This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Finance module for HiPanel |
||
4 | * |
||
5 | * @link https://github.com/hiqdev/hipanel-module-finance |
||
6 | * @package hipanel-module-finance |
||
7 | * @license BSD-3-Clause |
||
8 | * @copyright Copyright (c) 2015-2019, HiQDev (http://hiqdev.com/) |
||
9 | */ |
||
10 | |||
11 | namespace hipanel\modules\finance\cart; |
||
12 | |||
13 | use hipanel\modules\finance\logic\Calculator; |
||
14 | use hipanel\modules\finance\models\Calculation; |
||
15 | use hipanel\modules\finance\models\Value; |
||
16 | use hiqdev\yii2\cart\ShoppingCart; |
||
17 | use Yii; |
||
18 | use yii\web\UnprocessableEntityHttpException; |
||
19 | use yz\shoppingcart\CartActionEvent; |
||
20 | |||
21 | /** |
||
22 | * Class CartCalculator provides API to calculate [[cart]] positions value. |
||
23 | * |
||
24 | * Usage: |
||
25 | * |
||
26 | * ```php |
||
27 | * $calculator = new CartCalculator($this->cart); |
||
28 | * |
||
29 | * $calculator->run(); // will calculate prices for all cart positions and update them |
||
30 | * ``` |
||
31 | * |
||
32 | * Also can be bound to some cart event as handler: |
||
33 | * |
||
34 | * ```php |
||
35 | * $cart->on(Cart::EVENT_UPDATE, [CartCalculator::class, 'handle']); |
||
36 | * ``` |
||
37 | */ |
||
38 | final class CartCalculator extends Calculator |
||
39 | { |
||
40 | /** |
||
41 | * @var AbstractCartPosition[] |
||
42 | */ |
||
43 | protected $models; |
||
44 | |||
45 | /** |
||
46 | * @var ShoppingCart |
||
47 | */ |
||
48 | public $cart; |
||
49 | |||
50 | /** |
||
51 | * @var CartActionEvent |
||
52 | */ |
||
53 | public $event; |
||
54 | /** |
||
55 | * @var string[] |
||
56 | */ |
||
57 | private $positionsBeingRemoved = []; |
||
58 | |||
59 | /** |
||
60 | * Creates the instance of the object and runs the calculation. |
||
61 | * |
||
62 | * @param CartActionEvent $event The event |
||
63 | * @void |
||
64 | */ |
||
65 | public static function handle($event) |
||
66 | { |
||
67 | /** @var ShoppingCart $cart */ |
||
68 | $cart = $event->sender; |
||
69 | |||
70 | $calculator = new static($cart); |
||
71 | if ($event->action === CartActionEvent::ACTION_BEFORE_REMOVE && $event->position !== null) { |
||
72 | $calculator->positionsBeingRemoved[] = $event->position->getId(); |
||
73 | } |
||
74 | |||
75 | /** @noinspection UnusedFunctionResultInspection */ |
||
76 | $calculator->execute(); |
||
77 | } |
||
78 | |||
79 | /** |
||
80 | * @param ShoppingCart $cart |
||
81 | */ |
||
82 | public function __construct(ShoppingCart $cart) |
||
83 | { |
||
84 | $this->cart = $cart; |
||
85 | |||
86 | parent::__construct($this->cart->positions); |
||
0 ignored issues
–
show
|
|||
87 | } |
||
88 | |||
89 | /** |
||
90 | * {@inheritdoc} |
||
91 | */ |
||
92 | public function execute() |
||
93 | { |
||
94 | // Do not try to calculate position that is being removed |
||
95 | foreach ($this->positionsBeingRemoved as $id) { |
||
96 | unset($this->models[$id]); |
||
97 | } |
||
98 | |||
99 | try { |
||
100 | parent::execute(); |
||
101 | } catch (UnprocessableEntityHttpException $e) { |
||
102 | throw CartIsBrokenException::forCart( |
||
103 | $this->cart, |
||
104 | Yii::t('hipanel:finance', 'Failed to calculate cart: {reason}', ['reason' => $e->getMessage()]) |
||
105 | ); |
||
106 | } |
||
107 | |||
108 | $this->applyCalculations(); |
||
109 | return $this->calculations; |
||
110 | } |
||
111 | |||
112 | /** |
||
113 | * Updates positions using the calculations provided with [[getCalculation]]. |
||
114 | */ |
||
115 | private function applyCalculations() |
||
116 | { |
||
117 | foreach ($this->models as $position) { |
||
118 | $id = $position->id; |
||
0 ignored issues
–
show
The property
id does not exist on object<hipanel\modules\f...t\AbstractCartPosition> . Since you implemented __set , maybe consider adding a @property annotation.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
119 | $calculation = $this->getCalculation($id); |
||
120 | if (!$calculation instanceof Calculation) { |
||
121 | Yii::error('Cart position "' . $position->getName() . '" was removed from the cart because of failed value calculation. Normally this should never happen.', 'hipanel.cart'); |
||
122 | $this->cart->removeById($position->id); |
||
0 ignored issues
–
show
The property
id does not exist on object<hipanel\modules\f...t\AbstractCartPosition> . Since you implemented __get , maybe consider adding a @property annotation.
Since your code implements the magic getter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
If the property has read access only, you can use the @property-read annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
123 | break; |
||
124 | } |
||
125 | |||
126 | $value = $this->getValue($position, $calculation); |
||
127 | $this->ensureCurrencyIsNotConflictingWithCart($position, $value); |
||
128 | |||
129 | $position->setPrice($value->price); |
||
130 | $position->setValue($value->value); |
||
131 | $position->setCurrency($value->currency); |
||
132 | } |
||
133 | } |
||
134 | |||
135 | private function getValue(AbstractCartPosition $position, Calculation $calculation): Value |
||
136 | { |
||
137 | $currency = Yii::$app->params['currency']; |
||
138 | |||
139 | /** @var Value $value */ |
||
140 | $value = $calculation->forCurrency($currency); |
||
141 | if (!$value instanceof Value) { |
||
142 | Yii::error('Cart position "' . $position->getName() . '" was removed from the cart because calculation for currency "' . $value->currency . '" is not available', 'hipanel.cart'); |
||
143 | $this->cart->removeById($position->id); |
||
0 ignored issues
–
show
The property
id does not exist on object<hipanel\modules\f...t\AbstractCartPosition> . Since you implemented __get , maybe consider adding a @property annotation.
Since your code implements the magic getter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
If the property has read access only, you can use the @property-read annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
144 | } |
||
145 | |||
146 | return $value; |
||
147 | } |
||
148 | |||
149 | private function ensureCurrencyIsNotConflictingWithCart(AbstractCartPosition $position, Value $value): void |
||
150 | { |
||
151 | if ($this->cart->getCurrency() && $value->currency !== $this->cart->getCurrency()) { |
||
152 | throw MultiCurrencyException::forPosition($position, $this->cart, Yii::t('cart', 'Sorry, but now it is impossible to add the position with different currencies to the cart. Pay the current order to add this item to the cart.')); |
||
153 | } |
||
154 | } |
||
155 | } |
||
156 |
It seems like the type of the argument is not accepted by the function/method which you are calling.
In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug.
We suggest to add an explicit type cast like in the following example: