This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace AdminModule; |
||
4 | |||
5 | use Dubture\Monolog\Reader\LogReader; |
||
6 | use Nette\Utils\Finder; |
||
7 | |||
8 | /** |
||
9 | * Admin presenter. |
||
10 | * |
||
11 | * @author Tomáš Voslař <tomas.voslar at webcook.cz> |
||
12 | * @package WebCMS2 |
||
13 | */ |
||
14 | class HomepagePresenter extends \AdminModule\BasePresenter |
||
15 | { |
||
16 | /* @var logContent */ |
||
17 | private $logContent; |
||
18 | |||
19 | /* @var exceptions */ |
||
20 | private $exceptions; |
||
21 | |||
22 | 1 | protected function beforeRender() |
|
23 | { |
||
24 | 1 | parent::beforeRender(); |
|
25 | |||
26 | 1 | $this->reloadContent(); |
|
27 | |||
28 | 1 | $parameters = $this->getContext()->getParameters(); |
|
29 | |||
30 | 1 | $logFile = $parameters['tempDir'].'/../log/webcms.log'; |
|
31 | 1 | $reader = new LogReader($logFile, 2); |
|
32 | |||
33 | 1 | $logs = array(); |
|
34 | 1 | foreach ($reader as $log) { |
|
35 | 1 | if (!empty($log) && $log['level'] === 'INFO') { |
|
36 | 1 | $logs[] = $log; |
|
37 | 1 | } |
|
38 | 1 | } |
|
39 | |||
40 | 1 | $exceptions = array(); |
|
41 | 1 | if ($this->getUser()->getRoles()[0] === 'superadmin') { |
|
42 | 1 | foreach (Finder::findFiles('exception-*.html')->in(APP_DIR . '/../log') as $key => $file) { |
|
43 | $filename = $file->getFileName(); |
||
44 | $parsed = explode('-', $filename); |
||
45 | $date = $parsed[1] . '-' . $parsed[2] . '-' . $parsed[3] . ' ' . $parsed[4] . ':' . $parsed[5] . ':' . $parsed[6]; |
||
46 | $exceptions[] = array('id' => substr($parsed[7], 0, -5), 'date' => $date, 'filename' => $filename); |
||
47 | 1 | } |
|
48 | 1 | ||
49 | $this->template->showLogger = true; |
||
0 ignored issues
–
show
|
|||
50 | 1 | } else { |
|
51 | $this->template->showLogger = false; |
||
0 ignored issues
–
show
The property
$template is declared private in Nette\Application\UI\Control . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
52 | } |
||
53 | |||
54 | 1 | if (count($exceptions) > 0) { |
|
55 | $this->exceptions = $exceptions; |
||
0 ignored issues
–
show
It seems like
$exceptions of type array is incompatible with the declared type object<AdminModule\exceptions> of property $exceptions .
Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property..
Loading history...
|
|||
56 | $this->template->showExceptions = true; |
||
0 ignored issues
–
show
The property
$template is declared private in Nette\Application\UI\Control . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
57 | } else { |
||
58 | 1 | $this->template->showExceptions = false; |
|
0 ignored issues
–
show
The property
$template is declared private in Nette\Application\UI\Control . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
59 | 1 | } |
|
60 | 1 | ||
61 | 1 | // favourite links |
|
62 | $user = $this->em->getRepository('WebCMS\Entity\User')->find($this->getUser()->getId()); |
||
63 | 1 | $favourites = $this->em->getRepository('WebCMS\Entity\Favourites')->findBy(array( |
|
64 | 1 | 'user' => $user, |
|
65 | 1 | )); |
|
66 | |||
67 | 1 | $this->template->logReader = array_reverse($logs); |
|
0 ignored issues
–
show
The property
$template is declared private in Nette\Application\UI\Control . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
68 | $this->template->links = $favourites; |
||
0 ignored issues
–
show
The property
$template is declared private in Nette\Application\UI\Control . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
69 | 1 | } |
|
70 | 1 | ||
71 | protected function startup() |
||
72 | 1 | { |
|
73 | parent::startup(); |
||
74 | } |
||
75 | 1 | ||
76 | public function createComponentExceptionLogsGrid() |
||
77 | { |
||
78 | 1 | $grid = new \Grido\Grid($this, 'exceptionLogsGrid'); |
|
79 | $grid->AddColumnDate('date', 'Date') |
||
80 | 1 | ->setDateFormat(\Grido\Components\Columns\Date::FORMAT_DATETIME) |
|
81 | ->setSortable(); |
||
82 | 1 | $grid->AddColumnText('filename', 'Filename'); |
|
83 | 1 | ||
84 | $grid->setModel($this->exceptions); |
||
85 | 1 | ||
86 | 1 | $grid->addActionHref("showExceptionLog", 'Show')->getElementPrototype()->addAttributes(array('class' => array('btn', 'btn-primary'), 'target' => '_blank')); |
|
87 | $grid->addActionHref("deleteExceptionLog", 'Delete')->getElementPrototype()->addAttributes(array('class' => array('btn', 'btn-danger'), 'data-confirm' => 'Are you sure you want to delete this item?')); |
||
88 | |||
89 | $grid->setDefaultSort(array('date' => 'DESC')); |
||
90 | $grid->setRememberState(true); |
||
91 | $grid->setDefaultPerPage(10); |
||
92 | $grid->setTranslator($this->translator); |
||
93 | $grid->setFilterRenderType(\Grido\Components\Filters\Filter::RENDER_INNER); |
||
94 | |||
95 | return $grid; |
||
96 | } |
||
97 | |||
98 | public function renderShowExceptionLog($id) |
||
99 | { |
||
100 | $this->template->content = $this->logContent; |
||
0 ignored issues
–
show
The property
$template is declared private in Nette\Application\UI\Control . Since you implemented __get() , maybe consider adding a @property or @property-read annotation. This makes it easier for IDEs to provide auto-completion.
Since your code implements the magic setter <?php
/**
* @property int $x
* @property int $y
* @property string $text
*/
class MyLabel
{
private $properties;
private $allowedProperties = array('x', 'y', 'text');
public function __get($name)
{
if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
return $properties[$name];
} else {
return null;
}
}
public function __set($name, $value)
{
if (in_array($name, $this->allowedProperties)) {
$properties[$name] = $value;
} else {
throw new \LogicException("Property $name is not defined.");
}
}
}
Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property.
Loading history...
|
|||
101 | } |
||
102 | |||
103 | public function actionShowExceptionLog($id) |
||
104 | { |
||
105 | foreach (Finder::findFiles('exception-*' . $id . '.html')->in(APP_DIR . '/../log') as $key => $file) { |
||
106 | $contents = file_get_contents(APP_DIR . '/../log/' . $file->getFileName()); |
||
107 | } |
||
108 | |||
109 | if (!empty($contents)) { |
||
110 | $this->logContent = $contents; |
||
0 ignored issues
–
show
It seems like
$contents of type string is incompatible with the declared type object<AdminModule\logContent> of property $logContent .
Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property..
Loading history...
|
|||
111 | } else { |
||
112 | $this->logContent = 'Unable to show the exception log - file not found.'; |
||
0 ignored issues
–
show
It seems like
'Unable to show the exce... log - file not found.' of type string is incompatible with the declared type object<AdminModule\logContent> of property $logContent .
Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property..
Loading history...
|
|||
113 | } |
||
114 | } |
||
115 | |||
116 | public function actionDeleteExceptionLog($id) |
||
117 | { |
||
118 | View Code Duplication | foreach (Finder::findFiles('exception-*' . $id . '.html')->in(APP_DIR . '/../log') as $key => $file) { |
|
119 | $filename = $file->getFileName(); |
||
120 | } |
||
121 | |||
122 | if (!empty($filename)) { |
||
123 | unlink(APP_DIR . '/../log/' . $filename); |
||
124 | $this->flashMessage('Exception log has been deleted.', 'success'); |
||
125 | } else { |
||
126 | $this->flashMessage('Unable to delete exception log - file not found.', 'error'); |
||
127 | } |
||
128 | |||
129 | $this->forward('default'); |
||
130 | } |
||
131 | |||
132 | public function actionDeleteAllExceptionLogs() |
||
133 | { |
||
134 | if ($this->getUser()->getRoles()[0] === 'superadmin') { |
||
135 | View Code Duplication | foreach (Finder::findFiles('exception-*.html')->in(APP_DIR . '/../log') as $key => $file) { |
|
136 | $filename = $file->getFileName(); |
||
137 | unlink(APP_DIR . '/../log/' . $filename); |
||
138 | } |
||
139 | } |
||
140 | $this->flashMessage('All exception logs have been deleted.', 'success'); |
||
141 | $this->forward('default'); |
||
142 | } |
||
143 | } |
||
144 |
Since your code implements the magic setter
_set
, this function will be called for any write access on an undefined variable. You can add the@property
annotation to your class or interface to document the existence of this variable.Since the property has write access only, you can use the @property-write annotation instead.
Of course, you may also just have mistyped another name, in which case you should fix the error.
See also the PhpDoc documentation for @property.