Issues in EcommerceConfigAjaxDefinitions.php (master) - Issues in master - sunnysideup/silverstripe-ecommerce - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2002)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

code/config/EcommerceConfigAjaxDefinitions.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * This class defines all the names for IDs and Classes that are used
 * within the e-commerce ajax framework.
 *
 * @authors: Nicolaas [at] Sunny Side Up .co.nz
 * @package: ecommerce
 * @sub-package: configuration
 * @inspiration: Silverstripe Ltd, Jeremy
 **/
class EcommerceConfigAjaxDefinitions extends ViewableData
{
    /**
     * prefix used for all classes and IDs.
     *
     * @var null | String
     */
    private static $prefix = null;

    /**
     * the class that is requesting the ajax definitions
     * we provide the requestor so that we can dynamically change
     * the ids and classes, using the requestor.
     * e.g.
     * <code>
     * 	MyTableRowID(){
     * 		return $this->requestor->ClassName."_bla".$this->requestor->ID;
     * 	}
     * </code>.
     *
     * @var DataObject
     */
    protected $requestor = null;

    /**
     * set the requestor.
     *
     * @param DataObject $do - the object that requested the data.
     */
    public function setRequestor($do)
    {
        if (self::$prefix === null) {
            self::$prefix = EcommerceConfig::get('Order', 'template_id_prefix');

        }
        $this->requestor = $do;
    }

    /*___________________

      0. without context
     ___________________*/

    /**
     * id that is used in templates and in the JSON return @see CartResponse
     * The Side bar cart ID is used for populating a small cart on the side bar.
     *
     * @see Sidebar_Cart.ss
     *
     * @return string
     **/
    public function SideBarCartID()
    {
        return self::$prefix.'Side_Bar_Cart';
    }

    /**
     * Small representation of cart.
     *
     * @see CartShort.ss
     *
     * @return string
     **/
    public function SmallCartID()
    {
        return self::$prefix.'small_cart_id';
    }

    /**
     * class that is used in templates and in the JSON return @see CartResponse
     * The Menu Cart class is used for populating a tiny cart on your site
     * (e.g. you have 3 items in your cart ($1343)).
     *
     * @see CartTiny.ss
     *
     * @return string
     **/
    public function TinyCartClassName()
    {
        return self::$prefix.'tiny_cart_class';
    }

    /**
     * @return string
     **/
    public function HiddenPageTitleID()
    {
        return self::$prefix.'HiddenPageTitle';
    }

    /**
     * @return string
     **/
    public function ProductListHolderID()
    {
        return self::$prefix.'ProductGroup';
    }

    /**
     * @return string
     **/
    public function ProductListAjaxifiedLinkClassName()
    {
        return self::$prefix.'ajaxifyMyProductGroupLinks';
    }

    /**
     * List of products in the ProductGroup page...
     *
     * @see ProductGroupItem.ss, ProductGroupItemMoreDetail.ss, and ProductGroupItemShort.ss
     *
     * @return string
     **/
    public function ProductListItemClassName()
    {
        return self::$prefix.'productActions';
    }

    /**
     * Class used to identify that a product is in cart.
     *
     * @see ProductGroupItem.ss, ProductGroupItemMoreDetail.ss, and ProductGroupItemShort.ss
     *
     * @return string
     **/
    public function ProductListItemInCartClassName()
    {
        return self::$prefix.'inCart';
    }

    /**
     * Class used to identify that a product is not in cart.
     *
     * @see ProductGroupItem.ss, ProductGroupItemMoreDetail.ss, and ProductGroupItemShort.ss
     *
     * @return string
     **/
    public function ProductListItemNotInCartClassName()
    {
        return self::$prefix.'notInCart';
    }

    /*___________________

      1. Generic (Order / Modifier / OrderItem)
     ___________________*/

    /**
     *@return string for use in the Templates
     **/
    public function TableID()
    {
        return self::$prefix.$this->requestor->ClassName.'_DB_'.$this->requestor->ID;
    }

    /**
     *@return string for use in the Templates
     **/
    public function TableTotalID()
    {
        return $this->TableID().'_Total';
    }

    /*___________________

      2. Order
     ___________________*/

    /**
     * id that is used in templates and in the JSON return @see CartResponse.
     *
     * @return string
     **/
    public function TableMessageID()
    {
        return $this->TableID().'_Message';
    }

    /**
     * id that is used in templates and in the JSON return @see CartResponse.
     *
     * @return string
     **/
    public function TableSubTotalID()
    {
        return $this->TableID().'_SubTotal';
    }

    /**
     * class that is used in templates and in the JSON return @see CartResponse.
     *
     * @return string
     **/
    public function TotalItemsTimesQuantityClassName()
    {
        return self::$prefix.'number_of_items_times_quantity';
    }

    /**
     * class that is used in templates and in the JSON return @see CartResponse.
     *
     * @return string
     **/
    public function TotalItemsClassName()
    {
        return self::$prefix.'number_of_items';
    }
    /**
     * class that is used in templates and in the JSON return @see CartResponse.
     *
     * @return string
     **/
    public function ExpectedCountryClassName()
    {
        return self::$prefix.'expected_country_selector';
    }

    /**
     * class that is used in templates and in the JSON return @see CartResponse.
     *
     * @return string
     **/
    public function CountryFieldID()
    {
        return OrderAddress::get_country_field_ID();
    }

    /**
     * class that is used in templates and in the JSON return @see CartResponse.
     *
     * @return string
     **/
    public function RegionFieldID()
    {
        return OrderAddress::get_region_field_ID();
    }

    /*___________________

      3. Order Attribute (Modifier + OrderItem)
     ___________________*/

    /**
     *@return string for use in the Templates
     **/
    public function TableTitleID()
    {
        return $this->TableID().'_Title';
    }

    /**
     *@return string for use in the Templates
     **/
    public function CartTitleID()
    {
        return $this->TableID().'_Title_Cart';
    }

    /**
     *@return string for use in the Templates
     **/
    public function TableSubTitleID()
    {
        return $this->TableID().'_Sub_Title';
    }

    /**
     *@return string for use in the Templates
     **/
    public function CartSubTitleID()
    {
        return $this->TableID().'_Sub_Title_Cart';
    }

    /*___________________

      4. OrderItems
     ___________________*/

    /**
     * id that is used in templates and in the JSON return @see CartResponse.
     *
     * @return string
     **/
    public function QuantityFieldName()
    {
        return $this->TableID().'_Quantity_SetQuantityLink';
    }

    /*___________________

      5. Modifiers
     ___________________*/

    /*___________________

      6. Buyable
     ___________________*/

    /**
     * returns a string that can be used as a unique Identifier for use in templates, etc...
     *
     * @return string
     */
    public function UniqueIdentifier()
    {
        return $this->TableID().'_Button';
    }

    public function Define($name)

    {
        $object = Injector::inst()->get('EcommerceConfigDefinitions');

        return $object->getAjaxMethod($name);
    }
}


1			<?php
2
3			/**
4			* This class defines all the names for IDs and Classes that are used
5			* within the e-commerce ajax framework.
6			*
7			* @authors: Nicolaas [at] Sunny Side Up .co.nz
8			* @package: ecommerce
9			* @sub-package: configuration
10			* @inspiration: Silverstripe Ltd, Jeremy
11			**/
12			class EcommerceConfigAjaxDefinitions extends ViewableData
13			{
14			/**
15			* prefix used for all classes and IDs.
16			*
17			* @var null \| String
18			*/
19			private static $prefix = null;
20
21			/**
22			* the class that is requesting the ajax definitions
23			* we provide the requestor so that we can dynamically change
24			* the ids and classes, using the requestor.
25			* e.g.
26			* <code>
27			* MyTableRowID(){
28			* return $this->requestor->ClassName."_bla".$this->requestor->ID;
29			* }
30			* </code>.
31			*
32			* @var DataObject
33			*/
34			protected $requestor = null;
35
36			/**
37			* set the requestor.
38			*
39			* @param DataObject $do - the object that requested the data.
40			*/
41			public function setRequestor($do)
42			{
43			if (self::$prefix === null) {
44			self::$prefix = EcommerceConfig::get('Order', 'template_id_prefix');
			0 ignored issues – show Documentation Bug introduced 2016-12-20 03:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `\EcommerceConfig::get('O..., 'template_id_prefix')` of type `array` or `integer` or `double` or `string` or `boolean` is incompatible with the declared type `null` of property `$prefix`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
45			}
46			$this->requestor = $do;
47			}
48
49			/*___________________
50
51			0. without context
52			___________________*/
53
54			/**
55			* id that is used in templates and in the JSON return @see CartResponse
56			* The Side bar cart ID is used for populating a small cart on the side bar.
57			*
58			* @see Sidebar_Cart.ss
59			*
60			* @return string
61			**/
62			public function SideBarCartID()
63			{
64			return self::$prefix.'Side_Bar_Cart';
65			}
66
67			/**
68			* Small representation of cart.
69			*
70			* @see CartShort.ss
71			*
72			* @return string
73			**/
74			public function SmallCartID()
75			{
76			return self::$prefix.'small_cart_id';
77			}
78
79			/**
80			* class that is used in templates and in the JSON return @see CartResponse
81			* The Menu Cart class is used for populating a tiny cart on your site
82			* (e.g. you have 3 items in your cart ($1343)).
83			*
84			* @see CartTiny.ss
85			*
86			* @return string
87			**/
88			public function TinyCartClassName()
89			{
90			return self::$prefix.'tiny_cart_class';
91			}
92
93			/**
94			* @return string
95			**/
96			public function HiddenPageTitleID()
97			{
98			return self::$prefix.'HiddenPageTitle';
99			}
100
101			/**
102			* @return string
103			**/
104			public function ProductListHolderID()
105			{
106			return self::$prefix.'ProductGroup';
107			}
108
109			/**
110			* @return string
111			**/
112			public function ProductListAjaxifiedLinkClassName()
113			{
114			return self::$prefix.'ajaxifyMyProductGroupLinks';
115			}
116
117			/**
118			* List of products in the ProductGroup page...
119			*
120			* @see ProductGroupItem.ss, ProductGroupItemMoreDetail.ss, and ProductGroupItemShort.ss
121			*
122			* @return string
123			**/
124			public function ProductListItemClassName()
125			{
126			return self::$prefix.'productActions';
127			}
128
129			/**
130			* Class used to identify that a product is in cart.
131			*
132			* @see ProductGroupItem.ss, ProductGroupItemMoreDetail.ss, and ProductGroupItemShort.ss
133			*
134			* @return string
135			**/
136			public function ProductListItemInCartClassName()
137			{
138			return self::$prefix.'inCart';
139			}
140
141			/**
142			* Class used to identify that a product is not in cart.
143			*
144			* @see ProductGroupItem.ss, ProductGroupItemMoreDetail.ss, and ProductGroupItemShort.ss
145			*
146			* @return string
147			**/
148			public function ProductListItemNotInCartClassName()
149			{
150			return self::$prefix.'notInCart';
151			}
152
153			/*___________________
154
155			1. Generic (Order / Modifier / OrderItem)
156			___________________*/
157
158			/**
159			*@return string for use in the Templates
160			**/
161			public function TableID()
162			{
163			return self::$prefix.$this->requestor->ClassName.'_DB_'.$this->requestor->ID;
164			}
165
166			/**
167			*@return string for use in the Templates
168			**/
169			public function TableTotalID()
170			{
171			return $this->TableID().'_Total';
172			}
173
174			/*___________________
175
176			2. Order
177			___________________*/
178
179			/**
180			* id that is used in templates and in the JSON return @see CartResponse.
181			*
182			* @return string
183			**/
184			public function TableMessageID()
185			{
186			return $this->TableID().'_Message';
187			}
188
189			/**
190			* id that is used in templates and in the JSON return @see CartResponse.
191			*
192			* @return string
193			**/
194			public function TableSubTotalID()
195			{
196			return $this->TableID().'_SubTotal';
197			}
198
199			/**
200			* class that is used in templates and in the JSON return @see CartResponse.
201			*
202			* @return string
203			**/
204			public function TotalItemsTimesQuantityClassName()
205			{
206			return self::$prefix.'number_of_items_times_quantity';
207			}
208
209			/**
210			* class that is used in templates and in the JSON return @see CartResponse.
211			*
212			* @return string
213			**/
214			public function TotalItemsClassName()
215			{
216			return self::$prefix.'number_of_items';
217			}
218			/**
219			* class that is used in templates and in the JSON return @see CartResponse.
220			*
221			* @return string
222			**/
223			public function ExpectedCountryClassName()
224			{
225			return self::$prefix.'expected_country_selector';
226			}
227
228			/**
229			* class that is used in templates and in the JSON return @see CartResponse.
230			*
231			* @return string
232			**/
233			public function CountryFieldID()
234			{
235			return OrderAddress::get_country_field_ID();
236			}
237
238			/**
239			* class that is used in templates and in the JSON return @see CartResponse.
240			*
241			* @return string
242			**/
243			public function RegionFieldID()
244			{
245			return OrderAddress::get_region_field_ID();
246			}
247
248			/*___________________
249
250			3. Order Attribute (Modifier + OrderItem)
251			___________________*/
252
253			/**
254			*@return string for use in the Templates
255			**/
256			public function TableTitleID()
257			{
258			return $this->TableID().'_Title';
259			}
260
261			/**
262			*@return string for use in the Templates
263			**/
264			public function CartTitleID()
265			{
266			return $this->TableID().'_Title_Cart';
267			}
268
269			/**
270			*@return string for use in the Templates
271			**/
272			public function TableSubTitleID()
273			{
274			return $this->TableID().'_Sub_Title';
275			}
276
277			/**
278			*@return string for use in the Templates
279			**/
280			public function CartSubTitleID()
281			{
282			return $this->TableID().'_Sub_Title_Cart';
283			}
284
285			/*___________________
286
287			4. OrderItems
288			___________________*/
289
290			/**
291			* id that is used in templates and in the JSON return @see CartResponse.
292			*
293			* @return string
294			**/
295			public function QuantityFieldName()
296			{
297			return $this->TableID().'_Quantity_SetQuantityLink';
298			}
299
300			/*___________________
301
302			5. Modifiers
303			___________________*/
304
305			/*___________________
306
307			6. Buyable
308			___________________*/
309
310			/**
311			* returns a string that can be used as a unique Identifier for use in templates, etc...
312			*
313			* @return string
314			*/
315			public function UniqueIdentifier()
316			{
317			return $this->TableID().'_Button';
318			}
319
320			public function Define($name)
			0 ignored issues – show Documentation introduced 2016-12-20 03:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type could not be reliably inferred; please add a `@return` annotation. Our type inference engine in quite powerful, but sometimes the code does not provide enough clues to go by. In these cases we request you to add a `@return` annotation as described here. Loading history...
321			{
322			$object = Injector::inst()->get('EcommerceConfigDefinitions');
323
324			return $object->getAjaxMethod($name);
325			}
326			}
327

sunnysideup / silverstripe-ecommerce

Issues (2002)

Security Analysis not enabled

code/config/EcommerceConfigAjaxDefinitions.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like