Issues in AbstractBillCommandHandler.php (master) - Issues in master - laudeco/bbc-dolibarr-flightlog - Measure and Improve Code Quality continuously with Scrutinizer

Issues (188)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

command/AbstractBillCommandHandler.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

require_once __DIR__ . '/CommandHandlerInterface.php';

/**
 * Methods to create a bill.
 *
 * @author Laurent De Coninck <[email protected]>
 */
abstract class AbstractBillCommandHandler implements CommandHandlerInterface
{
    /**
     * @var stdClass
     */
    protected $conf;
    /**
     * @var Translate
     */
    protected $langs;
    /**
     * @var User
     */
    protected $user;
    /**
     * @var \DoliDB
     */
    protected $db;

    /**
     * @var Client
     */
    private $customer;

    /**
     * @param DoliDB    $db
     * @param stdClass  $conf
     * @param User      $user
     * @param Translate $langs
     */
    public function __construct($db, $conf, $user, $langs)

    {
        $this->db = $db;
        $this->conf = $conf;
        $this->user = $user;
        $this->langs = $langs;
        $this->customer = null;
    }

    /**
     * @return Product
     */
    protected function getProduct()

    {
        $flightProduct = new Product($this->db);

        if ($flightProduct->fetch($this->conf->BBC_FLIGHT_TYPE_CUSTOMER) <= 0) {
            throw new \InvalidArgumentException('Default product not configured');
        }

        return $flightProduct;
    }

    /**
     * @param int|null $receiverId
     *
     * @return Client
     * @throws CustomerNotFoundException
     */
    protected function fetchCustomer($receiverId = null)
    {
        $user = new User($this->db);
        $res = $user->fetch($receiverId);
        if ($res <= 0) {
            throw new CustomerNotFoundException('User not found');
        }

        $member = new Adherent($this->db);
        $res = $member->fetch($user->fk_member);
        if ($res <= 0) {
            throw new CustomerNotFoundException('Member not found');
        }

        $this->customer = new Client($this->db);
        if ($this->customer->fetch($member->fk_soc) <= 0) {
            throw new CustomerNotFoundException();
        }

        return $this->customer;
    }

    /**
     * @return Client
     */
    public function getCustomer()
    {
        return $this->customer;
    }

    /**
     * @param Facture $object
     * @param Bbcvols $flight
     */
    protected function addLinks($object, $flight)
    {
        $object->add_object_linked('flightlog_bbcvols', $flight->getId());
    }

    /**
     * @param Facture $object
     * @param int     $id
     */
    protected function validates($object, $id)
    {
        $object->fetch($id);
        $object->validate($this->user);
    }

    /**
     * @return int
     */
    protected function isReferenceHidden()
    {
        return (!empty($this->conf->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 1 : 0);
    }

    /**
     * @return int
     */
    protected function isDescriptionHidden()
    {
        return (!empty($this->conf->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 1 : 0);
    }

    /**
     * @return int
     */
    protected function isDetailHidden()
    {
        return (!empty($this->conf->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 1 : 0);
    }

    /**
     * @param Facture $object
     * @param int     $id
     */
    protected function generateBillDocument($object, $id)
    {
        $object->fetch($id);
        $object->generateDocument(
            $this->getModelDocument(),
            $this->langs,
            $this->isDetailHidden(),
            $this->isDescriptionHidden(),
            $this->isReferenceHidden()
        );
    }

    /**
     * @param Product $flightProduct
     * @param Bbcvols $flight
     *
     * @return float|int
     */
    protected function computeDiscounts($flightProduct, $flight)
    {
        return ($flightProduct->price_ttc - ($flight->cost / $flight->nbrPax)) * 100 / $flightProduct->price_ttc;
    }

    /**
     * @param Facture $facture
     * @param Product $flightProduct
     * @param Bbcvols $flight
     */
    protected function addOrderLine($facture, $flightProduct, $flight)
    {
        $localtax1_tx = get_localtax(0, 1, $facture->thirdparty);
        $localtax2_tx = get_localtax(0, 2, $facture->thirdparty);

        $pu_ht = price2num($flightProduct->price, 'MU');
        $pu_ttc = price2num($flightProduct->price_ttc, 'MU');
        $pu_ht_devise = price2num($flightProduct->price, 'MU');

        $discount = $this->computeDiscounts($flightProduct, $flight);

        if (!is_numeric($flight->nbrPax)) {
            throw new \InvalidArgumentException(sprintf('%s is not a number', $flight->nbrPax));
        }

        $result = $facture->addline(
            $flight->getDescription(),
            $pu_ht,
            $flight->nbrPax,
            $flightProduct->tva_tx,
            $localtax1_tx,
            $localtax2_tx,
            $flightProduct->id,
            $discount,
            $flight->date,
            $flight->date,
            0,
            0,
            '',
            'TTC',
            $pu_ttc,
            Facture::TYPE_STANDARD,
            -1,
            0,
            '',
            0,
            0,
            '',
            '',
            $flightProduct->label,
            [],
            100,
            '',
            0,
            $pu_ht_devise
        );

        if ($result <= 0) {
            throw new \InvalidArgumentException('Error during order line creation');
        }
    }

    /**
     * @param Bbcvols $flight
     */
    protected function flagFlightAsBilled($flight)
    {
        $flight->is_facture = true;
        $flight->update($this->user);
    }

    /**
     * @return int
     */
    protected function getModelDocument()
    {
        return $this->conf->FACTURE_ADDON_PDF;
    }
}

1		<?php
2
3		require_once __DIR__ . '/CommandHandlerInterface.php';
4
5		/**
6		* Methods to create a bill.
7		*
8		* @author Laurent De Coninck <[email protected]>
9		*/
10		abstract class AbstractBillCommandHandler implements CommandHandlerInterface
11		{
12		/**
13		* @var stdClass
14		*/
15		protected $conf;
16		/**
17		* @var Translate
18		*/
19		protected $langs;
20		/**
21		* @var User
22		*/
23		protected $user;
24		/**
25		* @var \DoliDB
26		*/
27		protected $db;
28
29		/**
30		* @var Client
31		*/
32		private $customer;
33
34		/**
35		* @param DoliDB $db
36		* @param stdClass $conf
37		* @param User $user
38		* @param Translate $langs
39		*/
40	View Code Duplication	public function __construct($db, $conf, $user, $langs)
		0 ignored issues – show Duplication introduced 2017-12-13 13:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
41		{
42		$this->db = $db;
43		$this->conf = $conf;
44		$this->user = $user;
45		$this->langs = $langs;
46		$this->customer = null;
47		}
48
49		/**
50		* @return Product
51		*/
52	View Code Duplication	protected function getProduct()
		0 ignored issues – show Duplication introduced 2017-12-13 13:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
53		{
54		$flightProduct = new Product($this->db);
55
56		if ($flightProduct->fetch($this->conf->BBC_FLIGHT_TYPE_CUSTOMER) <= 0) {
57		throw new \InvalidArgumentException('Default product not configured');
58		}
59
60		return $flightProduct;
61		}
62
63		/**
64		* @param int\|null $receiverId
65		*
66		* @return Client
67		* @throws CustomerNotFoundException
68		*/
69		protected function fetchCustomer($receiverId = null)
70		{
71		$user = new User($this->db);
72		$res = $user->fetch($receiverId);
73		if ($res <= 0) {
74		throw new CustomerNotFoundException('User not found');
75		}
76
77		$member = new Adherent($this->db);
78		$res = $member->fetch($user->fk_member);
79		if ($res <= 0) {
80		throw new CustomerNotFoundException('Member not found');
81		}
82
83		$this->customer = new Client($this->db);
84		if ($this->customer->fetch($member->fk_soc) <= 0) {
85		throw new CustomerNotFoundException();
86		}
87
88		return $this->customer;
89		}
90
91		/**
92		* @return Client
93		*/
94		public function getCustomer()
95		{
96		return $this->customer;
97		}
98
99		/**
100		* @param Facture $object
101		* @param Bbcvols $flight
102		*/
103		protected function addLinks($object, $flight)
104		{
105		$object->add_object_linked('flightlog_bbcvols', $flight->getId());
106		}
107
108		/**
109		* @param Facture $object
110		* @param int $id
111		*/
112		protected function validates($object, $id)
113		{
114		$object->fetch($id);
115		$object->validate($this->user);
116		}
117
118		/**
119		* @return int
120		*/
121		protected function isReferenceHidden()
122		{
123		return (!empty($this->conf->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 1 : 0);
124		}
125
126		/**
127		* @return int
128		*/
129		protected function isDescriptionHidden()
130		{
131		return (!empty($this->conf->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 1 : 0);
132		}
133
134		/**
135		* @return int
136		*/
137		protected function isDetailHidden()
138		{
139		return (!empty($this->conf->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 1 : 0);
140		}
141
142		/**
143		* @param Facture $object
144		* @param int $id
145		*/
146		protected function generateBillDocument($object, $id)
147		{
148		$object->fetch($id);
149		$object->generateDocument(
150		$this->getModelDocument(),
151		$this->langs,
152		$this->isDetailHidden(),
153		$this->isDescriptionHidden(),
154		$this->isReferenceHidden()
155		);
156		}
157
158		/**
159		* @param Product $flightProduct
160		* @param Bbcvols $flight
161		*
162		* @return float\|int
163		*/
164		protected function computeDiscounts($flightProduct, $flight)
165		{
166		return ($flightProduct->price_ttc - ($flight->cost / $flight->nbrPax)) * 100 / $flightProduct->price_ttc;
167		}
168
169		/**
170		* @param Facture $facture
171		* @param Product $flightProduct
172		* @param Bbcvols $flight
173		*/
174		protected function addOrderLine($facture, $flightProduct, $flight)
175		{
176		$localtax1_tx = get_localtax(0, 1, $facture->thirdparty);
177		$localtax2_tx = get_localtax(0, 2, $facture->thirdparty);
178
179		$pu_ht = price2num($flightProduct->price, 'MU');
180		$pu_ttc = price2num($flightProduct->price_ttc, 'MU');
181		$pu_ht_devise = price2num($flightProduct->price, 'MU');
182
183		$discount = $this->computeDiscounts($flightProduct, $flight);
184
185		if (!is_numeric($flight->nbrPax)) {
186		throw new \InvalidArgumentException(sprintf('%s is not a number', $flight->nbrPax));
187		}
188
189		$result = $facture->addline(
190		$flight->getDescription(),
191		$pu_ht,
192		$flight->nbrPax,
193		$flightProduct->tva_tx,
194		$localtax1_tx,
195		$localtax2_tx,
196		$flightProduct->id,
197		$discount,
198		$flight->date,
199		$flight->date,
200		0,
201		0,
202		'',
203		'TTC',
204		$pu_ttc,
205		Facture::TYPE_STANDARD,
206		-1,
207		0,
208		'',
209		0,
210		0,
211		'',
212		'',
213		$flightProduct->label,
214		[],
215		100,
216		'',
217		0,
218		$pu_ht_devise
219		);
220
221		if ($result <= 0) {
222		throw new \InvalidArgumentException('Error during order line creation');
223		}
224		}
225
226		/**
227		* @param Bbcvols $flight
228		*/
229		protected function flagFlightAsBilled($flight)
230		{
231		$flight->is_facture = true;
232		$flight->update($this->user);
233		}
234
235		/**
236		* @return int
237		*/
238		protected function getModelDocument()
239		{
240		return $this->conf->FACTURE_ADDON_PDF;
241		}
242		}

laudeco / bbc-dolibarr-flightlog

Issues (188)

Security Analysis not enabled

command/AbstractBillCommandHandler.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like