This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | class NutriRow extends DataObject |
||
0 ignored issues
–
show
|
|||
4 | { |
||
5 | private static $default_rows = array(); |
||
0 ignored issues
–
show
|
|||
6 | |||
7 | private static $singular_name = 'Nutritional Information Item'; |
||
0 ignored issues
–
show
|
|||
8 | public function i18n_singular_name() |
||
9 | { |
||
10 | return self::$singular_name; |
||
11 | } |
||
12 | |||
13 | private static $plural_name = 'Nutritional Information Items'; |
||
0 ignored issues
–
show
|
|||
14 | public function i18n_plural_name() |
||
15 | { |
||
16 | return self::$plural_name; |
||
17 | } |
||
18 | |||
19 | private static $db = array( |
||
0 ignored issues
–
show
|
|||
20 | 'Title' => 'Varchar(30)', |
||
21 | 'PerServe' => 'Varchar(20)', |
||
22 | 'Per100' => 'Varchar(20)', |
||
23 | 'DVPercentage' => 'Varchar(20)', |
||
24 | 'Hide' => 'Boolean', |
||
25 | 'SortOrder' => 'Int', |
||
26 | ); |
||
27 | |||
28 | private static $has_one = array( |
||
0 ignored issues
–
show
|
|||
29 | 'NutriHolder' => 'NutriHolder', |
||
30 | ); |
||
31 | |||
32 | private static $default_sort = array( |
||
0 ignored issues
–
show
|
|||
33 | 'Hide' => 'ASC', |
||
34 | 'SortOrder' => 'ASC' |
||
35 | ); |
||
36 | |||
37 | private static $summary_fields = array( |
||
0 ignored issues
–
show
|
|||
38 | 'Title' => 'Title', |
||
39 | 'PerServe' => 'Per Serve', |
||
40 | 'Per100' => 'Per 100', |
||
41 | 'Hide.Nice' => 'Hidden' |
||
42 | ); |
||
43 | |||
44 | private static $indexes = array( |
||
0 ignored issues
–
show
|
|||
45 | 'SortOrder' => true |
||
46 | ); |
||
47 | |||
48 | public function Shown() |
||
49 | { |
||
50 | return !$this->Hide; |
||
0 ignored issues
–
show
The property
Hide does not exist on object<NutriRow> . Since you implemented __get , maybe consider adding a @property annotation.
Since your code implements the magic getter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
If the property has read access only, you can use the @property-read annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
51 | } |
||
52 | |||
53 | /** |
||
54 | * |
||
55 | * |
||
56 | * @inherited |
||
57 | */ |
||
58 | public function canDelete($member = null) |
||
59 | { |
||
60 | $defaultRows = Config::inst()->get("NutriRow", "default_rows"); |
||
61 | $defaultRows = array_map('strtolower', $defaultRows); |
||
62 | |||
63 | if (in_array(strtolower($this->Title), $defaultRows)) { |
||
0 ignored issues
–
show
The property
Title does not exist on object<NutriRow> . Since you implemented __get , maybe consider adding a @property annotation.
Since your code implements the magic getter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
If the property has read access only, you can use the @property-read annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
64 | return false; |
||
65 | } |
||
66 | return parent::canDelete($member); |
||
67 | } |
||
68 | |||
69 | public function getCMSFields() |
||
70 | { |
||
71 | $fields = parent::getCMSFields(); |
||
72 | |||
73 | $fields->addFieldsToTab( |
||
74 | 'Root.Main', |
||
75 | array( |
||
76 | CheckboxField::create('Hide', 'Hide entry') |
||
77 | ->setRightTitle('Hide this entry - not relevant ... '), |
||
78 | TextField::create('Title', 'Nutritional information item') |
||
79 | ->setRightTitle('E.g. salt, carbohydrates, ebergy'), |
||
80 | TextField::create('PerServe', 'The amount of the item per serve') |
||
81 | ->setRightTitle('For example, 1g or 2,000KJ'), |
||
82 | TextField::create('Per100', 'The amount of the item per 100g') |
||
83 | ->setRightTitle('For example, 1g or 2,000KJ'), |
||
84 | TextField::create( |
||
85 | 'DVPercentage', |
||
86 | '% Daily Value' |
||
87 | )->setRightTitle( |
||
88 | 'Eg, 20%. <br> |
||
89 | The % Daily Value(DV) tells you how much a nutrient in a serving of food contributes to a daily diet. <br> |
||
90 | 2,000 calories a day is used for general nutrition advice.' |
||
91 | ) |
||
92 | ) |
||
93 | ); |
||
94 | |||
95 | $fields->removeFieldFromTab('Root.Main', 'SortOrder'); |
||
96 | $fields->removeFieldFromTab('Root.Main', 'NutriHolder'); |
||
97 | $fields->removeFieldFromTab('Root.Main', 'NutriHolderID'); |
||
98 | |||
99 | return $fields; |
||
100 | } |
||
101 | |||
102 | |||
103 | public function requireDefaultRecords() |
||
104 | { |
||
105 | parent::requireDefaultRecords(); |
||
106 | $defaultRows = Config::inst()->get("NutriRow", "default_rows"); |
||
107 | |||
108 | |||
109 | $holders = NutriHolder::get(); |
||
110 | foreach ($holders as $holder) { |
||
111 | $sortOrder = 0; |
||
112 | foreach ($defaultRows as $itemName) { |
||
0 ignored issues
–
show
The expression
$defaultRows of type array|integer|double|string|boolean is not guaranteed to be traversable. How about adding an additional type check?
There are different options of fixing this problem.
Loading history...
|
|||
113 | $sortOrder++; |
||
114 | $filter = array( |
||
115 | "NutriHolderID" => $holder->ID, |
||
116 | "Title" => $itemName |
||
117 | ); |
||
118 | $obj = NutriRow::get()->filter($filter)->first(); |
||
119 | if (! $obj) { |
||
120 | DB::alteration_message("Creating $itemName", "created"); |
||
121 | $obj = NutriRow::create($filter); |
||
122 | $obj->SortOrder = $sortOrder; |
||
0 ignored issues
–
show
The property
SortOrder does not exist on object<NutriRow> . Since you implemented __set , maybe consider adding a @property annotation.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
123 | } |
||
124 | $obj->write(); |
||
125 | } |
||
126 | } |
||
127 | } |
||
128 | } |
||
129 |
You can fix this by adding a namespace to your class:
When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries.