These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * This file contains only a single class. |
||
4 | * |
||
5 | * @package Tabulate |
||
6 | * @file |
||
7 | */ |
||
8 | |||
9 | namespace WordPress\Tabulate\Controllers; |
||
10 | |||
11 | use WordPress\Tabulate\DB\Grants; |
||
12 | |||
13 | /** |
||
14 | * This controller handles viewing, saving, and deleting of individual Records. |
||
15 | */ |
||
16 | class RecordController extends ControllerBase { |
||
17 | |||
18 | /** |
||
19 | * Get the record-editing template for the given table. |
||
20 | * |
||
21 | * @param \WordPress\Tabulate\DB\Table $table The table. |
||
22 | * @return \WordPress\Tabulate\Template |
||
23 | */ |
||
24 | private function get_template( $table ) { |
||
25 | $template = new \WordPress\Tabulate\Template( 'record/admin.html' ); |
||
26 | $template->table = $table; |
||
27 | $template->controller = 'record'; |
||
28 | return $template; |
||
29 | } |
||
30 | |||
31 | /** |
||
32 | * Show the record-editing form. |
||
33 | * |
||
34 | * @param string $args The request arguments. |
||
35 | * @return string |
||
36 | */ |
||
37 | public function index( $args ) { |
||
38 | // Get database and table. |
||
39 | $db = new \WordPress\Tabulate\DB\Database( $this->wpdb ); |
||
40 | $table = $db->get_table( $args['table'] ); |
||
41 | |||
42 | // Give it all to the template. |
||
43 | $template = $this->get_template( $table ); |
||
0 ignored issues
–
show
|
|||
44 | if ( isset( $args['ident'] ) ) { |
||
45 | $template->record = $table->get_record( $args['ident'] ); |
||
46 | // Check permission. |
||
47 | if ( ! Grants::current_user_can( Grants::UPDATE, $table->get_name() ) ) { |
||
48 | $template->add_notice( 'error', 'You do not have permission to update data in this table.' ); |
||
49 | } |
||
50 | } |
||
51 | if ( ! isset( $template->record ) || false === $template->record ) { |
||
52 | $template->record = $table->get_default_record(); |
||
53 | // Check permission. |
||
54 | if ( ! Grants::current_user_can( Grants::CREATE, $table->get_name() ) ) { |
||
55 | $template->add_notice( 'error', 'You do not have permission to create records in this table.' ); |
||
56 | } |
||
57 | // Add query-string values. |
||
58 | if ( isset( $args['defaults'] ) ) { |
||
59 | $template->record->set_multiple( $args['defaults'] ); |
||
60 | } |
||
61 | } |
||
62 | // Don't save to non-updatable views. |
||
63 | if ( ! $table->is_updatable() ) { |
||
64 | $template->add_notice( 'error', "This table can not be updated." ); |
||
65 | } |
||
66 | |||
67 | // Enable postboxes (for the history and related tables' boxen). |
||
68 | wp_enqueue_script( 'dashboard' ); |
||
69 | |||
70 | // Return to URL. |
||
71 | if ( isset( $args['return_to'] ) ) { |
||
72 | $template->return_to = $args['return_to']; |
||
73 | } |
||
74 | |||
75 | return $template->render(); |
||
76 | } |
||
77 | |||
78 | /** |
||
79 | * Save a record. |
||
80 | * |
||
81 | * @param string[] $args The request arguments. |
||
82 | * @return boolean |
||
83 | */ |
||
84 | public function save( $args ) { |
||
85 | $db = new \WordPress\Tabulate\DB\Database( $this->wpdb ); |
||
86 | $table = $db->get_table( $args['table'] ); |
||
87 | if ( ! $table ) { |
||
88 | // It shouldn't be possible to get here via the UI, so no message. |
||
89 | return false; |
||
90 | } |
||
91 | |||
92 | // Guard against non-post requests. c.f. wp-comments-post.php. |
||
93 | if ( ! isset( $_SERVER['REQUEST_METHOD'] ) || 'POST' !== $_SERVER['REQUEST_METHOD'] ) { |
||
94 | header( 'Allow: POST' ); |
||
95 | header( 'HTTP/1.1 405 Method Not Allowed' ); |
||
96 | header( 'Content-Type: text/plain' ); |
||
97 | return false; |
||
98 | } |
||
99 | |||
100 | $record_ident = isset( $args['ident'] ) ? $args['ident'] : false; |
||
101 | $this->verify_nonce( 'tabulate-record-' . $record_ident ); |
||
102 | $template = $this->get_template( $table ); |
||
103 | |||
104 | // Make sure we're not saving over an already-existing record. |
||
105 | $pk_name = $table->get_pk_column()->get_name(); |
||
106 | $pk = $_POST[ $pk_name ]; |
||
107 | $existing = $table->get_record( $pk ); |
||
108 | if ( ! $record_ident && $existing ) { |
||
0 ignored issues
–
show
The expression
$record_ident of type string|false is loosely compared to false ; this is ambiguous if the string can be empty. You might want to explicitly use === false instead.
In PHP, under loose comparison (like For '' == false // true
'' == null // true
'ab' == false // false
'ab' == null // false
// It is often better to use strict comparison
'' === false // false
'' === null // false
Loading history...
|
|||
109 | $template->add_notice( 'updated', "The record identified by '$pk' already exists." ); |
||
110 | $_REQUEST['return_to'] = $existing->get_url(); |
||
111 | } else { |
||
112 | // Otherwise, create a new one. |
||
113 | try { |
||
114 | $data = wp_unslash( $_POST ); |
||
115 | $this->wpdb->query( 'BEGIN' ); |
||
116 | $template->record = $table->save_record( $data, $record_ident ); |
||
0 ignored issues
–
show
It seems like
$record_ident defined by isset($args['ident']) ? $args['ident'] : false on line 100 can also be of type false ; however, WordPress\Tabulate\DB\Table::save_record() does only seem to accept string|null , did you maybe forget to handle an error condition?
This check looks for type mismatches where the missing type is Consider the follow example <?php
function getDate($date)
{
if ($date !== null) {
return new DateTime($date);
}
return false;
}
This function either returns a new
Loading history...
|
|||
117 | $this->wpdb->query( 'COMMIT' ); |
||
118 | $template->add_notice( 'updated', 'Record saved.' ); |
||
119 | } catch ( \Exception $e ) { |
||
120 | $template->add_notice( 'error', $e->getMessage() ); |
||
121 | $template->record = new \WordPress\Tabulate\DB\Record( $table, $data ); |
||
122 | } |
||
123 | } |
||
124 | // Redirect back to the edit form. |
||
125 | $return_to = ( ! empty( $_REQUEST['return_to'] ) ) ? $_REQUEST['return_to'] : $template->record->get_url(); |
||
126 | wp_safe_redirect( $return_to ); |
||
127 | exit; |
||
128 | } |
||
129 | |||
130 | /** |
||
131 | * Delete (or ask for confirmation of deleting) a single record. |
||
132 | * |
||
133 | * @param string[] $args The request arguments. |
||
134 | * @return type |
||
135 | */ |
||
136 | public function delete( $args ) { |
||
137 | $db = new \WordPress\Tabulate\DB\Database( $this->wpdb ); |
||
138 | $table = $db->get_table( $args['table'] ); |
||
139 | $record_ident = isset( $args['ident'] ) ? $args['ident'] : false; |
||
140 | if ( ! $record_ident ) { |
||
0 ignored issues
–
show
The expression
$record_ident of type string|false is loosely compared to false ; this is ambiguous if the string can be empty. You might want to explicitly use === false instead.
In PHP, under loose comparison (like For '' == false // true
'' == null // true
'ab' == false // false
'ab' == null // false
// It is often better to use strict comparison
'' === false // false
'' === null // false
Loading history...
|
|||
141 | wp_safe_redirect( $table->get_url() ); |
||
142 | exit; |
||
143 | } |
||
144 | |||
145 | // Ask for confirmation. |
||
146 | if ( ! isset( $_POST['confirm_deletion'] ) ) { |
||
147 | $template = new \WordPress\Tabulate\Template( 'record/delete.html' ); |
||
148 | $template->table = $table; |
||
149 | $template->record = $table->get_record( $record_ident ); |
||
150 | return $template->render(); |
||
151 | } |
||
152 | |||
153 | // Delete the record. |
||
154 | check_admin_referer( 'tabulate-record-delete-' . $record_ident ); |
||
155 | try { |
||
156 | $this->wpdb->query( 'BEGIN' ); |
||
157 | $table->delete_record( $record_ident ); |
||
158 | $this->wpdb->query( 'COMMIT' ); |
||
159 | } catch ( \Exception $e ) { |
||
160 | $template = $this->get_template( $table ); |
||
0 ignored issues
–
show
It seems like
$table defined by $db->get_table($args['table']) on line 138 can also be of type false ; however, WordPress\Tabulate\Contr...troller::get_template() does only seem to accept object<WordPress\Tabulate\DB\Table> , did you maybe forget to handle an error condition?
This check looks for type mismatches where the missing type is Consider the follow example <?php
function getDate($date)
{
if ($date !== null) {
return new DateTime($date);
}
return false;
}
This function either returns a new
Loading history...
|
|||
161 | $template->record = $table->get_record( $record_ident ); |
||
162 | $template->add_notice( 'error', $e->getMessage() ); |
||
163 | return $template->render(); |
||
164 | } |
||
165 | |||
166 | wp_safe_redirect( $table->get_url() ); |
||
167 | exit; |
||
168 | } |
||
169 | } |
||
170 |
This check looks for type mismatches where the missing type is
false
. This is usually indicative of an error condtion.Consider the follow example
This function either returns a new
DateTime
object or false, if there was an error. This is a typical pattern in PHP programming to show that an error has occurred without raising an exception. The calling code should check for this returnedfalse
before passing on the value to another function or method that may not be able to handle afalse
.