Issues in GroupActionCollection.php (master) - Issues in master - ublaboo/datagrid - Measure and Improve Code Quality continuously with Scrutinizer

Issues (139)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/GroupAction/GroupActionCollection.php (3 issues)

Labels

Bug 3

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * @copyright   Copyright (c) 2015 ublaboo <[email protected]>
 * @author      Pavel Janda <[email protected]>
 * @package     Ublaboo
 */

namespace Ublaboo\DataGrid\GroupAction;

use Nette;
use Nette\SmartObject;
use Nette\Application\UI\Form;
use Ublaboo\DataGrid\DataGrid;
use Ublaboo\DataGrid\Exception\DataGridGroupActionException;

class GroupActionCollection
{

	use SmartObject;

	const ID_ATTRIBUTE_PREFIX = 'group_action_item_';

	/**
	 * @var GroupAction[]
	 */
	protected $group_actions = [];

	/**
	 * @var DataGrid
	 */
	protected $datagrid;


	public function __construct(DataGrid $datagrid)
	{
		$this->datagrid = $datagrid;
	}


	/**
	 * Get assambled form
	 * @param Nette\Forms\Container $container
	 * @return void
	 */
	public function addToFormContainer($container)
	{
		/** @var Nette\Application\UI\Form $form */
		$form = $container->lookup('Nette\Application\UI\Form');
		$translator = $form->getTranslator();
		$main_options = [];

		/**
		 * First foreach for filling "main" select
		 */
		foreach ($this->group_actions as $id => $action) {
			$main_options[$id] = $action->getTitle();
		}

		$container->addSelect('group_action', '', $main_options)
			->setPrompt('ublaboo_datagrid.choose');

		/**
		 * Second for creating select for each "sub"-action
		 */
		foreach ($this->group_actions as $id => $action) {
			$control = null;

			if ($action instanceof GroupSelectAction) {
				if ($action->hasOptions()) {
					if ($action instanceof GroupMultiSelectAction) {
						$control = $container->addMultiSelect($id, '', $action->getOptions());
						$control->setAttribute('data-datagrid-multiselect-id', static::ID_ATTRIBUTE_PREFIX . $id);
						$control->setAttribute('data-style', 'hidden');
						$control->setAttribute('data-selected-icon-check', DataGrid::$icon_prefix . 'check');
					} else {
						$control = $container->addSelect($id, '', $action->getOptions());
					}

					$control->setAttribute('id', static::ID_ATTRIBUTE_PREFIX . $id);
				}

			} elseif ($action instanceof GroupTextAction) {
				$control = $container->addText($id, '');

				$control->setAttribute('id', static::ID_ATTRIBUTE_PREFIX . $id)
					->addConditionOn($container['group_action'], Form::EQUAL, $id)
						->setRequired($translator->translate('ublaboo_datagrid.choose_input_required'))
					->endCondition();

			} elseif ($action instanceof GroupTextareaAction) {
				$control = $container->addTextarea($id, '');

				$control->setAttribute('id', static::ID_ATTRIBUTE_PREFIX . $id)
					->addConditionOn($container['group_action'], Form::EQUAL, $id)
						->setRequired($translator->translate('ublaboo_datagrid.choose_input_required'));
			}

			if ($control) {
				/**
				 * User may set a class to the form control
				 */
				if ($class = $action->getClass()) {
					$control->setAttribute('class', $class);
				}

				/**
				 * User may set additional attribtues to the form control
				 */
				foreach ($action->getAttributes() as $name => $value) {
					$control->setAttribute($name, $value);
				}
			}
		}

		foreach ($this->group_actions as $id => $action) {
			$container['group_action']->addCondition(Form::EQUAL, $id)
				->toggle(static::ID_ATTRIBUTE_PREFIX . $id);
		}

		$container['group_action']->addCondition(Form::FILLED)
			->toggle(strtolower($this->datagrid->getName()) . 'group_action_submit');


		$container->addSubmit('submit', 'ublaboo_datagrid.execute')
			->setValidationScope([$container])
			->setAttribute('id', strtolower($this->datagrid->getName()) . 'group_action_submit');


		if ($form instanceof Nette\ComponentModel\IComponent) {
			$form->onSubmit[] = [$this, 'submitted'];
		}
	}


	/**
	 * Pass "sub"-form submission forward to custom submit function
	 * @param  Form   $form
	 * @return void
	 */
	public function submitted(Form $form)
	{
		if (!isset($form['group_action']['submit']) || !$form['group_action']['submit']->isSubmittedBy()) {
			return;
		}

		$values = $form->getValues();
		$values = $values['group_action'];

		if ($values->group_action === 0 || $values->group_action === null) {
			return;
		}

		/**
		 * @todo Define items IDs
		 */
		$http_ids = $form->getHttpData(Form::DATA_LINE | Form::DATA_KEYS, strtolower($this->datagrid->getName()) . '_group_action_item[]');

		$ids = array_keys($http_ids);

		$id = $values->group_action;
		$this->group_actions[$id]->onSelect($ids, isset($values->{$id}) ? $values->{$id} : null);

		$form['group_action']['group_action']->setValue(null);
	}


	/**
	 * Add one group action (select box) to collection of actions
	 *
	 * @param string $title
	 * @param array  $options
	 *
	 * @return GroupAction
	 */
	public function addGroupSelectAction($title, $options)
	{
		$id = ($s = sizeof($this->group_actions)) ? ($s + 1) : 1;

		return $this->group_actions[$id] = new GroupSelectAction($title, $options);
	}


	/**
	 * Add one group action (multiselect box) to collection of actions
	 *
	 * @param string $title
	 * @param array  $options
	 *
	 * @return GroupAction
	 */
	public function addGroupMultiSelectAction($title, $options)
	{
		$id = ($s = sizeof($this->group_actions)) ? ($s + 1) : 1;

		return $this->group_actions[$id] = new GroupMultiSelectAction($title, $options);
	}


	/**
	 * Add one group action (text input) to collection of actions
	 *
	 * @param string $title
	 *
	 * @return GroupAction
	 */
	public function addGroupTextAction($title)
	{
		$id = ($s = sizeof($this->group_actions)) ? ($s + 1) : 1;

		return $this->group_actions[$id] = new GroupTextAction($title);
	}


	/**
	 * Add one group action (textarea) to collection of actions
	 *
	 * @param string $title
	 *
	 * @return GroupAction
	 */
	public function addGroupTextareaAction($title)
	{
		$id = ($s = sizeof($this->group_actions)) ? ($s + 1) : 1;

		return $this->group_actions[$id] = new GroupTextareaAction($title);
	}


	/**
	 * @param  string $title
	 * @return GroupAction
	 */
	public function getGroupAction($title)
	{
		foreach ($this->group_actions as $action) {
			if ($action->getTitle() === $title) {
				return $action;
			}
		}

		throw new DataGridGroupActionException("Group action $title does not exist.");
	}
}


1			<?php
2
3			/**
4			* @copyright Copyright (c) 2015 ublaboo <[email protected]>
5			* @author Pavel Janda <[email protected]>
6			* @package Ublaboo
7			*/
8
9			namespace Ublaboo\DataGrid\GroupAction;
10
11			use Nette;
12			use Nette\SmartObject;
13			use Nette\Application\UI\Form;
14			use Ublaboo\DataGrid\DataGrid;
15			use Ublaboo\DataGrid\Exception\DataGridGroupActionException;
16
17			class GroupActionCollection
18			{
19
20			use SmartObject;
21
22			const ID_ATTRIBUTE_PREFIX = 'group_action_item_';
23
24			/**
25			* @var GroupAction[]
26			*/
27			protected $group_actions = [];
28
29			/**
30			* @var DataGrid
31			*/
32			protected $datagrid;
33
34
35			public function __construct(DataGrid $datagrid)
36			{
37			$this->datagrid = $datagrid;
38			}
39
40
41			/**
42			* Get assambled form
43			* @param Nette\Forms\Container $container
44			* @return void
45			*/
46			public function addToFormContainer($container)
47			{
48			/** @var Nette\Application\UI\Form $form */
49			$form = $container->lookup('Nette\Application\UI\Form');
50			$translator = $form->getTranslator();
51			$main_options = [];
52
53			/**
54			* First foreach for filling "main" select
55			*/
56			foreach ($this->group_actions as $id => $action) {
57			$main_options[$id] = $action->getTitle();
58			}
59
60			$container->addSelect('group_action', '', $main_options)
61			->setPrompt('ublaboo_datagrid.choose');
62
63			/**
64			* Second for creating select for each "sub"-action
65			*/
66			foreach ($this->group_actions as $id => $action) {
67			$control = null;
68
69			if ($action instanceof GroupSelectAction) {
70			if ($action->hasOptions()) {
71			if ($action instanceof GroupMultiSelectAction) {
72			$control = $container->addMultiSelect($id, '', $action->getOptions());
73			$control->setAttribute('data-datagrid-multiselect-id', static::ID_ATTRIBUTE_PREFIX . $id);
74			$control->setAttribute('data-style', 'hidden');
75			$control->setAttribute('data-selected-icon-check', DataGrid::$icon_prefix . 'check');
76			} else {
77			$control = $container->addSelect($id, '', $action->getOptions());
78			}
79
80			$control->setAttribute('id', static::ID_ATTRIBUTE_PREFIX . $id);
81			}
82
83			} elseif ($action instanceof GroupTextAction) {
84			$control = $container->addText($id, '');
85
86			$control->setAttribute('id', static::ID_ATTRIBUTE_PREFIX . $id)
87			->addConditionOn($container['group_action'], Form::EQUAL, $id)
88			->setRequired($translator->translate('ublaboo_datagrid.choose_input_required'))
89			->endCondition();
90
91			} elseif ($action instanceof GroupTextareaAction) {
92			$control = $container->addTextarea($id, '');
93
94			$control->setAttribute('id', static::ID_ATTRIBUTE_PREFIX . $id)
95			->addConditionOn($container['group_action'], Form::EQUAL, $id)
96			->setRequired($translator->translate('ublaboo_datagrid.choose_input_required'));
97			}
98
99			if ($control) {
100			/**
101			* User may set a class to the form control
102			*/
103			if ($class = $action->getClass()) {
104			$control->setAttribute('class', $class);
105			}
106
107			/**
108			* User may set additional attribtues to the form control
109			*/
110			foreach ($action->getAttributes() as $name => $value) {
111			$control->setAttribute($name, $value);
112			}
113			}
114			}
115
116			foreach ($this->group_actions as $id => $action) {
117			$container['group_action']->addCondition(Form::EQUAL, $id)
118			->toggle(static::ID_ATTRIBUTE_PREFIX . $id);
119			}
120
121			$container['group_action']->addCondition(Form::FILLED)
122			->toggle(strtolower($this->datagrid->getName()) . 'group_action_submit');
			0 ignored issues – show Bug introduced 2017-02-05 00:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using `$this->datagrid->name`. There is an issue with `getName()` and APC-enabled PHP versions. Loading history...
123
124			$container->addSubmit('submit', 'ublaboo_datagrid.execute')
125			->setValidationScope([$container])
126			->setAttribute('id', strtolower($this->datagrid->getName()) . 'group_action_submit');
			0 ignored issues – show Bug introduced 2017-02-05 00:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using `$this->datagrid->name`. There is an issue with `getName()` and APC-enabled PHP versions. Loading history...
127
128			if ($form instanceof Nette\ComponentModel\IComponent) {
129			$form->onSubmit[] = [$this, 'submitted'];
130			}
131			}
132
133
134			/**
135			* Pass "sub"-form submission forward to custom submit function
136			* @param Form $form
137			* @return void
138			*/
139			public function submitted(Form $form)
140			{
141			if (!isset($form['group_action']['submit']) \|\| !$form['group_action']['submit']->isSubmittedBy()) {
142			return;
143			}
144
145			$values = $form->getValues();
146			$values = $values['group_action'];
147
148			if ($values->group_action === 0 \|\| $values->group_action === null) {
149			return;
150			}
151
152			/**
153			* @todo Define items IDs
154			*/
155			$http_ids = $form->getHttpData(Form::DATA_LINE \| Form::DATA_KEYS, strtolower($this->datagrid->getName()) . '_group_action_item[]');
			0 ignored issues – show Bug introduced 2017-02-05 00:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using `$this->datagrid->name`. There is an issue with `getName()` and APC-enabled PHP versions. Loading history...
156			$ids = array_keys($http_ids);
157
158			$id = $values->group_action;
159			$this->group_actions[$id]->onSelect($ids, isset($values->{$id}) ? $values->{$id} : null);
160
161			$form['group_action']['group_action']->setValue(null);
162			}
163
164
165			/**
166			* Add one group action (select box) to collection of actions
167			*
168			* @param string $title
169			* @param array $options
170			*
171			* @return GroupAction
172			*/
173			public function addGroupSelectAction($title, $options)
174			{
175			$id = ($s = sizeof($this->group_actions)) ? ($s + 1) : 1;
176
177			return $this->group_actions[$id] = new GroupSelectAction($title, $options);
178			}
179
180
181			/**
182			* Add one group action (multiselect box) to collection of actions
183			*
184			* @param string $title
185			* @param array $options
186			*
187			* @return GroupAction
188			*/
189			public function addGroupMultiSelectAction($title, $options)
190			{
191			$id = ($s = sizeof($this->group_actions)) ? ($s + 1) : 1;
192
193			return $this->group_actions[$id] = new GroupMultiSelectAction($title, $options);
194			}
195
196
197			/**
198			* Add one group action (text input) to collection of actions
199			*
200			* @param string $title
201			*
202			* @return GroupAction
203			*/
204			public function addGroupTextAction($title)
205			{
206			$id = ($s = sizeof($this->group_actions)) ? ($s + 1) : 1;
207
208			return $this->group_actions[$id] = new GroupTextAction($title);
209			}
210
211
212			/**
213			* Add one group action (textarea) to collection of actions
214			*
215			* @param string $title
216			*
217			* @return GroupAction
218			*/
219			public function addGroupTextareaAction($title)
220			{
221			$id = ($s = sizeof($this->group_actions)) ? ($s + 1) : 1;
222
223			return $this->group_actions[$id] = new GroupTextareaAction($title);
224			}
225
226
227			/**
228			* @param string $title
229			* @return GroupAction
230			*/
231			public function getGroupAction($title)
232			{
233			foreach ($this->group_actions as $action) {
234			if ($action->getTitle() === $title) {
235			return $action;
236			}
237			}
238
239			throw new DataGridGroupActionException("Group action $title does not exist.");
240			}
241			}
242

ublaboo / datagrid

Issues (139)

Security Analysis no request data

src/GroupAction/GroupActionCollection.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like