Issues in Reader.php (master) - Issues in master - fpietka/Zend-Nested-Set - Measure and Improve Code Quality continuously with Scrutinizer

Issues (6)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

library/Nestedset/Model/Reader.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

class Nestedset_Model_Reader
{
    /**
     * Get all elements from nested set
     *
     * @param $model|NestedSet_Model    Nested set model
     * @param $depth|array      Array of depth wanted. Default is all
     * @param $mode|string      Mode of depth selection: include/exclude
     * @param $order|string     Mode of sort
     *
     * @return array
     */
    public function getAll(NestedSet_Model $nestedset, $depth = null, $mode = 'include', $order = 'ASC')
    {
        $db = $nestedset->getDb();

        $query = "
            SELECT
                node.{$nestedset->getStructureId()},
                node.{$nestedset->getStructureName()},
                node.{$nestedset->getStructureLeft()},
                node.{$nestedset->getStructureRight()},
                COUNT(parent.{$nestedset->getStructureName()}) - 1 AS depth
            FROM
                {$nestedset->getTableName()} AS node,
                {$nestedset->getTableName()} AS parent
            WHERE node.{$nestedset->getStructureLeft()} BETWEEN parent.{$nestedset->getStructureLeft()} AND parent.{$nestedset->getStructureRight()}
            GROUP BY node.{$nestedset->getStructureId()}, node.{$nestedset->getStructureName()}, node.{$nestedset->getStructureLeft()}, node.{$nestedset->getStructureRight()}
        ";

        // Handle depth if required
        if (!is_null($depth)) {
            if (!is_array($depth)) {
                $depth = (int) $depth;

                if ($mode == 'exclude') {
                    $mode = '=';
                } else {
                    $mode = '!=';
                }

                $query .= "HAVING COUNT(parent.{$nestedset->getStructureName()}) - 1 $mode $depth";
            } else {
                foreach ($depth as &$one) {
                    $one = (int) $one;
                }
                $depth = implode(', ', $depth);

                if ($mode == 'exclude') {
                    $mode = 'NOT IN';
                } else {
                    $mode = 'IN';
                }

                $query .= "HAVING COUNT(parent.{$nestedset->getStructureName()}) - 1 $mode ($depth)";
            }
        }

        $query .= " ORDER BY node.{$nestedset->getStructureLeft()} $order;";

        $stmt  = $db->query($query);
        $nodes = $stmt->fetchAll();

        return $nodes;
    }

    /**
     * Get one element with its children.
     * @TODO depth
     *
     * @param $model|NestedSet_Model    Nested set model
     * @param $elementId|int    Element Id
     * @param $depth|int        Optional, depth of the tree. Default null means
     *                          full tree
     *
     * @return array
     */
    public function getElement(NestedSet_Model $nestedset, $elementId, $depth = null, $order = 'ASC')

    {
        // @TODO: test -> if multiple elements with depth 1 are found -> error
        $db = $nestedset->getDb();

        // Get main element left and right
        $select = $db
            ->select()
            ->from($nestedset->getTableName(), array($nestedset->getStructureLeft(), $nestedset->getStructureRight()))
            ->where($nestedset->getStructureId() . ' = ?', $elementId);

        $stmt    = $db->query($select);
        $element = $stmt->fetch();

        // Get the tree
        $query = "
            SELECT
                node.{$nestedset->getStructureId()},
                node.{$nestedset->getStructureName()},
                node.{$nestedset->getStructureLeft()},
                node.{$nestedset->getStructureRight()},
                COUNT(parent.{$nestedset->getStructureName()}) - 1 AS depth
              FROM
                {$nestedset->getTableName()} AS node,
                {$nestedset->getTableName()} AS parent
             WHERE node.{$nestedset->getStructureLeft()} BETWEEN parent.{$nestedset->getStructureLeft()} AND parent.{$nestedset->getStructureRight()}
               AND node.{$nestedset->getStructureLeft()} BETWEEN {$element[$nestedset->getStructureLeft()]} AND {$element[$nestedset->getStructureRight()]}
             GROUP BY node.{$nestedset->getStructureId()}, node.{$nestedset->getStructureName()}, node.{$nestedset->getStructureLeft()}, node.{$nestedset->getStructureRight()}
             ORDER BY node.{$nestedset->getStructureLeft()} $order
        ";

        $stmt  = $db->query($query);
        $nodes = $stmt->fetchAll();

        return $nodes;
    }

    /**
     * Get width of a node
     *
     * @param $model|NestedSet_Model    Nested set model
     * @param $elementId|int    Id of the node
     *
     * @return int
     */
    public function getNodeWidth(NestedSet_Model $nestedset, $elementId)
    {
        $db = $nestedset->getDb();

        $stmt = $db->query("
            SELECT {$nestedset->getStructureRight()} - {$nestedset->getStructureLeft()} + 1
              FROM {$nestedset->getTableName()}
             WHERE {$nestedset->getStructureId()} = $elementId
        ");
        $width = $stmt->fetchColumn();

        return $width;
    }

    /**
     * Get all nodes without children
     *
     * @param $model|NestedSet_Model    Nested set model
     *
     * @return array
     */
    public function getLeafs(NestedSet_Model $nestedset)
    {
        $db = $nestedset->getDb();

        $select = $db
            ->select()
            ->from($nestedset->getTableName(), array($nestedset->getStructureId(), $nestedset->getStructureName()))
            ->where("{$nestedset->getStructureRight()} = {$nestedset->getStructureLeft()} + 1");

        $stmt   = $db->query($select);
        $result = $stmt->fetchAll();

        return $result;
    }

    /**
     * Get path of an element
     *
     * @param $model|NestedSet_Model    Nested set model
     * @param $elementId|int    Id of the element we want the path of
     *
     * @return array
     */
    public function getPath(NestedSet_Model $nestedset, $elementId, $order = 'ASC')
    {
        $db = $nestedset->getDb();

        $query = "
            SELECT
                node.{$nestedset->getStructureId()},
                node.{$nestedset->getStructureName()},
                COUNT(parent.{$nestedset->getStructureName()}) - 1 AS depth
            FROM
                {$nestedset->getTableName()} AS node,
                {$nestedset->getTableName()} AS parent
            WHERE node.{$nestedset->getStructureLeft()} BETWEEN parent.{$nestedset->getStructureLeft()} AND parent.{$nestedset->getStructureRight()}
              AND node.{$nestedset->getStructureId()} = $elementId
            GROUP BY node.{$nestedset->getStructureId()}, node.{$nestedset->getStructureName()}, node.{$nestedset->getStructureLeft()}
            ORDER BY node.{$nestedset->getStructureLeft()} $order;
        ";

        $stmt = $db->query($query);
        $path = $stmt->fetchAll();

        return $path;
    }

    /**
     * Get the parent of an element.
     *
     * @param $model|NestedSet_Model    Nested set model
     * @param $elementId|int    Element ID
     * @param $depth|int        Depth of the parent, compared to the child.
     *                          Default is 1 (as immediate)
     *
     * @return array|false
     */
    public function getParent(NestedSet_Model $nestedset, $elementId, $depth = 1)
    {
        $db = $nestedset->getDb();

        $select = $db
            ->select()
            ->from($nestedset->getTableName(), array($nestedset->getStructureLeft(), $nestedset->getStructureRight()))
            ->where($nestedset->getStructureId() . ' = ?', $elementId);

        $stmt  = $db->query($select);
        $child = $stmt->fetch();

        $select = $db
            ->select()
            ->from($nestedset->getTableName(), array($nestedset->getStructureId(), $nestedset->getStructureName()))
            ->where($nestedset->getStructureLeft() . ' < ?', $child[$nestedset->getStructureLeft()])
            ->where($nestedset->getStructureRight() . ' > ?', $child[$nestedset->getStructureRight()])
            ->order('(' . $child[$nestedset->getStructureLeft()] . ' - ' . $nestedset->getStructureLeft() . ')')
            ->limitPage($depth, 1);

        $stmt   = $db->query($select);
        $result = $stmt->fetch();

        return $result;
    }

    /**
     * Returns if the element is root.
     *
     * @param $model|NestedSet_Model    Nested set model
     * @param $elementId|int    Element ID
     *
     * @return boolean
     */
    public function isRoot(NestedSet_Model $nestedset, $elementId)
    {
        $db = $nestedset->getDb();

        $query = "
            SELECT 1
              FROM {$nestedset->getTableName()}
             WHERE {$nestedset->getStructureId()} = $elementId
               AND {$nestedset->getStructureLeft()} = (
                       SELECT MIN({$nestedset->getStructureLeft()})
                       FROM {$nestedset->getTableName()}
                   )
               AND {$nestedset->getStructureRight()} = (
                       SELECT MAX({$nestedset->getStructureRight()})
                         FROM {$nestedset->getTableName()}
                   )
        ";

        $stmt   = $db->query($query);
        $result = $stmt->fetchColumn();

        return (boolean) $result;
    }
}


1			<?php
2
3			class Nestedset_Model_Reader
4			{
5			/**
6			* Get all elements from nested set
7			*
8			* @param $model\|NestedSet_Model Nested set model
9			* @param $depth\|array Array of depth wanted. Default is all
10			* @param $mode\|string Mode of depth selection: include/exclude
11			* @param $order\|string Mode of sort
12			*
13			* @return array
14			*/
15			public function getAll(NestedSet_Model $nestedset, $depth = null, $mode = 'include', $order = 'ASC')
16			{
17			$db = $nestedset->getDb();
18
19			$query = "
20			SELECT
21			node.{$nestedset->getStructureId()},
22			node.{$nestedset->getStructureName()},
23			node.{$nestedset->getStructureLeft()},
24			node.{$nestedset->getStructureRight()},
25			COUNT(parent.{$nestedset->getStructureName()}) - 1 AS depth
26			FROM
27			{$nestedset->getTableName()} AS node,
28			{$nestedset->getTableName()} AS parent
29			WHERE node.{$nestedset->getStructureLeft()} BETWEEN parent.{$nestedset->getStructureLeft()} AND parent.{$nestedset->getStructureRight()}
30			GROUP BY node.{$nestedset->getStructureId()}, node.{$nestedset->getStructureName()}, node.{$nestedset->getStructureLeft()}, node.{$nestedset->getStructureRight()}
31			";
32
33			// Handle depth if required
34			if (!is_null($depth)) {
35			if (!is_array($depth)) {
36			$depth = (int) $depth;
37
38			if ($mode == 'exclude') {
39			$mode = '=';
40			} else {
41			$mode = '!=';
42			}
43
44			$query .= "HAVING COUNT(parent.{$nestedset->getStructureName()}) - 1 $mode $depth";
45			} else {
46			foreach ($depth as &$one) {
47			$one = (int) $one;
48			}
49			$depth = implode(', ', $depth);
50
51			if ($mode == 'exclude') {
52			$mode = 'NOT IN';
53			} else {
54			$mode = 'IN';
55			}
56
57			$query .= "HAVING COUNT(parent.{$nestedset->getStructureName()}) - 1 $mode ($depth)";
58			}
59			}
60
61			$query .= " ORDER BY node.{$nestedset->getStructureLeft()} $order;";
62
63			$stmt = $db->query($query);
64			$nodes = $stmt->fetchAll();
65
66			return $nodes;
67			}
68
69			/**
70			* Get one element with its children.
71			* @TODO depth
72			*
73			* @param $model\|NestedSet_Model Nested set model
74			* @param $elementId\|int Element Id
75			* @param $depth\|int Optional, depth of the tree. Default null means
76			* full tree
77			*
78			* @return array
79			*/
80			public function getElement(NestedSet_Model $nestedset, $elementId, $depth = null, $order = 'ASC')
			0 ignored issues – show Unused Code introduced 2018-10-17 10:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$depth` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
81			{
82			// @TODO: test -> if multiple elements with depth 1 are found -> error
83			$db = $nestedset->getDb();
84
85			// Get main element left and right
86			$select = $db
87			->select()
88			->from($nestedset->getTableName(), array($nestedset->getStructureLeft(), $nestedset->getStructureRight()))
89			->where($nestedset->getStructureId() . ' = ?', $elementId);
90
91			$stmt = $db->query($select);
92			$element = $stmt->fetch();
93
94			// Get the tree
95			$query = "
96			SELECT
97			node.{$nestedset->getStructureId()},
98			node.{$nestedset->getStructureName()},
99			node.{$nestedset->getStructureLeft()},
100			node.{$nestedset->getStructureRight()},
101			COUNT(parent.{$nestedset->getStructureName()}) - 1 AS depth
102			FROM
103			{$nestedset->getTableName()} AS node,
104			{$nestedset->getTableName()} AS parent
105			WHERE node.{$nestedset->getStructureLeft()} BETWEEN parent.{$nestedset->getStructureLeft()} AND parent.{$nestedset->getStructureRight()}
106			AND node.{$nestedset->getStructureLeft()} BETWEEN {$element[$nestedset->getStructureLeft()]} AND {$element[$nestedset->getStructureRight()]}
107			GROUP BY node.{$nestedset->getStructureId()}, node.{$nestedset->getStructureName()}, node.{$nestedset->getStructureLeft()}, node.{$nestedset->getStructureRight()}
108			ORDER BY node.{$nestedset->getStructureLeft()} $order
109			";
110
111			$stmt = $db->query($query);
112			$nodes = $stmt->fetchAll();
113
114			return $nodes;
115			}
116
117			/**
118			* Get width of a node
119			*
120			* @param $model\|NestedSet_Model Nested set model
121			* @param $elementId\|int Id of the node
122			*
123			* @return int
124			*/
125			public function getNodeWidth(NestedSet_Model $nestedset, $elementId)
126			{
127			$db = $nestedset->getDb();
128
129			$stmt = $db->query("
130			SELECT {$nestedset->getStructureRight()} - {$nestedset->getStructureLeft()} + 1
131			FROM {$nestedset->getTableName()}
132			WHERE {$nestedset->getStructureId()} = $elementId
133			");
134			$width = $stmt->fetchColumn();
135
136			return $width;
137			}
138
139			/**
140			* Get all nodes without children
141			*
142			* @param $model\|NestedSet_Model Nested set model
143			*
144			* @return array
145			*/
146			public function getLeafs(NestedSet_Model $nestedset)
147			{
148			$db = $nestedset->getDb();
149
150			$select = $db
151			->select()
152			->from($nestedset->getTableName(), array($nestedset->getStructureId(), $nestedset->getStructureName()))
153			->where("{$nestedset->getStructureRight()} = {$nestedset->getStructureLeft()} + 1");
154
155			$stmt = $db->query($select);
156			$result = $stmt->fetchAll();
157
158			return $result;
159			}
160
161			/**
162			* Get path of an element
163			*
164			* @param $model\|NestedSet_Model Nested set model
165			* @param $elementId\|int Id of the element we want the path of
166			*
167			* @return array
168			*/
169			public function getPath(NestedSet_Model $nestedset, $elementId, $order = 'ASC')
170			{
171			$db = $nestedset->getDb();
172
173			$query = "
174			SELECT
175			node.{$nestedset->getStructureId()},
176			node.{$nestedset->getStructureName()},
177			COUNT(parent.{$nestedset->getStructureName()}) - 1 AS depth
178			FROM
179			{$nestedset->getTableName()} AS node,
180			{$nestedset->getTableName()} AS parent
181			WHERE node.{$nestedset->getStructureLeft()} BETWEEN parent.{$nestedset->getStructureLeft()} AND parent.{$nestedset->getStructureRight()}
182			AND node.{$nestedset->getStructureId()} = $elementId
183			GROUP BY node.{$nestedset->getStructureId()}, node.{$nestedset->getStructureName()}, node.{$nestedset->getStructureLeft()}
184			ORDER BY node.{$nestedset->getStructureLeft()} $order;
185			";
186
187			$stmt = $db->query($query);
188			$path = $stmt->fetchAll();
189
190			return $path;
191			}
192
193			/**
194			* Get the parent of an element.
195			*
196			* @param $model\|NestedSet_Model Nested set model
197			* @param $elementId\|int Element ID
198			* @param $depth\|int Depth of the parent, compared to the child.
199			* Default is 1 (as immediate)
200			*
201			* @return array\|false
202			*/
203			public function getParent(NestedSet_Model $nestedset, $elementId, $depth = 1)
204			{
205			$db = $nestedset->getDb();
206
207			$select = $db
208			->select()
209			->from($nestedset->getTableName(), array($nestedset->getStructureLeft(), $nestedset->getStructureRight()))
210			->where($nestedset->getStructureId() . ' = ?', $elementId);
211
212			$stmt = $db->query($select);
213			$child = $stmt->fetch();
214
215			$select = $db
216			->select()
217			->from($nestedset->getTableName(), array($nestedset->getStructureId(), $nestedset->getStructureName()))
218			->where($nestedset->getStructureLeft() . ' < ?', $child[$nestedset->getStructureLeft()])
219			->where($nestedset->getStructureRight() . ' > ?', $child[$nestedset->getStructureRight()])
220			->order('(' . $child[$nestedset->getStructureLeft()] . ' - ' . $nestedset->getStructureLeft() . ')')
221			->limitPage($depth, 1);
222
223			$stmt = $db->query($select);
224			$result = $stmt->fetch();
225
226			return $result;
227			}
228
229			/**
230			* Returns if the element is root.
231			*
232			* @param $model\|NestedSet_Model Nested set model
233			* @param $elementId\|int Element ID
234			*
235			* @return boolean
236			*/
237			public function isRoot(NestedSet_Model $nestedset, $elementId)
238			{
239			$db = $nestedset->getDb();
240
241			$query = "
242			SELECT 1
243			FROM {$nestedset->getTableName()}
244			WHERE {$nestedset->getStructureId()} = $elementId
245			AND {$nestedset->getStructureLeft()} = (
246			SELECT MIN({$nestedset->getStructureLeft()})
247			FROM {$nestedset->getTableName()}
248			)
249			AND {$nestedset->getStructureRight()} = (
250			SELECT MAX({$nestedset->getStructureRight()})
251			FROM {$nestedset->getTableName()}
252			)
253			";
254
255			$stmt = $db->query($query);
256			$result = $stmt->fetchColumn();
257
258			return (boolean) $result;
259			}
260			}
261

fpietka / Zend-Nested-Set

Issues (6)

Security Analysis no request data

library/Nestedset/Model/Reader.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like