Issues in ProductGroupSearchPage.php (master) - Issues in master - sunnysideup/silverstripe-ecommerce - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2002)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

code/ProductGroupSearchPage.php (10 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * This page manages searching for products.
 *
 * @authors: Nicolaas [at] Sunny Side Up .co.nz
 * @package: ecommerce
 * @sub-package: Pages
 **/
class ProductGroupSearchPage extends ProductGroup
{

    /**
     * standard SS variable.
     *
     * @static String | Array
     */
    private static $icon = 'ecommerce/images/icons/productgroupsearchpage';


    /**
     * Standard SS variable.
     *
     * @var string
     */
    private static $description = 'This page allowing the user to search for products.';


    /**
     * Standard SS variable.
     */
    private static $singular_name = 'Product Search Page';

    public function i18n_singular_name()
    {
        return _t('ProductGroupSearchPage.SINGULARNAME', 'Product Search Page');
    }

    /**
     * Standard SS variable.
     */
    private static $plural_name = 'Product Search Pages';

    public function i18n_plural_name()
    {
        return _t('ProductGroupSearchPage.PLURALNAME', 'Product Search Pages');
    }

    /**
     * Standard SS function, we only allow for one Product Search Page to exist
     * but we do allow for extensions to exist at the same time.
     *
     * @param Member $member

     *
     * @return bool
     */
    public function canCreate($member = null)
    {
        return ProductGroupSearchPage::get()->filter(array('ClassName' => 'ProductGroupSearchPage'))->Count() ? false : $this->canEdit($member);
    }

    /**
     * Can product list (and related) be cached at all?
     *
     * @var bool
     */
    protected $allowCaching = false;

    /**
     * This is a KEY method that overrides the standard method!
     * @return [type] [description]

     */
    public function getGroupFilter()
    {
        $resultArray = $this->searchResultsArrayFromSession();
        $this->allProducts = $this->allProducts->filter(array('ID' => $resultArray));

        return $this->allProducts;
    }


    /**
     * returns the SORT part of the final selection of products.
     *
     * @return string | Array

     */
    protected function currentSortSQL()
    {
        $sortKey = $this->getCurrentUserPreferences('SORT');

        return $this->getUserSettingsOptionSQL('SORT', $sortKey);
    }

    public function childGroups($maxRecursiveLevel, $filter = null, $numberOfRecursions = 0)
    {
        return ArrayList::create();
    }
}

class ProductGroupSearchPage_Controller extends ProductGroup_Controller
{
    /**
     * standard SS variable.
     *
     * @var array
     */
    private static $allowed_actions = array(

        'debug' => 'ADMIN',
        'filterforgroup' => true,
        'ProductSearchForm' => true,
        'searchresults' => true,
        'resetfilter' => true,
    );

    public function init()
    {
        parent::init();
        $array = $this->searchResultsArrayFromSession();
        if (count($array) > 1) {
            $this->isSearchResults = true;
        }
    }

    /**
     * returns child product groups for use in
     * 'in this section'. For example the vegetable Product Group
     * May have listed here: Carrot, Cabbage, etc...
     *
     * @return ArrayList (ProductGroups)

     */
    public function MenuChildGroups()
    {
        return;
    }

    public function ProductsShowable($extraFilter = null, $alternativeSort = null, $alternativeFilterKey = '')

    {
        $alternativeSort = $this->getSearchResultsDefaultSort($this->searchResultsArrayFromSession(), $alternativeSort);

        $this->allProducts = parent::ProductsShowable($extraFilter, $alternativeSort, $alternativeFilterKey);

        return $this->allProducts;
    }
    /**
     * The link that Google et al. need to index.
     * @return string
     */
    public function CanonicalLink()
    {
        $link = $this->Link();
        $this->extend('UpdateCanonicalLink', $link);

        return $link;
    }
}


1			<?php
2			/**
3			* This page manages searching for products.
4			*
5			* @authors: Nicolaas [at] Sunny Side Up .co.nz
6			* @package: ecommerce
7			* @sub-package: Pages
8			**/
9			class ProductGroupSearchPage extends ProductGroup
10			{
11
12			/**
13			* standard SS variable.
14			*
15			* @static String \| Array
16			*/
17			private static $icon = 'ecommerce/images/icons/productgroupsearchpage';
			0 ignored issues – show Comprehensibility introduced 2016-12-20 03:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using a different property name as you override a private property of the parent class. Loading history...
18
19			/**
20			* Standard SS variable.
21			*
22			* @var string
23			*/
24			private static $description = 'This page allowing the user to search for products.';
			0 ignored issues – show Comprehensibility introduced 2016-12-20 03:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using a different property name as you override a private property of the parent class. Loading history...
25
26			/**
27			* Standard SS variable.
28			*/
29			private static $singular_name = 'Product Search Page';
			0 ignored issues – show Comprehensibility introduced 2016-12-20 03:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using a different property name as you override a private property of the parent class. Loading history...
30			public function i18n_singular_name()
31			{
32			return _t('ProductGroupSearchPage.SINGULARNAME', 'Product Search Page');
33			}
34
35			/**
36			* Standard SS variable.
37			*/
38			private static $plural_name = 'Product Search Pages';
			0 ignored issues – show Comprehensibility introduced 2016-12-20 03:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using a different property name as you override a private property of the parent class. Loading history...
39			public function i18n_plural_name()
40			{
41			return _t('ProductGroupSearchPage.PLURALNAME', 'Product Search Pages');
42			}
43
44			/**
45			* Standard SS function, we only allow for one Product Search Page to exist
46			* but we do allow for extensions to exist at the same time.
47			*
48			* @param Member $member
			0 ignored issues – show Documentation introduced 2016-12-20 03:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the type for parameter `$member` not be `Member\|null`? This check looks for `@param` annotations where the type inferred by our type inference engine differs from the declared type. It makes a suggestion as to what type it considers more descriptive. Most often this is a case of a parameter that can be null in addition to its declared types. Loading history...
49			*
50			* @return bool
51			*/
52			public function canCreate($member = null)
53			{
54			return ProductGroupSearchPage::get()->filter(array('ClassName' => 'ProductGroupSearchPage'))->Count() ? false : $this->canEdit($member);
55			}
56
57			/**
58			* Can product list (and related) be cached at all?
59			*
60			* @var bool
61			*/
62			protected $allowCaching = false;
63
64			/**
65			* This is a KEY method that overrides the standard method!
66			* @return [type] [description]
			0 ignored issues – show Documentation introduced 2019-01-31 00:56 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `[type]` could not be parsed: Unknown type name "" at position 0. [(view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
67			*/
68			public function getGroupFilter()
69			{
70			$resultArray = $this->searchResultsArrayFromSession();
71			$this->allProducts = $this->allProducts->filter(array('ID' => $resultArray));
72
73			return $this->allProducts;
74			}
75
76
77			/**
78			* returns the SORT part of the final selection of products.
79			*
80			* @return string \| Array
			0 ignored issues – show Documentation introduced 2019-01-30 04:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `string\|array<string,stri...ay<string,integer>\|null`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
81			*/
82			protected function currentSortSQL()
83			{
84			$sortKey = $this->getCurrentUserPreferences('SORT');
85
86			return $this->getUserSettingsOptionSQL('SORT', $sortKey);
87			}
88
89			public function childGroups($maxRecursiveLevel, $filter = null, $numberOfRecursions = 0)
90			{
91			return ArrayList::create();
92			}
93			}
94
95			class ProductGroupSearchPage_Controller extends ProductGroup_Controller
96			{
97			/**
98			* standard SS variable.
99			*
100			* @var array
101			*/
102			private static $allowed_actions = array(
			0 ignored issues – show Comprehensibility introduced 2016-12-20 03:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using a different property name as you override a private property of the parent class. Loading history...
103			'debug' => 'ADMIN',
104			'filterforgroup' => true,
105			'ProductSearchForm' => true,
106			'searchresults' => true,
107			'resetfilter' => true,
108			);
109
110			public function init()
111			{
112			parent::init();
113			$array = $this->searchResultsArrayFromSession();
114			if (count($array) > 1) {
115			$this->isSearchResults = true;
116			}
117			}
118
119			/**
120			* returns child product groups for use in
121			* 'in this section'. For example the vegetable Product Group
122			* May have listed here: Carrot, Cabbage, etc...
123			*
124			* @return ArrayList (ProductGroups)
			0 ignored issues – show Documentation introduced 2016-12-20 03:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the return type not be `ArrayList\|null`? This check compares the return type specified in the `@return` annotation of a function or method doc comment with the types returned by the function and raises an issue if they mismatch. Loading history...
125			*/
126			public function MenuChildGroups()
127			{
128			return;
129			}
130
131			public function ProductsShowable($extraFilter = null, $alternativeSort = null, $alternativeFilterKey = '')
			0 ignored issues – show Documentation introduced 2019-01-31 00:56 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type could not be reliably inferred; please add a `@return` annotation. Our type inference engine in quite powerful, but sometimes the code does not provide enough clues to go by. In these cases we request you to add a `@return` annotation as described here. Loading history...
132			{
133			$alternativeSort = $this->getSearchResultsDefaultSort($this->searchResultsArrayFromSession(), $alternativeSort);
134
135			$this->allProducts = parent::ProductsShowable($extraFilter, $alternativeSort, $alternativeFilterKey);
136
137			return $this->allProducts;
138			}
139			/**
140			* The link that Google et al. need to index.
141			* @return string
142			*/
143			public function CanonicalLink()
144			{
145			$link = $this->Link();
146			$this->extend('UpdateCanonicalLink', $link);
147
148			return $link;
149			}
150			}
151

sunnysideup / silverstripe-ecommerce

Issues (2002)

Security Analysis not enabled

code/ProductGroupSearchPage.php (10 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like