This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | (defined('BASEPATH')) OR exit('No direct script access allowed'); |
||
4 | |||
5 | use Propel\Runtime\Exception\PropelException; |
||
6 | use xbanners\src\Installers\BannersModuleManager; |
||
7 | use xbanners\src\Managers\ImagesManager; |
||
8 | use CMSFactory\assetManager; |
||
9 | use xbanners\models\BannersQuery; |
||
10 | use xbanners\models\BannerImage; |
||
11 | use xbanners\models\BannerImageI18n; |
||
12 | use xbanners\models\BannerImageQuery; |
||
13 | use xbanners\models\BannerImageI18nQuery; |
||
14 | use xbanners\src\Managers\BannerPageTypesManager; |
||
15 | use xbanners\src\UrlFinder\DelegationFinder; |
||
16 | |||
17 | /** |
||
18 | * Image CMS |
||
19 | * Sample Module Admin |
||
20 | */ |
||
21 | class Admin extends BaseAdminController |
||
22 | { |
||
23 | |||
24 | public function __construct() { |
||
25 | parent::__construct(); |
||
26 | $lang = new MY_Lang(); |
||
27 | $lang->load('xbanners'); |
||
28 | $this->load->library('form_validation'); |
||
29 | $this->load->helper('xbanners'); |
||
30 | |||
31 | } |
||
32 | |||
33 | public function deleteA() { |
||
34 | BannersQuery::create()->setComment(__METHOD__)->deleteAll(); |
||
0 ignored issues
–
show
|
|||
35 | } |
||
36 | |||
37 | /** |
||
38 | * Banners places list page |
||
39 | */ |
||
40 | public function index() { |
||
41 | |||
42 | ImagesManager::getInstance()->setInactiveOnTimeOut(); |
||
43 | $banners = BannersQuery::create()->setComment(__METHOD__)->joinWithI18n(MY_Controller::defaultLocale())->find(); |
||
44 | |||
45 | assetManager::create() |
||
46 | ->setData( |
||
47 | [ |
||
48 | 'banners' => $banners, |
||
49 | 'pageTypes' => BannerPageTypesManager::getInstance()->getPagesTypes(), |
||
50 | ] |
||
51 | ) |
||
52 | ->registerStyle('style') |
||
53 | ->registerScript('script') |
||
54 | ->renderAdmin('banner/list'); |
||
55 | } |
||
56 | |||
57 | /** |
||
58 | * Edit banner page |
||
59 | * @param integer $id - banner id |
||
60 | * @param string $locale - locale name |
||
61 | * @throws PropelException |
||
62 | */ |
||
63 | public function edit_banner($id, $locale = NULL) { |
||
64 | $locale = $locale ?: MY_Controller::defaultLocale(); |
||
65 | |||
66 | $banner = BannersQuery::create() |
||
67 | ->findPk($id); |
||
68 | |||
69 | if (!$banner) { |
||
70 | $this->core->error_404(); |
||
71 | } |
||
72 | |||
73 | $banner->setLocale($locale); |
||
74 | |||
75 | if ($this->input->post()) { |
||
76 | $this->form_validation->set_rules('banner[name]', lang('Name', 'xbanners'), 'reguired|min_length[2]|max_length[255]|trim'); |
||
77 | $this->form_validation->set_rules('options[autoplaySpeed]', lang('autoplaySpeed', 'xbanners'), 'trim|floatval|reguired|greater_than[0]'); |
||
78 | $this->form_validation->set_rules('options[scrollSpeed]', lang('scrollSpeed', 'xbanners'), 'trim|floatval|reguired|greater_than[0]'); |
||
79 | |||
80 | if ($this->form_validation->run($this) === FALSE) { |
||
81 | showMessage(validation_errors(), '', 'r'); |
||
82 | } else { |
||
83 | $data = $this->input->post('banner'); |
||
84 | $banner->setName($data['name']); |
||
85 | |||
86 | $banner->setEffects($this->input->post('options')); |
||
87 | |||
88 | $banner->save(); |
||
89 | |||
90 | showMessage(lang('Banner successfully update', 'xbanners'), lang('Success', 'admin')); |
||
91 | $this->lib_admin->log(lang('The banner was update', 'xbanners') . '. Id: ' . $banner->getId()); |
||
92 | |||
93 | } |
||
94 | } else { |
||
95 | $bannerImages = ImagesManager::getInstance()->getImagesByPageType($banner, $locale); |
||
96 | $allowedPagesOptions = BannerPageTypesManager::getInstance()->getView($banner->getPageType(), $locale); |
||
97 | $options = $banner->getEffects(); |
||
98 | |||
99 | assetManager::create()->setData( |
||
100 | [ |
||
101 | 'banner' => $banner, |
||
102 | 'allowedPagesOptions' => $allowedPagesOptions, |
||
103 | 'bannerImages' => $bannerImages, |
||
104 | 'locale' => $locale, |
||
105 | 'languages' => $this->load->model('cms_admin')->get_langs(true), |
||
106 | 'options' => $options, |
||
107 | ] |
||
108 | ) |
||
109 | ->registerStyle('style') |
||
110 | ->registerScript('script') |
||
111 | ->renderAdmin('banner/edit'); |
||
112 | } |
||
113 | } |
||
114 | |||
115 | /** |
||
116 | * Create/Update banner image |
||
117 | * @param integer $bannerId - banner id |
||
118 | * @param string $locale - locale name |
||
119 | * @param integer $imageId - image id |
||
120 | */ |
||
121 | public function saveImage($bannerId, $locale, $imageId = NULL) { |
||
122 | try { |
||
123 | if ($this->input->post()) { |
||
124 | $this->form_validation->set_rules('image[name]', lang('Name', 'xbanners'), 'required|min_length[2]|max_length[255]|trim'); |
||
125 | $this->form_validation->set_rules('image[url]', lang('URL', 'xbanners'), 'trim|callback_validate_url'); |
||
126 | |||
127 | if ($this->form_validation->run($this) === FALSE) { |
||
128 | showMessage(validation_errors(), '', 'r'); |
||
129 | } else { |
||
130 | $data = $this->input->post('image'); |
||
131 | $data = ImagesManager::getInstance()->prepareImageData($data, $bannerId, $locale); |
||
132 | |||
133 | if ($_FILES[ImagesManager::IMAGE_FILE_FIELD]) { |
||
134 | $data['src'] = ImagesManager::getInstance()->saveImage($imageId, $data['locale']); |
||
135 | } elseif (!$_FILES[ImagesManager::IMAGE_FILE_FIELD] && !$data['src']) { |
||
136 | showMessage(lang('Slide must have image', 'xbanners'), lang('Error', 'admin'), 'r'); |
||
137 | exit; |
||
138 | } |
||
139 | |||
140 | $bannerImage = $imageId ? BannerImageQuery::create()->setComment(__METHOD__)->findPk($imageId) : (new BannerImage()); |
||
0 ignored issues
–
show
It seems like you code against a specific sub-type and not the parent class
Propel\Runtime\ActiveQuery\Criteria as the method findPk() does only exist in the following sub-classes of Propel\Runtime\ActiveQuery\Criteria : Propel\Runtime\ActiveQuery\ModelCriteria , core\models\Base\RouteQuery , core\models\RouteQuery , xbanners\models\BannerImageI18nQuery , xbanners\models\BannerImageQuery , xbanners\models\BannersI18nQuery , xbanners\models\BannersQuery , xbanners\models\Base\BannerImageI18nQuery , xbanners\models\Base\BannerImageQuery , xbanners\models\Base\BannersI18nQuery , xbanners\models\Base\BannersQuery . Maybe you want to instanceof check for one of these explicitly?
Let’s take a look at an example: abstract class User
{
/** @return string */
abstract public function getPassword();
}
class MyUser extends User
{
public function getPassword()
{
// return something
}
public function getDisplayName()
{
// return some name.
}
}
class AuthSystem
{
public function authenticate(User $user)
{
$this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName()));
// do something.
}
}
In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different sub-classes of User which does not have a getDisplayName() method, the code will break. Available Fixes
Note: PHP Analyzer uses reverse abstract interpretation to narrow down the types
inside the if block in such a case.
![]() |
|||
141 | $bannerImage->fromArray($data); |
||
142 | $bannerImage->save(); |
||
143 | |||
144 | if ($imageId || $bannerImage->setLastPosition()) { |
||
145 | $data['id'] = $bannerImage->getId(); |
||
146 | |||
147 | $bannerImageI18n = BannerImageI18nQuery::create()->setComment(__METHOD__)->filterByLocale($locale)->findOneById($imageId); |
||
0 ignored issues
–
show
It seems like you code against a specific sub-type and not the parent class
Propel\Runtime\ActiveQuery\Criteria as the method filterByLocale() does only exist in the following sub-classes of Propel\Runtime\ActiveQuery\Criteria : xbanners\models\BannerImageI18nQuery , xbanners\models\BannersI18nQuery , xbanners\models\Base\BannerImageI18nQuery , xbanners\models\Base\BannersI18nQuery . Maybe you want to instanceof check for one of these explicitly?
Let’s take a look at an example: abstract class User
{
/** @return string */
abstract public function getPassword();
}
class MyUser extends User
{
public function getPassword()
{
// return something
}
public function getDisplayName()
{
// return some name.
}
}
class AuthSystem
{
public function authenticate(User $user)
{
$this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName()));
// do something.
}
}
In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different sub-classes of User which does not have a getDisplayName() method, the code will break. Available Fixes
Note: PHP Analyzer uses reverse abstract interpretation to narrow down the types
inside the if block in such a case.
![]() |
|||
148 | if (!$bannerImageI18n) { |
||
149 | $bannerImageI18n = new BannerImageI18n(); |
||
150 | } |
||
151 | $bannerImageI18n->fromArray($data); |
||
152 | $bannerImageI18n->save(); |
||
153 | |||
154 | showMessage(lang('Successfully saved', 'xbanners'), lang('Success', 'admin')); |
||
155 | $this->lib_admin->log(lang('The banner image was be saved', 'xbanners') . '. Id: ' . $bannerImage->getId()); |
||
156 | |||
157 | pjax(site_url('/admin/components/init_window/xbanners/edit_banner') . "/$bannerId/$locale"); |
||
158 | } |
||
159 | } |
||
160 | } |
||
161 | } catch (Exception $e) { |
||
162 | showMessage($e->getMessage(), lang('Error', 'admin'), 'r'); |
||
163 | } |
||
164 | } |
||
165 | |||
166 | public function validate_url($url) { |
||
167 | return TRUE; |
||
168 | } |
||
169 | |||
170 | public function uploadImage() { |
||
171 | include_once 'assets/js/crop/src/php/core/PictureCut.php'; |
||
172 | ImagesManager::getInstance()->uploadImage(); |
||
173 | } |
||
174 | |||
175 | /** |
||
176 | * Delete banner slide image file |
||
177 | * @param integer $bannerId - banner id |
||
178 | * @param integer $imageId - banner image id |
||
179 | * @param string $locale - locale name |
||
180 | */ |
||
181 | public function deleteSlideImage($bannerId, $imageId, $locale) { |
||
182 | if ($imageId && $locale) { |
||
183 | if (ImagesManager::getInstance()->delete($imageId, $locale)) { |
||
184 | showMessage(lang('Image successfully deleted', 'xbanners'), lang('Success', 'admin')); |
||
185 | } |
||
186 | } else { |
||
187 | showMessage(lang('Can not delete image', 'xbanners'), lang('Error', 'admin'), 'r'); |
||
188 | } |
||
189 | |||
190 | pjax(site_url('/admin/components/init_window/xbanners/edit_banner') . "/$bannerId/$locale"); |
||
191 | } |
||
192 | |||
193 | /** |
||
194 | * Delete banner slide |
||
195 | * @param integer $bannerId - banner id |
||
196 | * @param integer $imageId - image id |
||
197 | * @param string $locale - locale name |
||
198 | * @throws PropelException |
||
199 | */ |
||
200 | public function deleteSlide($bannerId, $imageId, $locale) { |
||
201 | if ($imageId && $locale) { |
||
202 | ImagesManager::getInstance()->delete($imageId); |
||
203 | BannerImageQuery::create()->setComment(__METHOD__)->findPk($imageId)->delete(); |
||
0 ignored issues
–
show
It seems like you code against a specific sub-type and not the parent class
Propel\Runtime\ActiveQuery\Criteria as the method findPk() does only exist in the following sub-classes of Propel\Runtime\ActiveQuery\Criteria : Propel\Runtime\ActiveQuery\ModelCriteria , core\models\Base\RouteQuery , core\models\RouteQuery , xbanners\models\BannerImageI18nQuery , xbanners\models\BannerImageQuery , xbanners\models\BannersI18nQuery , xbanners\models\BannersQuery , xbanners\models\Base\BannerImageI18nQuery , xbanners\models\Base\BannerImageQuery , xbanners\models\Base\BannersI18nQuery , xbanners\models\Base\BannersQuery . Maybe you want to instanceof check for one of these explicitly?
Let’s take a look at an example: abstract class User
{
/** @return string */
abstract public function getPassword();
}
class MyUser extends User
{
public function getPassword()
{
// return something
}
public function getDisplayName()
{
// return some name.
}
}
class AuthSystem
{
public function authenticate(User $user)
{
$this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName()));
// do something.
}
}
In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different sub-classes of User which does not have a getDisplayName() method, the code will break. Available Fixes
Note: PHP Analyzer uses reverse abstract interpretation to narrow down the types
inside the if block in such a case.
![]() |
|||
204 | showMessage(lang('Banner slide successfully deleted', 'xbanners'), lang('Success', 'admin')); |
||
205 | |||
206 | $this->lib_admin->log(lang('The banner slide was be deleted', 'xbanners')); |
||
207 | |||
208 | } else { |
||
209 | showMessage(lang('Can not delete banner slide', 'xbanners'), lang('Error', 'admin'), 'r'); |
||
210 | } |
||
211 | |||
212 | pjax(site_url('/admin/components/init_window/xbanners/edit_banner') . "/$bannerId/$locale"); |
||
213 | } |
||
214 | |||
215 | public function changePositions() { |
||
216 | $positions = array_reverse($this->input->post('positions')); |
||
217 | foreach ($positions as $position => $id) { |
||
218 | $image = BannerImageQuery::create()->setComment(__METHOD__)->findPk($id); |
||
0 ignored issues
–
show
It seems like you code against a specific sub-type and not the parent class
Propel\Runtime\ActiveQuery\Criteria as the method findPk() does only exist in the following sub-classes of Propel\Runtime\ActiveQuery\Criteria : Propel\Runtime\ActiveQuery\ModelCriteria , core\models\Base\RouteQuery , core\models\RouteQuery , xbanners\models\BannerImageI18nQuery , xbanners\models\BannerImageQuery , xbanners\models\BannersI18nQuery , xbanners\models\BannersQuery , xbanners\models\Base\BannerImageI18nQuery , xbanners\models\Base\BannerImageQuery , xbanners\models\Base\BannersI18nQuery , xbanners\models\Base\BannersQuery . Maybe you want to instanceof check for one of these explicitly?
Let’s take a look at an example: abstract class User
{
/** @return string */
abstract public function getPassword();
}
class MyUser extends User
{
public function getPassword()
{
// return something
}
public function getDisplayName()
{
// return some name.
}
}
class AuthSystem
{
public function authenticate(User $user)
{
$this->logger->info(sprintf('Authenticating %s.', $user->getDisplayName()));
// do something.
}
}
In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different sub-classes of User which does not have a getDisplayName() method, the code will break. Available Fixes
Note: PHP Analyzer uses reverse abstract interpretation to narrow down the types
inside the if block in such a case.
![]() |
|||
219 | $image->setPosition($position); |
||
220 | $image->save(); |
||
221 | } |
||
222 | showMessage(lang('Positions saved', 'admin')); |
||
223 | } |
||
224 | |||
225 | /** |
||
226 | * @uses /xbanners/assets/js/script.js autocomplete |
||
227 | * @param string $locale |
||
228 | * @param string $_GET ['term'] |
||
0 ignored issues
–
show
There is no parameter named
$_GET . Was it maybe removed?
This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter /**
* @param array $germany
* @param array $island
* @param array $italy
*/
function finale($germany, $island) {
return "2:1";
}
The most likely cause is that the parameter was removed, but the annotation was not. ![]() |
|||
229 | * @return string json : [ |
||
230 | * GroupName: {'Name' : 'url', ... }, |
||
231 | * Brands: { |
||
232 | * 'Sony' : '/shop/brand/sony', |
||
233 | * 'Apple': '/shop/brand/apple', |
||
234 | * ... } |
||
235 | * ] |
||
236 | */ |
||
237 | public function url_search_autocomplete($locale) { |
||
238 | $word = $this->input->get('term'); |
||
239 | $locale = $locale ?: MY_Controller::defaultLocale(); |
||
240 | echo (new DelegationFinder()) |
||
241 | ->getResultsFor($word, $locale) |
||
242 | ->toJson(); |
||
243 | } |
||
244 | |||
245 | public function updateBannersPlaces() { |
||
246 | $man = new BannersModuleManager(); |
||
247 | try { |
||
248 | $man->updateTemplatePlaces(); |
||
249 | showMessage(lang('Successfully saved', 'xbanners'), lang('Success', 'admin')); |
||
250 | } catch (Exception $e) { |
||
251 | showMessage($e->getMessage(), lang('Error', 'admin'), 'r'); |
||
252 | } |
||
253 | pjax(site_url('/admin/components/cp/xbanners')); |
||
254 | } |
||
255 | |||
256 | } |
Let’s take a look at an example:
In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different sub-classes of User which does not have a getDisplayName() method, the code will break.
Available Fixes
Change the type-hint for the parameter:
Add an additional type-check:
Add the method to the parent class: