Issues in BuyableModel.php (master) - Issues in master - sunnysideup/silverstripe-ecommerce - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2002)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

code/interfaces/BuyableModel.php (5 issues)

Labels

Documentation 5

Severity

Minor 5

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * describes the buyable classes
 * CONTENT:
 * //GROUPS AND SIBLINGS
 * //IMAGES
 * //VERSIONING
 * //ORDER ITEM
 * //LINKS
 * //TEMPLATE STUFF
 * //CRUD SETTINGS.
 *
 *
 * @authors: Nicolaas [at] Sunny Side Up .co.nz
 * @package: ecommerce
 * @sub-package: buyables
 * @inspiration: Silverstripe Ltd, Jeremy
 **/
interface BuyableModel
{


    //GROUPS AND SIBLINGS

    /**
     * Returns the direct parent (group) for the product.
     **/
    public function MainParentGroup();


    /**
     * Returns Buybales in the same group.
     *
     * @return DataList (Products)
     **/
    public function Siblings();

    //IMAGES
    /**
     * returns a "BestAvailable" image if the current one is not available
     * In some cases this is appropriate and in some cases this is not.
     * For example, consider the following setup
     * - product A with three variations
     * - Product A has an image, but the variations have no images
     * With this scenario, you want to show ONLY the product image
     * on the product page, but if one of the variations is added to the
     * cart, then you want to show the product image.
     * This can be achieved bu using the BestAvailable image.
     *
     * @return Image | Null
     */
    public function BestAvailableImage();

    /**
     * Little hack to show thumbnail in summary fields in modeladmin in CMS.
     *
     * @return string (HTML = formatted image)
     */
    public function CMSThumbnail();

    /**
     * returns a link to the standard image.
     *
     * @return string
     */
    public function DefaultImageLink();

    /**
     * returns a product image for use in templates
     * e.g. $DummyImage.Width();.
     *
     * @return Product_Image
     */
    public function DummyImage();

    // VERSIONING

    /**
     * Action to return specific version of a product.
     * This can be any product to enable the retrieval of deleted products.
     * This is really useful for sold products where you want to retrieve the actual version that you sold.
     *
     * @param int $id
     * @param int $version
     *
     * @return DataObject | Null
     */
    public function getVersionOfBuyable($id = 0, $version = 0);

    //ORDER ITEM

    /**
     * returns the order item associated with the buyable.
     * ALWAYS returns one, even if there is none in the cart.
     * Does not write to database.
     *
     * @return OrderItem (no kidding)
     **/
    public function OrderItem();

    /**
     * @var string
     */
    //protected $defaultClassNameForOrderItem;

    /**
     * you can overwrite this function in your buyable items (such as Product).
     *
     * @return string
     **/
    public function classNameForOrderItem();

    /**
     * You can set an alternative class name for order item using this method.
     *
     * @param string $ClassName
/**
 * @param array $germany
 * @param array $ireland
 */
function finale($germany, $island) {
    return "2:1";
}
     **/
    public function setAlternativeClassNameForOrderItem($className);


    /**
     * This is used when you add a product to your cart
     * if you set it to 1 then you can add 0.1 product to cart.
     * If you set it to -1 then you can add 10, 20, 30, etc.. products to cart.
     *
     * @return int
     **/
    public function QuantityDecimals();

    /**
     * Has it been sold?
     *
     * @return bool
     */
    public function HasBeenSold();

    //LINKS

    /**
     * passing on shopping cart links ...is this necessary?? ...why not just pass the cart?
     *
     * @return string
     */
    public function AddLink();

    /**
     * link use to add (one) to cart.
     *
     *@return string
     */
    public function IncrementLink();

    /**
     * Link used to remove one from cart
     * we can do this, because by default remove link removes one.
     *
     * @return string
     */
    public function DecrementLink();

    /**
     * remove one buyable's orderitem from cart.
     *
     * @return string (Link)
     */
    public function RemoveLink();

    /**
     * remove all of this buyable's orderitem from cart.
     *
     * @return string (Link)
     */
    public function RemoveAllLink();

    /**
     * remove all of this buyable's orderitem from cart and go through to this buyble to add alternative selection.
     *
     * @return string (Link)
     */
    public function RemoveAllAndEditLink();

    /**
     * set new specific new quantity for buyable's orderitem.
     *
     * @param float
     *
     * @return string (Link)
     */
    public function SetSpecificQuantityItemLink($quantity);

    /**
     * @return string
     */
    public function AddToCartAndGoToCheckoutLink();

    //TEMPLATE STUFF

    /**
     * @return bool
     */
    public function IsInCart();

    /**
     * @return EcomQuantityField
     */
    public function EcomQuantityField();

    /**
     * returns the instance of EcommerceConfigAjax for use in templates.
     * In templates, it is used like this:
     * $EcommerceConfigAjax.TableID.
     *
     * @return EcommerceConfigAjax
     **/
    public function AJAXDefinitions();

    /**
     * returns the instance of EcommerceDBConfig.
     *
     * @return EcommerceDBConfig
     **/
    public function EcomConfig();

    /**
     * Is it a variation?
     *
     * @return bool
     */
    public function IsProductVariation();

    /**
     * Turn AllowPurchase into Yes or no.
     *
     * @return string
     */
    public function AllowPurchaseNice();

    /**
     * Products have a standard price, but for specific situations they have a calculated price.
     * The Price can be changed for specific member discounts, a different currency, etc...
     *
     * @return float (casted variable)
     */
    public function CalculatedPrice();
    public function getCalculatedPrice();


    /**
     * How do we display the price?
     *
     * @return Money
     */
    public function CalculatedPriceAsMoney();
    public function getCalculatedPriceAsMoney();


    //CRUD SETTINGS

    /**
     * Is the product for sale?
     *
     * @return bool
     */
    public function canPurchase(Member $member = null, $checkPrice = true);
}


1			<?php
2			/**
3			* describes the buyable classes
4			* CONTENT:
5			* //GROUPS AND SIBLINGS
6			* //IMAGES
7			* //VERSIONING
8			* //ORDER ITEM
9			* //LINKS
10			* //TEMPLATE STUFF
11			* //CRUD SETTINGS.
12			*
13			*
14			* @authors: Nicolaas [at] Sunny Side Up .co.nz
15			* @package: ecommerce
16			* @sub-package: buyables
17			* @inspiration: Silverstripe Ltd, Jeremy
18			**/
19			interface BuyableModel
20			{
21
22
23			//GROUPS AND SIBLINGS
24
25			/**
26			* Returns the direct parent (group) for the product.
27			**/
28			public function MainParentGroup();
			0 ignored issues – show Documentation introduced 2017-08-04 00:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this For interfaces and abstract methods it is generally a good practice to add a `@return` annotation even if it is just `@return void` or `@return null`, so that implementors know what to do in the overridden method. For interface and abstract methods, it is impossible to infer the return type from the immediate code. In these cases, it is generally advisible to explicitly annotate these methods with a `@return` doc comment to communicate to implementors of these methods what they are expected to return. Loading history...
29
30			/**
31			* Returns Buybales in the same group.
32			*
33			* @return DataList (Products)
34			**/
35			public function Siblings();
36
37			//IMAGES
38			/**
39			* returns a "BestAvailable" image if the current one is not available
40			* In some cases this is appropriate and in some cases this is not.
41			* For example, consider the following setup
42			* - product A with three variations
43			* - Product A has an image, but the variations have no images
44			* With this scenario, you want to show ONLY the product image
45			* on the product page, but if one of the variations is added to the
46			* cart, then you want to show the product image.
47			* This can be achieved bu using the BestAvailable image.
48			*
49			* @return Image \| Null
50			*/
51			public function BestAvailableImage();
52
53			/**
54			* Little hack to show thumbnail in summary fields in modeladmin in CMS.
55			*
56			* @return string (HTML = formatted image)
57			*/
58			public function CMSThumbnail();
59
60			/**
61			* returns a link to the standard image.
62			*
63			* @return string
64			*/
65			public function DefaultImageLink();
66
67			/**
68			* returns a product image for use in templates
69			* e.g. $DummyImage.Width();.
70			*
71			* @return Product_Image
72			*/
73			public function DummyImage();
74
75			// VERSIONING
76
77			/**
78			* Action to return specific version of a product.
79			* This can be any product to enable the retrieval of deleted products.
80			* This is really useful for sold products where you want to retrieve the actual version that you sold.
81			*
82			* @param int $id
83			* @param int $version
84			*
85			* @return DataObject \| Null
86			*/
87			public function getVersionOfBuyable($id = 0, $version = 0);
88
89			//ORDER ITEM
90
91			/**
92			* returns the order item associated with the buyable.
93			* ALWAYS returns one, even if there is none in the cart.
94			* Does not write to database.
95			*
96			* @return OrderItem (no kidding)
97			**/
98			public function OrderItem();
99
100			/**
101			* @var string
102			*/
103			//protected $defaultClassNameForOrderItem;
104
105			/**
106			* you can overwrite this function in your buyable items (such as Product).
107			*
108			* @return string
109			**/
110			public function classNameForOrderItem();
111
112			/**
113			* You can set an alternative class name for order item using this method.
114			*
115			* @param string $ClassName
			0 ignored issues – show Documentation introduced 2016-12-20 03:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$ClassName`. Did you maybe mean `$className`? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. It has, however, found a similar but not annotated parameter which might be a good fit. Consider the following example. The parameter `$ireland` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $ireland */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was changed, but the annotation was not. Loading history...
116			**/
117			public function setAlternativeClassNameForOrderItem($className);
			0 ignored issues – show Documentation introduced 2017-08-04 00:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this For interfaces and abstract methods it is generally a good practice to add a `@return` annotation even if it is just `@return void` or `@return null`, so that implementors know what to do in the overridden method. For interface and abstract methods, it is impossible to infer the return type from the immediate code. In these cases, it is generally advisible to explicitly annotate these methods with a `@return` doc comment to communicate to implementors of these methods what they are expected to return. Loading history...
118
119			/**
120			* This is used when you add a product to your cart
121			* if you set it to 1 then you can add 0.1 product to cart.
122			* If you set it to -1 then you can add 10, 20, 30, etc.. products to cart.
123			*
124			* @return int
125			**/
126			public function QuantityDecimals();
127
128			/**
129			* Has it been sold?
130			*
131			* @return bool
132			*/
133			public function HasBeenSold();
134
135			//LINKS
136
137			/**
138			* passing on shopping cart links ...is this necessary?? ...why not just pass the cart?
139			*
140			* @return string
141			*/
142			public function AddLink();
143
144			/**
145			* link use to add (one) to cart.
146			*
147			*@return string
148			*/
149			public function IncrementLink();
150
151			/**
152			* Link used to remove one from cart
153			* we can do this, because by default remove link removes one.
154			*
155			* @return string
156			*/
157			public function DecrementLink();
158
159			/**
160			* remove one buyable's orderitem from cart.
161			*
162			* @return string (Link)
163			*/
164			public function RemoveLink();
165
166			/**
167			* remove all of this buyable's orderitem from cart.
168			*
169			* @return string (Link)
170			*/
171			public function RemoveAllLink();
172
173			/**
174			* remove all of this buyable's orderitem from cart and go through to this buyble to add alternative selection.
175			*
176			* @return string (Link)
177			*/
178			public function RemoveAllAndEditLink();
179
180			/**
181			* set new specific new quantity for buyable's orderitem.
182			*
183			* @param float
184			*
185			* @return string (Link)
186			*/
187			public function SetSpecificQuantityItemLink($quantity);
188
189			/**
190			* @return string
191			*/
192			public function AddToCartAndGoToCheckoutLink();
193
194			//TEMPLATE STUFF
195
196			/**
197			* @return bool
198			*/
199			public function IsInCart();
200
201			/**
202			* @return EcomQuantityField
203			*/
204			public function EcomQuantityField();
205
206			/**
207			* returns the instance of EcommerceConfigAjax for use in templates.
208			* In templates, it is used like this:
209			* $EcommerceConfigAjax.TableID.
210			*
211			* @return EcommerceConfigAjax
212			**/
213			public function AJAXDefinitions();
214
215			/**
216			* returns the instance of EcommerceDBConfig.
217			*
218			* @return EcommerceDBConfig
219			**/
220			public function EcomConfig();
221
222			/**
223			* Is it a variation?
224			*
225			* @return bool
226			*/
227			public function IsProductVariation();
228
229			/**
230			* Turn AllowPurchase into Yes or no.
231			*
232			* @return string
233			*/
234			public function AllowPurchaseNice();
235
236			/**
237			* Products have a standard price, but for specific situations they have a calculated price.
238			* The Price can be changed for specific member discounts, a different currency, etc...
239			*
240			* @return float (casted variable)
241			*/
242			public function CalculatedPrice();
243			public function getCalculatedPrice();
			0 ignored issues – show Documentation introduced 2017-08-04 00:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this For interfaces and abstract methods it is generally a good practice to add a `@return` annotation even if it is just `@return void` or `@return null`, so that implementors know what to do in the overridden method. For interface and abstract methods, it is impossible to infer the return type from the immediate code. In these cases, it is generally advisible to explicitly annotate these methods with a `@return` doc comment to communicate to implementors of these methods what they are expected to return. Loading history...
244
245			/**
246			* How do we display the price?
247			*
248			* @return Money
249			*/
250			public function CalculatedPriceAsMoney();
251			public function getCalculatedPriceAsMoney();
			0 ignored issues – show Documentation introduced 2017-08-04 00:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this For interfaces and abstract methods it is generally a good practice to add a `@return` annotation even if it is just `@return void` or `@return null`, so that implementors know what to do in the overridden method. For interface and abstract methods, it is impossible to infer the return type from the immediate code. In these cases, it is generally advisible to explicitly annotate these methods with a `@return` doc comment to communicate to implementors of these methods what they are expected to return. Loading history...
252
253			//CRUD SETTINGS
254
255			/**
256			* Is the product for sale?
257			*
258			* @return bool
259			*/
260			public function canPurchase(Member $member = null, $checkPrice = true);
261			}
262

sunnysideup / silverstripe-ecommerce

Issues (2002)

Security Analysis not enabled

code/interfaces/BuyableModel.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like