This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | *@author: Nicolaas [at] Sunny Side Up . Co . Nz |
||
4 | *@description: |
||
5 | * keeps a record of the quantity deduction made for each sale. That is, if we sell 10 widgets in an order then an entry is made in this dataclass for |
||
6 | * a reduction of ten widgets in the available quantity |
||
7 | * |
||
8 | **/ |
||
9 | |||
10 | class BuyableStockOrderEntry extends DataObject |
||
0 ignored issues
–
show
|
|||
11 | { |
||
12 | private static $db = array( |
||
0 ignored issues
–
show
|
|||
13 | "Quantity" => "Int", |
||
14 | "IncludeInCurrentCalculation" => "Boolean" |
||
15 | ); |
||
16 | |||
17 | private static $has_one = array( |
||
0 ignored issues
–
show
|
|||
18 | "Parent" => "BuyableStockCalculatedQuantity", |
||
19 | "Order" => "Order", |
||
20 | ); |
||
21 | |||
22 | private static $defaults = array( |
||
0 ignored issues
–
show
|
|||
23 | "IncludeInCurrentCalculation" => 1 |
||
24 | ); |
||
25 | |||
26 | |||
27 | //MODEL ADMIN STUFF |
||
28 | private static $searchable_fields = array( |
||
0 ignored issues
–
show
|
|||
29 | "Quantity", |
||
30 | "IncludeInCurrentCalculation", |
||
31 | "ParentID", |
||
32 | "OrderID", |
||
33 | ); |
||
34 | |||
35 | private static $field_labels = array( |
||
0 ignored issues
–
show
|
|||
36 | "Quantity" => "Calculated Quantity On Hand", |
||
37 | "IncludeInCurrentCalculation" => "Include in Calculation", |
||
38 | "ParentID" => "Buyable Calculation", |
||
39 | "OrderID" => "Order" |
||
40 | ); |
||
41 | |||
42 | private static $summary_fields = array( |
||
0 ignored issues
–
show
|
|||
43 | "OrderID", |
||
44 | "ParentID", |
||
45 | "Quantity" |
||
46 | ); |
||
47 | |||
48 | |||
49 | private static $default_sort = [ |
||
0 ignored issues
–
show
|
|||
50 | 'LastEdited' => 'DESC', |
||
51 | 'ParentID' => 'ASC', |
||
52 | 'ID' => 'DESC' |
||
53 | ]; |
||
54 | |||
55 | private static $indexes = [ |
||
0 ignored issues
–
show
|
|||
56 | 'LastEdited' => true |
||
57 | ]; |
||
58 | |||
59 | private static $singular_name = "Stock Sale Entry"; |
||
0 ignored issues
–
show
|
|||
60 | public function i18n_singular_name() |
||
61 | { |
||
62 | return _t("BuyableStockOrderEntry.STOCKSALEENTRY", "Stock Sale Entry"); |
||
63 | } |
||
64 | |||
65 | private static $plural_name = "Stock Sale Entries"; |
||
0 ignored issues
–
show
|
|||
66 | public function i18n_plural_name() |
||
67 | { |
||
68 | return _t("BuyableStockOrderEntry.STOCKSALEENTRIES", "Stock Sale Entries"); |
||
69 | } |
||
70 | |||
71 | public function canCreate($member = null) |
||
72 | { |
||
73 | return false; |
||
74 | } |
||
75 | |||
76 | public function canEdit($member = null) |
||
77 | { |
||
78 | return false; |
||
79 | } |
||
80 | |||
81 | public function canDelete($member = null) |
||
82 | { |
||
83 | return false; |
||
84 | } |
||
85 | |||
86 | public function canView($member = null) |
||
87 | { |
||
88 | return $this->canDoAnything(); |
||
89 | } |
||
90 | |||
91 | View Code Duplication | protected function canDoAnything() |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
92 | { |
||
93 | EcommerceConfig::get("EcommerceRole", "admin_permission_code"); |
||
94 | if (!Permission::check("ADMIN") && !Permission::check($shopAdminCode)) { |
||
0 ignored issues
–
show
The variable
$shopAdminCode does not exist. Did you forget to declare it?
This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug.
Loading history...
|
|||
95 | Security::permissionFailure($this, _t('Security.PERMFAILURE', ' This page is secured and you need administrator rights to access it. Enter your credentials below and we will send you right along.')); |
||
0 ignored issues
–
show
$this is of type this<BuyableStockOrderEntry> , but the function expects a object<Controller>|null .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
96 | } |
||
97 | return true; |
||
98 | } |
||
99 | |||
100 | public function onAfterWrite() |
||
101 | { |
||
102 | parent::onAfterWrite(); |
||
103 | if ($this->ID) { |
||
104 | //basic checks |
||
105 | if (!$this->ParentID) { |
||
0 ignored issues
–
show
The property
ParentID does not exist on object<BuyableStockOrderEntry> . Since you implemented __get , maybe consider adding a @property annotation.
Since your code implements the magic getter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
If the property has read access only, you can use the @property-read annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
106 | $this->delete(); |
||
107 | user_error("Can not create record without associated buyable.", E_USER_ERROR); |
||
108 | } |
||
109 | if (!$this->OrderID) { |
||
0 ignored issues
–
show
The property
OrderID does not exist on object<BuyableStockOrderEntry> . Since you implemented __get , maybe consider adding a @property annotation.
Since your code implements the magic getter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
If the property has read access only, you can use the @property-read annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
110 | $this->delete(); |
||
111 | user_error("Can not create record without order.", E_USER_ERROR); |
||
112 | } |
||
113 | //make sure no duplicates are created |
||
114 | $toBeDeleted = BuyableStockOrderEntry::get() |
||
115 | ->filter(array('OrderID' => $this->OrderID, 'ParentID' => $this->ParentID)) |
||
0 ignored issues
–
show
The property
OrderID does not exist on object<BuyableStockOrderEntry> . Since you implemented __get , maybe consider adding a @property annotation.
Since your code implements the magic getter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
If the property has read access only, you can use the @property-read annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
The property
ParentID does not exist on object<BuyableStockOrderEntry> . Since you implemented __get , maybe consider adding a @property annotation.
Since your code implements the magic getter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
If the property has read access only, you can use the @property-read annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
116 | ->exclude(array("ID"=> $this->ID)) |
||
117 | ->sort(array('LastEdited' => 'ASC')); |
||
118 | foreach ($toBeDeleted as $youAreDodo) { |
||
119 | $youAreDodo->delete(); |
||
120 | $youAreDodo->destroy(); |
||
121 | user_error("deleting BuyableStockOrderEntry because there are multiples!", E_USER_ERROR); |
||
122 | } |
||
123 | } |
||
124 | } |
||
125 | } |
||
126 |
You can fix this by adding a namespace to your class:
When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries.