This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | declare(strict_types=1); |
||
4 | |||
5 | /* |
||
6 | * This file is part of the Sonata Project package. |
||
7 | * |
||
8 | * (c) Thomas Rabaix <[email protected]> |
||
9 | * |
||
10 | * For the full copyright and license information, please view the LICENSE |
||
11 | * file that was distributed with this source code. |
||
12 | */ |
||
13 | |||
14 | namespace Sonata\DoctrineMongoDBAdminBundle\Filter; |
||
15 | |||
16 | use Sonata\AdminBundle\Datagrid\ProxyQueryInterface; |
||
17 | use Sonata\AdminBundle\Form\Type\Filter\DateRangeType; |
||
18 | use Sonata\AdminBundle\Form\Type\Filter\DateTimeRangeType; |
||
19 | use Sonata\AdminBundle\Form\Type\Filter\DateTimeType; |
||
20 | use Sonata\AdminBundle\Form\Type\Filter\DateType; |
||
21 | use Sonata\AdminBundle\Form\Type\Operator\DateOperatorType; |
||
22 | |||
23 | abstract class AbstractDateFilter extends Filter |
||
24 | { |
||
25 | /** |
||
26 | * Flag indicating that filter will have range. |
||
27 | * |
||
28 | * @var bool |
||
29 | */ |
||
30 | protected $range = false; |
||
31 | |||
32 | /** |
||
33 | * Flag indicating that filter will filter by datetime instead by date. |
||
34 | * |
||
35 | * @var bool |
||
36 | */ |
||
37 | protected $time = false; |
||
38 | |||
39 | public function filter(ProxyQueryInterface $queryBuilder, $alias, $field, $data) |
||
40 | { |
||
41 | //check data sanity |
||
42 | if (true !== \is_array($data)) { |
||
43 | return; |
||
44 | } |
||
45 | |||
46 | //default type for simple filter |
||
47 | $data['type'] = !isset($data['type']) || !is_numeric($data['type']) ? DateOperatorType::TYPE_EQUAL : $data['type']; |
||
48 | |||
49 | // Some types do not require a value to be set (NULL, NOT NULL). |
||
50 | if (!isset($data['value']) && $this->typeDoesRequireValue($data['type'])) { |
||
51 | return; |
||
52 | } |
||
53 | |||
54 | switch ($data['type']) { |
||
55 | case DateOperatorType::TYPE_EQUAL: |
||
56 | $this->active = true; |
||
57 | |||
58 | $this->applyTypeIsEqual($queryBuilder, $field, $data); |
||
59 | |||
60 | return; |
||
61 | |||
62 | case DateOperatorType::TYPE_GREATER_THAN: |
||
63 | $this->active = true; |
||
64 | |||
65 | $this->applyTypeIsGreaterThan($queryBuilder, $field, $data); |
||
66 | |||
67 | return; |
||
68 | |||
69 | case DateOperatorType::TYPE_LESS_EQUAL: |
||
70 | $this->active = true; |
||
71 | |||
72 | $this->applyTypeIsLessEqual($queryBuilder, $field, $data); |
||
73 | |||
74 | return; |
||
75 | |||
76 | case DateOperatorType::TYPE_NULL: |
||
77 | case DateOperatorType::TYPE_NOT_NULL: |
||
78 | $this->active = true; |
||
79 | |||
80 | $this->applyType($queryBuilder, $this->getOperator($data['type']), $field, null); |
||
81 | |||
82 | return; |
||
83 | |||
84 | case DateOperatorType::TYPE_GREATER_EQUAL: |
||
85 | case DateOperatorType::TYPE_LESS_THAN: |
||
86 | $this->active = true; |
||
87 | |||
88 | $this->applyType($queryBuilder, $this->getOperator($data['type']), $field, $data['value']); |
||
89 | |||
90 | return; |
||
91 | } |
||
92 | } |
||
93 | |||
94 | public function getDefaultOptions() |
||
95 | { |
||
96 | return ['input_type' => 'datetime']; |
||
97 | } |
||
98 | |||
99 | public function getRenderSettings() |
||
100 | { |
||
101 | $name = DateType::class; |
||
102 | |||
103 | if ($this->time && $this->range) { |
||
104 | $name = DateTimeRangeType::class; |
||
105 | } elseif ($this->time) { |
||
106 | $name = DateTimeType::class; |
||
107 | } elseif ($this->range) { |
||
108 | $name = DateRangeType::class; |
||
109 | } |
||
110 | |||
111 | return [$name, [ |
||
112 | 'field_type' => $this->getFieldType(), |
||
113 | 'field_options' => $this->getFieldOptions(), |
||
114 | 'label' => $this->getLabel(), |
||
115 | ]]; |
||
116 | } |
||
117 | |||
118 | abstract protected function applyTypeIsLessEqual(ProxyQueryInterface $queryBuilder, string $field, array $data); |
||
119 | |||
120 | abstract protected function applyTypeIsGreaterThan(ProxyQueryInterface $queryBuilder, string $field, array $data); |
||
121 | |||
122 | abstract protected function applyTypeIsEqual(ProxyQueryInterface $queryBuilder, string $field, array $data); |
||
123 | |||
124 | /** |
||
125 | * @param string $operation |
||
126 | * @param string $field |
||
127 | * @param \DateTime $datetime |
||
128 | */ |
||
129 | protected function applyType(ProxyQueryInterface $queryBuilder, $operation, $field, ?\DateTime $datetime = null): void |
||
130 | { |
||
131 | $queryBuilder->field($field)->$operation($datetime); |
||
132 | $this->active = true; |
||
133 | } |
||
134 | |||
135 | /** |
||
136 | * NEXT_MAJOR: Remove this method. |
||
137 | * |
||
138 | * Returns if the filter type requires a value to be set. |
||
139 | * |
||
140 | * @param int $type |
||
141 | * |
||
142 | * @deprecated since sonata-project/doctrine-mongodb-admin-bundle 3.x, to be removed in 4.0.'. |
||
143 | * |
||
144 | * @return bool |
||
145 | */ |
||
146 | protected function typeRequiresValue($type) |
||
147 | { |
||
148 | @trigger_error(sprintf( |
||
0 ignored issues
–
show
|
|||
149 | '"%s()" is deprecated since sonata-project/doctrine-mongodb-admin-bundle 3.x and will be removed in version 4.0.', |
||
150 | __METHOD__ |
||
151 | ), E_USER_DEPRECATED); |
||
152 | |||
153 | return \in_array($type, [ |
||
154 | DateOperatorType::TYPE_NULL, |
||
155 | DateOperatorType::TYPE_NOT_NULL, |
||
156 | ], true); |
||
157 | } |
||
158 | |||
159 | /** |
||
160 | * Resolves DataType:: constants to MongoDb operators. |
||
161 | * |
||
162 | * @param int $type |
||
163 | * |
||
164 | * @return string |
||
165 | */ |
||
166 | protected function getOperator($type) |
||
167 | { |
||
168 | $choices = [ |
||
169 | DateOperatorType::TYPE_NULL => 'equals', |
||
170 | DateOperatorType::TYPE_NOT_NULL => 'notEqual', |
||
171 | DateOperatorType::TYPE_EQUAL => 'equals', |
||
172 | DateOperatorType::TYPE_GREATER_EQUAL => 'gte', |
||
173 | DateOperatorType::TYPE_GREATER_THAN => 'gt', |
||
174 | DateOperatorType::TYPE_LESS_EQUAL => 'lte', |
||
175 | DateOperatorType::TYPE_LESS_THAN => 'lt', |
||
176 | ]; |
||
177 | |||
178 | return $choices[(int) $type]; |
||
179 | } |
||
180 | |||
181 | private function typeDoesRequireValue(int $type): bool |
||
182 | { |
||
183 | return !\in_array($type, [ |
||
184 | DateOperatorType::TYPE_NULL, |
||
185 | DateOperatorType::TYPE_NOT_NULL, |
||
186 | ], true); |
||
187 | } |
||
188 | } |
||
189 |
If you suppress an error, we recommend checking for the error condition explicitly: