symphonycms / symphony-2

symphony/content/content.ajaxquery.php

<?php
/**
 * @package content
 */
/**
 * The AjaxQuery returns an JSON array of entries, associations and other
 * static values, depending on the parameters received.
 */

class contentAjaxQuery extends JSONPage

This class is not in CamelCase format.

{
    public function view()
    {
        $database = Symphony::Configuration()->get('db', 'database');
        $field_ids = array_map(array('General','intval'), explode(',', General::sanitize($_GET['field_id'])));
        $search = MySQL::cleanValue(General::sanitize($_GET['query']));
        $types = array_map(array('MySQL','cleanValue'), explode(',', General::sanitize($_GET['types'])));
        $limit = General::intval(General::sanitize($_GET['limit']));

        // Set limit
        if ($limit === 0) {
            $max = '';
        } elseif ($limit < 0) {
            $max = ' LIMIT 100';
        } else {
            $max = sprintf(' LIMIT %d', $limit);
        }

        // Entries
        if (in_array('entry', $types)) {
            foreach ($field_ids as $field_id) {
                $this->get($database, intval($field_id), $search, $max);
            }
        }

        // Associations
        if (in_array('association', $types)) {
            foreach ($field_ids as $field_id) {
                $association_id = $this->getAssociationId($field_id);

                if ($association_id) {
                    $this->get($database, $association_id, $search, $max);
                }
            }
        }

        // Static values
        if (in_array('static', $types)) {
            foreach ($field_ids as $field_id) {
                $this->getStatic($field_id, $search);
            }
        }

        // Return results
        return $this->_Result;
    }

    private function getAssociationId($field_id)
    {
        $field = FieldManager::fetch($field_id);
        $parent_section = SectionManager::fetch($field->get('parent_section'));

        $association_id = Symphony::Database()->fetchCol('parent_section_field_id',
            sprintf(
                "SELECT `parent_section_field_id` FROM tbl_sections_association WHERE `child_section_field_id` = %d AND `child_section_id` = %d LIMIT 1;",

The string literal SELECT `parent_section_field_id` FROM tbl_sections_association WHERE `child_section_field_id` = %d AND `child_section_id` = %d LIMIT 1; does not require double quotes, as per coding-style, please use single quotes.

                $field_id, $parent_section->get('id')

It seems like $parent_section->get('id') can also be of type array; however, parameter $args of sprintf() does only seem to accept string, maybe add an additional type check?

            )
        );

        return $association_id[0];
    }

    private function getStatic($field_id, $search = null)

Incorrect spacing between argument "$search" and equals sign; expected 0 but found 1

Incorrect spacing between default value and equals sign for argument "$search"; expected 0 but found 1

    {
        $options = array();

        if (!empty($field_id)) {
            $field = FieldManager::fetch($field_id);

            if (!empty($field) && $field->canPublishFilter() === true) {
                if (method_exists($field, 'getToggleStates')) {
                    $options = $field->getToggleStates();
                } elseif (method_exists($field, 'findAllTags')) {
                    $options = $field->findAllTags();
                }
            }
        }

        foreach ($options as $value => $data) {
            if (!$search || strripos($data, $search) !== false || strripos($value, $search) !== false) {
                $this->_Result['entries'][]['value'] = ($data ? $data : $value);

Inline shorthand IF statement requires brackets around comparison

            }
        }
    }

    private function get($database, $field_id, $search, $max)
    {
        // Get entries
        if (!empty($search)) {

Blank line found at start of control structure

            // Get columns
            $columns = Symphony::Database()->fetchCol('column_name',
                sprintf(
                    "SELECT column_name
                    FROM information_schema.columns
                    WHERE table_schema = '%s'
                    AND table_name = 'tbl_entries_data_%d'
                    AND column_name != 'id'
                    AND column_name != 'entry_id';",
                    $database,
                    $field_id
                )
            );

            // Build where clauses
            $where = array();
            foreach ($columns as $column) {
                $where[] = "`$column` LIKE '%$search%'";

As per coding-style, please use concatenation or sprintf for the variable $column instead of interpolation.

As per coding-style, please use concatenation or sprintf for the variable $search instead of interpolation.

            }

            // Build query
            $query = sprintf(
                "SELECT * from tbl_entries_data_%d WHERE %s%s;",

The string literal SELECT * from tbl_entries_data_%d WHERE %s%s; does not require double quotes, as per coding-style, please use single quotes.

                $field_id,
                implode($where, " OR "),

The call to implode() has too many arguments starting with ' OR '.

The string literal OR does not require double quotes, as per coding-style, please use single quotes.

                $max
            );
        } else {
            $query = sprintf(
                "SELECT * from tbl_entries_data_%d%s;",

The string literal SELECT * from tbl_entries_data_%d%s; does not require double quotes, as per coding-style, please use single quotes.

                $field_id,
                $max
            );
        }

        // Fetch field values
        $data = Symphony::Database()->fetch($query);

        if (!empty($data)) {
            $field = FieldManager::fetch($field_id);
            $parent_section = SectionManager::fetch($field->get('parent_section'));
            $parent_section_handle = $parent_section->get('handle');

            foreach ($data as $field_data) {
                $entry_id = $field_data['entry_id'];

                if ($field instanceof ExportableField && in_array(ExportableField::UNFORMATTED, $field->getExportModes())) {

Blank line found at start of control structure

                    // Get unformatted value
                    $value = $field->prepareExportValue($field_data, ExportableField::UNFORMATTED, $entry_id);
                } elseif ($field instanceof ExportableField && in_array(ExportableField::VALUE, $field->getExportModes())) {

Blank line found at start of control structure

                    // Get formatted value
                    $value = $field->prepareExportValue($field_data, ExportableField::VALUE, $entry_id);
                } else {

Blank line found at start of control structure

                    // Get value from parameter pool
                    $value = $field->getParameterPoolValue($field_data, $entry_id);

The method getParameterPoolValue() does not exist on ExportableField. Since it exists in all sub-types, consider adding an abstract or default implementation to ExportableField.

                }

                $this->_Result['entries'][$entry_id]['value'] = $value;
                $this->_Result['entries'][$entry_id]['section'] = $parent_section_handle;
                $this->_Result['entries'][$entry_id]['link'] = APPLICATION_URL . '/publish/' . $parent_section_handle . '/edit/' . $entry_id . '/';

The constant APPLICATION_URL was not found. Maybe you did not declare it correctly or list all dependencies?

Are you sure $parent_section_handle of type array|string can be used in concatenation?

            }
        }
    }
}