Issues in RepeatOrdersPage.php (master) - Issues in master - sunnysideup/silverstripe-ecommerce_repeatorders - Measure and Improve Code Quality continuously with Scrutinizer

Issues (114)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

code/RepeatOrdersPage.php (12 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * RepeatOrdersPage page shows order history and a form to allow
 * the member to edit his/her details.
 *
 * @package ecommerce
 * @subpackage ecommerce ecommerce_Repeatorders
 * @author nicolaas [at] sunnysideup.co.nz
 */
class RepeatOrdersPage extends AccountPage
{
    use RepeatOrdersTrait;
    /**
     * Standard SS method
     */
    private static $db = array(
        "WhatAreRepeatOrders" => "HTMLText", // explanation of repeat orders in general
        "OnceLoggedInYouCanCreateRepeatOrder" => "HTMLText" //explaining the benefits of logging in for Repeat Orders
    );

    /**
     * Standard SS method
     */
    private static $week_days = array(
        "Monday" => "Monday",
        "Tuesday" => "Tuesday",
        "Wednesday" => "Wednesday",
        "Thursday" => "Thursday",
        "Friday" => "Friday",
        "Saturday" => "Saturday",
        "Sunday" => "Sunday"
    );

    /**
     * Return a link to view the order on the account page.
     * actions are: create, update, view
     * @param String $action
     * @param int|string $orderID ID of the order
/**
 * @param array $germany
 * @param array $ireland
 */
function finale($germany, $island) {
    return "2:1";
}
     */
    public static function get_repeat_order_link($action = 'view', $repeatOrderID = 0)
    {
        $page = DataObject::get_one(__CLASS__);
        if (!$page) {
            user_error('No RepeatOrderPage was found. Please create one in the CMS!', E_USER_ERROR);
        }
        return $page->Link($action)."/".$repeatOrderID."/";
    }

    /**
     * standard SS Method
     */
    public function canCreate($member = null)
    {
        if(DataObject::get_one("RepeatOrdersPage")) {
            return false;
        } else {
            return parent::canCreate($member);
        }
    }


    /**
     * standard SS Method
     */
    public function getCMSFields()

    {
        $fields = parent::getCMSFields();
        $fields->addFieldsToTab(
            "Root.ExplainingRepeatOrders",
            [
                HtmlEditorField::create(
                    $name = "WhatAreRepeatOrders",
                    $title = "What Are Repeat Orders."
                )->setDescription('Explanation Used throughout the site'),
                HtmlEditorField::create(
                    $name = "OnceLoggedInYouCanCreateRepeatOrder",
                    $title = "Not Logged In"
                )->setDescription('Explanation for people who are not logged-in yet explaining that they can turn an order into a Repeat order...')
            ]
        );

        return $fields;
    }

    /**
     * Automatically create an AccountPage if one is not found
     * on the site at the time the database is built (dev/build).
     */
    public function requireDefaultRecords()
    {
        parent::requireDefaultRecords();
        if (!DataObject::get_one('RepeatOrdersPage')) {
            $page = RepeatOrdersPage::create();
            $page->Title = 'Repeat Orders';
            $page->Content = '<p>This is the Repeat orders account page. It is used for shop users to login and create or change their Repeat orders.</p>';
            $page->URLSegment = 'repeat-orders';
            $page->WhatAreRepeatOrders = '<p>Repeat Orders allow you to regularly repeat an order.</p>';
            $page->OnceLoggedInYouCanCreateRepeatOrder = '<p>Once logged in you can setup a repeating order.</p>';
            $page->ShowInMenus = 0;
            $page->ShowInSearch = 0;
            $page->writeToStage('Stage');
            $page->publish('Stage', 'Live');
            DB::alteration_message('Repeat Order page \'Repeat Orders\' created', 'created');
        }
    }

    /**
     * Standard SS method
     * Sets the days available for repeating orders.
     */
    public function onBeforeWrite()
    {
        parent::onBeforeWrite();
    }
}


class RepeatOrdersPage_Controller extends AccountPage_Controller
{

    /**
     * Defines methods that can be called directly
     * @var array
     */
    private static $allowed_actions = array(

        'createorder' => true,
        'cancel' => true,
        'view' => true,
        'modify' => true,
        'admin' => true,
        'ajaxcheckoutcancel' => true,
        'ajaxcreateorder' => true,
        'RepeatOrderForm' => true
    );

    public function init()
    {
        parent::init();
    }

    public function createorder($request)

    {
        $orderID = intval($request->param("ID"));
        $order = null;
        if ($orderID) {
            $order = Order::get_by_id_if_can_view($orderID);
        }
        if (!$order) {
            $order = ShoppingCart::current_order();
        }
        //TODO: move items to order
        $params = array(
            'Order' => $order,
        );
        return $this->renderWith(
            ['RepeatOrdersPage_edit', 'Page'],
            $params
        );
    }

    public function view($request)

    {
        $params = array(
            'RepeatOrder' => false,
            'Message' => 'Repeating order could not be found.'
        );
        if ($repeatOrderID = intval($request->param("ID"))) {
            $repeatOrder = DataObject::get_one('RepeatOrder', "RepeatOrder.ID = '$repeatOrderID'");
            if ($repeatOrder && $repeatOrder->canView()) {
                $params = array(
                    'RepeatOrder' => $repeatOrder,
                    'Message' => "Please review order below."
                );
            } else {
                $params = array(
                    'RepeatOrder' => '',
                    'Message' => "You do not have permission to view this Order, please log in."
                );
            }
        }

        return $this->renderWith(
            ['RepeatOrdersPage_view', 'Page'],
            $params
        );
    }

    public function modify($request)

    {
        $params = [
            'RepeatOrder' => false,
            'Message' => 'There is no order by that ID.'
        ];
        if ($repeatOrderID = intval($request->param("ID"))) {
            $repeatOrder = DataObject::get_by_id('RepeatOrder', $repeatOrderID);
            $member = Member::currentUser();
            if ($repeatOrder->canEdit($member)) {
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
                $params = [
                    'RepeatOrder' => $repeatOrder,
                    'Message' => 'Please edit your details below.'
                ];
            }
        }
        return $this->renderWith(
            ['RepeatOrdersPage_edit', 'Page'],
            $params
        );
    }

    public function cancel($request)

    {

        if ($repeatOrderID = intval($request->param("ID"))) {
            $repeatOrder = DataObject::get_one('RepeatOrder', ["ID" => $repeatOrderID]);
            $member = Member::currentUser();
            if ($repeatOrder && $repeatOrder->canEdit($member)) {
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
                $repeatOrder->Status = 'MemberCancelled';
                $repeatOrder->write();
                return $this->redirectBack();
            }
        }
        die("Could not cancel repeat order, please contact that administrator for assistance.");
    }

    /**
     * Show a list of all repeating orders.
     * @return HTML
     */
    public function admin()
    {
        $shopAdminCode = EcommerceConfig::get("EcommerceRole", "admin_permission_code");
        if (Permission::check("ADMIN") || Permission::check($shopAdminCode)) {
            RepeatOrder::create_automatically_created_orders();
            $params = array(
                "AllRepeatOrders" => RepeatOrder::get()->filter(["Status" => 'Active'])
            );
            Requirements::javascript(THIRDPARTY_DIR."/jquery/jquery.js");
            //Requirements::block(THIRDPARTY_DIR."/jquery/jquery.js");
            //Requirements::javascript(Director::protocol()."ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js");
            Requirements::javascript("ecommerce_repeatorders/javascript/RepeatOrdersPage_admin.js");
            Requirements::themedCSS("RepeatOrdersPage_admin");

            return $this->renderWith(
                ['RepeatOrdersPage_admin', 'Page'],
                $params
            );
        } else {
            return Security::permissionFailure($this, _t('OrderReport.PERMISSIONFAILURE', 'Sorry you do not have permission for this function. Please login as an Adminstrator'));
        }
    }

    public function ajaxcreateorder($request)
    {
        $orderID = intval($request->postVar('OrderID'));
        if ($request->isAjax()) {
            $orderForm = RepeatOrderForm::create(
                $this,
                'RepeatOrderForm',
                0,
                $orderID
            );
            $orderForm->doCreate($this->request->postVars(), $orderForm, $request);
        }
        else {
            user_error('This function can only be called via Ajax.');
        }
    }

    //* function should only be called from the checkout and only via ajax
    public function ajaxcheckoutcancel($request)
    {
        if ($request->isAjax()) {
            if ($repeatOrderID = intval($request->param("ID"))) {
                $repeatOrder = DataObject::get_one('RepeatOrder', ["ID" => $repeatOrderID]);
                if ($repeatOrder && $repeatOrder->canModify()) {
                    $repeatOrder->Status = 'MemberCancelled';
                    $repeatOrder->write();
                    $order = $repeatOrder->OriginatingOrder();
                    $order->RepeatOrderID = 0;
                    $order->write();
                    return true;
                }
            }
        }
        else {
            user_error('This function can only be called via Ajax.');
        }
    }

    /**
     *
     * @return RepeatOrderForm
     */
    public function RepeatOrderForm()
    {
        $action = $this->request->param('Action');
        $repeatOrderID = intval($this->request->param('ID'));
        $orderID = 0;
        if ($action == 'createorder' || isset($_REQUEST['action_doCreate'])) {
            if (isset($_REQUEST['action_doCreate']) && isset($_REQUEST['repeatOrderID'])) {

                $repeatOrderID = intval($_REQUEST['repeatOrderID']);
            }
            if ($action == 'createorder') {
                $orderID = $repeatOrderID;
                $repeatOrderID = 0;
            }
            return RepeatOrderForm::create(
                $this,
                'RepeatOrderForm',
                $repeatOrderID,
                $orderID
            );
        } elseif ($action == 'update' || isset($_REQUEST['action_doSave'])) {
            if (isset($_REQUEST['action_doSave']) && isset($_REQUEST['RepeatOrderID'])) {

                $repeatOrderID = intval($_REQUEST['RepeatOrderID']);
            }
            return RepeatOrderForm::create(
                $this,
                'RepeatOrderForm',
                $repeatOrderID,
                $orderID
            );
        } elseif ($repeatOrderID) {

            return RepeatOrderForm::create(
                $this,
                'RepeatOrderForm',
                $repeatOrderID,
                $orderID,
                true
            );
        } else {
            return $this->redirect('404-could-not-find-order');
        }
    }

    public function AccountPageLink()

    {
        $accountPage = AccountPage::get()->first();
        if($accountPage){
            return $accountPage->Link();
        }
        return false;
    }
}


1		<?php
2		/**
3		* RepeatOrdersPage page shows order history and a form to allow
4		* the member to edit his/her details.
5		*
6		* @package ecommerce
7		* @subpackage ecommerce ecommerce_Repeatorders
8		* @author nicolaas [at] sunnysideup.co.nz
9		*/
10		class RepeatOrdersPage extends AccountPage
11		{
12		use RepeatOrdersTrait;
13		/**
14		* Standard SS method
15		*/
16		private static $db = array(
17		"WhatAreRepeatOrders" => "HTMLText", // explanation of repeat orders in general
18		"OnceLoggedInYouCanCreateRepeatOrder" => "HTMLText" //explaining the benefits of logging in for Repeat Orders
19		);
20
21		/**
22		* Standard SS method
23		*/
24		private static $week_days = array(
25		"Monday" => "Monday",
26		"Tuesday" => "Tuesday",
27		"Wednesday" => "Wednesday",
28		"Thursday" => "Thursday",
29		"Friday" => "Friday",
30		"Saturday" => "Saturday",
31		"Sunday" => "Sunday"
32		);
33
34		/**
35		* Return a link to view the order on the account page.
36		* actions are: create, update, view
37		* @param String $action
38		* @param int\|string $orderID ID of the order
		0 ignored issues – show Documentation introduced 2019-04-11 21:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$orderID`. Did you maybe mean `$repeatOrderID`? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. It has, however, found a similar but not annotated parameter which might be a good fit. Consider the following example. The parameter `$ireland` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $ireland */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was changed, but the annotation was not. Loading history...
39		*/
40		public static function get_repeat_order_link($action = 'view', $repeatOrderID = 0)
41		{
42		$page = DataObject::get_one(__CLASS__);
43		if (!$page) {
44		user_error('No RepeatOrderPage was found. Please create one in the CMS!', E_USER_ERROR);
45		}
46		return $page->Link($action)."/".$repeatOrderID."/";
47		}
48
49		/**
50		* standard SS Method
51		*/
52		public function canCreate($member = null)
53		{
54		if(DataObject::get_one("RepeatOrdersPage")) {
55		return false;
56		} else {
57		return parent::canCreate($member);
58		}
59		}
60
61
62		/**
63		* standard SS Method
64		*/
65		public function getCMSFields()
		0 ignored issues – show Documentation introduced 2019-04-11 21:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type could not be reliably inferred; please add a `@return` annotation. Our type inference engine in quite powerful, but sometimes the code does not provide enough clues to go by. In these cases we request you to add a `@return` annotation as described here. Loading history...
66		{
67		$fields = parent::getCMSFields();
68		$fields->addFieldsToTab(
69		"Root.ExplainingRepeatOrders",
70		[
71		HtmlEditorField::create(
72		$name = "WhatAreRepeatOrders",
73		$title = "What Are Repeat Orders."
74		)->setDescription('Explanation Used throughout the site'),
75		HtmlEditorField::create(
76		$name = "OnceLoggedInYouCanCreateRepeatOrder",
77		$title = "Not Logged In"
78		)->setDescription('Explanation for people who are not logged-in yet explaining that they can turn an order into a Repeat order...')
79		]
80		);
81
82		return $fields;
83		}
84
85		/**
86		* Automatically create an AccountPage if one is not found
87		* on the site at the time the database is built (dev/build).
88		*/
89		public function requireDefaultRecords()
90		{
91		parent::requireDefaultRecords();
92		if (!DataObject::get_one('RepeatOrdersPage')) {
93		$page = RepeatOrdersPage::create();
94		$page->Title = 'Repeat Orders';
95		$page->Content = '<p>This is the Repeat orders account page. It is used for shop users to login and create or change their Repeat orders.</p>';
96		$page->URLSegment = 'repeat-orders';
97		$page->WhatAreRepeatOrders = '<p>Repeat Orders allow you to regularly repeat an order.</p>';
98		$page->OnceLoggedInYouCanCreateRepeatOrder = '<p>Once logged in you can setup a repeating order.</p>';
99		$page->ShowInMenus = 0;
100		$page->ShowInSearch = 0;
101		$page->writeToStage('Stage');
102		$page->publish('Stage', 'Live');
103		DB::alteration_message('Repeat Order page \'Repeat Orders\' created', 'created');
104		}
105		}
106
107		/**
108		* Standard SS method
109		* Sets the days available for repeating orders.
110		*/
111		public function onBeforeWrite()
112		{
113		parent::onBeforeWrite();
114		}
115		}
116
117
118		class RepeatOrdersPage_Controller extends AccountPage_Controller
119		{
120
121		/**
122		* Defines methods that can be called directly
123		* @var array
124		*/
125		private static $allowed_actions = array(
		0 ignored issues – show Comprehensibility introduced 2019-04-13 02:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using a different property name as you override a private property of the parent class. Loading history...
126		'createorder' => true,
127		'cancel' => true,
128		'view' => true,
129		'modify' => true,
130		'admin' => true,
131		'ajaxcheckoutcancel' => true,
132		'ajaxcreateorder' => true,
133		'RepeatOrderForm' => true
134		);
135
136		public function init()
137		{
138		parent::init();
139		}
140
141		public function createorder($request)
		0 ignored issues – show Documentation introduced 2019-04-13 01:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type could not be reliably inferred; please add a `@return` annotation. Our type inference engine in quite powerful, but sometimes the code does not provide enough clues to go by. In these cases we request you to add a `@return` annotation as described here. Loading history...
142		{
143		$orderID = intval($request->param("ID"));
144		$order = null;
145		if ($orderID) {
146		$order = Order::get_by_id_if_can_view($orderID);
147		}
148		if (!$order) {
149		$order = ShoppingCart::current_order();
150		}
151		//TODO: move items to order
152		$params = array(
153		'Order' => $order,
154		);
155		return $this->renderWith(
156		['RepeatOrdersPage_edit', 'Page'],
157		$params
158		);
159		}
160
161		public function view($request)
		0 ignored issues – show Documentation introduced 2019-04-22 05:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type could not be reliably inferred; please add a `@return` annotation. Our type inference engine in quite powerful, but sometimes the code does not provide enough clues to go by. In these cases we request you to add a `@return` annotation as described here. Loading history...
162		{
163		$params = array(
164		'RepeatOrder' => false,
165		'Message' => 'Repeating order could not be found.'
166		);
167		if ($repeatOrderID = intval($request->param("ID"))) {
168		$repeatOrder = DataObject::get_one('RepeatOrder', "RepeatOrder.ID = '$repeatOrderID'");
169		if ($repeatOrder && $repeatOrder->canView()) {
170		$params = array(
171		'RepeatOrder' => $repeatOrder,
172		'Message' => "Please review order below."
173		);
174		} else {
175		$params = array(
176		'RepeatOrder' => '',
177		'Message' => "You do not have permission to view this Order, please log in."
178		);
179		}
180		}
181
182		return $this->renderWith(
183		['RepeatOrdersPage_view', 'Page'],
184		$params
185		);
186		}
187
188		public function modify($request)
		0 ignored issues – show Documentation introduced 2019-04-13 01:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type could not be reliably inferred; please add a `@return` annotation. Our type inference engine in quite powerful, but sometimes the code does not provide enough clues to go by. In these cases we request you to add a `@return` annotation as described here. Loading history...
189		{
190		$params = [
191		'RepeatOrder' => false,
192		'Message' => 'There is no order by that ID.'
193		];
194		if ($repeatOrderID = intval($request->param("ID"))) {
195		$repeatOrder = DataObject::get_by_id('RepeatOrder', $repeatOrderID);
196		$member = Member::currentUser();
197		if ($repeatOrder->canEdit($member)) {
		0 ignored issues – show Bug introduced 2019-04-22 05:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$member` defined by `\Member::currentUser()` on line `196` can also be of type `object<DataObject>`; however, `DataObject::canEdit()` does only seem to accept `object<Member>\|null`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
198		$params = [
199		'RepeatOrder' => $repeatOrder,
200		'Message' => 'Please edit your details below.'
201		];
202		}
203		}
204		return $this->renderWith(
205		['RepeatOrdersPage_edit', 'Page'],
206		$params
207		);
208		}
209
210		public function cancel($request)
		0 ignored issues – show Documentation introduced 2019-04-13 01:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type could not be reliably inferred; please add a `@return` annotation. Our type inference engine in quite powerful, but sometimes the code does not provide enough clues to go by. In these cases we request you to add a `@return` annotation as described here. Loading history...
211		{
212
213		if ($repeatOrderID = intval($request->param("ID"))) {
214		$repeatOrder = DataObject::get_one('RepeatOrder', ["ID" => $repeatOrderID]);
215		$member = Member::currentUser();
216		if ($repeatOrder && $repeatOrder->canEdit($member)) {
		0 ignored issues – show Bug introduced 2019-04-22 05:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$member` defined by `\Member::currentUser()` on line `215` can also be of type `object<DataObject>`; however, `DataObject::canEdit()` does only seem to accept `object<Member>\|null`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
217		$repeatOrder->Status = 'MemberCancelled';
218		$repeatOrder->write();
219		return $this->redirectBack();
220		}
221		}
222		die("Could not cancel repeat order, please contact that administrator for assistance.");
223		}
224
225		/**
226		* Show a list of all repeating orders.
227		* @return HTML
228		*/
229		public function admin()
230		{
231		$shopAdminCode = EcommerceConfig::get("EcommerceRole", "admin_permission_code");
232		if (Permission::check("ADMIN") \|\| Permission::check($shopAdminCode)) {
233		RepeatOrder::create_automatically_created_orders();
234		$params = array(
235		"AllRepeatOrders" => RepeatOrder::get()->filter(["Status" => 'Active'])
236		);
237		Requirements::javascript(THIRDPARTY_DIR."/jquery/jquery.js");
238		//Requirements::block(THIRDPARTY_DIR."/jquery/jquery.js");
239		//Requirements::javascript(Director::protocol()."ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.min.js");
240		Requirements::javascript("ecommerce_repeatorders/javascript/RepeatOrdersPage_admin.js");
241		Requirements::themedCSS("RepeatOrdersPage_admin");
242
243		return $this->renderWith(
244		['RepeatOrdersPage_admin', 'Page'],
245		$params
246		);
247		} else {
248		return Security::permissionFailure($this, _t('OrderReport.PERMISSIONFAILURE', 'Sorry you do not have permission for this function. Please login as an Adminstrator'));
249		}
250		}
251
252		public function ajaxcreateorder($request)
253		{
254		$orderID = intval($request->postVar('OrderID'));
255		if ($request->isAjax()) {
256		$orderForm = RepeatOrderForm::create(
257		$this,
258		'RepeatOrderForm',
259		0,
260		$orderID
261		);
262		$orderForm->doCreate($this->request->postVars(), $orderForm, $request);
263		}
264		else {
265		user_error('This function can only be called via Ajax.');
266		}
267		}
268
269		//* function should only be called from the checkout and only via ajax
270		public function ajaxcheckoutcancel($request)
271		{
272		if ($request->isAjax()) {
273		if ($repeatOrderID = intval($request->param("ID"))) {
274		$repeatOrder = DataObject::get_one('RepeatOrder', ["ID" => $repeatOrderID]);
275		if ($repeatOrder && $repeatOrder->canModify()) {
276		$repeatOrder->Status = 'MemberCancelled';
277		$repeatOrder->write();
278		$order = $repeatOrder->OriginatingOrder();
279		$order->RepeatOrderID = 0;
280		$order->write();
281		return true;
282		}
283		}
284		}
285		else {
286		user_error('This function can only be called via Ajax.');
287		}
288		}
289
290		/**
291		*
292		* @return RepeatOrderForm
293		*/
294		public function RepeatOrderForm()
295		{
296		$action = $this->request->param('Action');
297		$repeatOrderID = intval($this->request->param('ID'));
298		$orderID = 0;
299		if ($action == 'createorder' \|\| isset($_REQUEST['action_doCreate'])) {
300	View Code Duplication	if (isset($_REQUEST['action_doCreate']) && isset($_REQUEST['repeatOrderID'])) {
		0 ignored issues – show Duplication introduced 2019-04-13 01:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
301		$repeatOrderID = intval($_REQUEST['repeatOrderID']);
302		}
303		if ($action == 'createorder') {
304		$orderID = $repeatOrderID;
305		$repeatOrderID = 0;
306		}
307		return RepeatOrderForm::create(
308		$this,
309		'RepeatOrderForm',
310		$repeatOrderID,
311		$orderID
312		);
313		} elseif ($action == 'update' \|\| isset($_REQUEST['action_doSave'])) {
314	View Code Duplication	if (isset($_REQUEST['action_doSave']) && isset($_REQUEST['RepeatOrderID'])) {
		0 ignored issues – show Duplication introduced 2019-04-13 01:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
315		$repeatOrderID = intval($_REQUEST['RepeatOrderID']);
316		}
317		return RepeatOrderForm::create(
318		$this,
319		'RepeatOrderForm',
320		$repeatOrderID,
321		$orderID
322		);
323		} elseif ($repeatOrderID) {
324
325		return RepeatOrderForm::create(
326		$this,
327		'RepeatOrderForm',
328		$repeatOrderID,
329		$orderID,
330		true
331		);
332		} else {
333		return $this->redirect('404-could-not-find-order');
334		}
335		}
336
337		public function AccountPageLink()
		0 ignored issues – show Documentation introduced 2019-04-22 05:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type could not be reliably inferred; please add a `@return` annotation. Our type inference engine in quite powerful, but sometimes the code does not provide enough clues to go by. In these cases we request you to add a `@return` annotation as described here. Loading history...
338		{
339		$accountPage = AccountPage::get()->first();
340		if($accountPage){
341		return $accountPage->Link();
342		}
343		return false;
344		}
345		}
346

sunnysideup / silverstripe-ecommerce_repeatorders

Issues (114)

Security Analysis not enabled

code/RepeatOrdersPage.php (12 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like