This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /** |
||
4 | * connection with external stock setting systems |
||
5 | * as an orderstep |
||
6 | * |
||
7 | * |
||
8 | */ |
||
9 | |||
10 | |||
11 | class StockControlPing_OrderStep extends OrderStep |
||
12 | { |
||
13 | private static $db = array( |
||
0 ignored issues
–
show
Comprehensibility
introduced
by
Loading history...
|
|||
14 | "URLToPing" => "Varchar(200)", |
||
15 | "Username" => "Varchar(30)", |
||
16 | "Password" => "Varchar(30)" |
||
17 | ); |
||
18 | |||
19 | private static $defaults = array( |
||
0 ignored issues
–
show
|
|||
20 | "CustomerCanEdit" => 0, |
||
21 | "CustomerCanPay" => 0, |
||
22 | "CustomerCanCancel" => 0, |
||
23 | "Name" => "StockControlPing", |
||
24 | "Code" => "STOCKCONTROLPING", |
||
25 | "Sort" => 23, |
||
26 | "ShowAsInProcessOrder" => 1 |
||
27 | ); |
||
28 | |||
29 | public function getCMSFields() |
||
30 | { |
||
31 | $fields = parent::getCMSFields(); |
||
32 | $fields->addFieldToTab("Root.Main", new HeaderField("HowToSaveSubmittedOrder", _t("OrderStep.STOCKCONTROLPING", "Please enter details below"), 3), "URLToPing"); |
||
33 | return $fields; |
||
34 | } |
||
35 | |||
36 | /** |
||
37 | * Can run this step once any items have been submitted. |
||
38 | * @param DataObject - $order Order |
||
39 | * @return Boolean |
||
40 | **/ |
||
41 | public function initStep(Order $order) |
||
42 | { |
||
43 | return true; |
||
44 | } |
||
45 | |||
46 | /** |
||
47 | * Add a member to the order - in case he / she is not a shop admin. |
||
48 | * @param DataObject - $order Order |
||
49 | * @return Boolean |
||
50 | **/ |
||
51 | public function doStep(Order $order) |
||
52 | { |
||
53 | $stockControlPing = StockControlPing_OrderStatusLog::get() |
||
54 | ->filter(array('OrderID' => $order->ID))->First(); |
||
55 | if (!$stockControlPing) { |
||
56 | if ($this->Username && $this->Password) { |
||
57 | $authentication = array( |
||
58 | CURLOPT_USERPWD => |
||
59 | $this->Username.":".$this->Password |
||
60 | ); |
||
61 | } else { |
||
62 | $authentication = array(); |
||
63 | } |
||
64 | $outcome = $this->curlGet( |
||
65 | $this->URLToPing, |
||
66 | array( |
||
67 | "id" => $order->ID, |
||
68 | "link" => urlencode($order->APILink()) |
||
69 | ), |
||
70 | $authentication |
||
71 | ); |
||
72 | //create record |
||
73 | $obj = new StockControlPing_OrderStatusLog(); |
||
74 | $obj->OrderID = $order->ID; |
||
75 | $obj->Note = $outcome; |
||
76 | $obj->write(); |
||
77 | } |
||
78 | return true; |
||
79 | } |
||
80 | |||
81 | /** |
||
82 | * go to next step if order has been submitted. |
||
83 | *@param DataObject - $order Order |
||
84 | *@return DataObject | Null (next step OrderStep) |
||
85 | **/ |
||
86 | public function nextStep(Order $order) |
||
87 | { |
||
88 | if ($order->IsSubmitted()) { |
||
89 | return parent::nextStep($order); |
||
90 | } |
||
91 | return null; |
||
92 | } |
||
93 | |||
94 | /** |
||
95 | * |
||
96 | * @return Boolean |
||
97 | */ |
||
98 | protected function hasCustomerMessage() |
||
99 | { |
||
100 | return false; |
||
101 | } |
||
102 | |||
103 | /** |
||
104 | * Explains the current order step. |
||
105 | * @return String |
||
106 | */ |
||
107 | protected function myDescription() |
||
108 | { |
||
109 | return _t("OrderStep.STOCKCONTROLPING_DESCRIPTION", "Sends a 'ping' to a third-party stock control system."); |
||
110 | } |
||
111 | |||
112 | |||
113 | /** |
||
114 | * Send a GET requst using cURL |
||
115 | * @source php.net |
||
116 | * @param string $url to request |
||
117 | * @param array $get values to send |
||
118 | * @param array $options for cURL |
||
119 | * @return string |
||
120 | */ |
||
121 | protected function curlGet($url, array $get = null, array $options = array()) |
||
122 | { |
||
123 | $defaults = array( |
||
124 | CURLOPT_URL => $url. (strpos($url, '?') === false ? '?' : ''). http_build_query($get), |
||
125 | CURLOPT_HEADER => 0, |
||
126 | CURLOPT_RETURNTRANSFER => true, |
||
127 | CURLOPT_TIMEOUT => 4 |
||
128 | ); |
||
129 | $ch = curl_init(); |
||
130 | curl_setopt_array($ch, ($options + $defaults)); |
||
131 | if (! $result = curl_exec($ch)) { |
||
132 | return curl_error($ch); |
||
133 | } |
||
134 | curl_close($ch); |
||
135 | return $result; |
||
136 | } |
||
137 | } |
||
138 | |||
139 | |||
140 | class StockControlPing_OrderStatusLog extends OrderStatusLog |
||
141 | { |
||
142 | private static $singular_name = "Stock Control External Ping"; |
||
0 ignored issues
–
show
|
|||
143 | public function i18n_singular_name() |
||
144 | { |
||
145 | return _t("OrderStatusLog.STOCKCONTROLEXTERNALPING", "Stock Control External Ping"); |
||
146 | } |
||
147 | |||
148 | private static $plural_name = "Stock Control External Pings"; |
||
0 ignored issues
–
show
|
|||
149 | public function i18n_plural_name() |
||
150 | { |
||
151 | return _t("OrderStatusLog.STOCKCONTROLEXTERNALPINGS", "Stock Control External Pings"); |
||
152 | } |
||
153 | |||
154 | private static $defaults = array( |
||
0 ignored issues
–
show
|
|||
155 | 'Title' => 'Ping External Service', |
||
156 | 'Note' => 'HTMLText', |
||
157 | 'InternalUseOnly' => 1 |
||
158 | ); |
||
159 | } |
||
160 | |||
161 | /** |
||
162 | * |
||
163 | * |
||
164 | * |
||
165 | * |
||
166 | * |
||
167 | * Example of POST: |
||
168 | * function TestPost() { |
||
169 | * |
||
170 | * $baseURL = Director::absoluteBaseURL(); |
||
171 | * |
||
172 | * // 1) My Personal Data |
||
173 | * |
||
174 | * $className = 'StockControlPing_IncomingUpdate'; |
||
175 | * $fields = array( |
||
176 | * 'AllowPurchase' => 0, |
||
177 | * 'InternalItemID' => "xxxx", |
||
178 | * //below are optional (if you include ID then you leave out InternalItemID)k6 |
||
179 | * |
||
180 | * //'BuyableClassName' => 'Product', |
||
181 | * //'BuyableID' => 123, |
||
182 | * ); |
||
183 | * |
||
184 | * // 2) The Query |
||
185 | * |
||
186 | * $url = "{$baseURL}/api/ecommerce/v1/{$className}.xml"; |
||
187 | * $body = $fields; |
||
188 | * $c = curl_init($url); |
||
189 | * curl_setopt($c, CURLOPT_POST, true); |
||
190 | * curl_setopt($c, CURLOPT_POSTFIELDS, $body); |
||
191 | * curl_setopt($c, CURLOPT_RETURNTRANSFER, true); |
||
192 | * $page = curl_exec($c); |
||
193 | * curl_close($c); |
||
194 | * |
||
195 | * // 3) The XML Result |
||
196 | * return $page; |
||
197 | * } |
||
198 | * |
||
199 | * |
||
200 | */ |
||
201 | class StockControlPing_IncomingUpdate extends DataObject |
||
202 | { |
||
203 | private static $api_access = array( |
||
0 ignored issues
–
show
|
|||
204 | 'create' => array('InternalItemID', 'BuyableClassName', 'BuyableID', 'AllowPurchase'), |
||
205 | 'add' => array('InternalItemID', 'BuyableClassName', 'BuyableID', 'AllowPurchase'), |
||
206 | 'view' => array('InternalItemID', 'BuyableClassName', 'BuyableID', 'AllowPurchase') |
||
207 | ); |
||
208 | |||
209 | private static $db = array( |
||
0 ignored issues
–
show
|
|||
210 | "InternalItemID" => "Varchar(30)", |
||
211 | "BuyableClassName" => "Varchar(50)", |
||
212 | "BuyableID" => "Int", |
||
213 | "AllowPurchase" => "Boolean", |
||
214 | "Actioned" => "Boolean" |
||
215 | ); |
||
216 | |||
217 | private static $indexes = [ |
||
0 ignored issues
–
show
|
|||
218 | 'LastEdited' => true |
||
219 | ]; |
||
220 | |||
221 | private static $default_sort = [ |
||
0 ignored issues
–
show
|
|||
222 | 'LastEdited' => 'DESC', |
||
223 | 'ID' => 'DESC' |
||
224 | ]; |
||
225 | |||
226 | private static $singular_name = "External Update to Product Availability"; |
||
0 ignored issues
–
show
|
|||
227 | public function i18n_singular_name() |
||
228 | { |
||
229 | return _t("StockControlPing.EXTERNALUPDATETOPRODUCTAVAILABILITY", "External Update to Product Availability"); |
||
230 | } |
||
231 | |||
232 | private static $plural_name = "External Updates to Product Availability"; |
||
0 ignored issues
–
show
|
|||
233 | public function i18n_plural_name() |
||
234 | { |
||
235 | return _t("StockControlPing.EXTERNALUPDATESTOPRODUCTAVAILABILITY", "External Updates to Product Availability"); |
||
236 | } |
||
237 | |||
238 | public function canView($member = null) |
||
239 | { |
||
240 | return $this->canDoAnything($member); |
||
241 | } |
||
242 | |||
243 | public function canCreate($member = null) |
||
244 | { |
||
245 | return $this->canDoAnything($member); |
||
246 | } |
||
247 | |||
248 | public function canEdit($member = null) |
||
249 | { |
||
250 | return false; |
||
251 | } |
||
252 | |||
253 | public function canDelete($member = null) |
||
254 | { |
||
255 | return false; |
||
256 | } |
||
257 | |||
258 | View Code Duplication | protected function canDoAnything($member = null) |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository.
Loading history...
|
|||
259 | { |
||
260 | $shopAdminCode = EcommerceConfig::get("EcommerceRole", "admin_permission_code"); |
||
261 | if (!Permission::check("ADMIN") && !Permission::check($shopAdminCode)) { |
||
262 | Security::permissionFailure($this, _t('Security.PERMFAILURE', ' This page is secured and you need administrator rights to access it. Enter your credentials below and we will send you right along.')); |
||
263 | } |
||
264 | return true; |
||
265 | } |
||
266 | |||
267 | |||
268 | public function onAfterWrite() |
||
269 | { |
||
270 | parent::onAfterWrite(); |
||
271 | //TODO: move to findBuyable in Core Ecommerce Code! |
||
272 | if (!$this->Actioned) { |
||
273 | $internalItemID = Convert::raw2sql($this->InternalItemID); |
||
274 | $id = intval($this->ID); |
||
275 | $className = Convert::raw2sql($this->BuyableClassName); |
||
0 ignored issues
–
show
The property
BuyableClassName does not seem to exist. Did you mean ClassName ?
An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading.
Loading history...
|
|||
276 | $allowPurchase = $this->AllowPurchase ? 1 : 0; |
||
277 | if ($className) { |
||
278 | if ($className && $id) { |
||
279 | $buyable = $className::get()->byID($id); |
||
280 | } else { |
||
281 | $buyable = $className::get()->filter(array('InternalItemID' => $internalItemID))->First(); |
||
282 | } |
||
283 | } else { |
||
284 | $buyablesArray = EcommerceConfig::get($className = "EcommerceDBConfig", $identifier = "array_of_buyables"); |
||
285 | if (is_array($buyablesArray)) { |
||
286 | if (count($buyablesArray)) { |
||
287 | foreach ($buyablesArray as $className) { |
||
288 | $buyable = $className::get()->filter(array('InternalItemID' => $internalItemID))->First(); |
||
289 | if ($buyable) { |
||
290 | break; |
||
291 | } |
||
292 | } |
||
293 | } |
||
294 | } |
||
295 | } |
||
296 | if ($buyable) { |
||
297 | if ($buyable->AllowPurchase =! $allowPurchase) { |
||
298 | $buyable->AllowPurchase = $allowPurchase; |
||
0 ignored issues
–
show
The variable
$buyable does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
Loading history...
|
|||
299 | if ($buyable instanceof SiteTree) { |
||
300 | $buyable->writeToStage('Stage'); |
||
301 | $buyable->publish('Stage', 'Live'); |
||
0 ignored issues
–
show
|
|||
302 | } else { |
||
303 | $buyable->write(); |
||
304 | } |
||
305 | } |
||
306 | $this->BuyableClassName = $buyable->ClassName; |
||
0 ignored issues
–
show
The property
BuyableClassName does not seem to exist. Did you mean ClassName ?
An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading.
Loading history...
|
|||
307 | $this->BuyableID = $buyable->ID; |
||
308 | } |
||
309 | $this->Actioned = 1; |
||
310 | $this->write(); |
||
311 | } |
||
312 | } |
||
313 | } |
||
314 |