These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /* |
||
4 | * This file is part of the CRUDlex package. |
||
5 | * |
||
6 | * (c) Philip Lehmann-Böhm <[email protected]> |
||
7 | * |
||
8 | * For the full copyright and license information, please view the LICENSE |
||
9 | * file that was distributed with this source code. |
||
10 | */ |
||
11 | |||
12 | namespace CRUDlex; |
||
13 | |||
14 | use League\Flysystem\FilesystemInterface; |
||
15 | use League\Flysystem\Util\MimeType; |
||
16 | use Symfony\Component\HttpFoundation\RedirectResponse; |
||
17 | use Symfony\Component\HttpFoundation\Request; |
||
18 | use Symfony\Component\HttpFoundation\Response; |
||
19 | use Symfony\Component\HttpFoundation\Session\SessionInterface; |
||
20 | use Symfony\Component\HttpFoundation\StreamedResponse; |
||
21 | use Symfony\Component\Translation\TranslatorInterface; |
||
22 | use Twig_Environment; |
||
23 | |||
24 | |||
25 | /** |
||
26 | * Default implementation of the ControllerInterface. |
||
27 | */ |
||
28 | class Controller implements ControllerInterface { |
||
29 | |||
30 | /** |
||
31 | * Holds the filesystme. |
||
32 | * @var FilesystemInterface |
||
33 | */ |
||
34 | protected $filesystem; |
||
35 | |||
36 | /** |
||
37 | * Holds the session. |
||
38 | * @var SessionInterface |
||
39 | */ |
||
40 | protected $session; |
||
41 | |||
42 | /** |
||
43 | * Holds the translator. |
||
44 | * @var TranslatorInterface |
||
45 | */ |
||
46 | protected $translator; |
||
47 | |||
48 | /** |
||
49 | * Holds the service. |
||
50 | * @var Service |
||
51 | */ |
||
52 | protected $service; |
||
53 | |||
54 | /** |
||
55 | * Holds the Twig instance. |
||
56 | * @var Twig_Environment |
||
57 | */ |
||
58 | protected $twig; |
||
59 | |||
60 | /** |
||
61 | * Postprocesses the entity after modification by handling the uploaded |
||
62 | * files and setting the flash. |
||
63 | * |
||
64 | * @param Request $request |
||
65 | * the current request |
||
66 | * @param AbstractData $crudData |
||
67 | * the data instance of the entity |
||
68 | * @param Entity $instance |
||
69 | * the entity |
||
70 | * @param string $entity |
||
71 | * the name of the entity |
||
72 | * @param string $mode |
||
73 | * whether to 'edit' or to 'create' the entity |
||
74 | * |
||
75 | * @return null|\Symfony\Component\HttpFoundation\RedirectResponse |
||
76 | * the HTTP response of this modification |
||
77 | */ |
||
78 | 4 | protected function modifyFilesAndSetFlashBag(Request $request, AbstractData $crudData, Entity $instance, $entity, $mode) |
|
79 | { |
||
80 | 4 | $id = $instance->get('id'); |
|
81 | 4 | $fileHandler = new FileHandler($this->filesystem, $crudData->getDefinition()); |
|
82 | 4 | $result = $mode == 'edit' ? $fileHandler->updateFiles($crudData, $request, $instance, $entity) : $fileHandler->createFiles($crudData, $request, $instance, $entity); |
|
83 | 4 | if (!$result) { |
|
84 | 2 | return null; |
|
85 | } |
||
86 | 4 | $this->session->getFlashBag()->add('success', $this->translator->trans('crudlex.'.$mode.'.success', [ |
|
87 | 4 | '%label%' => $crudData->getDefinition()->getLabel(), |
|
88 | 4 | '%id%' => $id |
|
89 | ])); |
||
90 | 4 | return new RedirectResponse($this->service->generateURL('crudShow', ['entity' => $entity, 'id' => $id])); |
|
91 | } |
||
92 | |||
93 | /** |
||
94 | * Sets the flashes of a failed entity modification. |
||
95 | * |
||
96 | * @param boolean $optimisticLocking |
||
97 | * whether the optimistic locking failed |
||
98 | * @param string $mode |
||
99 | * the modification mode, either 'create' or 'edit' |
||
100 | */ |
||
101 | 2 | protected function setValidationFailedFlashes($optimisticLocking, $mode) |
|
102 | { |
||
103 | 2 | $this->session->getFlashBag()->add('danger', $this->translator->trans('crudlex.'.$mode.'.error')); |
|
104 | 2 | if ($optimisticLocking) { |
|
105 | 1 | $this->session->getFlashBag()->add('danger', $this->translator->trans('crudlex.edit.locked')); |
|
106 | } |
||
107 | 2 | } |
|
108 | |||
109 | /** |
||
110 | * Validates and saves the new or updated entity and returns the appropriate HTTP |
||
111 | * response. |
||
112 | * |
||
113 | * @param Request $request |
||
114 | * the current request |
||
115 | * @param AbstractData $crudData |
||
116 | * the data instance of the entity |
||
117 | * @param Entity $instance |
||
118 | * the entity |
||
119 | * @param string $entity |
||
120 | * the name of the entity |
||
121 | * @param boolean $edit |
||
122 | * whether to edit (true) or to create (false) the entity |
||
123 | * |
||
124 | * @return Response |
||
125 | * the HTTP response of this modification |
||
126 | */ |
||
127 | 4 | protected function modifyEntity(Request $request, AbstractData $crudData, Entity $instance, $entity, $edit) |
|
128 | { |
||
129 | 4 | $fieldErrors = []; |
|
130 | 4 | $mode = $edit ? 'edit' : 'create'; |
|
131 | 4 | if ($request->getMethod() == 'POST') { |
|
132 | 4 | $instance->populateViaRequest($request); |
|
133 | 4 | $validator = new EntityValidator($instance); |
|
134 | 4 | $validation = $validator->validate($crudData, intval($request->get('version'))); |
|
135 | |||
136 | 4 | $fieldErrors = $validation['errors']; |
|
137 | 4 | if (!$validation['valid']) { |
|
138 | 2 | $optimisticLocking = isset($fieldErrors['version']); |
|
139 | 2 | $this->setValidationFailedFlashes($optimisticLocking, $mode); |
|
140 | } else { |
||
141 | 4 | $modified = $edit ? $crudData->update($instance) : $crudData->create($instance); |
|
142 | 4 | $response = $modified ? $this->modifyFilesAndSetFlashBag($request, $crudData, $instance, $entity, $mode) : false; |
|
143 | 4 | if ($response) { |
|
144 | 4 | return $response; |
|
145 | } |
||
146 | 2 | $this->session->getFlashBag()->add('danger', $this->translator->trans('crudlex.'.$mode.'.failed')); |
|
147 | } |
||
148 | } |
||
149 | |||
150 | 2 | return new Response($this->twig->render($this->service->getTemplate('template', 'form', $entity), [ |
|
151 | 2 | 'crud' => $this->service, |
|
152 | 2 | 'crudEntity' => $entity, |
|
153 | 2 | 'crudData' => $crudData, |
|
154 | 2 | 'entity' => $instance, |
|
155 | 2 | 'mode' => $mode, |
|
156 | 2 | 'fieldErrors' => $fieldErrors, |
|
157 | 2 | 'layout' => $this->service->getTemplate('layout', $mode, $entity) |
|
158 | ])); |
||
159 | } |
||
160 | |||
161 | /** |
||
162 | * Gets the parameters for the redirection after deleting an entity. |
||
163 | * |
||
164 | * @param Request $request |
||
165 | * the current request |
||
166 | * @param string $entity |
||
167 | * the entity name |
||
168 | * @param string $redirectPage |
||
169 | * reference, where the page to redirect to will be stored |
||
170 | * |
||
171 | * @return array<string,string> |
||
172 | * the parameters of the redirection, entity and id |
||
173 | */ |
||
174 | 1 | protected function getAfterDeleteRedirectParameters(Request $request, $entity, &$redirectPage) |
|
175 | { |
||
176 | 1 | $redirectPage = 'crudList'; |
|
177 | 1 | $redirectParameters = ['entity' => $entity]; |
|
178 | 1 | $redirectEntity = $request->get('redirectEntity'); |
|
179 | 1 | $redirectId = $request->get('redirectId'); |
|
180 | 1 | if ($redirectEntity && $redirectId) { |
|
181 | 1 | $redirectPage = 'crudShow'; |
|
182 | $redirectParameters = [ |
||
183 | 1 | 'entity' => $redirectEntity, |
|
184 | 1 | 'id' => $redirectId |
|
185 | ]; |
||
186 | } |
||
187 | 1 | return $redirectParameters; |
|
188 | } |
||
189 | |||
190 | /** |
||
191 | * Builds up the parameters of the list page filters. |
||
192 | * |
||
193 | * @param Request $request |
||
194 | * the current request |
||
195 | * @param EntityDefinition $definition |
||
196 | * the current entity definition |
||
197 | * @param array &$filter |
||
198 | * will hold a map of fields to request parameters for the filters |
||
199 | * @param boolean $filterActive |
||
200 | * reference, will be true if at least one filter is active |
||
201 | * @param array $filterToUse |
||
202 | * reference, will hold a map of fields to integers (0 or 1) which boolean filters are active |
||
203 | * @param array $filterOperators |
||
204 | * reference, will hold a map of fields to operators for AbstractData::listEntries() |
||
205 | */ |
||
206 | 2 | protected function buildUpListFilter(Request $request, EntityDefinition $definition, &$filter, &$filterActive, &$filterToUse, &$filterOperators) |
|
207 | { |
||
208 | 2 | foreach ($definition->getFilter() as $filterField) { |
|
209 | 2 | $type = $definition->getType($filterField); |
|
210 | 2 | $filter[$filterField] = $request->get('crudFilter'.$filterField); |
|
211 | 2 | if ($filter[$filterField]) { |
|
212 | 1 | $filterActive = true; |
|
213 | 1 | $filterToUse[$filterField] = $filter[$filterField]; |
|
214 | 1 | $filterOperators[$filterField] = '='; |
|
215 | 1 | if ($type === 'boolean') { |
|
216 | 1 | $filterToUse[$filterField] = $filter[$filterField] == 'true' ? 1 : 0; |
|
217 | 1 | } else if ($type === 'reference') { |
|
218 | 1 | $filter[$filterField] = ['id' => $filter[$filterField]]; |
|
219 | 1 | } else if ($type === 'many') { |
|
220 | $filter[$filterField] = array_map(function($value) { |
||
221 | 1 | return ['id' => $value]; |
|
222 | 1 | }, $filter[$filterField]); |
|
223 | 1 | $filterToUse[$filterField] = $filter[$filterField]; |
|
224 | 1 | } else if (in_array($type, ['text', 'multiline', 'fixed'])) { |
|
225 | 1 | $filterToUse[$filterField] = '%'.$filter[$filterField].'%'; |
|
226 | 2 | $filterOperators[$filterField] = 'LIKE'; |
|
227 | } |
||
228 | } |
||
229 | } |
||
230 | 2 | } |
|
231 | |||
232 | /** |
||
233 | * Generates the not found page. |
||
234 | * |
||
235 | * @param string $error |
||
236 | * the cause of the not found error |
||
237 | * |
||
238 | * @return Response |
||
239 | * the rendered not found page with the status code 404 |
||
240 | */ |
||
241 | 8 | protected function getNotFoundPage($error) |
|
242 | { |
||
243 | 8 | return new Response($this->twig->render('@crud/notFound.twig', [ |
|
244 | 8 | 'crud' => $this->service, |
|
245 | 8 | 'error' => $error, |
|
246 | 8 | 'crudEntity' => '', |
|
247 | 8 | 'layout' => $this->service->getTemplate('layout', '', '') |
|
248 | 8 | ]), 404); |
|
249 | } |
||
250 | |||
251 | /** |
||
252 | * Controller constructor. |
||
253 | * |
||
254 | * @param Service $service |
||
255 | * the CRUDlex service |
||
256 | * @param FilesystemInterface $filesystem |
||
257 | * the used filesystem |
||
258 | * @param Twig_Environment $twig |
||
259 | * the Twig environment |
||
260 | * @param SessionInterface $session |
||
261 | * the session service |
||
262 | * @param TranslatorInterface $translator |
||
263 | * the translation service |
||
264 | */ |
||
265 | 10 | public function __construct(Service $service, FilesystemInterface $filesystem, Twig_Environment $twig, SessionInterface $session, TranslatorInterface $translator) |
|
266 | { |
||
267 | 10 | $this->service = $service; |
|
268 | 10 | $this->filesystem = $filesystem; |
|
269 | 10 | $this->twig = $twig; |
|
270 | 10 | $this->session = $session; |
|
271 | 10 | $this->translator = $translator; |
|
272 | 10 | } |
|
273 | |||
274 | /** |
||
275 | * {@inheritdoc} |
||
276 | */ |
||
277 | 2 | public function setLocaleAndCheckEntity(Request $request) |
|
278 | { |
||
279 | 2 | $locale = $this->translator->getLocale(); |
|
280 | 2 | $this->service->setLocale($locale); |
|
281 | 2 | if (!$this->service->getData($request->get('entity'))) { |
|
282 | 2 | return $this->getNotFoundPage($this->translator->trans('crudlex.entityNotFound')); |
|
283 | } |
||
284 | 1 | return null; |
|
285 | } |
||
286 | |||
287 | /** |
||
288 | * {@inheritdoc} |
||
289 | */ |
||
290 | 3 | public function create(Request $request, $entity) |
|
291 | { |
||
292 | 3 | $crudData = $this->service->getData($entity); |
|
293 | 3 | $instance = $crudData->createEmpty(); |
|
294 | 3 | $instance->populateViaRequest($request); |
|
295 | 3 | return $this->modifyEntity($request, $crudData, $instance, $entity, false); |
|
296 | } |
||
297 | |||
298 | /** |
||
299 | * {@inheritdoc} |
||
300 | */ |
||
301 | 2 | public function showList(Request $request, $entity) |
|
302 | { |
||
303 | 2 | $crudData = $this->service->getData($entity); |
|
304 | 2 | $definition = $crudData->getDefinition(); |
|
305 | |||
306 | 2 | $filter = []; |
|
307 | 2 | $filterActive = false; |
|
308 | 2 | $filterToUse = []; |
|
309 | 2 | $filterOperators = []; |
|
310 | 2 | $this->buildUpListFilter($request, $definition, $filter, $filterActive, $filterToUse, $filterOperators); |
|
311 | |||
312 | 2 | $pageSize = $definition->getPageSize(); |
|
313 | 2 | $total = $crudData->countBy($definition->getTable(), $filterToUse, $filterOperators, true); |
|
314 | 2 | $page = abs(intval($request->get('crudPage', 0))); |
|
315 | 2 | $maxPage = intval($total / $pageSize); |
|
316 | 2 | if ($total % $pageSize == 0) { |
|
317 | 2 | $maxPage--; |
|
318 | } |
||
319 | 2 | if ($page > $maxPage) { |
|
320 | 1 | $page = $maxPage; |
|
321 | } |
||
322 | 2 | $skip = $page * $pageSize; |
|
323 | |||
324 | 2 | $sortField = $request->get('crudSortField', $definition->getInitialSortField()); |
|
325 | 2 | $sortAscendingRequest = $request->get('crudSortAscending'); |
|
326 | 2 | $sortAscending = $sortAscendingRequest !== null ? $sortAscendingRequest === 'true' : $definition->isInitialSortAscending(); |
|
327 | |||
328 | 2 | $entities = $crudData->listEntries($filterToUse, $filterOperators, $skip, $pageSize, $sortField, $sortAscending); |
|
329 | |||
330 | 2 | return new Response($this->twig->render($this->service->getTemplate('template', 'list', $entity), [ |
|
331 | 2 | 'crud' => $this->service, |
|
332 | 2 | 'crudEntity' => $entity, |
|
333 | 2 | 'crudData' => $crudData, |
|
334 | 2 | 'definition' => $definition, |
|
335 | 2 | 'entities' => $entities, |
|
336 | 2 | 'pageSize' => $pageSize, |
|
337 | 2 | 'maxPage' => $maxPage, |
|
338 | 2 | 'page' => $page, |
|
339 | 2 | 'total' => $total, |
|
340 | 2 | 'filter' => $filter, |
|
341 | 2 | 'filterActive' => $filterActive, |
|
342 | 2 | 'sortField' => $sortField, |
|
343 | 2 | 'sortAscending' => $sortAscending, |
|
344 | 2 | 'layout' => $this->service->getTemplate('layout', 'list', $entity) |
|
345 | ])); |
||
346 | } |
||
347 | |||
348 | /** |
||
349 | * {@inheritdoc} |
||
350 | */ |
||
351 | 1 | public function show($entity, $id) |
|
352 | { |
||
353 | 1 | $crudData = $this->service->getData($entity); |
|
354 | 1 | $instance = $crudData->get($id); |
|
355 | 1 | if (!$instance) { |
|
356 | 1 | return $this->getNotFoundPage($this->translator->trans('crudlex.instanceNotFound')); |
|
357 | } |
||
358 | 1 | $definition = $crudData->getDefinition(); |
|
359 | |||
360 | 1 | $childrenLabelFields = $definition->getChildrenLabelFields(); |
|
361 | 1 | $children = []; |
|
362 | 1 | if (count($childrenLabelFields) > 0) { |
|
363 | 1 | foreach ($definition->getChildren() as $child) { |
|
364 | 1 | $childField = $child[1]; |
|
365 | 1 | $childEntity = $child[2]; |
|
366 | 1 | $childLabelField = array_key_exists($childEntity, $childrenLabelFields) ? $childrenLabelFields[$childEntity] : 'id'; |
|
367 | 1 | $childCrud = $this->service->getData($childEntity); |
|
368 | 1 | $children[] = [ |
|
369 | 1 | $childCrud->getDefinition()->getLabel(), |
|
370 | 1 | $childEntity, |
|
371 | 1 | $childLabelField, |
|
372 | 1 | $childCrud->listEntries([$childField => $instance->get('id')]), |
|
373 | 1 | $childField |
|
374 | ]; |
||
375 | } |
||
376 | } |
||
377 | |||
378 | 1 | return new Response($this->twig->render($this->service->getTemplate('template', 'show', $entity), [ |
|
379 | 1 | 'crud' => $this->service, |
|
380 | 1 | 'crudEntity' => $entity, |
|
381 | 1 | 'entity' => $instance, |
|
382 | 1 | 'children' => $children, |
|
383 | 1 | 'layout' => $this->service->getTemplate('layout', 'show', $entity) |
|
384 | ])); |
||
385 | } |
||
386 | |||
387 | /** |
||
388 | * {@inheritdoc} |
||
389 | */ |
||
390 | 1 | public function edit(Request $request, $entity, $id) |
|
391 | { |
||
392 | 1 | $crudData = $this->service->getData($entity); |
|
393 | 1 | $instance = $crudData->get($id); |
|
394 | 1 | if (!$instance) { |
|
395 | 1 | return $this->getNotFoundPage($this->translator->trans('crudlex.instanceNotFound')); |
|
396 | } |
||
397 | |||
398 | 1 | return $this->modifyEntity($request, $crudData, $instance, $entity, true); |
|
399 | } |
||
400 | |||
401 | /** |
||
402 | * {@inheritdoc} |
||
403 | */ |
||
404 | 1 | public function delete(Request $request, $entity, $id) |
|
405 | { |
||
406 | 1 | $crudData = $this->service->getData($entity); |
|
407 | 1 | $instance = $crudData->get($id); |
|
408 | 1 | if (!$instance) { |
|
409 | 1 | return $this->getNotFoundPage($this->translator->trans('crudlex.instanceNotFound')); |
|
410 | } |
||
411 | |||
412 | 1 | $fileHandler = new FileHandler($this->filesystem, $crudData->getDefinition()); |
|
413 | 1 | $filesDeleted = $fileHandler->deleteFiles($crudData, $instance, $entity); |
|
414 | 1 | $deleted = $filesDeleted ? $crudData->delete($instance) : AbstractData::DELETION_FAILED_EVENT; |
|
415 | |||
416 | 1 | if ($deleted === AbstractData::DELETION_FAILED_EVENT) { |
|
417 | 1 | $this->session->getFlashBag()->add('danger', $this->translator->trans('crudlex.delete.failed')); |
|
418 | 1 | return new RedirectResponse($this->service->generateURL('crudShow', ['entity' => $entity, 'id' => $id])); |
|
419 | 1 | } elseif ($deleted === AbstractData::DELETION_FAILED_STILL_REFERENCED) { |
|
420 | 1 | $this->session->getFlashBag()->add('danger', $this->translator->trans('crudlex.delete.error', [ |
|
421 | 1 | '%label%' => $crudData->getDefinition()->getLabel() |
|
422 | ])); |
||
423 | 1 | return new RedirectResponse($this->service->generateURL('crudShow', ['entity' => $entity, 'id' => $id])); |
|
424 | } |
||
425 | |||
426 | 1 | $redirectPage = 'crudList'; |
|
427 | 1 | $redirectParameters = $this->getAfterDeleteRedirectParameters($request, $entity, $redirectPage); |
|
428 | |||
429 | 1 | $this->session->getFlashBag()->add('success', $this->translator->trans('crudlex.delete.success', [ |
|
430 | 1 | '%label%' => $crudData->getDefinition()->getLabel() |
|
431 | ])); |
||
432 | 1 | return new RedirectResponse($this->service->generateURL($redirectPage, $redirectParameters)); |
|
433 | } |
||
434 | |||
435 | /** |
||
436 | * {@inheritdoc} |
||
437 | */ |
||
438 | 1 | public function renderFile($entity, $id, $field) |
|
439 | { |
||
440 | 1 | $crudData = $this->service->getData($entity); |
|
441 | 1 | $instance = $crudData->get($id); |
|
442 | 1 | $definition = $crudData->getDefinition(); |
|
443 | 1 | if (!$instance || $definition->getType($field) != 'file' || !$instance->get($field)) { |
|
444 | 1 | return $this->getNotFoundPage($this->translator->trans('crudlex.instanceNotFound')); |
|
445 | } |
||
446 | 1 | $fileHandler = new FileHandler($this->filesystem, $definition); |
|
447 | 1 | return $fileHandler->renderFile($instance, $entity, $field); |
|
448 | } |
||
449 | |||
450 | /** |
||
451 | * {@inheritdoc} |
||
452 | */ |
||
453 | 1 | public function deleteFile($entity, $id, $field) |
|
454 | { |
||
455 | 1 | $crudData = $this->service->getData($entity); |
|
456 | 1 | $instance = $crudData->get($id); |
|
457 | 1 | if (!$instance) { |
|
458 | 1 | return $this->getNotFoundPage($this->translator->trans('crudlex.instanceNotFound')); |
|
459 | } |
||
460 | 1 | $fileHandler = new FileHandler($this->filesystem, $crudData->getDefinition()); |
|
461 | 1 | if (!$crudData->getDefinition()->getField($field, 'required', false) && $fileHandler->deleteFile($crudData, $instance, $entity, $field)) { |
|
462 | 1 | $instance->set($field, ''); |
|
463 | 1 | $crudData->update($instance); |
|
464 | 1 | $this->session->getFlashBag()->add('success', $this->translator->trans('crudlex.file.deleted')); |
|
465 | } else { |
||
466 | 1 | $this->session->getFlashBag()->add('danger', $this->translator->trans('crudlex.file.notDeleted')); |
|
467 | } |
||
468 | 1 | return new RedirectResponse($this->service->generateURL('crudShow', ['entity' => $entity, 'id' => $id])); |
|
469 | } |
||
470 | |||
471 | /** |
||
472 | * {@inheritdoc} |
||
473 | */ |
||
474 | 1 | public function staticFile(Request $request) |
|
475 | { |
||
476 | 1 | $fileParam = str_replace('..', '', $request->get('file')); |
|
477 | 1 | $file = __DIR__.'/../static/'.$fileParam; |
|
478 | 1 | if (!$fileParam || !file_exists($file)) { |
|
479 | 1 | return $this->getNotFoundPage($this->translator->trans('crudlex.resourceNotFound')); |
|
480 | } |
||
481 | |||
482 | 1 | $mimeType = MimeType::detectByFilename($file); |
|
483 | 1 | $size = filesize($file); |
|
484 | |||
485 | 1 | $streamedFileResponse = new StreamedFileResponse(); |
|
486 | 1 | $response = new StreamedResponse($streamedFileResponse->getStreamedFileFunction($file), 200, [ |
|
487 | 1 | 'Content-Type' => $mimeType, |
|
488 | 1 | 'Content-Disposition' => 'attachment; filename="'.basename($file).'"', |
|
489 | 1 | 'Content-length' => $size |
|
490 | ]); |
||
491 | |||
492 | 1 | $response->setETag(filemtime($file))->setPublic()->isNotModified($request); |
|
493 | 1 | $response->send(); |
|
494 | |||
495 | 1 | return $response; |
|
496 | } |
||
497 | |||
498 | /** |
||
499 | * {@inheritdoc} |
||
500 | */ |
||
501 | 1 | public function setLocale(Request $request, $locale) |
|
502 | { |
||
503 | |||
504 | 1 | if (!in_array($locale, $this->service->getLocales())) { |
|
505 | 1 | return $this->getNotFoundPage('Locale '.$locale.' not found.'); |
|
506 | } |
||
507 | |||
508 | 1 | $manageI18n = $this->service->isManageI18n(); |
|
509 | 1 | if ($manageI18n) { |
|
510 | 1 | $this->session->set('locale', $locale); |
|
511 | } |
||
512 | 1 | $redirect = $request->get('redirect'); |
|
513 | 1 | return new RedirectResponse($redirect); |
|
0 ignored issues
–
show
|
|||
514 | } |
||
515 | } |
||
516 |
$redirect
can contain request data and is used in output context(s) leading to a potential security vulnerability.3 paths for user data to reach this point
$this->parameters['HTTP_AUTHORIZATION']
seems to return tainted data, and$authorizationHeader
is assigned in ServerBag.php on line 62$this->parameters['HTTP_AUTHORIZATION']
seems to return tainted data, and$authorizationHeader
is assignedin vendor/ServerBag.php on line 62
in vendor/ServerBag.php on line 77
in vendor/ParameterBag.php on line 84
$result
is assignedin vendor/Request.php on line 680
$redirect
is assignedin src/CRUDlex/Controller.php on line 512
$_POST,
and$_POST
is passed to Request::createRequestFromFactory() in Request.php on line 281$_POST,
and$_POST
is passed to Request::createRequestFromFactory()in vendor/Request.php on line 281
$request
is passed to Request::__construct()in vendor/Request.php on line 1911
$request
is passed to Request::initialize()in vendor/Request.php on line 235
$request
is passed to ParameterBag::__construct()in vendor/Request.php on line 253
in vendor/ParameterBag.php on line 31
in vendor/ParameterBag.php on line 84
$result
is assignedin vendor/Request.php on line 680
$redirect
is assignedin src/CRUDlex/Controller.php on line 512
$server['HTTP_HOST']
seems to return tainted data, and$server
is assigned in Request.php on line 347$server['HTTP_HOST']
seems to return tainted data, and$server
is assignedin vendor/Request.php on line 347
$server
is assignedin vendor/Request.php on line 395
$server
is assignedin vendor/Request.php on line 396
$server
is passed to Request::createRequestFromFactory()in vendor/Request.php on line 398
$server
is passed to Request::__construct()in vendor/Request.php on line 1911
$server
is passed to Request::initialize()in vendor/Request.php on line 235
$server
is passed to ParameterBag::__construct()in vendor/Request.php on line 258
in vendor/ParameterBag.php on line 31
in vendor/ParameterBag.php on line 84
$result
is assignedin vendor/Request.php on line 680
$redirect
is assignedin src/CRUDlex/Controller.php on line 512
Used in output context
in vendor/RedirectResponse.php on line 39
in vendor/RedirectResponse.php on line 92
in vendor/Response.php on line 397
in vendor/Response.php on line 356
Preventing Cross-Site-Scripting Attacks
Cross-Site-Scripting allows an attacker to inject malicious code into your website - in particular Javascript code, and have that code executed with the privileges of a visiting user. This can be used to obtain data, or perform actions on behalf of that visiting user.
In order to prevent this, make sure to escape all user-provided data:
General Strategies to prevent injection
In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
For numeric data, we recommend to explicitly cast the data: