Issues in OnePageSlide.php (master) - Issues in master - wernerkrauss/silverstripe-onepage - Measure and Improve Code Quality continuously with Scrutinizer

Issues (20)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

code/OnePageSlide.php (12 issues)

Labels

Severity

Minor 12

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

class OnePageSlide extends DataExtension
namespace YourVendor;

class YourClass { }
{

    private static $db = array(

        'BackgroundColor' => 'Varchar',
        'HeadingColor' => 'Varchar',
        'TextColor' => 'Varchar',
        'AdditionalCSSClass' => 'Varchar'
    );

    private static $has_one = array(

        'BackgroundImage' => 'Image'
    );

    private static $background_color_palette = array(

        '#fff',
        '#444',
        '#000'
    );
    private static $heading_color_palette = array(

        '#000',
        '#fff'
    );
    private static $text_color_palette = array(

        '#000',
        '#fff'
    );

    /**
     * Should we modify the link to represent anchors?
     *
     * @var bool
     */
    private static $do_modify_link = true;


    /**
     * limit the generated form fields to slides (direct children of a OnePageHolder)
     * @var bool
     */
    private static $use_only_on_onepage_slides = false;


    /**
     * do not require colors to be set
     * @var bool
     */
    private static $colors_can_be_empty = false;


    /**
     * @inheritdoc
     */
    public function updateFieldLabels(&$labels)
    {
        $labels = parent::updateFieldLabels($labels);
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
$object = $a->getObject();

        $labels['Title'] = _t('OnePageSlide.db_Title', 'Title');
        $labels['BackgroundColor'] = _t('OnePageSlide.db_BackgroundColor', 'Background Color');
        $labels['HeadingColor'] = _t('OnePageSlide.db_HeadingColor', 'Heading Color');
        $labels['TextColor'] = _t('OnePageSlide.db_TextColor', 'Text Color');
        $labels['AdditionalCSSClass'] = _t('OnePageSlide.db_AdditionalCSSClass', 'Additional CSS class');

        $labels['BackgroundImage'] = _t('OnePageSlide.has_many_BackgroundImage', 'Background Image');
    }


    /**
     * @inheritdoc
     */
    public function updateCMSFields(FieldList $fields)
    {
        if (Config::inst()->get($this->class, 'use_only_on_onepage_slides')
            && !$this->owner->isOnePageSlide()) {
            return;
        }

        $image = UploadField::create('BackgroundImage', $this->owner->fieldLabel('BackgroundImage'))
            ->setAllowedFileCategories('image')
            ->setAllowedMaxFileNumber(1);
        if ($this->owner->hasMethod('getRootFolderName')) {
            $image->setFolderName($this->owner->getRootFolderName());
        }

        $colorFields = array(
            'BackgroundColor' => 'background_color_palette',
            'HeadingColor' => 'heading_color_palette',
            'TextColor' => 'text_color_palette'
        );

        $layout = $fields->findOrMakeTab('Root.Layout', _t('OnePageSlide.TABLAYOUT', 'Layout'));
        $layout->push($image);

        foreach ($colorFields as $fieldName => $palette) {
            $layout->push($this->generateColorPalette($fieldName, $palette));
        }
        $layout->push(TextField::create('AdditionalCSSClass', $this->owner->fieldLabel('AdditionalCSSClass')));
    }

    protected function generateColorPalette($fieldName, $paletteSetting)

    {
        $palette = $this->owner->config()->get($paletteSetting)
            ? $this->owner->config()->get($paletteSetting)
            : Config::inst()->get($this->class, $paletteSetting);

        $field = ColorPaletteField::create(
            $fieldName,
            $this->owner->fieldLabel($fieldName),
            ArrayLib::valuekey($palette)
        );

        if (Config::inst()->get($this->class, 'colors_can_be_empty')) {
            $field= $field->setEmptyString('none');
        }

        return $field;
    }

    //@todo: if Parent is a OnePageHolder modify $Link to show to $Parent->Link() / #$URLSegment
    //@todo: if Parent is a OnePageHolder disable ShowInMenus
    //@todo: don't show slide in google sitempap

    /**
     * @todo: use customCSS?
     * @return string
     */
    public function getOnePageSlideStyle()
    {
        $style = '';

        $style .= $this->owner->BackgroundColor
            ? 'background-color: ' . $this->owner->BackgroundColor . '; '
            : '';

        $style .= $this->owner->TextColor
            ? ' color: ' . $this->owner->TextColor. ' !important; '
            : '';

        $this->owner->extend('updateOnePageSlideStyle', $style);

        return $style;
    }

    /**
     * get's fired on ContentController::init()
     *
     * check if this is a OnePageSlide and redirect to parent if
     *  - controller has no action
     *  - request isn't an ajax request
     */
    public function contentcontrollerInit(&$controller)
    {
        if ($this->owner->isOnePageSlide() && $this->isCMSPreview()) {
            //redirect and pass current ID by param, as anchor tags re not sent to the server
            $url = Controller::join_links(
                $this->owner->RelativeLink(),
                '?EditPageID=' . $this->owner->ID,
                '?Stage=' . Versioned::current_stage(),
                '?CMSPreview=1'
            );
            $controller->redirect($url);
        }

        if ($this->owner->isOnePageSlide()
                && !$controller->urlParams['Action']
                && !Director::is_ajax()
                && !$this->isCMSPreview()
            ) {
            $controller->redirect($this->owner->RelativeLink(), 301);
        }
    }


    /**
     * Updates RelativeLink()
     *
     * If no $action is given it changes /path/to/URLSegment into /path/to#URLSegment
     *
     * @param $base
     * @param $action
     */
    public function updateRelativeLink(&$base, &$action)
    {
        //we need to call the redirection for cms preview
        if (Controller::curr() instanceof LeftAndMain) {
            return;
        }

        if (Config::inst()->get('OnePageSlide', 'do_modify_link') == false) {
            return;
        }

        if($this->owner->isNestedOnePageSlide()) {
            $base = $this->owner->Parent()->RelativeLink($action) . '-' . $this->owner->URLSegment;
            return;
        }

        if ($this->owner->isOnePageSlide()) {
            //			$base = $this->owner->Parent()->RelativeLink('#' . $this->owner->URLSegment); //e.g. /home/#urlsegment :(

            $base = Controller::join_links($this->owner->Parent()->RelativeLink($action), '#' . $this->owner->URLSegment); // just /#urlsegment
        }
    }

    /**
     * Helper to get a unmofified link if a slide should represent a classical page, not a "block" inside a OnePageHolder
     *
     * @param null $action
     * @return mixed
     */
    public function UnmodifiedRelativeLink($action = null)
    {
        Config::inst()->update('OnePageSlide', 'do_modify_link', false);
        $link = $this->owner->RelativeLink($action);
        Config::inst()->update('OnePageSlide', 'do_modify_link', true);

        return $link;
    }

    /**
     * Checks, if the current page is a slide of a one-page by checking if the parent page is a OnePageHolder
     *
     * @return bool
     */
    public function isOnePageSlide()
    {
        return ($this->owner->Parent() instanceof OnePageHolder);
    }

    /**
     * Checks if the current page is a nested one-page slide
     *
     * @return bool
     */
    public function isNestedOnePageSlide() {
        return $this->owner->ParentID
            ? $this->owner->Parent()->isOnePageSlide()
            : false;
    }

    /**
     * Helper to check if we're previewing the current page in CMS
     *
     * @return bool
     */
    public function isCMSPreview()
    {
        $isCMSPreview = Controller::curr()->getRequest()->getVar('CMSPreview');

        return (bool) $isCMSPreview;
    }

    /**
     * renders the current page using the ClassName_onepage template,
     * e.g. Page_onepage
     *
     * The suffix is generated by @link getOnePageTemplateSuffix
     *
     * @return HTMLText
     */
    public function getOnePageContent()
    {
        $templateName = SSViewer::get_templates_by_class($this->owner->Classname, $this->getOnePageTemplateSuffix(), 'SiteTree')
            ?: 'Page_onepage';

        $controller = ModelAsController::controller_for($this->owner);

        return $controller->renderWith($templateName);
    }


    /**
     * Helper function to generate the template suffix for the current page.
     * Calls page's "generateOnePageTemplateSuffix" method if it exists.
     * This way your page can define the template suffix to be e.g. '_layout1_onepage' instead of just '_onepage'
     *
     * @return string
     */
    public function getOnePageTemplateSuffix()
    {
        return $this->owner->hasMethod('generateOnePageTemplateSuffix')
            ? $this->owner->generateOnePageTemplateSuffix()
            : '_onepage';
    }

}


1			<?php
2
3			class OnePageSlide extends DataExtension
			0 ignored issues – show Coding Style Compatibility introduced 2016-03-23 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
4			{
5
6			private static $db = array(
			0 ignored issues – show Unused Code introduced 2016-03-23 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$db` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
7			'BackgroundColor' => 'Varchar',
8			'HeadingColor' => 'Varchar',
9			'TextColor' => 'Varchar',
10			'AdditionalCSSClass' => 'Varchar'
11			);
12
13			private static $has_one = array(
			0 ignored issues – show Unused Code introduced 2016-03-23 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$has_one` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
14			'BackgroundImage' => 'Image'
15			);
16
17			private static $background_color_palette = array(
			0 ignored issues – show Unused Code introduced 2016-03-23 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$background_color_palette` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
18			'#fff',
19			'#444',
20			'#000'
21			);
22			private static $heading_color_palette = array(
			0 ignored issues – show Unused Code introduced 2016-03-23 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$heading_color_palette` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
23			'#000',
24			'#fff'
25			);
26			private static $text_color_palette = array(
			0 ignored issues – show Unused Code introduced 2016-03-23 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$text_color_palette` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
27			'#000',
28			'#fff'
29			);
30
31			/**
32			* Should we modify the link to represent anchors?
33			*
34			* @var bool
35			*/
36			private static $do_modify_link = true;
			0 ignored issues – show Unused Code introduced 2016-11-15 09:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$do_modify_link` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
37
38			/**
39			* limit the generated form fields to slides (direct children of a OnePageHolder)
40			* @var bool
41			*/
42			private static $use_only_on_onepage_slides = false;
			0 ignored issues – show Unused Code introduced 2016-03-23 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$use_only_on_onepage_slides` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
43
44			/**
45			* do not require colors to be set
46			* @var bool
47			*/
48			private static $colors_can_be_empty = false;
			0 ignored issues – show Unused Code introduced 2016-03-23 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$colors_can_be_empty` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
49
50			/**
51			* @inheritdoc
52			*/
53			public function updateFieldLabels(&$labels)
54			{
55			$labels = parent::updateFieldLabels($labels);
			0 ignored issues – show Bug introduced 2016-03-23 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the assignment to `$labels` is correct as `parent::updateFieldLabels($labels)` (which targets `DataExtension::updateFieldLabels()`) seems to always return null. This check looks for function or method calls that always return null and whose return value is assigned to a variable. class A { function getObject() { return null; } } $a = new A(); $object = $a->getObject(); The method `getObject()` can return nothing but null, so it makes no sense to assign that value to a variable. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
56
57			$labels['Title'] = _t('OnePageSlide.db_Title', 'Title');
58			$labels['BackgroundColor'] = _t('OnePageSlide.db_BackgroundColor', 'Background Color');
59			$labels['HeadingColor'] = _t('OnePageSlide.db_HeadingColor', 'Heading Color');
60			$labels['TextColor'] = _t('OnePageSlide.db_TextColor', 'Text Color');
61			$labels['AdditionalCSSClass'] = _t('OnePageSlide.db_AdditionalCSSClass', 'Additional CSS class');
62
63			$labels['BackgroundImage'] = _t('OnePageSlide.has_many_BackgroundImage', 'Background Image');
64			}
65
66
67			/**
68			* @inheritdoc
69			*/
70			public function updateCMSFields(FieldList $fields)
71			{
72			if (Config::inst()->get($this->class, 'use_only_on_onepage_slides')
73			&& !$this->owner->isOnePageSlide()) {
74			return;
75			}
76
77			$image = UploadField::create('BackgroundImage', $this->owner->fieldLabel('BackgroundImage'))
78			->setAllowedFileCategories('image')
79			->setAllowedMaxFileNumber(1);
80			if ($this->owner->hasMethod('getRootFolderName')) {
81			$image->setFolderName($this->owner->getRootFolderName());
82			}
83
84			$colorFields = array(
85			'BackgroundColor' => 'background_color_palette',
86			'HeadingColor' => 'heading_color_palette',
87			'TextColor' => 'text_color_palette'
88			);
89
90			$layout = $fields->findOrMakeTab('Root.Layout', _t('OnePageSlide.TABLAYOUT', 'Layout'));
91			$layout->push($image);
92
93			foreach ($colorFields as $fieldName => $palette) {
94			$layout->push($this->generateColorPalette($fieldName, $palette));
95			}
96			$layout->push(TextField::create('AdditionalCSSClass', $this->owner->fieldLabel('AdditionalCSSClass')));
97			}
98
99			protected function generateColorPalette($fieldName, $paletteSetting)
			0 ignored issues – show Documentation introduced 2016-03-23 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type could not be reliably inferred; please add a `@return` annotation. Our type inference engine in quite powerful, but sometimes the code does not provide enough clues to go by. In these cases we request you to add a `@return` annotation as described here. Loading history...
100			{
101			$palette = $this->owner->config()->get($paletteSetting)
102			? $this->owner->config()->get($paletteSetting)
103			: Config::inst()->get($this->class, $paletteSetting);
104
105			$field = ColorPaletteField::create(
106			$fieldName,
107			$this->owner->fieldLabel($fieldName),
108			ArrayLib::valuekey($palette)
109			);
110
111			if (Config::inst()->get($this->class, 'colors_can_be_empty')) {
112			$field= $field->setEmptyString('none');
113			}
114
115			return $field;
116			}
117
118			//@todo: if Parent is a OnePageHolder modify $Link to show to $Parent->Link() / #$URLSegment
119			//@todo: if Parent is a OnePageHolder disable ShowInMenus
120			//@todo: don't show slide in google sitempap
121
122			/**
123			* @todo: use customCSS?
124			* @return string
125			*/
126			public function getOnePageSlideStyle()
127			{
128			$style = '';
129
130			$style .= $this->owner->BackgroundColor
131			? 'background-color: ' . $this->owner->BackgroundColor . '; '
132			: '';
133
134			$style .= $this->owner->TextColor
135			? ' color: ' . $this->owner->TextColor. ' !important; '
136			: '';
137
138			$this->owner->extend('updateOnePageSlideStyle', $style);
139
140			return $style;
141			}
142
143			/**
144			* get's fired on ContentController::init()
145			*
146			* check if this is a OnePageSlide and redirect to parent if
147			* - controller has no action
148			* - request isn't an ajax request
149			*/
150			public function contentcontrollerInit(&$controller)
151			{
152			if ($this->owner->isOnePageSlide() && $this->isCMSPreview()) {
153			//redirect and pass current ID by param, as anchor tags re not sent to the server
154			$url = Controller::join_links(
155			$this->owner->RelativeLink(),
156			'?EditPageID=' . $this->owner->ID,
157			'?Stage=' . Versioned::current_stage(),
158			'?CMSPreview=1'
159			);
160			$controller->redirect($url);
161			}
162
163			if ($this->owner->isOnePageSlide()
164			&& !$controller->urlParams['Action']
165			&& !Director::is_ajax()
166			&& !$this->isCMSPreview()
167			) {
168			$controller->redirect($this->owner->RelativeLink(), 301);
169			}
170			}
171
172
173			/**
174			* Updates RelativeLink()
175			*
176			* If no $action is given it changes /path/to/URLSegment into /path/to#URLSegment
177			*
178			* @param $base
179			* @param $action
180			*/
181			public function updateRelativeLink(&$base, &$action)
182			{
183			//we need to call the redirection for cms preview
184			if (Controller::curr() instanceof LeftAndMain) {
185			return;
186			}
187
188			if (Config::inst()->get('OnePageSlide', 'do_modify_link') == false) {
189			return;
190			}
191
192			if($this->owner->isNestedOnePageSlide()) {
193			$base = $this->owner->Parent()->RelativeLink($action) . '-' . $this->owner->URLSegment;
194			return;
195			}
196
197			if ($this->owner->isOnePageSlide()) {
198			// $base = $this->owner->Parent()->RelativeLink('#' . $this->owner->URLSegment); //e.g. /home/#urlsegment :(
			0 ignored issues – show Unused Code Comprehensibility introduced 2016-03-23 11:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this `52%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
199			$base = Controller::join_links($this->owner->Parent()->RelativeLink($action), '#' . $this->owner->URLSegment); // just /#urlsegment
200			}
201			}
202
203			/**
204			* Helper to get a unmofified link if a slide should represent a classical page, not a "block" inside a OnePageHolder
205			*
206			* @param null $action
207			* @return mixed
208			*/
209			public function UnmodifiedRelativeLink($action = null)
210			{
211			Config::inst()->update('OnePageSlide', 'do_modify_link', false);
212			$link = $this->owner->RelativeLink($action);
213			Config::inst()->update('OnePageSlide', 'do_modify_link', true);
214
215			return $link;
216			}
217
218			/**
219			* Checks, if the current page is a slide of a one-page by checking if the parent page is a OnePageHolder
220			*
221			* @return bool
222			*/
223			public function isOnePageSlide()
224			{
225			return ($this->owner->Parent() instanceof OnePageHolder);
226			}
227
228			/**
229			* Checks if the current page is a nested one-page slide
230			*
231			* @return bool
232			*/
233			public function isNestedOnePageSlide() {
234			return $this->owner->ParentID
235			? $this->owner->Parent()->isOnePageSlide()
236			: false;
237			}
238
239			/**
240			* Helper to check if we're previewing the current page in CMS
241			*
242			* @return bool
243			*/
244			public function isCMSPreview()
245			{
246			$isCMSPreview = Controller::curr()->getRequest()->getVar('CMSPreview');
247
248			return (bool) $isCMSPreview;
249			}
250
251			/**
252			* renders the current page using the ClassName_onepage template,
253			* e.g. Page_onepage
254			*
255			* The suffix is generated by @link getOnePageTemplateSuffix
256			*
257			* @return HTMLText
258			*/
259			public function getOnePageContent()
260			{
261			$templateName = SSViewer::get_templates_by_class($this->owner->Classname, $this->getOnePageTemplateSuffix(), 'SiteTree')
262			?: 'Page_onepage';
263
264			$controller = ModelAsController::controller_for($this->owner);
265
266			return $controller->renderWith($templateName);
267			}
268
269
270			/**
271			* Helper function to generate the template suffix for the current page.
272			* Calls page's "generateOnePageTemplateSuffix" method if it exists.
273			* This way your page can define the template suffix to be e.g. '_layout1_onepage' instead of just '_onepage'
274			*
275			* @return string
276			*/
277			public function getOnePageTemplateSuffix()
278			{
279			return $this->owner->hasMethod('generateOnePageTemplateSuffix')
280			? $this->owner->generateOnePageTemplateSuffix()
281			: '_onepage';
282			}
283
284			}
285

wernerkrauss / silverstripe-onepage

Issues (20)

Security Analysis not enabled

code/OnePageSlide.php (12 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like