Issues in PaymentController.php (master) - Issues in master - loevgaard/dandomain-altapay-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (143)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Controller/PaymentController.php (3 issues)

Labels

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Loevgaard\DandomainAltapayBundle\Controller;

use Loevgaard\AltaPay;
use Loevgaard\Dandomain\Pay\Helper\ChecksumHelper;
use Loevgaard\DandomainAltapayBundle\Annotation\LogHttpTransaction;
use Loevgaard\DandomainAltapayBundle\Entity\Payment;
use Loevgaard\DandomainAltapayBundle\Event\PaymentCreated;
use Loevgaard\DandomainAltapayBundle\Exception\AltapayPaymentRequestException;
use Loevgaard\DandomainAltapayBundle\Exception\ChecksumMismatchException;
use Loevgaard\DandomainAltapayBundle\Exception\PaymentException;
use Loevgaard\DandomainAltapayBundle\Exception\TerminalNotFoundException;
use Loevgaard\DandomainAltapayBundle\Form\FilterPaymentType;
use Loevgaard\DandomainAltapayBundle\Handler\PaymentHandler;
use Loevgaard\DandomainAltapayBundle\PayloadGenerator\PaymentRequestPayloadGenerator;
use Loevgaard\DandomainAltapayBundle\PsrHttpMessage\DiactorosTrait;
use Loevgaard\DandomainAltapayBundle\Translation\TranslatorTrait;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
use Symfony\Bundle\FrameworkBundle\Controller\Controller;
use Symfony\Component\HttpFoundation\RedirectResponse;
use Symfony\Component\HttpFoundation\Request;
use Symfony\Component\HttpFoundation\Response;

/**
 * @Route("/payment")
 */
class PaymentController extends Controller
{
    use TranslatorTrait;
    use DiactorosTrait;

    /**
     * @Method("GET")
     * @Route("", name="loevgaard_dandomain_altapay_payment_index")
     *
     * @param Request $request
     *
     * @return Response
     */
    public function indexAction(Request $request)
    {
        $paymentRepository = $this->container->get('loevgaard_dandomain_altapay.payment_repository');

        $filterForm = $this->createForm(FilterPaymentType::class);

        /** @var Payment[] $payments */
        $payments = $paymentRepository->findAllWithPagingAndFilter($request->query->getInt('page', 1), 100, [
            'e.id' => 'desc'
        ], $filterForm, $request);

        return $this->render('@LoevgaardDandomainAltapay/payment/index.html.twig', [
            'payments' => $payments,
            'filter' => $filterForm->createView()
        ]);
    }

    /**
     * @Method("GET")
     * @Route("/{paymentId}/show", name="loevgaard_dandomain_altapay_payment_show", requirements={"paymentId" = "\d+"})
     *
     * @param int $paymentId
     *
     * @return Response
     */
    public function showAction(int $paymentId)
    {
        $payment = $this->getPaymentFromId($paymentId);
        if (!$payment) {
            throw $this->createNotFoundException('Payment with id `'.$paymentId.'` not found');
        }

        return $this->render('@LoevgaardDandomainAltapay/payment/show.html.twig', [
            'payment' => $payment,
        ]);
    }

    /**
     * Payment flow
     * 1. The Dandomain payment API POSTs to this page with the terminal slug in the URL
     * 2. After validating all input, we create a payment request to the Altapay API
     * 3. Finally we redirect the user to the URL given by the Altapay API.
     *
     * @Method("POST")
     * @Route("/{terminal}", name="loevgaard_dandomain_altapay_payment_new")
     *
     * @LogHttpTransaction()
     *
     * @param string  $terminal
     * @param Request $request
     *
     * @return RedirectResponse
     *
     * @throws PaymentException
     */
    public function newAction(string $terminal, Request $request)
    {
        $terminalRepository = $this->container->get('loevgaard_dandomain_altapay.terminal_repository');
        $paymentRepository = $this->container->get('loevgaard_dandomain_altapay.payment_repository');
        $eventRepository = $this->container->get('loevgaard_dandomain_altapay.event_repository');
        $translator = $this->getTranslator($this->container);

        $psrRequest = $this->createPsrRequest($request);
        /** @var Payment $paymentEntity */
        $paymentEntity = Payment::createFromRequest($psrRequest);

        $checksumHelper = new ChecksumHelper(
            $paymentEntity,
            $this->container->getParameter('loevgaard_dandomain_altapay.shared_key_1'),
            $this->container->getParameter('loevgaard_dandomain_altapay.shared_key_2')
        );

        $paymentRepository->save($paymentEntity);

        $event = $eventRepository->createFromDomainEvent(new PaymentCreated($paymentEntity));
        $eventRepository->save($event);

        $terminalEntity = $terminalRepository->findTerminalBySlug($terminal, true);
        if (!$terminalEntity) {
            throw TerminalNotFoundException::create($translator->trans('payment.exception.terminal_not_found', ['%terminal%' => $terminal], 'LoevgaardDandomainAltapayBundle'), $request, $paymentEntity);
        }

        if (!$checksumHelper->checksumMatches()) {
            throw ChecksumMismatchException::create($translator->trans('payment.exception.checksum_mismatch', [], 'LoevgaardDandomainAltapayBundle'), $request, $paymentEntity);
        }

        $paymentRequestPayloadGenerator = new PaymentRequestPayloadGenerator($this->container->get('router'), $paymentEntity, $terminalEntity, $paymentEntity, $checksumHelper, $this->container->getParameter('loevgaard_dandomain_altapay.cookie_payment_id'), $this->container->getParameter('loevgaard_dandomain_altapay.cookie_checksum_complete'));
        $paymentRequestPayload = $paymentRequestPayloadGenerator->generate();

        $altapay = $this->container->get('loevgaard_dandomain_altapay.altapay_client');
        $response = $altapay->createPaymentRequest($paymentRequestPayload);

        if (!$response->isSuccessful()) {
            throw AltapayPaymentRequestException::create($translator->trans('payment.exception.altapay_payment_request', ['%gateway_message%' => $response->getErrorMessage()], 'LoevgaardDandomainAltapayBundle'), $request, $paymentEntity);
        }

        return $this->redirect($response->getUrl());
    }

    /**
     * @Method("POST")
     * @Route("/bulk/capture", name="loevgaard_dandomain_altapay_payment_bulk_capture")
     *
     * @param Request $request
     *
     * @return RedirectResponse
     */
    public function bulkPaymentAction(Request $request)
    {
        $op = $request->request->getAlpha('bulkOperation');
        $paymentRepository = $this->container->get('loevgaard_dandomain_altapay.payment_repository');
        $payments = $paymentRepository->findByIds($request->request->get('payments', []));

        if($op === 'capture') {
            $paymentHandler = $this->getPaymentHandler();
            $paymentHandler->bulkCapture($payments);

            $this->addFlash('success', 'All payments were captured'); // @todo fix translation
        }

        $referrer = $request->headers->get('referer');
        if($referrer) {
            return $this->redirect($referrer);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
        }

        return $this->redirectToRoute('loevgaard_dandomain_altapay_payment_index');
    }

    /**
     * @Method("GET")
     * @Route("/{paymentId}/capture", name="loevgaard_dandomain_altapay_payment_capture", requirements={"paymentId" = "\d+"})
     *
     * @param int     $paymentId
     * @param Request $request
     *
     * @return RedirectResponse
     */
    public function captureAction(int $paymentId, Request $request)
    {
        $payment = $this->getPaymentFromId($paymentId);

        if ($payment) {
            $paymentHandler = $this->getPaymentHandler();

            $amount = $request->query->get('amount');
            if($amount) {
                $amount = AltaPay\createMoneyFromFloat($payment->getCurrencySymbol(), $amount);
            }

            $res = $paymentHandler->capture($payment, $amount);

            if ($res->isSuccessful()) {
                $this->addFlash('success', 'The payment for order '.$payment->getOrderId().' was captured.'); // @todo fix translation
            } else {
                $this->addFlash('danger', 'An error occurred during capture of the payment: '.$res->getErrorMessage()); // @todo fix translation
            }
        }

        $redirect = $request->headers->get('referer') ? $request->headers->get('referer') : $this->generateUrl('loevgaard_dandomain_altapay_payment_index');

        return $this->redirect($redirect);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
    }

    /**
     * @Method({"POST", "GET"})
     * @Route("/{paymentId}/refund", name="loevgaard_dandomain_altapay_payment_refund", requirements={"paymentId" = "\d+"})
     *
     * @param int     $paymentId
     * @param Request $request
     *
     * @return RedirectResponse
     */
    public function refundAction(int $paymentId, Request $request)
    {
        $payment = $this->getPaymentFromId($paymentId);

        if ($payment) {
            $paymentHandler = $this->getPaymentHandler();

            $amount = $request->query->get('amount');
            if ($amount) {
                $amount = AltaPay\createMoneyFromFloat($payment->getCurrencySymbol(), $amount);
            }

            $res = $paymentHandler->refund($payment, $amount);

            if ($res->isSuccessful()) {
                $this->addFlash('success', 'The payment for order '.$payment->getOrderId().' was refunded.'); // @todo fix translation
            } else {
                $this->addFlash('danger', 'An error occurred during refund of the payment: '.$res->getErrorMessage()); // @todo fix translation
            }
        }

        $redirect = $request->headers->get('referer') ?: $this->generateUrl('loevgaard_dandomain_altapay_payment_index');

        return $this->redirect($redirect);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
    }

    /**
     * @Method("GET")
     * @Route("/{paymentId}/redirectToAltapay", name="loevgaard_dandomain_altapay_redirect_to_altapay_payment", requirements={"paymentId" = "\d+"})
     *
     * @param int $paymentId
     *
     * @return RedirectResponse
     */
    public function redirectToAltapayPaymentAction(int $paymentId)
    {
        $payment = $this->getPaymentFromId($paymentId);

        $url = $this->getParameter('loevgaard_dandomain_altapay.altapay_url').'/merchant/transactions/paymentDetails/'.$payment->getAltapayId();

        return $this->redirect($url);
    }

    /**
     * @param int $paymentId
     *
     * @return Payment
     */
    private function getPaymentFromId(int $paymentId): Payment
    {
        $paymentRepository = $this->get('loevgaard_dandomain_altapay.payment_repository');

        /** @var Payment $payment */
        $payment = $paymentRepository->find($paymentId);

        if (!$payment) {
            throw $this->createNotFoundException('Payment with id `'.$paymentId.'` not found');
        }

        return $payment;
    }

    /**
     * @return PaymentHandler
     */
    private function getPaymentHandler(): PaymentHandler
    {
        return $this->get('loevgaard_dandomain_altapay.payment_handler');
    }
}


1		<?php
2
3		namespace Loevgaard\DandomainAltapayBundle\Controller;
4
5		use Loevgaard\AltaPay;
6		use Loevgaard\Dandomain\Pay\Helper\ChecksumHelper;
7		use Loevgaard\DandomainAltapayBundle\Annotation\LogHttpTransaction;
8		use Loevgaard\DandomainAltapayBundle\Entity\Payment;
9		use Loevgaard\DandomainAltapayBundle\Event\PaymentCreated;
10		use Loevgaard\DandomainAltapayBundle\Exception\AltapayPaymentRequestException;
11		use Loevgaard\DandomainAltapayBundle\Exception\ChecksumMismatchException;
12		use Loevgaard\DandomainAltapayBundle\Exception\PaymentException;
13		use Loevgaard\DandomainAltapayBundle\Exception\TerminalNotFoundException;
14		use Loevgaard\DandomainAltapayBundle\Form\FilterPaymentType;
15		use Loevgaard\DandomainAltapayBundle\Handler\PaymentHandler;
16		use Loevgaard\DandomainAltapayBundle\PayloadGenerator\PaymentRequestPayloadGenerator;
17		use Loevgaard\DandomainAltapayBundle\PsrHttpMessage\DiactorosTrait;
18		use Loevgaard\DandomainAltapayBundle\Translation\TranslatorTrait;
19		use Sensio\Bundle\FrameworkExtraBundle\Configuration\Method;
20		use Sensio\Bundle\FrameworkExtraBundle\Configuration\Route;
21		use Symfony\Bundle\FrameworkBundle\Controller\Controller;
22		use Symfony\Component\HttpFoundation\RedirectResponse;
23		use Symfony\Component\HttpFoundation\Request;
24		use Symfony\Component\HttpFoundation\Response;
25
26		/**
27		* @Route("/payment")
28		*/
29		class PaymentController extends Controller
30		{
31		use TranslatorTrait;
32		use DiactorosTrait;
33
34		/**
35		* @Method("GET")
36		* @Route("", name="loevgaard_dandomain_altapay_payment_index")
37		*
38		* @param Request $request
39		*
40		* @return Response
41		*/
42		public function indexAction(Request $request)
43		{
44		$paymentRepository = $this->container->get('loevgaard_dandomain_altapay.payment_repository');
45
46		$filterForm = $this->createForm(FilterPaymentType::class);
47
48		/** @var Payment[] $payments */
49		$payments = $paymentRepository->findAllWithPagingAndFilter($request->query->getInt('page', 1), 100, [
50		'e.id' => 'desc'
51		], $filterForm, $request);
52
53		return $this->render('@LoevgaardDandomainAltapay/payment/index.html.twig', [
54		'payments' => $payments,
55		'filter' => $filterForm->createView()
56		]);
57		}
58
59		/**
60		* @Method("GET")
61		* @Route("/{paymentId}/show", name="loevgaard_dandomain_altapay_payment_show", requirements={"paymentId" = "\d+"})
62		*
63		* @param int $paymentId
64		*
65		* @return Response
66		*/
67		public function showAction(int $paymentId)
68		{
69		$payment = $this->getPaymentFromId($paymentId);
70		if (!$payment) {
71		throw $this->createNotFoundException('Payment with id `'.$paymentId.'` not found');
72		}
73
74		return $this->render('@LoevgaardDandomainAltapay/payment/show.html.twig', [
75		'payment' => $payment,
76		]);
77		}
78
79		/**
80		* Payment flow
81		* 1. The Dandomain payment API POSTs to this page with the terminal slug in the URL
82		* 2. After validating all input, we create a payment request to the Altapay API
83		* 3. Finally we redirect the user to the URL given by the Altapay API.
84		*
85		* @Method("POST")
86		* @Route("/{terminal}", name="loevgaard_dandomain_altapay_payment_new")
87		*
88		* @LogHttpTransaction()
89		*
90		* @param string $terminal
91		* @param Request $request
92		*
93		* @return RedirectResponse
94		*
95		* @throws PaymentException
96		*/
97		public function newAction(string $terminal, Request $request)
98		{
99		$terminalRepository = $this->container->get('loevgaard_dandomain_altapay.terminal_repository');
100		$paymentRepository = $this->container->get('loevgaard_dandomain_altapay.payment_repository');
101		$eventRepository = $this->container->get('loevgaard_dandomain_altapay.event_repository');
102		$translator = $this->getTranslator($this->container);
103
104		$psrRequest = $this->createPsrRequest($request);
105		/** @var Payment $paymentEntity */
106		$paymentEntity = Payment::createFromRequest($psrRequest);
107
108		$checksumHelper = new ChecksumHelper(
109		$paymentEntity,
110		$this->container->getParameter('loevgaard_dandomain_altapay.shared_key_1'),
111		$this->container->getParameter('loevgaard_dandomain_altapay.shared_key_2')
112		);
113
114		$paymentRepository->save($paymentEntity);
115
116		$event = $eventRepository->createFromDomainEvent(new PaymentCreated($paymentEntity));
117		$eventRepository->save($event);
118
119		$terminalEntity = $terminalRepository->findTerminalBySlug($terminal, true);
120		if (!$terminalEntity) {
121		throw TerminalNotFoundException::create($translator->trans('payment.exception.terminal_not_found', ['%terminal%' => $terminal], 'LoevgaardDandomainAltapayBundle'), $request, $paymentEntity);
122		}
123
124		if (!$checksumHelper->checksumMatches()) {
125		throw ChecksumMismatchException::create($translator->trans('payment.exception.checksum_mismatch', [], 'LoevgaardDandomainAltapayBundle'), $request, $paymentEntity);
126		}
127
128		$paymentRequestPayloadGenerator = new PaymentRequestPayloadGenerator($this->container->get('router'), $paymentEntity, $terminalEntity, $paymentEntity, $checksumHelper, $this->container->getParameter('loevgaard_dandomain_altapay.cookie_payment_id'), $this->container->getParameter('loevgaard_dandomain_altapay.cookie_checksum_complete'));
129		$paymentRequestPayload = $paymentRequestPayloadGenerator->generate();
130
131		$altapay = $this->container->get('loevgaard_dandomain_altapay.altapay_client');
132		$response = $altapay->createPaymentRequest($paymentRequestPayload);
133
134		if (!$response->isSuccessful()) {
135		throw AltapayPaymentRequestException::create($translator->trans('payment.exception.altapay_payment_request', ['%gateway_message%' => $response->getErrorMessage()], 'LoevgaardDandomainAltapayBundle'), $request, $paymentEntity);
136		}
137
138		return $this->redirect($response->getUrl());
139		}
140
141		/**
142		* @Method("POST")
143		* @Route("/bulk/capture", name="loevgaard_dandomain_altapay_payment_bulk_capture")
144		*
145		* @param Request $request
146		*
147		* @return RedirectResponse
148		*/
149		public function bulkPaymentAction(Request $request)
150		{
151		$op = $request->request->getAlpha('bulkOperation');
152		$paymentRepository = $this->container->get('loevgaard_dandomain_altapay.payment_repository');
153		$payments = $paymentRepository->findByIds($request->request->get('payments', []));
154
155		if($op === 'capture') {
156		$paymentHandler = $this->getPaymentHandler();
157		$paymentHandler->bulkCapture($payments);
158
159		$this->addFlash('success', 'All payments were captured'); // @todo fix translation
160		}
161
162		$referrer = $request->headers->get('referer');
163		if($referrer) {
164		return $this->redirect($referrer);
		0 ignored issues – show Bug introduced 2017-12-13 07:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$referrer` defined by `$request->headers->get('referer')` on line `162` can also be of type `array`; however, `Symfony\Bundle\Framework...rollerTrait::redirect()` does only seem to accept `string`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
165		}
166
167		return $this->redirectToRoute('loevgaard_dandomain_altapay_payment_index');
168		}
169
170		/**
171		* @Method("GET")
172		* @Route("/{paymentId}/capture", name="loevgaard_dandomain_altapay_payment_capture", requirements={"paymentId" = "\d+"})
173		*
174		* @param int $paymentId
175		* @param Request $request
176		*
177		* @return RedirectResponse
178		*/
179	View Code Duplication	public function captureAction(int $paymentId, Request $request)
180		{
181		$payment = $this->getPaymentFromId($paymentId);
182
183		if ($payment) {
184		$paymentHandler = $this->getPaymentHandler();
185
186		$amount = $request->query->get('amount');
187		if($amount) {
188		$amount = AltaPay\createMoneyFromFloat($payment->getCurrencySymbol(), $amount);
189		}
190
191		$res = $paymentHandler->capture($payment, $amount);
192
193		if ($res->isSuccessful()) {
194		$this->addFlash('success', 'The payment for order '.$payment->getOrderId().' was captured.'); // @todo fix translation
195		} else {
196		$this->addFlash('danger', 'An error occurred during capture of the payment: '.$res->getErrorMessage()); // @todo fix translation
197		}
198		}
199
200		$redirect = $request->headers->get('referer') ? $request->headers->get('referer') : $this->generateUrl('loevgaard_dandomain_altapay_payment_index');
201
202		return $this->redirect($redirect);
		0 ignored issues – show Bug introduced 2017-09-29 11:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$redirect` defined by `$request->headers->get('...altapay_payment_index')` on line `200` can also be of type `array`; however, `Symfony\Bundle\Framework...rollerTrait::redirect()` does only seem to accept `string`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
203		}
204
205		/**
206		* @Method({"POST", "GET"})
207		* @Route("/{paymentId}/refund", name="loevgaard_dandomain_altapay_payment_refund", requirements={"paymentId" = "\d+"})
208		*
209		* @param int $paymentId
210		* @param Request $request
211		*
212		* @return RedirectResponse
213		*/
214	View Code Duplication	public function refundAction(int $paymentId, Request $request)
215		{
216		$payment = $this->getPaymentFromId($paymentId);
217
218		if ($payment) {
219		$paymentHandler = $this->getPaymentHandler();
220
221		$amount = $request->query->get('amount');
222		if ($amount) {
223		$amount = AltaPay\createMoneyFromFloat($payment->getCurrencySymbol(), $amount);
224		}
225
226		$res = $paymentHandler->refund($payment, $amount);
227
228		if ($res->isSuccessful()) {
229		$this->addFlash('success', 'The payment for order '.$payment->getOrderId().' was refunded.'); // @todo fix translation
230		} else {
231		$this->addFlash('danger', 'An error occurred during refund of the payment: '.$res->getErrorMessage()); // @todo fix translation
232		}
233		}
234
235		$redirect = $request->headers->get('referer') ?: $this->generateUrl('loevgaard_dandomain_altapay_payment_index');
236
237		return $this->redirect($redirect);
		0 ignored issues – show Bug introduced 2017-10-10 14:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$redirect` defined by `$request->headers->get('...altapay_payment_index')` on line `235` can also be of type `array`; however, `Symfony\Bundle\Framework...rollerTrait::redirect()` does only seem to accept `string`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
238		}
239
240		/**
241		* @Method("GET")
242		* @Route("/{paymentId}/redirectToAltapay", name="loevgaard_dandomain_altapay_redirect_to_altapay_payment", requirements={"paymentId" = "\d+"})
243		*
244		* @param int $paymentId
245		*
246		* @return RedirectResponse
247		*/
248		public function redirectToAltapayPaymentAction(int $paymentId)
249		{
250		$payment = $this->getPaymentFromId($paymentId);
251
252		$url = $this->getParameter('loevgaard_dandomain_altapay.altapay_url').'/merchant/transactions/paymentDetails/'.$payment->getAltapayId();
253
254		return $this->redirect($url);
255		}
256
257		/**
258		* @param int $paymentId
259		*
260		* @return Payment
261		*/
262	View Code Duplication	private function getPaymentFromId(int $paymentId): Payment
263		{
264		$paymentRepository = $this->get('loevgaard_dandomain_altapay.payment_repository');
265
266		/** @var Payment $payment */
267		$payment = $paymentRepository->find($paymentId);
268
269		if (!$payment) {
270		throw $this->createNotFoundException('Payment with id `'.$paymentId.'` not found');
271		}
272
273		return $payment;
274		}
275
276		/**
277		* @return PaymentHandler
278		*/
279		private function getPaymentHandler(): PaymentHandler
280		{
281		return $this->get('loevgaard_dandomain_altapay.payment_handler');
282		}
283		}
284

loevgaard / dandomain-altapay-bundle

Issues (143)

Security Analysis not enabled

Controller/PaymentController.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like