This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /** |
||
4 | * Doctrine ORM |
||
5 | * |
||
6 | * LICENSE |
||
7 | * |
||
8 | * This source file is subject to the new BSD license that is bundled |
||
9 | * with this package in the file LICENSE. This license can also be viewed |
||
10 | * at http://hobodave.com/license.txt |
||
11 | * |
||
12 | * @category DoctrineExtensions |
||
13 | * @package DoctrineExtensions\Paginate |
||
14 | * @author David Abdemoulaie <[email protected]> |
||
15 | * @copyright Copyright (c) 2010 David Abdemoulaie (http://hobodave.com/) |
||
16 | * @license http://hobodave.com/license.txt New BSD License |
||
17 | */ |
||
18 | |||
19 | namespace Eccube\Doctrine\ORM\Tools\Pagination; |
||
20 | |||
21 | use Doctrine\DBAL\Types\Type; |
||
22 | use Doctrine\ORM\Mapping\ClassMetadataInfo; |
||
23 | use Doctrine\ORM\ORMException; |
||
24 | use Doctrine\ORM\Query; |
||
25 | use Doctrine\ORM\Query\TreeWalkerAdapter; |
||
26 | use Doctrine\ORM\Query\AST\Functions\IdentityFunction; |
||
27 | use Doctrine\ORM\Query\AST\PathExpression; |
||
28 | use Doctrine\ORM\Query\AST\SelectExpression; |
||
29 | use Doctrine\ORM\Query\AST\SelectStatement; |
||
30 | |||
31 | /** |
||
32 | * Replaces the selectClause of the AST with a SELECT DISTINCT root.id equivalent. |
||
33 | * |
||
34 | * @category DoctrineExtensions |
||
35 | * @package DoctrineExtensions\Paginate |
||
36 | * @author David Abdemoulaie <[email protected]> |
||
37 | * @copyright Copyright (c) 2010 David Abdemoulaie (http://hobodave.com/) |
||
38 | * @license http://hobodave.com/license.txt New BSD License |
||
39 | */ |
||
40 | class LimitSubqueryWalker extends TreeWalkerAdapter |
||
41 | { |
||
42 | /** |
||
43 | * ID type hint. |
||
44 | */ |
||
45 | const IDENTIFIER_TYPE = 'doctrine_paginator.id.type'; |
||
46 | |||
47 | /** |
||
48 | * Counter for generating unique order column aliases. |
||
49 | * |
||
50 | * @var int |
||
51 | */ |
||
52 | private $_aliasCounter = 0; |
||
53 | |||
54 | /** |
||
55 | * Walks down a SelectStatement AST node, modifying it to retrieve DISTINCT ids |
||
56 | * of the root Entity. |
||
57 | * |
||
58 | * @param SelectStatement $AST |
||
59 | * |
||
60 | * @return void |
||
61 | * |
||
62 | * @throws \RuntimeException |
||
63 | */ |
||
64 | public function walkSelectStatement(SelectStatement $AST) |
||
65 | { |
||
66 | $queryComponents = $this->_getQueryComponents(); |
||
67 | // Get the root entity and alias from the AST fromClause |
||
68 | $from = $AST->fromClause->identificationVariableDeclarations; |
||
69 | $fromRoot = reset($from); |
||
70 | $rootAlias = $fromRoot->rangeVariableDeclaration->aliasIdentificationVariable; |
||
71 | $rootClass = $queryComponents[$rootAlias]['metadata']; |
||
72 | $selectExpressions = array(); |
||
73 | |||
74 | $this->validate($AST); |
||
75 | |||
76 | foreach ($queryComponents as $dqlAlias => $qComp) { |
||
77 | // Preserve mixed data in query for ordering. |
||
78 | if (isset($qComp['resultVariable'])) { |
||
79 | $selectExpressions[] = new SelectExpression($qComp['resultVariable'], $dqlAlias); |
||
80 | continue; |
||
81 | } |
||
82 | } |
||
83 | |||
84 | $identifier = $rootClass->getSingleIdentifierFieldName(); |
||
85 | |||
86 | if (isset($rootClass->associationMappings[$identifier])) { |
||
87 | throw new \RuntimeException("Paginating an entity with foreign key as identifier only works when using the Output Walkers. Call Paginator#setUseOutputWalkers(true) before iterating the paginator."); |
||
88 | } |
||
89 | |||
90 | $this->_getQuery()->setHint( |
||
91 | self::IDENTIFIER_TYPE, |
||
92 | Type::getType($rootClass->getTypeOfField($identifier)) |
||
93 | ); |
||
94 | |||
95 | $pathExpression = new PathExpression( |
||
96 | PathExpression::TYPE_STATE_FIELD | PathExpression::TYPE_SINGLE_VALUED_ASSOCIATION, |
||
97 | $rootAlias, |
||
98 | $identifier |
||
99 | ); |
||
100 | $pathExpression->type = PathExpression::TYPE_STATE_FIELD; |
||
101 | |||
102 | array_unshift($selectExpressions, new SelectExpression($pathExpression, '_dctrn_id')); |
||
103 | $AST->selectClause->selectExpressions = $selectExpressions; |
||
104 | |||
105 | if (isset($AST->orderByClause)) { |
||
106 | foreach ($AST->orderByClause->orderByItems as $item) { |
||
107 | if ( ! $item->expression instanceof PathExpression) { |
||
108 | continue; |
||
109 | } |
||
110 | |||
111 | $AST->selectClause->selectExpressions[] = new SelectExpression( |
||
112 | $this->createSelectExpressionItem($item->expression), |
||
113 | '_dctrn_ord' . $this->_aliasCounter++ |
||
114 | ); |
||
115 | } |
||
116 | } |
||
117 | |||
118 | $AST->selectClause->isDistinct = true; |
||
119 | } |
||
120 | |||
121 | /** |
||
122 | * Validate the AST to ensure that this walker is able to properly manipulate it. |
||
123 | * |
||
124 | * @param SelectStatement $AST |
||
125 | */ |
||
126 | private function validate(SelectStatement $AST) |
||
127 | { |
||
128 | // Prevent LimitSubqueryWalker from being used with queries that include |
||
129 | // a limit, a fetched to-many join, and an order by condition that |
||
130 | // references a column from the fetch joined table. |
||
131 | $queryComponents = $this->getQueryComponents(); |
||
132 | $query = $this->_getQuery(); |
||
133 | $from = $AST->fromClause->identificationVariableDeclarations; |
||
134 | $fromRoot = reset($from); |
||
135 | |||
136 | if ($query instanceof Query |
||
137 | && $query->getMaxResults() |
||
138 | && $AST->orderByClause |
||
139 | && count($fromRoot->joins)) { |
||
140 | // Check each orderby item. |
||
141 | // TODO: check complex orderby items too... |
||
142 | foreach ($AST->orderByClause->orderByItems as $orderByItem) { |
||
143 | $expression = $orderByItem->expression; |
||
144 | if ($orderByItem->expression instanceof PathExpression |
||
145 | && isset($queryComponents[$expression->identificationVariable])) { |
||
146 | $queryComponent = $queryComponents[$expression->identificationVariable]; |
||
147 | if (isset($queryComponent['parent']) |
||
148 | && $queryComponent['relation']['type'] & ClassMetadataInfo::TO_MANY) { |
||
149 | throw new \RuntimeException("Cannot select distinct identifiers from query with LIMIT and ORDER BY on a column from a fetch joined to-many association. Use output walkers."); |
||
150 | } |
||
151 | } |
||
152 | } |
||
153 | } |
||
154 | } |
||
155 | |||
156 | /** |
||
157 | * Retrieve either an IdentityFunction (IDENTITY(u.assoc)) or a state field (u.name). |
||
158 | * |
||
159 | * @param \Doctrine\ORM\Query\AST\PathExpression $pathExpression |
||
160 | * |
||
161 | * @return \Doctrine\ORM\Query\AST\Functions\IdentityFunction |
||
162 | */ |
||
163 | private function createSelectExpressionItem(PathExpression $pathExpression) |
||
164 | { |
||
165 | if ($pathExpression->type === PathExpression::TYPE_SINGLE_VALUED_ASSOCIATION) { |
||
166 | $identity = new IdentityFunction('identity'); |
||
167 | |||
168 | $identity->pathExpression = clone $pathExpression; |
||
169 | |||
170 | return $identity; |
||
171 | } |
||
172 | |||
173 | return clone $pathExpression; |
||
0 ignored issues
–
show
|
|||
174 | } |
||
175 | } |
||
176 |
If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design.
Let’s take a look at an example:
Our function
my_function
expects aPost
object, and outputs the author of the post. The base classPost
returns a simple string and outputting a simple string will work just fine. However, the child classBlogPost
which is a sub-type ofPost
instead decided to return anobject
, and is therefore violating the SOLID principles. If aBlogPost
were passed tomy_function
, PHP would not complain, but ultimately fail when executing thestrtoupper
call in its body.