Issues in FeaturedColumnTrait.php (master) - Issues in master - hiqdev/yii2-higrid - Measure and Improve Code Quality continuously with Scrutinizer

Issues (5)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/FeaturedColumnTrait.php (1 issue)

Labels

Bug 1

Severity

Critical 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Advanced Grid for Yii2.
 *
 * @link      https://github.com/hiqdev/yii2-higrid
 * @package   yii2-higrid
 * @license   BSD-3-Clause
 * @copyright Copyright (c) 2015-2017, HiQDev (http://hiqdev.com/)
 */

namespace hiqdev\higrid;

use Closure;
use Yii;
use yii\helpers\ArrayHelper;
use yii\helpers\Json;

/**
 * Trait FeaturedColumnTrait.
 *
 * Gives the next features:
 * - popover text shown at header cell
 * - filterAttribute: to specify name of attribute used for filtering distinct from attribute
 * - resizable columns
 */
trait FeaturedColumnTrait
{
    /**
     * @var string Popover text
     */
    public $popover;

    /**
     * @var array Options to popover()
     */
    public $popoverOptions = [
        'placement' => 'bottom',
        'selector' => 'a',
    ];

    /**
     * Like a `DataColumn::value` for change the value of the column for export to CSV, TSV etc.
     *
     * @var string|Closure an anonymous function or a string that is used to determine the value to display in the export column.
     *
     * If this is an anonymous function, it will be called for each row and the return value will be used as the value to
     * display for every data model. The signature of this function should be: `function ($model, $key, $index, $column)`.
     * Where `$model`, `$key`, and `$index` refer to the model, key and index of the row currently being rendered
     * and `$column` is a reference to the [[DataColumn]] object.
     */
    public $exportedValue;

    /**
     * A list of column names from the current grid that should be inserted instead of the current one during export
     */
    public array $exportedColumns = [];


    /**
     * {@inheritdoc}
     */
    public function init()
    {
        parent::init();

        if ($this->grid->resizableColumns !== false && !isset($this->headerOptions['data-resizable-column-id'])) {
            $this->headerOptions['data-resizable-column-id'] = $this->attribute;
        }

        if ($this->hasProperty('defaultOptions')) {
            foreach ($this->defaultOptions as $k => $v) {
                $this->{$k} = ArrayHelper::merge($v, $this->{$k});
            }
        }
        $this->registerClientScript();
    }

    /**
     * {@inheritdoc}
     */
    public function registerClientScript()
    {
        $view = Yii::$app->getView();
        $ops = Json::encode($this->popoverOptions);
        if (property_exists($this, 'grid')) {
            $view->registerJs("$('#{$this->grid->id} thead th[data-attribute=\"{$this->attribute}\"]').popover($ops);", \yii\web\View::POS_READY);
        } else {
            $view->registerJs("$('table[role=\"grid\"] thead th[data-attribute=\"{$this->attribute}\"]').popover($ops);", \yii\web\View::POS_READY);
        }
    }

    /**
     * {@inheritdoc}
     */
    public function renderHeaderCellContent()
    {
        /// XXX better change yii
        if ($this->hasProperty('attribute')) {
            $save = $this->attribute;
            $this->attribute = $this->getSortAttribute();
        }

        if ($this->popover) {
            $this->headerOptions = ArrayHelper::merge($this->headerOptions, [
                'data' => [
                    'toggle' => 'popover',
                    'trigger' => 'hover',
                    'content' => $this->popover,
                    'attribute' => $this->attribute,
                ],
            ]);
        }

        $res = parent::renderHeaderCellContent();
        if ($this->hasProperty('attribute')) {
            $this->attribute = $save;
        }

        return $res;
    }

    /**
     * @var string name for filter input
     */
    public $sortAttribute;

    /**
     * Getter for sortAttribute.
     */
    public function getSortAttribute()
    {
        if ($this->sortAttribute === false) {
            return false;
        }

        return $this->sortAttribute ?: $this->attribute;
    }

    /**
     * @var string name for filter input
     */
    public $filterAttribute;

    /**
     * Getter for filterAttribute.
     */
    public function getFilterAttribute()
    {
        return $this->filterAttribute ?: $this->attribute;
    }

    /**
     * @var string|array|boolean|callable the HTML code representing a filter input (e.g. a text field, a dropdown list)
     * that is used for this data column. This property is effective only when [[GridView::filterModel]] is set.
     *
     * - If this property is not set, a text field will be generated as the filter input;
     * - If this property is an array, a dropdown list will be generated that uses this property value as
     *   the list options.
     * - If this property is a closure, it's output will be used as a filter value.
     * Example determination of closure: `function ($dataColumn, $model, $attribute) { ... }`
     * - If you don't want a filter for this data column, set this value to be false.
     */
    public $filter;

    /**
     * {@inheritdoc}
     */
    protected function renderFilterCellContent()
    {
        if ($this->filter instanceof Closure) {
            return call_user_func($this->filter, $this, $this->grid->filterModel, $this->attribute);
        }
        /// XXX better change yii
        if ($this->hasProperty('attribute')) {
            $save = $this->attribute;
            $this->attribute = $this->getFilterAttribute();
        }
        $out = parent::renderFilterCellContent();
        if ($this->hasProperty('attribute')) {
            $this->attribute = $save;
        }

        return $out;
    }
}


1			<?php
2			/**
3			* Advanced Grid for Yii2.
4			*
5			* @link https://github.com/hiqdev/yii2-higrid
6			* @package yii2-higrid
7			* @license BSD-3-Clause
8			* @copyright Copyright (c) 2015-2017, HiQDev (http://hiqdev.com/)
9			*/
10
11			namespace hiqdev\higrid;
12
13			use Closure;
14			use Yii;
15			use yii\helpers\ArrayHelper;
16			use yii\helpers\Json;
17
18			/**
19			* Trait FeaturedColumnTrait.
20			*
21			* Gives the next features:
22			* - popover text shown at header cell
23			* - filterAttribute: to specify name of attribute used for filtering distinct from attribute
24			* - resizable columns
25			*/
26			trait FeaturedColumnTrait
27			{
28			/**
29			* @var string Popover text
30			*/
31			public $popover;
32
33			/**
34			* @var array Options to popover()
35			*/
36			public $popoverOptions = [
37			'placement' => 'bottom',
38			'selector' => 'a',
39			];
40
41			/**
42			* Like a `DataColumn::value` for change the value of the column for export to CSV, TSV etc.
43			*
44			* @var string\|Closure an anonymous function or a string that is used to determine the value to display in the export column.
45			*
46			* If this is an anonymous function, it will be called for each row and the return value will be used as the value to
47			* display for every data model. The signature of this function should be: `function ($model, $key, $index, $column)`.
48			* Where `$model`, `$key`, and `$index` refer to the model, key and index of the row currently being rendered
49			* and `$column` is a reference to the [[DataColumn]] object.
50			*/
51			public $exportedValue;
52
53			/**
54			* A list of column names from the current grid that should be inserted instead of the current one during export
55			*/
56			public array $exportedColumns = [];
			0 ignored issues – show Bug introduced 2021-02-23 14:48 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code did not parse for me. Apparently, there is an error somewhere around this line: Syntax error, unexpected T_ARRAY, expecting T_FUNCTION or T_CONST Loading history...
57
58			/**
59			* {@inheritdoc}
60			*/
61			public function init()
62			{
63			parent::init();
64
65			if ($this->grid->resizableColumns !== false && !isset($this->headerOptions['data-resizable-column-id'])) {
66			$this->headerOptions['data-resizable-column-id'] = $this->attribute;
67			}
68
69			if ($this->hasProperty('defaultOptions')) {
70			foreach ($this->defaultOptions as $k => $v) {
71			$this->{$k} = ArrayHelper::merge($v, $this->{$k});
72			}
73			}
74			$this->registerClientScript();
75			}
76
77			/**
78			* {@inheritdoc}
79			*/
80			public function registerClientScript()
81			{
82			$view = Yii::$app->getView();
83			$ops = Json::encode($this->popoverOptions);
84			if (property_exists($this, 'grid')) {
85			$view->registerJs("$('#{$this->grid->id} thead th[data-attribute=\"{$this->attribute}\"]').popover($ops);", \yii\web\View::POS_READY);
86			} else {
87			$view->registerJs("$('table[role=\"grid\"] thead th[data-attribute=\"{$this->attribute}\"]').popover($ops);", \yii\web\View::POS_READY);
88			}
89			}
90
91			/**
92			* {@inheritdoc}
93			*/
94			public function renderHeaderCellContent()
95			{
96			/// XXX better change yii
97			if ($this->hasProperty('attribute')) {
98			$save = $this->attribute;
99			$this->attribute = $this->getSortAttribute();
100			}
101
102			if ($this->popover) {
103			$this->headerOptions = ArrayHelper::merge($this->headerOptions, [
104			'data' => [
105			'toggle' => 'popover',
106			'trigger' => 'hover',
107			'content' => $this->popover,
108			'attribute' => $this->attribute,
109			],
110			]);
111			}
112
113			$res = parent::renderHeaderCellContent();
114			if ($this->hasProperty('attribute')) {
115			$this->attribute = $save;
116			}
117
118			return $res;
119			}
120
121			/**
122			* @var string name for filter input
123			*/
124			public $sortAttribute;
125
126			/**
127			* Getter for sortAttribute.
128			*/
129			public function getSortAttribute()
130			{
131			if ($this->sortAttribute === false) {
132			return false;
133			}
134
135			return $this->sortAttribute ?: $this->attribute;
136			}
137
138			/**
139			* @var string name for filter input
140			*/
141			public $filterAttribute;
142
143			/**
144			* Getter for filterAttribute.
145			*/
146			public function getFilterAttribute()
147			{
148			return $this->filterAttribute ?: $this->attribute;
149			}
150
151			/**
152			* @var string\|array\|boolean\|callable the HTML code representing a filter input (e.g. a text field, a dropdown list)
153			* that is used for this data column. This property is effective only when [[GridView::filterModel]] is set.
154			*
155			* - If this property is not set, a text field will be generated as the filter input;
156			* - If this property is an array, a dropdown list will be generated that uses this property value as
157			* the list options.
158			* - If this property is a closure, it's output will be used as a filter value.
159			* Example determination of closure: `function ($dataColumn, $model, $attribute) { ... }`
160			* - If you don't want a filter for this data column, set this value to be false.
161			*/
162			public $filter;
163
164			/**
165			* {@inheritdoc}
166			*/
167			protected function renderFilterCellContent()
168			{
169			if ($this->filter instanceof Closure) {
170			return call_user_func($this->filter, $this, $this->grid->filterModel, $this->attribute);
171			}
172			/// XXX better change yii
173			if ($this->hasProperty('attribute')) {
174			$save = $this->attribute;
175			$this->attribute = $this->getFilterAttribute();
176			}
177			$out = parent::renderFilterCellContent();
178			if ($this->hasProperty('attribute')) {
179			$this->attribute = $save;
180			}
181
182			return $out;
183			}
184			}
185

hiqdev / yii2-higrid

Issues (5)

Security Analysis no request data

src/FeaturedColumnTrait.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like