Test Failed
Push — master ( e3c39f...fe570d )
by Mihail
07:20
created

Apps/Model/Admin/Application/FormUpdate.php (1 issue)

errors are not suppressed.

Best Practice Security Major
1
<?php
2
3
namespace Apps\Model\Admin\Application;
4
5
use Apps\ActiveRecord\App as AppRecord;
6
use Ffcms\Core\Arch\Model;
7
use Ffcms\Core\Exception\ForbiddenException;
8
use Ffcms\Core\Exception\NotFoundException;
9
use Ffcms\Core\Exception\SyntaxException;
10
use Ffcms\Core\Helper\Date;
11
12
/**
13
 * Class FormUpdate. Process applications and widgets update
14
 * @package Apps\Model\Admin\Application
15
 */
16
class FormUpdate extends Model
17
{
18
    public $name;
19
    public $dbVersion;
20
    public $scriptVersion;
21
    public $date;
22
23
    /** @var \Apps\ActiveRecord\App $_record */
24
    private $_record;
25
    /** @var string $_callback */
26
    private $_callback;
27
28
    /**
29
     * FormUpdate constructor. Pass app record object inside
30
     * @param AppRecord $record
31
     */
32
    public function __construct(AppRecord $record)
33
    {
34
        $this->_record = $record;
35
        parent::__construct();
36
    }
37
38
    /**
39
     * Magic method before
40
     * @throws ForbiddenException
41
     * @throws NotFoundException
42
     * @throws SyntaxException
43
     */
44
    public function before()
45
    {
46
        // get full name of update object
47
        $class = 'Apps\Controller\Admin\\' . $this->_record->sys_name;
48
        if (class_exists($class)) {
49
            $this->_callback = $class;
50
        } else {
51
            throw new NotFoundException(__('Admin controller is not founded - %c%', ['c' => $this->_record->sys_name]));
52
        }
53
54
        // compare versions
55
        if ($this->_record->checkVersion() === true) {
56
            throw new ForbiddenException('this extension is not able to update - no new version installed');
57
        }
58
59
        // set public attributes to display
60
        $this->name = $this->_record->getLocaleName();
61
        $this->dbVersion = $this->_record->version;
62
        $this->scriptVersion = $this->_record->getScriptVersion();
63
        $this->date = Date::convertToDatetime($this->_record->updated_at, Date::FORMAT_TO_HOUR);
64
    }
65
66
    /**
67
     * Make update actions
68
     */
69
    public function make()
70
    {
71
        // make query to ClassController::update(version)
72
        @forward_static_call_array([$this->_callback, 'update'], [$this->_record->version]);
0 ignored issues
show
Security Best Practice introduced by zenn
It seems like you do not handle an error condition for forward_static_call_array(). This can introduce security issues, and is generally not recommended. ( Ignorable by Annotation )

If this is a false-positive, you can also ignore this issue in your code via the ignore-unhandled  annotation

72
        /** @scrutinizer ignore-unhandled */ @forward_static_call_array([$this->_callback, 'update'], [$this->_record->version]);

If you suppress an error, we recommend checking for the error condition explicitly:

// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
Loading history...
73
        // update version in db
74
        $this->_record->version = $this->_record->getScriptVersion();
75
        $this->_record->save();
76
    }
77
}
78