Issues in Field.php (master) - Issues in master - helmut/forms - Measure and Improve Code Quality continuously with Scrutinizer

Issues (24)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Field.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php 

namespace Helmut\Forms;

use Helmut\Forms\Utility\Str;
use Helmut\Forms\Utility\Reflect;

abstract class Field {

    /**
     * The parent form.
     *
     * @var \Helmut\Forms\Form
     */
    protected $form;

    /**
     * The type of the field.
     *
     * @var string
     */
    public $type;

    /**
     * The name of the field.
     *
     * @var string
     */
    public $name;

    /**
     * The unique id of the field.
     *
     * @var string
     */
    public $id;     

    /**
     * The label property of the field.
     *
     * @var string
     */
    public $label;

    /**
     * The default value of the field.
     *
     * @var mixed
     */
    protected $default;

    /**
     * Field is required.
     *
     * @var boolean
     */
    protected $required = false;

    /**
     * An array of validation methods.
     *
     * @var array
     */
    protected $validations = [];

    /**
     * An array of validation errors.
     *
     * @var array
     */
    protected $errors = [];

    /**
     * Create a field instance.
     *
     * @param  \Helmut\Forms\Form  $form
     * @param  string  $type
     * @param  string  $name
     */
    public function __construct(\Helmut\Forms\Form $form, $type, $name)
    {
        $this->form = $form;
        $this->type = $type;
        $this->name = $name;

        $this->setId();
    }

    /**
     * Return an the value of the field. For fields 
     * with multiple values return an array of values
     * using associative key names.
     *
     * @return array
     */
    abstract public function getValue();

    /**
     * Provide the key names of any buttons. Multiple
     * buttons may be returned using an array.
     *
     * @return mixed
     */    
    abstract public function getButtonName();

    /**
     * Return array of properties for renderering.
     *
     * @return array
     */
    abstract public function renderWith();

    /**
     * Set field value using provided default.
     *
     * @return void
     */
    abstract public function setValueFromDefault();

    /**
     * Set value using a model.
     *
     * @param object  $model
     * @return void
     */    
    abstract public function setValueFromModel($model);

    /**
     * Set value from the request.
     *
     * @param \Helmut\Forms\Request  $request
     * @return void
     */    
    abstract public function setValueFromRequest($request);

    /**
     * Fill a model with field values.
     *
     * @param object  $model
     * @return void
     */    
    abstract public function fillModelWithValue($model);

    /**
     * Return if field validates required.
     *
     * @return boolean
     */    
    abstract public function validateRequired();

    /**
     * Set a unique id.
     *
     * @return void
     */
    public function setId()
    {
        $id = $this->type.'_'.substr(md5($this->name), 0, 5);
        $this->id = $this->form->id.'_'.$id;
    }

    /**
     * Return an array of keys.
     *
     * @return array
     */
    public function keys()
    {
        return array_keys($this->values());
    }

    /**
     * Return an array of values.
     *
     * @return array
     */
    public function values() 
    {
        $values = $this->getValue();

        if (is_null($values)) {
            return [];
        } 

        if ( ! is_array($values)) {
            return [$this->name => $values];
        }

        return $values;
    }

    /**
     * Return an array of properties to be passed
     * to the template during rendering.
     *
     * @return array
     */    
    public function properties() 
    {
        $properties = $this->renderWith();

        if (is_null($properties)) {
            return [];
        }

        return $properties;
    }

    /**
     * Return an array of button keys.
     *
     * @return array
     */    
    public function buttons()
    {
        $buttons = $this->getButtonName();

        if (is_null($buttons)) {
            return [];
        }

        if ( ! is_array($buttons)) {
            return [$buttons];
        }

        return $buttons;
    }

    /**
     * Set the field value using default.
     *
     * @return void
     */ 
    public function setFromDefault()
    {
        if ( ! is_null($this->default)) {
            $this->setValueFromDefault();
        }
    }

    /**
     * Set the field value using request.
     *
     * @param \Helmut\Forms\Request  $request
     * @return void
     */ 
    public function setFromRequest($request)
    {
        $this->setValueFromRequest($request);
    }

    /**
     * Set the field values using a model.
     *
     * @param object  $model
     * @return void
     */     
    public function setFromModel($model)
    {
        $this->setValueFromModel($model);
    }

    /**
     * Fill a model with field value;
     *
     * @param object  $model
     * @return void
     */     
    public function fillModel($model)
    {
        $this->fillModelWithValue($model);
    }

    /**
     * Return the name.
     *
     * @return string
     */
    public function getName()
    {
        return $this->name;
    }    

    /**
     * Set the label property.
     *
     * @param string  $label
     * @return $this
     */
    public function setLabel($label)
    {
        $this->label = $label;

        return $this;
    }

    /**
     * Set required status.
     *
     * @param boolean  $status
     * @return $this
     */
    public function setRequired($status = true)
    {
        $this->required = $status;

        return $this;
    } 

    /**
     * Set the default value.
     *
     * @param mixed  $value
     * @return $this
     */
    public function setDefault($value) 
    {
        $this->default = $value;

        return $this;
    }

    /**
     * Check if valid.
     *
     * @return boolean
     */
    public function isValid() 
    {
        return count($this->errors) == 0;
    }

    /**
     * Check if invalid.
     *
     * @return boolean
     */
    public function isInvalid() 
    {
        return ! $this->isValid();
    }

    /**
     * Add a validation.
     *
     * @param string  $method     
     * @param array  $parameters     
     * @return void
     */
    protected function addValidation($method, $parameters) 
    {
        $this->validations[$method] = $parameters;
    }    

    /**
     * Perform all validations.
     *
     * @return void
     */
    public function runValidations() 
    {
        if ($this->required) {
            $this->callValidationMethod('validateRequired');
        }

        if ($this->isNotEmpty()) {

            if (method_exists($this, 'validate')) {
                $this->validate();

            }

            foreach ($this->validations as $validation => $parameters) {
                $this->callValidationMethod($validation, $parameters);
            }
        }

    }

    /**
     * Call a validation method.
     *
     * @return boolean
     */
    public function callValidationMethod($validation, $parameters = []) 
    {
        $method = Str::snake($validation);

        $validated = call_user_func_array([$this, $validation], $parameters);

        if ($validated) {
            $this->clearValidationError($method);
            return true;
        }

        $this->addValidationError($method, $parameters);
        return false;
    }    

    /**
     * Check if field is required.
     *
     * @return boolean
     */
    public function isRequired() 
    {
        return $this->required;
    }     

    /**
     * Check if field has been filled.
     *
     * @return boolean
     */
    public function isNotEmpty() 
    {
        return $this->validateRequired();
    }   

    /**
     * Return validation errors.
     *
     * @return array
     */
    public function errors() 
    {
        return $this->errors;
    }

    /**
     * Add a user defined validation error.
     *
     * @return array
     */
    public function error($message)
    {
        if ( ! isset($this->errors['userDefined'])) {
            $this->errors['userDefined'] = [];
        }

        $this->errors['userDefined'][] = $message;
    }

    /**
     * Add an internal validation error.
     *
     * @param string  $method     
     * @param array  $parameters     
     * @return void
     */
    protected function addValidationError($method, $parameters) 
    {
        $this->errors[$method] = $parameters;
    }

    /**
     * Remove all internal validation errors for a method.
     *
     * @param string  $method     
     * @return void
     */
    protected function clearValidationError($method) 
    {
        if (isset($this->errors[$method])) {
            unset($this->errors[$method]);
        }
    }    

    /**
     * Get the value of a field.
     *
     * @param  string  $key
     * @return mixed
     */
    public function value($key = null) 
    {
        $values = $this->values();

        if (is_null($key)) {
            
            if (count($values) == 0) {
                return null;
            }  

            if (count($values) == 1) {
                $values = current($values);
            }

            return $values;
        }
        
        $key = $this->name.'_'.$key;

        if (array_key_exists($key, $values)) {
            return $values[$key];
        }
    }

    /**
     * Translate a specific key.
     *
     * @param  string  $key
     * @return string
     */
    public function translate($key) 
    {
        return $this->form->translate($key, $this);
    }

    /**
     * Get the parent form.
     *
     * @return \Helmut\Forms\Form
     */
    public function getForm()
    {
        return $this->form;
    }   

    /**
     * Gives this class the ability to set and get any of the
     * properties of the instances that inherit from this class
     * using shorthand notation. Call label() instead of
     * setLabel() for example.
     *
     * Also it allows you to specify validations in the same dynamic
     * manner like required() or between(1, 10).
     *
     * @param string  $method
     * @param array  $parameters
     * @return mixed
     */
    public function __call($method, $parameters)
    {
        if ( ! method_exists($this, $method)) {

            $method = Str::studly($method);

            $name = 'set'.$method;
            if (method_exists($this, $name)) {
                return call_user_func_array([$this, $name], $parameters);
            }

            $name = 'validate'.$method;
            if (method_exists($this, $name)) {
                $arguments = Reflect::getParameters($this, $name);
                $parameters = array_pad($parameters, count($arguments), null);
                $this->addValidation($name, array_combine($arguments, $parameters));
                return $this;
            }           
        }
    }

}

1		<?php
2
3		namespace Helmut\Forms;
4
5		use Helmut\Forms\Utility\Str;
6		use Helmut\Forms\Utility\Reflect;
7
8		abstract class Field {
9
10		/**
11		* The parent form.
12		*
13		* @var \Helmut\Forms\Form
14		*/
15		protected $form;
16
17		/**
18		* The type of the field.
19		*
20		* @var string
21		*/
22		public $type;
23
24		/**
25		* The name of the field.
26		*
27		* @var string
28		*/
29		public $name;
30
31		/**
32		* The unique id of the field.
33		*
34		* @var string
35		*/
36		public $id;
37
38		/**
39		* The label property of the field.
40		*
41		* @var string
42		*/
43		public $label;
44
45		/**
46		* The default value of the field.
47		*
48		* @var mixed
49		*/
50		protected $default;
51
52		/**
53		* Field is required.
54		*
55		* @var boolean
56		*/
57		protected $required = false;
58
59		/**
60		* An array of validation methods.
61		*
62		* @var array
63		*/
64		protected $validations = [];
65
66		/**
67		* An array of validation errors.
68		*
69		* @var array
70		*/
71		protected $errors = [];
72
73		/**
74		* Create a field instance.
75		*
76		* @param \Helmut\Forms\Form $form
77	118	* @param string $type
78		* @param string $name
79	118	*/
80	118	public function __construct(\Helmut\Forms\Form $form, $type, $name)
81	118	{
82		$this->form = $form;
83	118	$this->type = $type;
84	118	$this->name = $name;
85
86		$this->setId();
87		}
88
89		/**
90		* Return an the value of the field. For fields
91		* with multiple values return an array of values
92		* using associative key names.
93		*
94		* @return array
95		*/
96		abstract public function getValue();
97
98		/**
99		* Provide the key names of any buttons. Multiple
100		* buttons may be returned using an array.
101		*
102		* @return mixed
103		*/
104		abstract public function getButtonName();
105
106		/**
107		* Return array of properties for renderering.
108		*
109		* @return array
110		*/
111		abstract public function renderWith();
112
113		/**
114		* Set field value using provided default.
115		*
116		* @return void
117		*/
118		abstract public function setValueFromDefault();
119
120		/**
121		* Set value using a model.
122		*
123		* @param object $model
124		* @return void
125		*/
126		abstract public function setValueFromModel($model);
127
128		/**
129		* Set value from the request.
130		*
131		* @param \Helmut\Forms\Request $request
132		* @return void
133		*/
134		abstract public function setValueFromRequest($request);
135
136		/**
137		* Fill a model with field values.
138		*
139		* @param object $model
140		* @return void
141		*/
142		abstract public function fillModelWithValue($model);
143
144		/**
145		* Return if field validates required.
146		*
147		* @return boolean
148		*/
149		abstract public function validateRequired();
150
151	118	/**
152		* Set a unique id.
153	118	*
154	118	* @return void
155	118	*/
156		public function setId()
157		{
158		$id = $this->type.'_'.substr(md5($this->name), 0, 5);
159		$this->id = $this->form->id.'_'.$id;
160		}
161
162	46	/**
163		* Return an array of keys.
164	46	*
165		* @return array
166		*/
167		public function keys()
168		{
169		return array_keys($this->values());
170		}
171
172	72	/**
173		* Return an array of values.
174	72	*
175		* @return array
176		*/
177		public function values()
178		{
179		$values = $this->getValue();
180
181		if (is_null($values)) {
182	45	return [];
183		}
184	45
185		if ( ! is_array($values)) {
186		return [$this->name => $values];
187		}
188
189		return $values;
190		}
191
192	118	/**
193		* Return an array of properties to be passed
194	118	* to the template during rendering.
195		*
196		* @return array
197		*/
198		public function properties()
199		{
200		$properties = $this->renderWith();
201
202	111	if (is_null($properties)) {
203		return [];
204	111	}
205	111
206		return $properties;
207		}
208
209		/**
210		* Return an array of button keys.
211		*
212		* @return array
213	7	*/
214		public function buttons()
215	7	{
216	7	$buttons = $this->getButtonName();
217
218		if (is_null($buttons)) {
219		return [];
220		}
221
222		if ( ! is_array($buttons)) {
223		return [$buttons];
224	9	}
225
226	9	return $buttons;
227	9	}
228
229		/**
230		* Set the field value using default.
231		*
232		* @return void
233		*/
234		public function setFromDefault()
235	13	{
236		if ( ! is_null($this->default)) {
237	13	$this->setValueFromDefault();
238	13	}
239		}
240
241		/**
242		* Set the field value using request.
243		*
244		* @param \Helmut\Forms\Request $request
245		* @return void
246		*/
247		public function setFromRequest($request)
248		{
249		$this->setValueFromRequest($request);
250		}
251
252		/**
253		* Set the field values using a model.
254		*
255		* @param object $model
256		* @return void
257		*/
258		public function setFromModel($model)
259		{
260		$this->setValueFromModel($model);
261		}
262
263		/**
264		* Fill a model with field value;
265		*
266		* @param object $model
267		* @return void
268		*/
269	27	public function fillModel($model)
270		{
271	27	$this->fillModelWithValue($model);
272		}
273	27
274		/**
275		* Return the name.
276		*
277		* @return string
278		*/
279		public function getName()
280		{
281		return $this->name;
282	45	}
283
284	45	/**
285		* Set the label property.
286	45	*
287		* @param string $label
288		* @return $this
289		*/
290		public function setLabel($label)
291		{
292		$this->label = $label;
293
294	72	return $this;
295		}
296	72
297		/**
298		* Set required status.
299		*
300		* @param boolean $status
301		* @return $this
302		*/
303		public function setRequired($status = true)
304	72	{
305		$this->required = $status;
306	72
307		return $this;
308		}
309
310		/**
311		* Set the default value.
312		*
313		* @param mixed $value
314	28	* @return $this
315		*/
316	28	public function setDefault($value)
317	24	{
318		$this->default = $value;
319
320	28	return $this;
321		}
322	22
323		/**
324	22	* Check if valid.
325	9	*
326		* @return boolean
327		*/
328	22	public function isValid()
329	17	{
330		return count($this->errors) == 0;
331		}
332
333	28	/**
334		* Check if invalid.
335		*
336		* @return boolean
337		*/
338		public function isInvalid()
339		{
340	27	return ! $this->isValid();
341		}
342	27
343		/**
344	27	* Add a validation.
345	27	*
346	27	* @param string $method
347		* @param array $parameters
348		* @return void
349	20	*/
350		protected function addValidation($method, $parameters)
351	20	{
352		$this->validations[$method] = $parameters;
353		}
354
355		/**
356		* Perform all validations.
357		*
358		* @return void
359	45	*/
360		public function runValidations()
361	45	{
362		if ($this->required) {
363		$this->callValidationMethod('validateRequired');
364		}
365
366		if ($this->isNotEmpty()) {
367
368		if (method_exists($this, 'validate')) {
369	28	$this->validate();
		0 ignored issues – show Bug introduced 2017-04-06 05:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `validate()` does not exist on `Helmut\Forms\Field`. Did you maybe mean `validateRequired()`? This check marks calls to methods that do not seem to exist on an object. This is most likely the result of a method being renamed without all references to it being renamed likewise. Loading history...
370		}
371	28
372		foreach ($this->validations as $validation => $parameters) {
373		$this->callValidationMethod($validation, $parameters);
374		}
375		}
376
377		}
378
379	1	/**
380		* Call a validation method.
381	1	*
382		* @return boolean
383		*/
384		public function callValidationMethod($validation, $parameters = [])
385		{
386		$method = Str::snake($validation);
387
388		$validated = call_user_func_array([$this, $validation], $parameters);
389
390		if ($validated) {
391		$this->clearValidationError($method);
392		return true;
393		}
394
395		$this->addValidationError($method, $parameters);
396		return false;
397		}
398
399		/**
400		* Check if field is required.
401		*
402	25	* @return boolean
403		*/
404	25	public function isRequired()
405		{
406	25	return $this->required;
407		}
408	23
409	17	/**
410		* Check if field has been filled.
411		*
412	23	* @return boolean
413		*/
414		public function isNotEmpty()
415	2	{
416		return $this->validateRequired();
417	2	}
418	2
419		/**
420		* Return validation errors.
421		*
422		* @return array
423		*/
424		public function errors()
425		{
426		return $this->errors;
427	75	}
428
429	75	/**
430		* Add a user defined validation error.
431		*
432		* @return array
433		*/
434		public function error($message)
435		{
436		if ( ! isset($this->errors['userDefined'])) {
437		$this->errors['userDefined'] = [];
438		}
439
440		$this->errors['userDefined'][] = $message;
441		}
442
443		/**
444		* Add an internal validation error.
445		*
446		* @param string $method
447		* @param array $parameters
448		* @return void
449		*/
450		protected function addValidationError($method, $parameters)
451		{
452		$this->errors[$method] = $parameters;
453		}
454
455	74	/**
456		* Remove all internal validation errors for a method.
457	74	*
458		* @param string $method
459	74	* @return void
460		*/
461	74	protected function clearValidationError($method)
462	74	{
463	74	if (isset($this->errors[$method])) {
464		unset($this->errors[$method]);
465		}
466	14	}
467	14
468		/**
469	14	* Get the value of a field.
470		*
471		* @param string $key
472	14	* @return mixed
473	14	*/
474	10	public function value($key = null)
475		{
476		$values = $this->values();
477	14
478		if (is_null($key)) {
479	14
480		if (count($values) == 0) {
481	14	return null;
482		}
483
484		if (count($values) == 1) {
485		$values = current($values);
486		}
487
488		return $values;
489		}
490
491		$key = $this->name.'_'.$key;
492
493		if (array_key_exists($key, $values)) {
494		return $values[$key];
495		}
496		}
497
498		/**
499		* Translate a specific key.
500		*
501		* @param string $key
502		* @return string
503		*/
504		public function translate($key)
505		{
506		return $this->form->translate($key, $this);
507		}
508
509		/**
510		* Get the parent form.
511		*
512		* @return \Helmut\Forms\Form
513		*/
514		public function getForm()
515		{
516		return $this->form;
517		}
518
519		/**
520		* Gives this class the ability to set and get any of the
521		* properties of the instances that inherit from this class
522		* using shorthand notation. Call label() instead of
523		* setLabel() for example.
524		*
525		* Also it allows you to specify validations in the same dynamic
526		* manner like required() or between(1, 10).
527		*
528		* @param string $method
529		* @param array $parameters
530		* @return mixed
531		*/
532		public function __call($method, $parameters)
533		{
534		if ( ! method_exists($this, $method)) {
535
536		$method = Str::studly($method);
537
538		$name = 'set'.$method;
539		if (method_exists($this, $name)) {
540		return call_user_func_array([$this, $name], $parameters);
541		}
542
543		$name = 'validate'.$method;
544		if (method_exists($this, $name)) {
545		$arguments = Reflect::getParameters($this, $name);
546		$parameters = array_pad($parameters, count($arguments), null);
547		$this->addValidation($name, array_combine($arguments, $parameters));
548		return $this;
549		}
550		}
551		}
552
553		}

helmut / forms

Issues (24)

Security Analysis not enabled

src/Field.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like