This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | |||
4 | |||
5 | class PageRaterExtension_Controller extends Extension |
||
6 | { |
||
7 | |||
8 | |||
9 | /** |
||
10 | * add the default rating to each page ... |
||
11 | * @var boolean |
||
12 | */ |
||
13 | private static $items_per_page = 8; |
||
14 | |||
15 | /** |
||
16 | * @var string |
||
17 | */ |
||
18 | private static $field_title = "Click on any star to rate:"; |
||
19 | |||
20 | /** |
||
21 | * @var string |
||
22 | */ |
||
23 | private static $field_right_title = "On a scale from 1 to 5, with 5 being the best"; |
||
24 | |||
25 | /** |
||
26 | * @var boolean |
||
27 | */ |
||
28 | private static $show_average_rating_in_rating_field = false; |
||
29 | |||
30 | /** |
||
31 | * @var boolean |
||
32 | */ |
||
33 | private static $only_show_approved = false; |
||
34 | |||
35 | private static $allowed_actions = array( |
||
0 ignored issues
–
show
Comprehensibility
introduced
by
![]() |
|||
36 | "PageRatingForm", |
||
37 | "rateagain", |
||
38 | "dopagerating", |
||
39 | "removedefaultpageratings", |
||
40 | "removeallpageratings" |
||
41 | ); |
||
42 | |||
43 | /** |
||
44 | * action to allow use to rate again... |
||
45 | */ |
||
46 | public function rateagain($request) |
||
47 | { |
||
48 | $id = intval(Session::get('PageRated'.$this->owner->dataRecord->ID))-0; |
||
49 | $pageRating = PageRating::get()->byID($id); |
||
50 | if ($pageRating) { |
||
51 | $pageRating->delete(); |
||
52 | } |
||
53 | Session::set('PageRated'.$this->owner->dataRecord->ID, false); |
||
54 | Session::clear('PageRated'.$this->owner->dataRecord->ID); |
||
55 | return $this->owner->redirect($this->owner->Link()); |
||
56 | } |
||
57 | |||
58 | /** |
||
59 | * @return Form |
||
60 | */ |
||
61 | public function PageRatingForm() |
||
62 | { |
||
63 | Requirements::themedCSS('PageRater', "pagerater"); |
||
64 | if ($this->owner->PageHasBeenRatedByUser()) { |
||
65 | $ratingField = LiteralField::create("RatingFor".$this->owner->dataRecord->ID, $this->owner->renderWith("PageRaterAjaxReturn")); |
||
66 | $actions = FieldList::create(); |
||
67 | $requiredFields = null; |
||
68 | } else { |
||
69 | if (Config::inst()->get("PageRaterExtension_Controller", "show_average_rating_in_rating_field")) { |
||
70 | $defaultStart = $this->owner->getStarRating(); |
||
71 | } else { |
||
72 | $defaultStart = 0; |
||
73 | } |
||
74 | $ratingField = PageRaterStarField::create( |
||
75 | 'RatingFor'.$this->owner->dataRecord->ID, |
||
76 | Config::inst()->get("PageRaterExtension_Controller", "field_title"), |
||
77 | $defaultStart, |
||
78 | PageRating::get_number_of_stars() |
||
79 | ); |
||
80 | $ratingField->setRightTitle(Config::inst()->get("PageRaterExtension_Controller", "field_right_title")); |
||
81 | $requiredFields = RequiredFields::create($ratingField->getRequiredFields()); |
||
82 | $actions = FieldList::create(FormAction::create('dopagerating', 'Submit')); |
||
83 | } |
||
84 | $fields = FieldList::create( |
||
85 | $ratingField, |
||
86 | HiddenField::create('ParentID', "ParentID", $this->owner->dataRecord->ID) |
||
87 | ); |
||
88 | |||
89 | return Form::create($this->owner, 'PageRatingForm', $fields, $actions, $requiredFields); |
||
90 | } |
||
91 | |||
92 | /** |
||
93 | * action Page Rating Form |
||
94 | */ |
||
95 | public function dopagerating($data, $form) |
||
96 | { |
||
97 | $id = $this->owner->dataRecord->ID; |
||
98 | $fieldName = "RatingFor".$id; |
||
99 | $data = Convert::raw2sql($data); |
||
100 | $pageRating = PageRating::create(); |
||
101 | $form->saveInto($pageRating); |
||
102 | $pageRating->ParentID = $this->owner->dataRecord->ID; |
||
103 | if (isset($data[$fieldName])) { |
||
104 | $pageRating->Rating = floatval($data[$fieldName]); |
||
105 | } |
||
106 | if (isset($data[$fieldName."_Comment"])) { |
||
107 | $pageRating->Comment = Convert::raw2sql($data[$fieldName."_Comment"]); |
||
108 | } |
||
109 | if (isset($data[$fieldName."_Name"])) { |
||
110 | $pageRating->Name = Convert::raw2sql($data[$fieldName."_Name"]); |
||
111 | } |
||
112 | if (isset($data[$fieldName."_Title"])) { |
||
113 | $pageRating->Title = Convert::raw2sql($data[$fieldName."_Title"]); |
||
114 | } |
||
115 | $pageRating->write(); |
||
116 | Session::set('PageRated'.$this->owner->dataRecord->ID, $pageRating->ID); |
||
117 | if (Director::is_ajax()) { |
||
118 | return $this->owner->renderWith("PageRaterAjaxReturn"); |
||
119 | } else { |
||
120 | $this->owner->redirectBack(); |
||
121 | } |
||
122 | } |
||
123 | |||
124 | |||
125 | public function removedefaultpageratings() |
||
126 | { |
||
127 | if (Permission::check("ADMIN")) { |
||
128 | DB::query("DELETE FROM PageRating WHERE IsDefault = 1;"); |
||
129 | debug::show("removed all default ratings for all pages"); |
||
130 | } else { |
||
131 | Security::permissionFailure($this->owner, _t('Security.PERMFAILURE', ' This page is secured and you need administrator rights to access it. Enter your credentials below and we will send you right along.')); |
||
132 | } |
||
133 | } |
||
134 | |||
135 | public function removeallpageratings() |
||
136 | { |
||
137 | if (Permission::check("ADMIN")) { |
||
138 | DB::query("DELETE FROM PageRating;"); |
||
139 | debug::show("removed all ratings for all pages"); |
||
140 | } else { |
||
141 | Security::permissionFailure($this->owner, _t('Security.PERMFAILURE', ' This page is secured and you need administrator rights to access it. Enter your credentials below and we will send you right along.')); |
||
142 | } |
||
143 | } |
||
144 | |||
145 | |||
146 | |||
147 | |||
148 | |||
149 | /** |
||
150 | * rating for this page ... |
||
151 | * @return ArrayList |
||
152 | */ |
||
153 | View Code Duplication | public function PageRatingResults() |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
154 | { |
||
155 | $sqlQuery = new SQLQuery(); |
||
156 | $sqlQuery->setSelect("AVG(\"PageRating\".\"Rating\") RatingAverage, ParentID"); |
||
157 | $sqlQuery->setFrom("\"PageRating\" "); |
||
158 | if ($this->onlyShowApprovedPageRatings()) { |
||
159 | $sqlQuery->setWhere("\"ParentID\" = ".$this->owner->ID." AND \"PageRating\".\"IsApproved\" = 1"); |
||
160 | } else { |
||
161 | $sqlQuery->setWhere("\"ParentID\" = ".$this->owner->ID.""); |
||
162 | } |
||
163 | $sqlQuery->setOrderBy("RatingAverage DESC"); |
||
164 | $sqlQuery->setGroupby("\"ParentID\""); |
||
165 | $sqlQuery->setLimit(1); |
||
166 | return $this->turnPageRaterSQLIntoArrayList($sqlQuery, "PageRatingResults"); |
||
167 | } |
||
168 | |||
169 | /** |
||
170 | * rating of this page by this user ... |
||
171 | * @return ArrayList |
||
172 | */ |
||
173 | View Code Duplication | public function CurrentUserRating() |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
174 | { |
||
175 | $sqlQuery = new SQLQuery(); |
||
176 | $sqlQuery->setSelect("AVG(\"PageRating\".\"Rating\") RatingAverage, ParentID"); |
||
177 | $sqlQuery->setFrom("\"PageRating\" "); |
||
178 | if ($this->onlyShowApprovedPageRatings()) { |
||
179 | $sqlQuery->setWhere("\"ParentID\" = ".$this->owner->ID." AND \"PageRating\".\"ID\" = '".Session::get('PageRated'.$this->owner->ID)."' AND \"PageRating\".\"IsApproved\" = 1"); |
||
180 | } else { |
||
181 | $sqlQuery->setWhere("\"ParentID\" = ".$this->owner->ID." AND \"PageRating\".\"ID\" = '".Session::get('PageRated'.$this->owner->ID)."'"); |
||
182 | } |
||
183 | |||
184 | $sqlQuery->setOrderBy("RatingAverage DESC"); |
||
185 | $sqlQuery->setGroupby("\"ParentID\""); |
||
186 | $sqlQuery->setLimit(1); |
||
187 | return $this->turnPageRaterSQLIntoArrayList($sqlQuery, "CurrentUserRating"); |
||
188 | } |
||
189 | |||
190 | /** |
||
191 | * list of all rated pages ... |
||
192 | * @return ArrayList |
||
193 | */ |
||
194 | public function PageRaterListOfAllForPage($paginated = false) |
||
195 | { |
||
196 | if ($this->owner->onlyShowApprovedPageRatings()) { |
||
197 | $list = $this->owner->turnPageRaterSQLIntoArrayList( |
||
198 | $this->owner->PageRatings()->filter(array("IsApproved" => 1)), |
||
199 | "PageRaterListOfAllForPage" |
||
200 | ); |
||
201 | } else { |
||
202 | $list = $this->owner->turnPageRaterSQLIntoArrayList( |
||
203 | $this->owner->PageRatings(), |
||
204 | "PageRaterListOfAllForPage" |
||
205 | ); |
||
206 | } |
||
207 | if ($paginated) { |
||
208 | $limit = Config::inst()->get('PageRaterExtension_Controller', 'items_per_page'); |
||
209 | if ($limit) { |
||
210 | $list = PaginatedList::create($list, $this->owner->getRequest()); |
||
211 | $list->setPageLength($limit); |
||
212 | } |
||
213 | } |
||
214 | return $list; |
||
215 | } |
||
216 | |||
217 | |||
218 | public function PageRaterListAll() |
||
219 | { |
||
220 | $sqlQuery = new SQLQuery(); |
||
221 | $sqlQuery->setSelect("\"PageRating\".\"Rating\" AS RatingAverage, \"PageRating\".\"ParentID\""); |
||
222 | if ($this->owner->onlyShowApprovedPageRatings()) { |
||
223 | $sqlQuery->setWhere("\"PageRating\".\"IsApproved\" = 1"); |
||
224 | } |
||
225 | $sqlQuery->setFrom(" \"PageRating\""); |
||
226 | $sqlQuery->addInnerJoin("SiteTree", " \"PageRating\".\"ParentID\" = \"SiteTree\".\"ID\""); |
||
227 | $sqlQuery->setOrderBy("RatingAverage DESC"); |
||
228 | $sqlQuery->setGroupby("\"SiteTree\".\"ParentID\""); |
||
229 | return $this->turnPageRaterSQLIntoArrayList($sqlQuery, "PageRaterList"); |
||
230 | } |
||
231 | |||
232 | /** |
||
233 | * @param $data $sqlQuery | DataList |
||
234 | * @param string $method |
||
235 | * |
||
236 | * @return ArrayList |
||
237 | */ |
||
238 | View Code Duplication | protected function turnPageRaterSQLIntoArrayList($data, $method = "unknown") |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
239 | { |
||
240 | if ($data instanceof SQLQuery) { |
||
241 | $data = $data->execute(); |
||
242 | } |
||
243 | $al = new ArrayList(); |
||
244 | if ($data) { |
||
245 | foreach ($data as $record) { |
||
246 | if ($record instanceof PageRating) { |
||
247 | $record->Method = $method; |
||
248 | } else { |
||
249 | $score = $record["RatingAverage"]; |
||
250 | $parentID = $record["ParentID"]; |
||
251 | $record = PageRating::get_star_details_as_array_data($score, $parentID, $method); |
||
252 | } |
||
253 | $al->push($record); |
||
254 | } |
||
255 | } |
||
256 | return $al; |
||
257 | } |
||
258 | |||
259 | /** |
||
260 | * @return boolean |
||
261 | */ |
||
262 | public function PageHasBeenRatedByUser() |
||
263 | { |
||
264 | return Session::get('PageRated'.$this->owner->ID) ? true : false; |
||
265 | } |
||
266 | |||
267 | /** |
||
268 | * |
||
269 | * @return int |
||
270 | */ |
||
271 | View Code Duplication | public function NumberOfPageRatings() |
|
0 ignored issues
–
show
This method seems to be duplicated in your project.
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. ![]() |
|||
272 | { |
||
273 | $doSet = new ArrayList(); |
||
274 | $sqlQuery = new SQLQuery(); |
||
275 | $sqlQuery->setSelect("COUNT(\"PageRating\".\"Rating\") RatingCount"); |
||
276 | $sqlQuery->setFrom("\"PageRating\" "); |
||
277 | if ($this->onlyShowApprovedPageRatings()) { |
||
278 | $sqlQuery->setWhere("\"ParentID\" = ".$this->owner->ID." AND \"PageRating\".\"IsApproved\" = 1"); |
||
279 | } else { |
||
280 | $sqlQuery->setWhere("\"ParentID\" = ".$this->owner->ID.""); |
||
281 | } |
||
282 | $sqlQuery->setOrderBy("RatingCount ASC"); |
||
283 | $sqlQuery->setGroupBy("\"ParentID\""); |
||
284 | $sqlQuery->setLimit(1); |
||
285 | $data = $sqlQuery->execute(); |
||
286 | if ($data) { |
||
287 | foreach ($data as $record) { |
||
288 | return $record["RatingCount"]; |
||
289 | } |
||
290 | } |
||
291 | return 0; |
||
292 | } |
||
293 | |||
294 | protected function onlyShowApprovedPageRatings() |
||
295 | { |
||
296 | return Config::inst()->get("PageRaterExtension_Controller", "only_show_approved"); |
||
297 | } |
||
298 | |||
299 | |||
300 | /** |
||
301 | * return the average rating... |
||
302 | * @return Double |
||
303 | */ |
||
304 | public function getStarRating() |
||
305 | { |
||
306 | $ratings = $this->owner->PageRatingResults(); |
||
307 | $rating = 0; |
||
308 | if ($ratings->Count() == 1) { |
||
309 | foreach ($ratings as $ratingItem) { |
||
310 | $rating = $ratingItem->Stars; |
||
311 | } |
||
312 | } |
||
313 | return $rating; |
||
314 | } |
||
315 | } |
||
316 |