Issues in AbstractController.php - New Issues - Inspection of "Merge pull request #1450 from nanasess/improve/Csv..." - nanasess/ec-cube - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Push — master ( 29b6b8...0096af )

by Kentaro

created 2016-02-09 02:07 UTC

src/Eccube/Controller/AbstractController.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
 * This file is part of EC-CUBE
 *
 * Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved.
 *
 * http://www.lockon.co.jp/
 *
 * This program is free software; you can redistribute it and/or
 * modify it under the terms of the GNU General Public License
 * as published by the Free Software Foundation; either version 2
 * of the License, or (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA  02111-1307, USA.
 */


namespace Eccube\Controller;

use Eccube\Application;
use Eccube\Common\Constant;
use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
use Symfony\Component\Security\Csrf\CsrfToken;

class AbstractController
{
    public function __construct()
    {
    }

    /**
     * getBoundForm
     * 
     * @deprecated 
     */
    protected function getBoundForm(Application $app, $type)
    {
        @trigger_error('The '.__METHOD__.' method is deprecated.', E_USER_DEPRECATED);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

        $form = $app['form.factory']
            ->createBuilder($app['eccube.form.type.' . $type], $app['eccube.entity.' . $type])
            ->getForm();
        $form->handleRequest($app['request']);

        return $form;
    }

    protected function getSecurity($app)
    {
        return $app['security.token_storage'];
    }

    protected function isTokenValid($app)
    {
        $csrf = $app['form.csrf_provider'];
        $name = Constant::TOKEN_NAME;

        if (!$csrf->isTokenValid(new CsrfToken($name, $app['request']->request->get($name)))) {
            throw new AccessDeniedHttpException('CSRF token is invalid.');
        }

        return true;
    }

}


1		<?php
2		/*
3		* This file is part of EC-CUBE
4		*
5		* Copyright(c) 2000-2015 LOCKON CO.,LTD. All Rights Reserved.
6		*
7		* http://www.lockon.co.jp/
8		*
9		* This program is free software; you can redistribute it and/or
10		* modify it under the terms of the GNU General Public License
11		* as published by the Free Software Foundation; either version 2
12		* of the License, or (at your option) any later version.
13		*
14		* This program is distributed in the hope that it will be useful,
15		* but WITHOUT ANY WARRANTY; without even the implied warranty of
16		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17		* GNU General Public License for more details.
18		*
19		* You should have received a copy of the GNU General Public License
20		* along with this program; if not, write to the Free Software
21		* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
22		*/
23
24
25		namespace Eccube\Controller;
26
27		use Eccube\Application;
28		use Eccube\Common\Constant;
29		use Symfony\Component\HttpKernel\Exception\AccessDeniedHttpException;
30		use Symfony\Component\Security\Csrf\CsrfToken;
31
32		class AbstractController
33		{
34	119	public function __construct()
35		{
36	119	}
37
38		/**
39		* getBoundForm
40		*
41		* @deprecated
42		*/
43		protected function getBoundForm(Application $app, $type)
44		{
45		@trigger_error('The '.__METHOD__.' method is deprecated.', E_USER_DEPRECATED);
		0 ignored issues – show Security Best Practice introduced 2016-02-04 10:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
46
47		$form = $app['form.factory']
48		->createBuilder($app['eccube.form.type.' . $type], $app['eccube.entity.' . $type])
49		->getForm();
50		$form->handleRequest($app['request']);
51
52		return $form;
53		}
54
55		protected function getSecurity($app)
56		{
57		return $app['security.token_storage'];
58		}
59
60	24	protected function isTokenValid($app)
61		{
62		$csrf = $app['form.csrf_provider'];
63	24	$name = Constant::TOKEN_NAME;
64
65		if (!$csrf->isTokenValid(new CsrfToken($name, $app['request']->request->get($name)))) {
66		throw new AccessDeniedHttpException('CSRF token is invalid.');
67		}
68
69	24	return true;
70		}
71
72		}
73

nanasess / ec-cube

Push — master ( 29b6b8...0096af )

src/Eccube/Controller/AbstractController.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like