Issues in AbstractElement.php (master) - Issues in master - ngtfkx/laradeck-form-builder - Measure and Improve Code Quality continuously with Scrutinizer

Issues (9)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Elements/AbstractElement.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Ngtfkx\Laradeck\FormBuilder\Elements;


use Illuminate\Support\Collection;
use Ngtfkx\Laradeck\FormBuilder\Providers\AbstractProvider;
use Ngtfkx\Laradeck\FormBuilder\Render;

abstract class AbstractElement
{
    /**
     * @var Collection|iterable $classes Коллекция классом элемента
     */
    public $classes;

    /**
     * @var Collection|iterable $attributes Коллекция дополнительных атрибутов элемента
     */
    public $attributes;

    /**
     * @var Collection|iterable $styles Коллекция inline-стилей элемента
     */
    public $styles;

    /**
     * @var string $value Значение элемента
     */
    public $value;

    /**
     * @var string $tag Тег элемента
     */
    protected $tag;

    /**
     * @var Collection|iterable $parts Набор атрибутов для генерации html-кода элементов
     */
    public $parts;

    /**
     * @var string $label
     */
    public $label;

    /**
     * @var string $help
     */
    public $help;

    /**
     * @var AbstractProvider
     */
    public $layout;

    public $onlyTagRender = false;

    /**
     * Генерировать значение атрибутом
     *
     * @var bool
     */
    protected $valueAsAttribute = true;

    /**
     * @return void
     */
    abstract public function tag();

    public function __construct()
    {
        $this->classes = new Collection();

        $this->attributes = new Collection();

        $this->styles = new Collection();

        $this->parts = new Collection();

        $this->tag();
    }

    public function layout(?AbstractProvider $layout): self
    {
        $this->layout = $layout;

        return $this;
    }

    /**
     * Сеттер значения лейбла для элемента
     *
     * @param string|null $value
     * @return AbstractElement
     */
    public function label(?string $value): self
    {
        $this->label = $value;

        return $this;
    }

    /**
     * Сеттер значения подсказки для элемента
     *
     * @param string|null $value
     * @return AbstractElement
     */
    public function help(?string $value): self
    {
        $this->help = $value;

        return $this;
    }

    /**
     * Сеттер значения элемента
     *
     * @param string|null $value
     * @return AbstractElement
     */
    public function value(?string $value): self
    {
        $this->value = $value;

        return $this;
    }

    /**
     * Сеттер атрибута id элемента
     *
     * @param string|null $value
     * @return AbstractElement
     */
    public function id(?string $value): self
    {
        $this->attr('id', $value);

        return $this;
    }

    /**
     * Сеттер атрибута name элемента
     *
     * @param string|null $value
     * @return AbstractElement
     */
    public function name(?string $value): self
    {
        $this->attr('name', $value);

        return $this;
    }

    /**
     * Добавить элементу один или несколько классов
     *
     * @param array ...$classes
     * @return AbstractElement
     */
    public function class(...$classes): self

    {
        $this->classes($classes);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);

        return $this;
class A {
    var $property;
}
    }

    /**
     *  Добавить элементу один или несколько классов из массива
     *
     * @param iterable $classes
     * @return AbstractElement
     */
    public function classes(iterable $classes): self
    {
        foreach ($classes as $class) {
            if (!$this->classes->contains($class)) {
                $this->classes->push($class);
            }
        }

        return $this;
    }

    /**
     * Добавить к элементу один или несколько inline-стилей
     *
     * @param string $key
     * @param string|null $value
     * @return AbstractElement
     */
    public function style(string $key, string $value = null): self
    {
        if (empty($value)) {
            $pos = strpos($key, ':', 2);
            if ($pos !== false) {
                $parts = explode(':', strrev($key));
                $key = strrev($parts[1]);
                $value = strrev($parts[0]);
            }
        }

        if ($key && $value) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            $this->styles->put($key, $value);
        }

        return $this;
    }

    /**
     * Добавить к элементу один или несколько inline-стилей из массива
     *
     * @param iterable $styles
     * @return AbstractElement
     */
    public function styles(iterable $styles): self
    {
        foreach ($styles as $key => $value) {
            $this->styles->put($key, $value);
        }

        return $this;
    }

    /**
     * Добавить аттрибут к элементу
     *
     * @param string $key
     * @param string|null $value
     * @return AbstractElement
     */
    public function attr(string $key, $value = null): self
    {
        $this->attributes->put($key, $value);

        return $this;
    }

    /**
     * Добавить один или несколько атрибутов из массива к элементу
     *
     * @param iterable $attributes
     * @return AbstractElement
     */
    public function attrs(iterable $attributes): self
    {
        foreach ($attributes as $key => $value) {
            if ($key === 'class') {
                $this->class($value);
            } else if ($key === 'style') {
                $this->style($value);
            } else {
                $this->attributes->put($key, $value);
            }
        }

        return $this;
    }

    /**
     * Очистить классы элемента
     *
     * @return AbstractElement
     */
    public function clearClasses(): self
    {
        $this->classes = new Collection();

        return $this;
    }

    /**
     * Очистить классы стили
     *
     * @return AbstractElement
     */
    public function clearStyles(): self
    {
        $this->styles = new Collection();

        return $this;
    }

    /**
     * Очистить классы атрибуты
     *
     * @return AbstractElement
     */
    public function clearAttributes(): self
    {
        $this->attributes = new Collection();

        return $this;
    }

    public function getTagHtml()
    {
        return '<' . $this->tag . '**attributes**>';
    }

    public function beforeCommonPrepareToRender(): void
    {
        if ($this->valueAsAttribute) {
            $this->parts['value'] = $this->value;
        }

        $elementName = $this->getLowerClassName();

        if (is_null($this->layout) === false && $elementName && !in_array($elementName, $this->layout->skipCommonClassesForElements)) {
            $this->class($this->layout->getCommonClasses());
        }

        if (is_null($this->layout) === false && $this->layout->getElementClasses($elementName)) {
            $this->class($this->layout->getElementClasses($elementName));
        }
    }

    public function beforeElementPrepareToRender(): void
    {

    }

    public function afterCommonPrepareToRender(): void
    {
        /**
         * Если не задан id, то сгенерируем случайный
         */
        if ($this->parts->has('id') === false) {
            $this->parts->put('id', str_random(20));
        }
    }

    public function afterElementPrepareToRender(): void
    {

    }

    public function getLowerClassName(): string
    {
        return strtolower($this->getClassName());
    }

    public function getClassName(): string
    {
        return class_basename($this);
    }

    /**
     * Преобразовать в строку для вывода в HTML
     *
     * @return string
     */
    public function __toString(): string
    {
        return new Render($this);
    }

    protected function addAttrAs(...$names): self
    {
        foreach ($names as $name) {
            if (!empty($this->$name)) {
                $this->parts[$name] = $name;
            }
        }

        return $this;
    }
}

1			<?php
2
3			namespace Ngtfkx\Laradeck\FormBuilder\Elements;
4
5
6			use Illuminate\Support\Collection;
7			use Ngtfkx\Laradeck\FormBuilder\Providers\AbstractProvider;
8			use Ngtfkx\Laradeck\FormBuilder\Render;
9
10			abstract class AbstractElement
11			{
12			/**
13			* @var Collection\|iterable $classes Коллекция классом элемента
14			*/
15			public $classes;
16
17			/**
18			* @var Collection\|iterable $attributes Коллекция дополнительных атрибутов элемента
19			*/
20			public $attributes;
21
22			/**
23			* @var Collection\|iterable $styles Коллекция inline-стилей элемента
24			*/
25			public $styles;
26
27			/**
28			* @var string $value Значение элемента
29			*/
30			public $value;
31
32			/**
33			* @var string $tag Тег элемента
34			*/
35			protected $tag;
36
37			/**
38			* @var Collection\|iterable $parts Набор атрибутов для генерации html-кода элементов
39			*/
40			public $parts;
41
42			/**
43			* @var string $label
44			*/
45			public $label;
46
47			/**
48			* @var string $help
49			*/
50			public $help;
51
52			/**
53			* @var AbstractProvider
54			*/
55			public $layout;
56
57			public $onlyTagRender = false;
58
59			/**
60			* Генерировать значение атрибутом
61			*
62			* @var bool
63			*/
64			protected $valueAsAttribute = true;
65
66			/**
67			* @return void
68			*/
69			abstract public function tag();
70
71			public function __construct()
72			{
73			$this->classes = new Collection();
74
75			$this->attributes = new Collection();
76
77			$this->styles = new Collection();
78
79			$this->parts = new Collection();
80
81			$this->tag();
82			}
83
84			public function layout(?AbstractProvider $layout): self
85			{
86			$this->layout = $layout;
87
88			return $this;
89			}
90
91			/**
92			* Сеттер значения лейбла для элемента
93			*
94			* @param string\|null $value
95			* @return AbstractElement
96			*/
97			public function label(?string $value): self
98			{
99			$this->label = $value;
100
101			return $this;
102			}
103
104			/**
105			* Сеттер значения подсказки для элемента
106			*
107			* @param string\|null $value
108			* @return AbstractElement
109			*/
110			public function help(?string $value): self
111			{
112			$this->help = $value;
113
114			return $this;
115			}
116
117			/**
118			* Сеттер значения элемента
119			*
120			* @param string\|null $value
121			* @return AbstractElement
122			*/
123			public function value(?string $value): self
124			{
125			$this->value = $value;
126
127			return $this;
128			}
129
130			/**
131			* Сеттер атрибута id элемента
132			*
133			* @param string\|null $value
134			* @return AbstractElement
135			*/
136			public function id(?string $value): self
137			{
138			$this->attr('id', $value);
139
140			return $this;
141			}
142
143			/**
144			* Сеттер атрибута name элемента
145			*
146			* @param string\|null $value
147			* @return AbstractElement
148			*/
149			public function name(?string $value): self
150			{
151			$this->attr('name', $value);
152
153			return $this;
154			}
155
156			/**
157			* Добавить элементу один или несколько классов
158			*
159			* @param array ...$classes
160			* @return AbstractElement
161			*/
162			public function class(...$classes): self
			0 ignored issues – show Coding Style introduced 2017-08-29 10:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this Possible parse error: non-abstract method defined as abstract Loading history... Coding Style introduced 2017-08-29 10:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally advisable to only define one property per statement. Only declaring a single property per statement allows you to later on add doc comments more easily. It is also recommended by PSR2, so it is a common style that many people expect. Loading history...
163			{
164			$this->classes($classes);
			0 ignored issues – show Documentation introduced 2017-08-29 13:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$classes` is of type `array<integer,array>`, but the function expects a `object<Ngtfkx\Laradeck\F...lder\Elements\iterable>`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
165
166			return $this;
			0 ignored issues – show Coding Style introduced 2017-08-29 10:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this The visibility should be declared for property `$this`. The PSR-2 coding standard requires that all properties in a class have their visibility explicitly declared. If you declare a property using class A { var $property; } the property is implicitly global. To learn more about the PSR-2, please see the PHP-FIG site on the PSR-2. Loading history...
167			}
168
169			/**
170			* Добавить элементу один или несколько классов из массива
171			*
172			* @param iterable $classes
173			* @return AbstractElement
174			*/
175			public function classes(iterable $classes): self
176			{
177			foreach ($classes as $class) {
178			if (!$this->classes->contains($class)) {
179			$this->classes->push($class);
180			}
181			}
182
183			return $this;
184			}
185
186			/**
187			* Добавить к элементу один или несколько inline-стилей
188			*
189			* @param string $key
190			* @param string\|null $value
191			* @return AbstractElement
192			*/
193			public function style(string $key, string $value = null): self
194			{
195			if (empty($value)) {
196			$pos = strpos($key, ':', 2);
197			if ($pos !== false) {
198			$parts = explode(':', strrev($key));
199			$key = strrev($parts[1]);
200			$value = strrev($parts[0]);
201			}
202			}
203
204			if ($key && $value) {
			0 ignored issues – show Bug Best Practice introduced 2017-08-29 08:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$value` of type `null\|string` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
205			$this->styles->put($key, $value);
206			}
207
208			return $this;
209			}
210
211			/**
212			* Добавить к элементу один или несколько inline-стилей из массива
213			*
214			* @param iterable $styles
215			* @return AbstractElement
216			*/
217			public function styles(iterable $styles): self
218			{
219			foreach ($styles as $key => $value) {
220			$this->styles->put($key, $value);
221			}
222
223			return $this;
224			}
225
226			/**
227			* Добавить аттрибут к элементу
228			*
229			* @param string $key
230			* @param string\|null $value
231			* @return AbstractElement
232			*/
233			public function attr(string $key, $value = null): self
234			{
235			$this->attributes->put($key, $value);
236
237			return $this;
238			}
239
240			/**
241			* Добавить один или несколько атрибутов из массива к элементу
242			*
243			* @param iterable $attributes
244			* @return AbstractElement
245			*/
246			public function attrs(iterable $attributes): self
247			{
248			foreach ($attributes as $key => $value) {
249			if ($key === 'class') {
250			$this->class($value);
251			} else if ($key === 'style') {
252			$this->style($value);
253			} else {
254			$this->attributes->put($key, $value);
255			}
256			}
257
258			return $this;
259			}
260
261			/**
262			* Очистить классы элемента
263			*
264			* @return AbstractElement
265			*/
266			public function clearClasses(): self
267			{
268			$this->classes = new Collection();
269
270			return $this;
271			}
272
273			/**
274			* Очистить классы стили
275			*
276			* @return AbstractElement
277			*/
278			public function clearStyles(): self
279			{
280			$this->styles = new Collection();
281
282			return $this;
283			}
284
285			/**
286			* Очистить классы атрибуты
287			*
288			* @return AbstractElement
289			*/
290			public function clearAttributes(): self
291			{
292			$this->attributes = new Collection();
293
294			return $this;
295			}
296
297			public function getTagHtml()
298			{
299			return '<' . $this->tag . 'attributes>';
300			}
301
302			public function beforeCommonPrepareToRender(): void
303			{
304			if ($this->valueAsAttribute) {
305			$this->parts['value'] = $this->value;
306			}
307
308			$elementName = $this->getLowerClassName();
309
310			if (is_null($this->layout) === false && $elementName && !in_array($elementName, $this->layout->skipCommonClassesForElements)) {
311			$this->class($this->layout->getCommonClasses());
312			}
313
314			if (is_null($this->layout) === false && $this->layout->getElementClasses($elementName)) {
315			$this->class($this->layout->getElementClasses($elementName));
316			}
317			}
318
319			public function beforeElementPrepareToRender(): void
320			{
321
322			}
323
324			public function afterCommonPrepareToRender(): void
325			{
326			/**
327			* Если не задан id, то сгенерируем случайный
328			*/
329			if ($this->parts->has('id') === false) {
330			$this->parts->put('id', str_random(20));
331			}
332			}
333
334			public function afterElementPrepareToRender(): void
335			{
336
337			}
338
339			public function getLowerClassName(): string
340			{
341			return strtolower($this->getClassName());
342			}
343
344			public function getClassName(): string
345			{
346			return class_basename($this);
347			}
348
349			/**
350			* Преобразовать в строку для вывода в HTML
351			*
352			* @return string
353			*/
354			public function __toString(): string
355			{
356			return new Render($this);
357			}
358
359			protected function addAttrAs(...$names): self
360			{
361			foreach ($names as $name) {
362			if (!empty($this->$name)) {
363			$this->parts[$name] = $name;
364			}
365			}
366
367			return $this;
368			}
369			}

ngtfkx / laradeck-form-builder

Issues (9)

Security Analysis no request data

src/Elements/AbstractElement.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like