
37			/**
38			* @var array
39			*/
40			public $controllerMap = [
41			'save' => [
42			'class' => OrganizationController::class,
43			'defaultAction' => 'save'
44			],
45			'delete' => [
46			'class' => OrganizationController::class,
47			'defaultAction' => 'delete'
48			]
49			];
50
51			/**
52			* @inheritdoc
53			*/
54			public function init()
55			{
56
57			// Do parent
58			parent::init();
59
60			// Register our fields
61			Event::on(
62			Fields::class,
63			Fields::EVENT_REGISTER_FIELD_TYPES,
64			function (RegisterComponentTypesEvent $event) {
65			$event->types[] = OrganizationField::class;
66			$event->types[] = UserField::class;
67			}
68			);
69
70			// Register our elements
71			Event::on(
72			Elements::class,
73			Elements::EVENT_REGISTER_ELEMENT_TYPES,
74			function (RegisterComponentTypesEvent $event) {
75			$event->types[] = OrganizationElement::class;
76			}
77			);
78
79			// Register our CP routes
80			Event::on(
81			UrlManager::class,
82			UrlManager::EVENT_REGISTER_CP_URL_RULES,
83			[self::class, 'onRegisterCpUrlRules']
84			);
85
86			// Twig variables
87			Event::on(
88			CraftVariable::class,
89			CraftVariable::EVENT_INIT,
90			function (Event $event) {
91			/** @var CraftVariable $variable */
92			$variable = $event->sender;
93			$variable->set('organization', OrganizationVariable::class);
94			}
95			);
96			}
97
98
99			/*******************************************
100			* EVENTS
101			*******************************************/
102
103			/**
104			* @param RegisterUrlRulesEvent $event
105			*/
106			public static function onRegisterCpUrlRules(RegisterUrlRulesEvent $event)
107			{
108
109			$event->rules = array_merge(
110			$event->rules,
111			[
112			// SETTINGS
113			'organization/configuration' => 'organization/configuration/view/general/index',
114			'organization/configuration/layout' => 'organization/configuration/view/layout/index',
115			'organization/configuration/type' => 'organization/configuration/view/type/index',
116			'organization/configuration/type/new' => 'organization/configuration/view/type/upsert',
117			'organization/configuration/type/<typeIdentifier:\d+>' => 'organization/configuration/view/type/upsert',
118
119			// ORGANIZATION
120			'organization' => 'organization/view/organization/index',
121			'organization/new/<typeIdentifier:{handle}>' => 'organization/view/organization/upsert',
122			'organization/new' => 'organization/view/organization/upsert',
123			'organization/<identifier:\d+>' => 'organization/view/organization/upsert',
124			'organization/<identifier:\d+>/<typeIdentifier:{handle}>' => 'organization/view/organization/upsert'
125
126			]
127			);
128			}
129
130			/**
131			* @inheritdoc
132			*
133			* @return OrganizationSettings
134			*/
135			public function getSettings()
136			{
137			return parent::getSettings();
			0 ignored issues – show Bug Compatibility introduced 2017-03-16 23:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `parent::getSettings();` of type `craft\base\Model\|boolean\|null` adds the type `boolean` to the return on line 137 which is incompatible with the return type declared by the interface `craft\base\PluginInterface::getSettings` of type `craft\base\Model\|null`. Loading history...
138			}
139
140			/**
141			* @return OrganizationSettings
142			*/
143			protected function createSettingsModel()
144			{
145			return new OrganizationSettings();
146			}
147
148			/**
149			* @inheritdoc
150			*/
151			public function getSettingsResponse()
152			{
153
154			Craft::$app->getResponse()->redirect(
155			UrlHelper::cpUrl('organization/configuration')
156			);
157
158			Craft::$app->end();
159			}
160
161			/**
162			* Delete any existing field layouts, and create default settings
163			*/
164			public function afterInstall()
165			{
166
167			// Create default field layout
168			$fieldLayout = new FieldLayoutModel();
169			$fieldLayout->type = self::class;
170
171			// Delete existing layouts
172			Craft::$app->getFields()->deleteLayoutsByType($fieldLayout->type);
173
174			// Delete existing layouts
175			Craft::$app->getFields()->deleteLayoutsByType(OrganizationType::class);
176
177			// Save layout
178			Craft::$app->getFields()->saveLayout($fieldLayout);
179
180			// Set settings array
181			$settings = [
182			'fieldLayoutId' => $fieldLayout->id
183			];
184
185			Craft::$app->getPlugins()->savePluginSettings(
186			$this,
187			$settings
188			);
189
190			// Do parent
191			parent::afterInstall();
192			}
193
194			/**
195			* Remove all field layouts
196			*/
197			public function afterUninstall()
198			{
199
200			// Delete existing layouts
201			Craft::$app->getFields()->deleteLayoutsByType(self::class);
202
203			// Delete existing layouts
204			Craft::$app->getFields()->deleteLayoutsByType(OrganizationType::class);
205
206			// Do parent
207			parent::afterUninstall();
208			}
209
210			/*******************************************
211			* MODULES
212			*******************************************/
213			/**
214			* @return modules\configuration\Module
215			*/
216			public function getConfiguration()
217			{
218			return $this->getModule('configuration');
219			}
220
221
222			/*******************************************
223			* SERVICES
224			*******************************************/
225
226			/**
227			* @return services\Field
228			*/
229			public function getField()
230			{
231			return $this->get('field');
232			}
233
234			/**
235			* @return services\Organization
236			*/
237			public function getOrganization()
238			{
239			return $this->get('organization');
240			}
241
242			/**
243			* @return services\Permission
244			*/
245			public function getPermission()
246			{
247			return $this->get('permission');
248			}
249
250			/**
251			* @return services\Type
252			*/
253			public function getType()
254			{
255			return $this->get('type');
256			}
257
258			/**
259			* @return services\User
260			*/
261			public function getUser()
262			{
263			return $this->get('user');
264			}
265			}
266

flipbox / organization

Issues (60)

Security Analysis not enabled

src/Organization.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like