This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /** |
||
4 | * @author Nicolaas [at] sunnysideup.co.nz |
||
5 | * @package: ecommerce |
||
6 | * @sub-package: ecommerce_stockcontrol |
||
7 | * @description: makes sure that a buyable quantity in cart stays between a min and a max |
||
8 | */ |
||
9 | class MinMaxModifier extends OrderModifier |
||
10 | { |
||
11 | |||
12 | //--------------------------------------------------------------------*** static variables |
||
13 | |||
14 | private static $db = array( |
||
15 | "Adjustments" => "HTMLText" |
||
16 | ); |
||
17 | |||
18 | private static $singular_name = "Stock Adjustment"; |
||
19 | public function i18n_singular_name() |
||
20 | { |
||
21 | self::$singular_name; |
||
22 | } |
||
23 | |||
24 | private static $plural_name = "Stock Adjustments"; |
||
25 | public function i18n_plural_name() |
||
26 | { |
||
27 | return self::$plural_name; |
||
28 | } |
||
29 | |||
30 | private static $title = "MinMaxModifier"; |
||
31 | |||
32 | private static $default_min_quantity = 1; |
||
33 | |||
34 | private static $default_max_quantity = 9999; |
||
35 | |||
36 | private static $min_field = "MinQuantity"; |
||
37 | |||
38 | private static $max_field = "MaxQuantity"; |
||
39 | |||
40 | private static $adjustment_message = "Based on stock availability, quantities have been adjusted as follows: "; |
||
41 | |||
42 | private static $sorry_message = "Sorry, your selected value not is available."; |
||
43 | |||
44 | private static $use_stock_quantities = true; |
||
45 | |||
46 | private static $ids_of_items_adjusted = array(); |
||
47 | |||
48 | //-------------------------------------------------------------------- *** static functions |
||
49 | |||
50 | public static function show_form() |
||
51 | { |
||
52 | self::apply_min_max(); |
||
53 | return false; |
||
54 | } |
||
55 | |||
56 | public static function get_form($controller) |
||
57 | { |
||
58 | return false; |
||
59 | } |
||
60 | |||
61 | //-------------------------------------------------------------------- *** cms fuctions |
||
62 | |||
63 | public function getCMSFields() |
||
64 | { |
||
65 | $fields = parent::getCMSFields(); |
||
66 | $fields->removeByName("Adjustments"); |
||
67 | $fields->addFieldToTab("Root.Debug", new ReadonlyField("AdjustmentsShown", "Adjustments", $this->Adjustments)); |
||
68 | return $fields; |
||
69 | } |
||
70 | //-------------------------------------------------------------------- *** display functions |
||
71 | public function CanBeRemoved() |
||
72 | { |
||
73 | return false; |
||
74 | } |
||
75 | |||
76 | public function ShowInTable() |
||
77 | { |
||
78 | return false; |
||
79 | } |
||
80 | |||
81 | |||
82 | //--------------------------------------------------------------------*** table values |
||
83 | public function LiveCalculatedTotal() |
||
84 | { |
||
85 | self::apply_min_max(); |
||
86 | return 0; |
||
87 | } |
||
88 | |||
89 | public function LiveTableValue() |
||
90 | { |
||
91 | return ""; |
||
92 | } |
||
93 | |||
94 | |||
95 | //--------------------------------------------------------------------*** table titles |
||
96 | public function LiveName() |
||
97 | { |
||
98 | return ""; |
||
99 | } |
||
100 | |||
101 | //-------------------------------------------------------------------- *** calculations |
||
102 | public static function apply_min_max() |
||
103 | { |
||
104 | if (self::$min_field || self::$max_field || self::$default_min_quantity || self::$default_max_quantity) { |
||
105 | $msgArray = array(); |
||
106 | $minFieldName = self::$min_field; |
||
107 | $maxFieldName = self::$max_field; |
||
108 | $currentOrder = ShoppingCart::current_order(); |
||
109 | if ($currentOrder->IsSubmitted()) { |
||
110 | //too late! |
||
111 | return; |
||
112 | } |
||
113 | $items = $currentOrder->Items(); |
||
114 | $i = 0; |
||
115 | if ($items) { |
||
116 | foreach ($items as $item) { |
||
117 | $buyable = $item->Buyable(); |
||
118 | if ($buyable) { |
||
119 | $quantity = $item->Quantity; |
||
120 | $absoluteMin = self::$default_min_quantity; |
||
121 | $absoluteMax = self::$default_max_quantity; |
||
122 | $parent = $buyable->Parent(); |
||
123 | View Code Duplication | if ($minFieldName) { |
|
124 | if (isset($buyable->$minFieldName) && $buyable->$minFieldName > 0) { |
||
125 | $absoluteMin = $buyable->$minFieldName; |
||
126 | } |
||
127 | //product variations |
||
128 | elseif (!isset($buyable->$minFieldName)) { |
||
129 | if ($parent && isset($parent->$minFieldName) && $parent->$minFieldName > 0) { |
||
130 | $absoluteMin = $parent->$minFieldName; |
||
131 | } |
||
132 | } |
||
133 | } |
||
134 | View Code Duplication | if ($maxFieldName) { |
|
135 | if (isset($buyable->$maxFieldName) && $buyable->$maxFieldName > 0) { |
||
136 | $absoluteMax = $buyable->$maxFieldName; |
||
137 | } |
||
138 | //product variations |
||
139 | elseif (!isset($buyable->$maxFieldName)) { |
||
140 | if ($parent && isset($parent->$maxFieldName) && $parent->$maxFieldName > 0) { |
||
141 | $absoluteMax = $parent->$maxFieldName; |
||
142 | } |
||
143 | } |
||
144 | } |
||
145 | if ($buyable->UnlimitedStock) { |
||
146 | //nothing more to do |
||
147 | } elseif (self::$use_stock_quantities) { |
||
148 | $maxStockQuantity = $buyable->getActualQuantity(); |
||
149 | if ($absoluteMax > $maxStockQuantity) { |
||
150 | $absoluteMax = $maxStockQuantity; |
||
151 | } |
||
152 | if ($absoluteMin > $maxStockQuantity) { |
||
153 | $absoluteMax = 0; |
||
154 | $maxStockQuantity = 0; |
||
155 | } |
||
156 | } |
||
157 | $absoluteMin = intval($absoluteMin) - 0; |
||
158 | $absoluteMax = intval($absoluteMax) - 0; |
||
159 | $newValue = $quantity; |
||
160 | if ($quantity < $absoluteMin && $absoluteMin > 0) { |
||
161 | debug::log("adjusting for MIN: $quantity < $absoluteMin"); |
||
162 | $newValue = $absoluteMin; |
||
163 | } |
||
164 | if ($quantity > $absoluteMax && $absoluteMax > 0) { |
||
165 | debug::log("adjusting for MAX: $quantity > $absoluteMax"); |
||
166 | $newValue = $absoluteMax; |
||
167 | } |
||
168 | if ($quantity != $newValue) { |
||
169 | $item->Quantity = $newValue; |
||
170 | ShoppingCart::singleton()->setQuantity($buyable, $newValue); |
||
171 | $msgArray[$i] = $buyable->Title." changed from ".$quantity." to ".$newValue; |
||
172 | $i++; |
||
173 | $quantity = $newValue; |
||
174 | self::$ids_of_items_adjusted[$item->ID] = $item->ID; |
||
175 | } |
||
176 | if (Director::is_ajax()) { |
||
177 | //do nothing |
||
178 | } else { |
||
179 | //IS THIS WORKING? |
||
180 | $fieldName = $item->AJAXDefinitions()->QuantityFieldName(); |
||
181 | $js = ' |
||
182 | MinMaxModifierData = []; |
||
183 | MinMaxModifierData.push( |
||
184 | { |
||
185 | selector: "input[name=\''.$fieldName.'\']", |
||
186 | min: '.intval($absoluteMin).', |
||
187 | max: '.intval($absoluteMax).', |
||
188 | msg: "'.addslashes(self::$sorry_message).'" |
||
189 | } |
||
190 | );'; |
||
191 | Requirements::javascript("ecommerce_stockcontrol/javascript/MinMaxModifier.js"); |
||
192 | Requirements::customScript($js, $fieldName); |
||
193 | } |
||
194 | } |
||
195 | } |
||
196 | } |
||
197 | } |
||
198 | if (count($msgArray)) { |
||
199 | if (self::$adjustment_message) { |
||
200 | $msg = self::$adjustment_message."\n".implode("\n", $msgArray); |
||
0 ignored issues
–
show
|
|||
201 | if ($msg && !Director::is_ajax()) { |
||
202 | Requirements::customScript('alert("'.Convert::raw2js($msg).'");', "MinMaxModifierAlert"); |
||
203 | } |
||
204 | //$this->Adjustments = $msg; |
||
205 | } |
||
206 | } |
||
207 | } |
||
208 | |||
209 | public function updateForAjax(array $js) |
||
210 | { |
||
211 | parent::updateForAjax($js); |
||
212 | self::apply_min_max(); |
||
213 | if (is_array(self::$ids_of_items_adjusted) && count(self::$ids_of_items_adjusted)) { |
||
214 | $items = OrderItem::get()->filter(array('ID' => self::$ids_of_items_adjusted)); |
||
215 | if ($items->count()) { |
||
216 | foreach ($items as $item) { |
||
217 | $item->updateForAjax($js); |
||
218 | } |
||
219 | } |
||
220 | } |
||
221 | return $js; |
||
222 | } |
||
223 | |||
224 | |||
225 | //--------------------------------------------------------------------*** database functions |
||
226 | } |
||
227 |
If you define a variable conditionally, it can happen that it is not defined for all execution paths.
Let’s take a look at an example:
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined.
Available Fixes
Check for existence of the variable explicitly:
Define a default value for the variable:
Add a value for the missing path: