This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
|||||||||||
2 | ||||||||||||
3 | /** |
|||||||||||
4 | * Styrer adresser til intranet, bruger, kunde og kontaktperson |
|||||||||||
5 | * |
|||||||||||
6 | * Klassen kan styrer flere forskellige typer af adresser. B�de for intranettet, brugere, kunder og kontaktpersoner. |
|||||||||||
7 | * Beskrivelsen af hvilke og med hvilket navn er beskrevet l�ngere nede. |
|||||||||||
8 | * |
|||||||||||
9 | * TODO Skal vi programmere intranet_id ind i klassen? Det kr�ver at den f�r Kernel. |
|||||||||||
10 | * |
|||||||||||
11 | * @version 001 |
|||||||||||
12 | * @author Sune |
|||||||||||
13 | */ |
|||||||||||
14 | ||||||||||||
15 | class NewAddress extends Intraface_Standard |
|||||||||||
16 | { |
|||||||||||
17 | ||||||||||||
18 | var $kernel; |
|||||||||||
19 | var $type; |
|||||||||||
20 | var $id; |
|||||||||||
21 | var $value = array(); |
|||||||||||
22 | ||||||||||||
23 | /* |
|||||||||||
0 ignored issues
–
show
|
||||||||||||
24 | var $user; |
|||||||||||
25 | ||||||||||||
26 | var $address_id; |
|||||||||||
27 | var $fields; |
|||||||||||
28 | var $old_address_id; |
|||||||||||
29 | */ |
|||||||||||
30 | ||||||||||||
31 | function address(&$kernel, $id = 0) |
|||||||||||
32 | { |
|||||||||||
33 | this::__construct($kernel, $id); |
|||||||||||
34 | } |
|||||||||||
35 | ||||||||||||
36 | ||||||||||||
37 | function __construct($kernel, $id = 0) |
|||||||||||
38 | { |
|||||||||||
39 | ||||||||||||
40 | $this->kernel = &$kernel; |
|||||||||||
41 | $this->id = $id; |
|||||||||||
42 | ||||||||||||
43 | $this->fields = array('name', 'address', 'postcode', 'city', 'country', 'cvr', 'email', 'website', 'phone', 'ean'); |
|||||||||||
0 ignored issues
–
show
The property
fields does not exist. Did you maybe forget to declare it?
In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { }
$x = new MyClass();
$x->foo = true;
Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass {
public $foo;
}
$x = new MyClass();
$x->foo = true;
![]() |
||||||||||||
44 | } |
|||||||||||
45 | ||||||||||||
46 | function factory($object, $sub) |
|||||||||||
0 ignored issues
–
show
|
||||||||||||
47 | { |
|||||||||||
48 | ||||||||||||
49 | ||||||||||||
50 | /* |
|||||||||||
51 | $object_name = |
|||||||||||
52 | */ |
|||||||||||
53 | } |
|||||||||||
54 | ||||||||||||
55 | ||||||||||||
56 | ||||||||||||
57 | ||||||||||||
58 | ||||||||||||
59 | ||||||||||||
60 | ||||||||||||
61 | ||||||||||||
62 | ||||||||||||
63 | ||||||||||||
64 | /** |
|||||||||||
65 | * Init: loader klassen |
|||||||||||
66 | * |
|||||||||||
67 | * Her er angivet de typer af adresser den kan h�ndtere med arrayet address_type[]. |
|||||||||||
68 | * $this-fields er felter i tabellen (db) som overf�res til array og omvendt. M�ske disse |
|||||||||||
69 | * engang skal differencieres, s� man angvier hvad feltet i tabellen skal svare til navnet i arrayet. |
|||||||||||
70 | * Klassen loader ogs� adressens felter |
|||||||||||
71 | * |
|||||||||||
72 | * @param (string)$type er typen p� adressen. Skal svare til en af dem i $address_type |
|||||||||||
73 | * @param (int)$id BEM�RK id p� intranettet, brugeren, kunde eller kontaktperson. Ikke id p� adressen. Det klare klassen selv. |
|||||||||||
74 | * @param (int)$address_id Denne bruges kun, i det tilf�lde, hvor man skal finde en gammel adresse. S� angiver man id p� adressen. |
|||||||||||
75 | * @return (int) Returnere 0 hvis adressen ikke er sat. Returnere id p� adressen hvis det er. |
|||||||||||
76 | */ |
|||||||||||
77 | function _old_Address($type, $id, $old_address_id = 0) |
|||||||||||
78 | { |
|||||||||||
79 | ||||||||||||
80 | $this->db = new DB_Sql; |
|||||||||||
0 ignored issues
–
show
The property
db does not exist. Did you maybe forget to declare it?
In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { }
$x = new MyClass();
$x->foo = true;
Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass {
public $foo;
}
$x = new MyClass();
$x->foo = true;
![]() |
||||||||||||
81 | $this->id = (int)$id; |
|||||||||||
82 | $this->old_address_id = (int)$old_address_id; |
|||||||||||
0 ignored issues
–
show
The property
old_address_id does not exist. Did you maybe forget to declare it?
In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { }
$x = new MyClass();
$x->foo = true;
Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass {
public $foo;
}
$x = new MyClass();
$x->foo = true;
![]() |
||||||||||||
83 | ||||||||||||
84 | $address_type[1] = 'intranet'; |
|||||||||||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$address_type was never initialized. Although not strictly required by PHP, it is generally a good practice to add $address_type = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop. ![]() |
||||||||||||
85 | $address_type[2] = 'user'; |
|||||||||||
86 | $address_type[3] = 'contact'; |
|||||||||||
87 | $address_type[4] = 'contact_delivery'; |
|||||||||||
88 | $address_type[5] = 'contact_invoice'; |
|||||||||||
89 | $address_type[6] = 'contactperson'; |
|||||||||||
90 | ||||||||||||
91 | // $this->fields = array('name', 'address', 'postcode', 'city', 'country', 'cvr', 'email', 'website', 'phone', 'contactname', 'ean'); |
|||||||||||
0 ignored issues
–
show
Unused Code
Comprehensibility
introduced
by
65% of this comment could be valid code. Did you maybe forget this after debugging?
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. ![]() |
||||||||||||
92 | $this->fields = array('name', 'address', 'postcode', 'city', 'country', 'cvr', 'email', 'website', 'phone', 'ean'); |
|||||||||||
93 | ||||||||||||
94 | if ($i = array_search($type, $address_type)) { |
|||||||||||
95 | $this->type = $i; |
|||||||||||
96 | } else { |
|||||||||||
97 | throw new Exception('Ugyldig address type'); |
|||||||||||
98 | } |
|||||||||||
99 | ||||||||||||
100 | return($this->address_id = $this->load()); |
|||||||||||
0 ignored issues
–
show
The property
address_id does not seem to exist. Did you mean old_address_id ?
An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. ![]() |
||||||||||||
101 | } |
|||||||||||
102 | ||||||||||||
103 | /** |
|||||||||||
104 | * Private: Loader data ind i array |
|||||||||||
105 | */ |
|||||||||||
106 | function load() |
|||||||||||
107 | { |
|||||||||||
108 | if ($this->old_address_id != 0) { |
|||||||||||
109 | $sql = "id = ".$this->old_address_id; |
|||||||||||
110 | } else { |
|||||||||||
111 | $sql = "type = ".$this->type." AND belong_to_id = ".$this->id." AND active = 1"; |
|||||||||||
112 | } |
|||||||||||
113 | ||||||||||||
114 | $this->db->query("SELECT * FROM address WHERE ".$sql); |
|||||||||||
115 | if ($this->db->numRows() > 1) { |
|||||||||||
116 | throw new Exception('Der er mere end 1 aktiv adresse', FATAL); |
|||||||||||
117 | } elseif ($this->db->nextRecord()) { |
|||||||||||
118 | $this->value['address_id'] = $this->db->f('id'); |
|||||||||||
119 | View Code Duplication | for ($i = 0, $max = count($this->fields); $i<$max; $i++) { |
||||||||||
120 | $this->value[$this->fields[$i]] = $this->db->f($this->fields[$i]); |
|||||||||||
121 | } |
|||||||||||
122 | return $this->db->f('id'); |
|||||||||||
123 | } else { |
|||||||||||
124 | return 0; |
|||||||||||
125 | } |
|||||||||||
126 | } |
|||||||||||
127 | ||||||||||||
128 | /** |
|||||||||||
129 | * Public: Denne funktion gemmer data. At gemme data vil sige, at den gamle adresse gemmes, men den nye aktiveres. |
|||||||||||
130 | * |
|||||||||||
131 | * @param (array)$array_var et array med felter med adressen. Se felterne i init funktionen: $this->fields |
|||||||||||
132 | * $return (int) Returnere 1 hvis arrayet er gemt, 0 hvis det ikke er. Man kan ikke gemme p� en old_address. |
|||||||||||
133 | */ |
|||||||||||
134 | function save($array_var) |
|||||||||||
135 | { |
|||||||||||
136 | ||||||||||||
137 | $db = new DB_sql; |
|||||||||||
138 | if ($this->old_address_id != 0) { |
|||||||||||
139 | return 0; |
|||||||||||
140 | } elseif ($this->id == 0) { |
|||||||||||
141 | throw new Exception('Address:save(): Id kan ikke v�re 0 n�r du fors�ger at gemme adresse', FATAL); |
|||||||||||
142 | } elseif (count($array_var) > 0) { |
|||||||||||
143 | $db->query("SELECT * FROM address WHERE id = ".$this->address_id); |
|||||||||||
0 ignored issues
–
show
The property
address_id does not seem to exist. Did you mean old_address_id ?
An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. ![]() |
||||||||||||
144 | if ($db->nextRecord()) { |
|||||||||||
145 | $do_update = 0; |
|||||||||||
146 | for ($i = 0, $max = count($this->fields), $sql=''; $i<$max; $i++) { |
|||||||||||
147 | if (array_key_exists($this->fields[$i], $array_var) and isset($array_var[$this->fields[$i]])) { |
|||||||||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
Using logical operators such as
and instead of && is generally not recommended.
PHP has two types of connecting operators (logical operators, and boolean operators):
The difference between these is the order in which they are executed. In most cases,
you would want to use a boolean operator like Let’s take a look at a few examples: // Logical operators have lower precedence:
$f = false or true;
// is executed like this:
($f = false) or true;
// Boolean operators have higher precedence:
$f = false || true;
// is executed like this:
$f = (false || true);
Logical Operators are used for Control-FlowOne case where you explicitly want to use logical operators is for control-flow such as this: $x === 5
or die('$x must be 5.');
// Instead of
if ($x !== 5) {
die('$x must be 5.');
}
Since // The following is currently a parse error.
$x === 5
or throw new RuntimeException('$x must be 5.');
These limitations lead to logical operators rarely being of use in current PHP code. ![]() |
||||||||||||
148 | $sql .= $this->fields[$i]." = '".$array_var[$this->fields[$i]]."', "; |
|||||||||||
149 | if ($db->f($this->fields[$i]) != $array_var[$this->fields[$i]]) { |
|||||||||||
150 | $do_update = 1; |
|||||||||||
151 | } |
|||||||||||
152 | } else { |
|||||||||||
0 ignored issues
–
show
This
else statement is empty and can be removed.
This check looks for the These if (rand(1, 6) > 3) {
print "Check failed";
} else {
//print "Check succeeded";
}
could be turned into if (rand(1, 6) > 3) {
print "Check failed";
}
This is much more concise to read. ![]() |
||||||||||||
153 | // $sql .= $this->fields[$i]." = '', "; |
|||||||||||
0 ignored issues
–
show
Unused Code
Comprehensibility
introduced
by
54% of this comment could be valid code. Did you maybe forget this after debugging?
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. ![]() |
||||||||||||
154 | } |
|||||||||||
155 | } |
|||||||||||
156 | } else { |
|||||||||||
157 | // Kun hvis der rent faktisk gemmes nogle v�rdier opdaterer vi |
|||||||||||
158 | $do_update = 0; |
|||||||||||
159 | View Code Duplication | for ($i = 0, $max = count($this->fields), $sql = ''; $i<$max; $i++) { |
||||||||||
160 | if (array_key_exists($this->fields[$i], $array_var) and isset($array_var[$this->fields[$i]])) { |
|||||||||||
0 ignored issues
–
show
Comprehensibility
Best Practice
introduced
by
Using logical operators such as
and instead of && is generally not recommended.
PHP has two types of connecting operators (logical operators, and boolean operators):
The difference between these is the order in which they are executed. In most cases,
you would want to use a boolean operator like Let’s take a look at a few examples: // Logical operators have lower precedence:
$f = false or true;
// is executed like this:
($f = false) or true;
// Boolean operators have higher precedence:
$f = false || true;
// is executed like this:
$f = (false || true);
Logical Operators are used for Control-FlowOne case where you explicitly want to use logical operators is for control-flow such as this: $x === 5
or die('$x must be 5.');
// Instead of
if ($x !== 5) {
die('$x must be 5.');
}
Since // The following is currently a parse error.
$x === 5
or throw new RuntimeException('$x must be 5.');
These limitations lead to logical operators rarely being of use in current PHP code. ![]() |
||||||||||||
161 | $sql .= $this->fields[$i]." = '".$array_var[$this->fields[$i]]."', "; |
|||||||||||
162 | $do_update = 1; |
|||||||||||
163 | } else { |
|||||||||||
0 ignored issues
–
show
This
else statement is empty and can be removed.
This check looks for the These if (rand(1, 6) > 3) {
print "Check failed";
} else {
//print "Check succeeded";
}
could be turned into if (rand(1, 6) > 3) {
print "Check failed";
}
This is much more concise to read. ![]() |
||||||||||||
164 | // $sql .= $this->fields[$i]." = \"\", "; |
|||||||||||
0 ignored issues
–
show
Unused Code
Comprehensibility
introduced
by
53% of this comment could be valid code. Did you maybe forget this after debugging?
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. ![]() |
||||||||||||
165 | } |
|||||||||||
166 | } |
|||||||||||
167 | } |
|||||||||||
168 | ||||||||||||
169 | if ($do_update == 0) { |
|||||||||||
170 | // Hmmmmm, der er slet ikke nogen felter der er �ndret! S� gemmer vi ikke, men siger at det gik godt :-) |
|||||||||||
171 | return 1; |
|||||||||||
172 | } else { |
|||||||||||
173 | $this->db->query("UPDATE address SET active = 0 WHERE type = ".$this->type." AND belong_to_id = ".$this->id); |
|||||||||||
174 | $this->db->query("INSERT INTO address SET ".$sql." type = ".$this->type.", belong_to_id = ".$this->id.", active = 1, changed_date = NOW()"); |
|||||||||||
175 | $this->adress_id = $this->db->insertedId(); |
|||||||||||
0 ignored issues
–
show
The property
adress_id does not exist. Did you maybe forget to declare it?
In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { }
$x = new MyClass();
$x->foo = true;
Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass {
public $foo;
}
$x = new MyClass();
$x->foo = true;
![]() |
||||||||||||
176 | $this->load(); |
|||||||||||
177 | return 1; |
|||||||||||
178 | } |
|||||||||||
179 | } else { |
|||||||||||
180 | // Der var slet ikke noget indhold i arrayet, s� vi lader v�re at opdatere, men siger, at vi gjorde. |
|||||||||||
181 | return 1; |
|||||||||||
182 | } |
|||||||||||
183 | } |
|||||||||||
184 | ||||||||||||
185 | /** |
|||||||||||
186 | * Public: Opdatere en adresse. |
|||||||||||
187 | * |
|||||||||||
188 | * Denne funktion overskriver den nuv�rende adresse. Benyt som udagangspunkt ikke denne, da historikken p� adresser skal gemmes. |
|||||||||||
189 | * |
|||||||||||
190 | * @param (array)$array_var et array med felter med adressen. Se felterne i init funktionen: $this->fields |
|||||||||||
191 | * $return (int) Returnere 1 hvis arrayet er gemt, 0 hvis det ikke er. Man kan ikke gemme p� en old_address. |
|||||||||||
192 | */ |
|||||||||||
193 | function update($array_var) |
|||||||||||
194 | { |
|||||||||||
195 | if ($this->old_address_id != 0) { |
|||||||||||
196 | return 0; |
|||||||||||
197 | } elseif ($this->address_id == 0) { |
|||||||||||
0 ignored issues
–
show
The property
address_id does not seem to exist. Did you mean old_address_id ?
An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. ![]() |
||||||||||||
198 | $this->save($array_var); |
|||||||||||
199 | } elseif ($this->id == 0) { |
|||||||||||
200 | throw new Exception("Id kan ikke v�re 0 n�r du fors�ger at gemme adresse", FATAL); |
|||||||||||
201 | } else { |
|||||||||||
202 | View Code Duplication | for ($i = 0, $max = count($this->fields), $sql = ''; $i<$max; $i++) { |
||||||||||
203 | if (isset($array_var[$this->fields[$i]])) { |
|||||||||||
204 | $sql .= $this->fields[$i]." = \"".$array_var[$this->fields[$i]]."\", "; |
|||||||||||
205 | } else { |
|||||||||||
206 | $sql .= $this->fields[$i]." = \"\", "; |
|||||||||||
207 | } |
|||||||||||
208 | } |
|||||||||||
209 | ||||||||||||
210 | $this->db->query("UPDATE address SET ".$sql." changed_date = NOW() WHERE id = ".$this->address_id); |
|||||||||||
0 ignored issues
–
show
The property
address_id does not seem to exist. Did you mean old_address_id ?
An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. ![]() |
||||||||||||
211 | $this->load(); |
|||||||||||
212 | return 1; |
|||||||||||
213 | } |
|||||||||||
214 | } |
|||||||||||
215 | } |
|||||||||||
216 |
Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it.
The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production.
This check looks for comments that seem to be mostly valid code and reports them.