PHP response or session functions should not be used 11

More information: https://insight.symfony.com/what-we-analyse/symfony.use_php_response_function

  1. protected function doDestroy(string $sessionId)
  2. {
  3. // expire the cookie
  4. if ('cli' !== PHP_SAPI) {
  5. setcookie(session_name(), '', 0, ini_get('session.cookie_path'));

    Using native PHP session or response functions (like setcookie() here) is discouraged, as it bypasses the Symfony event system. Use the HttpFoundationResponse class instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Craig Heydenburg
  6. }
  7. $this->userSessionRepository->clearUnsavedData();
  8. $this->userSessionRepository->removeAndFlush($sessionId);
  9. return true;
  1. protected function doDestroy(string $sessionId)
  2. {
  3. // expire the cookie
  4. if ('cli' !== PHP_SAPI) {
  5. setcookie(session_name(), '', 0, ini_get('session.cookie_path'));

    Using native PHP session or response functions (like session_name() here) is discouraged, as it bypasses the Symfony event system. Use the HttpFoundationResponse class instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Craig Heydenburg
  6. }
  7. $this->userSessionRepository->clearUnsavedData();
  8. $this->userSessionRepository->removeAndFlush($sessionId);
  9. return true;
  1. }
  2. }
  3. // remove again when https://github.com/symfony/symfony/issues/35460 is solved
  4. if (null !== $this->emulateSameSite) {
  5. $originalCookie = SessionUtils::popSessionCookie(session_name(), session_id());

    Using native PHP session or response functions (like session_id() here) is discouraged, as it bypasses the Symfony event system. Use the HttpFoundationResponse class instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Guite
  6. if (null !== $originalCookie) {
  7. header(sprintf('%s; SameSite=%s', $originalCookie, $this->emulateSameSite), false);
  8. }
  9. }
  1. }
  2. }
  3. // remove again when https://github.com/symfony/symfony/issues/35460 is solved
  4. if (null !== $this->emulateSameSite) {
  5. $originalCookie = SessionUtils::popSessionCookie(session_name(), session_id());

    Using native PHP session or response functions (like session_name() here) is discouraged, as it bypasses the Symfony event system. Use the HttpFoundationResponse class instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Guite
  6. if (null !== $originalCookie) {
  7. header(sprintf('%s; SameSite=%s', $originalCookie, $this->emulateSameSite), false);
  8. }
  9. }
  1. // remove again when https://github.com/symfony/symfony/issues/35460 is solved
  2. if (null !== $this->emulateSameSite) {
  3. $originalCookie = SessionUtils::popSessionCookie(session_name(), session_id());
  4. if (null !== $originalCookie) {
  5. header(sprintf('%s; SameSite=%s', $originalCookie, $this->emulateSameSite), false);

    Using native PHP session or response functions (like header() here) is discouraged, as it bypasses the Symfony event system. Use the HttpFoundationResponse class instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Guite
  6. }
  7. }
  8. return $result;
  9. }
  1. }
  2. public function regenerate($destroy = false, $lifetime = null)
  3. {
  4. // Cannot regenerate the session ID for non-active sessions.
  5. if (\PHP_SESSION_ACTIVE !== session_status()) {

    Using native PHP session or response functions (like session_status() here) is discouraged, as it bypasses the Symfony event system. Use the HttpFoundationResponse class instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Guite
  6. return false;
  7. }
  8. if (headers_sent()) {
  9. return false;
  1. // Cannot regenerate the session ID for non-active sessions.
  2. if (\PHP_SESSION_ACTIVE !== session_status()) {
  3. return false;
  4. }
  5. if (headers_sent()) {

    Using native PHP session or response functions (like headers_sent() here) is discouraged, as it bypasses the Symfony event system. Use the HttpFoundationResponse class instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Guite
  6. return false;
  7. }
  8. if (null !== $lifetime) {
  9. // added due to https://github.com/symfony/symfony/issues/28577
  1. if ($destroy) {
  2. $this->metadataBag->stampNew();
  3. }
  4. $isRegenerated = session_regenerate_id($destroy);

    Using native PHP session or response functions (like session_regenerate_id() here) is discouraged, as it bypasses the Symfony event system. Use the HttpFoundationResponse class instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Guite
  5. // The reference to $_SESSION in session bags is lost in PHP7 and we need to re-create it.
  6. // @see https://bugs.php.net/70013
  7. $this->loadSession();
  1. // The reference to $_SESSION in session bags is lost in PHP7 and we need to re-create it.
  2. // @see https://bugs.php.net/70013
  3. $this->loadSession();
  4. if (null !== $this->emulateSameSite) {
  5. $originalCookie = SessionUtils::popSessionCookie(session_name(), session_id());

    Using native PHP session or response functions (like session_name() here) is discouraged, as it bypasses the Symfony event system. Use the HttpFoundationResponse class instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Guite
  6. if (null !== $originalCookie) {
  7. header(sprintf('%s; SameSite=%s', $originalCookie, $this->emulateSameSite), false);
  8. }
  9. }
  1. // The reference to $_SESSION in session bags is lost in PHP7 and we need to re-create it.
  2. // @see https://bugs.php.net/70013
  3. $this->loadSession();
  4. if (null !== $this->emulateSameSite) {
  5. $originalCookie = SessionUtils::popSessionCookie(session_name(), session_id());

    Using native PHP session or response functions (like session_id() here) is discouraged, as it bypasses the Symfony event system. Use the HttpFoundationResponse class instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Guite
  6. if (null !== $originalCookie) {
  7. header(sprintf('%s; SameSite=%s', $originalCookie, $this->emulateSameSite), false);
  8. }
  9. }
  1. $this->loadSession();
  2. if (null !== $this->emulateSameSite) {
  3. $originalCookie = SessionUtils::popSessionCookie(session_name(), session_id());
  4. if (null !== $originalCookie) {
  5. header(sprintf('%s; SameSite=%s', $originalCookie, $this->emulateSameSite), false);

    Using native PHP session or response functions (like header() here) is discouraged, as it bypasses the Symfony event system. Use the HttpFoundationResponse class instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Guite
  6. }
  7. }
  8. return $isRegenerated;
  9. }

PHP super globals should never be used 2

More information: https://insight.symfony.com/what-we-analyse/symfony.use_super_globals

  1. }
  2. private function getConnection(): Connection
  3. {
  4. $connectionParams = [
  5. 'url' => $_ENV['DATABASE_URL'] ?? ''

    $_ENV super global should not be used.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Axel Guckelsberger
  6. ];
  7. return DriverManager::getConnection($connectionParams, new Configuration());
  8. }
  1. }
  2. public function isNecessary(): bool
  3. {
  4. $params = $this->yamlManager->getParameters();
  5. $databaseUrl = $_ENV['DATABASE_URL'] ?? '';

    $_ENV super global should not be used.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Axel Guckelsberger
  6. if (empty($databaseUrl) || 'nothing' === $databaseUrl) {
  7. // check if credentials are temporarily stored as parameter during installation
  8. $databaseUrl = $params['database_url'] ?? '';
  9. }
  10. if (!empty($databaseUrl) && 'nothing' !== $databaseUrl) {

Source code should not contain tasks comments 7

More information: https://insight.symfony.com/what-we-analyse/task_fixme_comment

  1. * For this all registries are checked to see if the given category is contained in the corresponding subtree.
  2. * If yes, the mapping table of the corresponding module is checked to see if it contains the given category.
  3. */
  4. public function mayCategoryBeDeletedOrMoved(CategoryEntity $category): bool
  5. {
  6. // TODO #3920

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Guite
  7. return true;
  8. // collect parents
  9. $isOnTop = false;
  10. $parentIds = [$category->getId()];
  1. }
  2. if (!$this->isCsrfTokenValid('deactivate-extension', $token)) {
  3. throw new AccessDeniedException();
  4. }
  5. // @todo check if this is a theme and currently set as default or admin theme

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Craig Heydenburg
  6. /** @var ExtensionEntity $extension */
  7. $extension = $extensionRepository->find($id);
  8. if (null !== $extension) {
  9. if (ZikulaKernel::isCoreExtension($extension->getName())) {
  1. {{ adminHeader() }}{# @todo wrong header! see below #}

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Craig Heydenburg
  2. {#{admincategorymenu}#}
  3. {#<div class="z-admin-content clearfix">#}
  4. {#{modgetinfo modname=$currentmodule info='displayname' assign='displayName'}#}
  5. {#{modgetimage modname=$currentmodule assign='image'}#}
  1. }
  2. if ('Filter' === $namespace) {
  3. if (
  4. // Do not allow Filter.Custom for now. Causing errors.
  5. // TODO research why Filter.Custom is causing exceptions and correct.

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Axel Guckelsberger
  6. ('Custom' === $directive)
  7. // Do not allow Filter.ExtractStyleBlock* for now. Causing errors.
  8. // TODO Filter.ExtractStyleBlock* requires CSSTidy
  9. || (false !== mb_stripos($directive, 'ExtractStyleBlock'))
  10. ) {
  1. if (
  2. // Do not allow Filter.Custom for now. Causing errors.
  3. // TODO research why Filter.Custom is causing exceptions and correct.
  4. ('Custom' === $directive)
  5. // Do not allow Filter.ExtractStyleBlock* for now. Causing errors.
  6. // TODO Filter.ExtractStyleBlock* requires CSSTidy

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Axel Guckelsberger
  7. || (false !== mb_stripos($directive, 'ExtractStyleBlock'))
  8. ) {
  9. continue;
  10. }
  11. }
  1. // PHPIDS should run with PHP 5.1.2 but this is untested - set this value to force compatibilty with minor versions
  2. $config['General']['min_php_version'] = '5.1.6';
  3. // caching settings
  4. // @todo: add UI for those caching settings

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Drak
  5. $config['Caching'] = [];
  6. // caching method (session|file|database|memcached|none), default file
  7. $config['Caching']['caching'] = 'none'; // deactivate caching for now
  8. $config['Caching']['expiration_time'] = 600;
  1. public function executeStage(string $stageName): bool
  2. {
  3. $currentVersion = $this->parameterHelper->getYamlHelper()->getParameter(ZikulaKernel::CORE_INSTALLED_VERSION_PARAM);
  4. switch ($stageName) {
  5. case 'bundles':
  6. return $this->createBundles(); // @todo this stage may no longer be necessary since all core is hard-coded & loaded in kernel

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Craig Heydenburg
  7. case 'install_event':
  8. return $this->fireEvent(CoreEvents::CORE_INSTALL_PRE_MODULE);
  9. case 'extensions':
  10. return $this->coreInstallerExtensionHelper->install('ZikulaExtensionsModule');
  11. case 'settings':

Files should not be executable

More information: https://insight.symfony.com/what-we-analyse/php.too_permissive_file_permissions

Your project contains files with permissive permissions. In order to avoid opening a security breach, you should restrict execution rights on following files:

  • config/packages/security.yaml

Time to fix: about 15 minutes
Open Issue Permalink
Collective
chmod a-x 'config/packages/security.yaml'

Code should not be duplicated 6

More information: https://insight.symfony.com/what-we-analyse/php.duplicated_code

  1. *
  2. * For the full copyright and license information, please view the LICENSE
  3. * file that was distributed with this source code.
  4. */
  5. namespace Zikula\BlocksModule\Menu;

    The next 41 lines appear both in src/system/BlocksModule/Menu/ExtensionMenu.php:14 and src/system/PermissionsModule/Menu/ExtensionMenu.php:14.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Craig Heydenburg
  6. use Knp\Menu\FactoryInterface;
  7. use Knp\Menu\ItemInterface;
  8. use Zikula\MenuModule\ExtensionMenu\ExtensionMenuInterface;
  9. use Zikula\PermissionsModule\Api\ApiInterface\PermissionApiInterface;
  1. *
  2. * For the full copyright and license information, please view the LICENSE
  3. * file that was distributed with this source code.
  4. */
  5. namespace Zikula\BlocksModule\Menu;

    The next 39 lines appear both in src/system/BlocksModule/Menu/ExtensionMenu.php:14 and src/system/CategoriesModule/Menu/ExtensionMenu.php:14.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Craig Heydenburg
  6. use Knp\Menu\FactoryInterface;
  7. use Knp\Menu\ItemInterface;
  8. use Zikula\MenuModule\ExtensionMenu\ExtensionMenuInterface;
  9. use Zikula\PermissionsModule\Api\ApiInterface\PermissionApiInterface;
  1. *
  2. * For the full copyright and license information, please view the LICENSE
  3. * file that was distributed with this source code.
  4. */
  5. namespace Zikula\BlocksModule\Menu;

    The next 40 lines appear both in src/system/BlocksModule/Menu/ExtensionMenu.php:14 and src/system/MenuModule/Menu/ExtensionMenu.php:14.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Craig Heydenburg
  6. use Knp\Menu\FactoryInterface;
  7. use Knp\Menu\ItemInterface;
  8. use Zikula\MenuModule\ExtensionMenu\ExtensionMenuInterface;
  9. use Zikula\PermissionsModule\Api\ApiInterface\PermissionApiInterface;
  1. *
  2. * For the full copyright and license information, please view the LICENSE
  3. * file that was distributed with this source code.
  4. */
  5. namespace Zikula\GroupsModule\Form\Type;

    The next 27 lines appear both in src/system/GroupsModule/Form/Type/ConfigType.php:14 and src/system/SearchModule/Form/Type/ConfigType.php:14.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Axel Guckelsberger
  6. use Symfony\Component\Form\AbstractType;
  7. use Symfony\Component\Form\Extension\Core\Type\CheckboxType;
  8. use Symfony\Component\Form\Extension\Core\Type\ChoiceType;
  9. use Symfony\Component\Form\Extension\Core\Type\IntegerType;
  1. *
  2. * For the full copyright and license information, please view the LICENSE
  3. * file that was distributed with this source code.
  4. */
  5. namespace Zikula\MailerModule\Menu;

    The next 42 lines appear both in src/system/MailerModule/Menu/ExtensionMenu.php:14 and src/system/ThemeModule/Menu/ExtensionMenu.php:14.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Craig Heydenburg
  6. use Knp\Menu\FactoryInterface;
  7. use Knp\Menu\ItemInterface;
  8. use Zikula\MenuModule\ExtensionMenu\ExtensionMenuInterface;
  9. use Zikula\PermissionsModule\Api\ApiInterface\PermissionApiInterface;
  1. $query = $qb->getQuery();
  2. return (int)$query->getSingleScalarResult();
  3. }
  4. public function getResults(array $filters = [], array $sorting = [], int $limit = 0, int $offset = 0): array

    The next 33 lines appear both in src/system/SearchModule/Entity/Repository/SearchResultRepository.php:48 and src/system/SearchModule/Entity/Repository/SearchStatRepository.php:43.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Guite
  5. {
  6. $qb = $this->createQueryBuilder('tbl')
  7. ->select('tbl');
  8. // add clauses for where

The Doctrine Entity Manager should not be passed as an argument

More information: https://insight.symfony.com/what-we-analyse/symfony.dependency_injection.no_entity_manager_as_parameter

  1. public function getEntityManager(): ?EntityManagerInterface
  2. {
  3. return $this->entityManager;
  4. }
  5. public function setEntityManager(EntityManagerInterface $entityManager = null): void

    A Doctrine entity manager has been found as an argument.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Guite
  6. {
  7. if ($this->entityManager !== $entityManager) {
  8. $this->entityManager = $entityManager;
  9. }
  10. }

Form types should be in Form folders

More information: https://insight.symfony.com/what-we-analyse/symfony.form.form_type_not_in_type_form_folder

A form type has been found outside Form folder

Time to fix: about 2 hours
Open Issue Permalink
Last edited by Axel Guckelsberger
  • src/system/ExtensionsModule/ModuleInterface/Content
    • AbstractContentFormType.php

      A form type has been found outside Form folder

    • AbstractContentType.php
    • ContentTypeInterface.php

PHP code should not contain unreachable code 2

More information: https://insight.symfony.com/what-we-analyse/php.unreachable_code

  1. {
  2. // TODO #3920
  3. return true;
  4. // collect parents
  5. $isOnTop = false;
  6. $parentIds = [$category->getId()];
  7. $directParent = $category;
  8. while (false === $isOnTop) {
  9. $directParent = $category->getParent();
  10. if (null === $directParent) {
  11. $isOnTop = true;
  12. } else {
  13. $parentIds[] = $directParent->getId();
  14. }
  15. }
  16. // fetch registries
  17. $registries = $this->categoryRegistryRepository->findAll();
  18. // iterate over all registries
  19. foreach ($registries as $registry) {
  20. // check if the registry subtree contains our category
  21. if (!in_array($registry->getCategory()->getId(), $parentIds, true)) {
  22. continue;
  23. }
  24. // get information about responsible module
  25. if (!$this->kernel->isBundle($registry->getModname())) {
  26. continue;
  27. }
  28. $capabilities = $this->capabilityApi->getCapabilitiesOf($registry->getModname());
  29. foreach ($capabilities[CapabilityApi::CATEGORIZABLE] as $entityClass) {
  30. if (!is_subclass_of($entityClass, AbstractCategoryAssignment::class)) {
  31. continue;
  32. }
  33. // check if this mapping table contains a reference to the given category
  34. $mappings = $this->entityManager->getRepository($entityClass)
  35. ->findBy(['category' => $category]);
  36. if (count($mappings) > 0) {
  37. // existing reference found
  38. return false;
  39. }
  40. }
  41. }
  42. return true;

    This code is unreachable.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Guite
  43. }
  44. }

Commented code should not be committed 16

More information: https://insight.symfony.com/what-we-analyse/php.commented_out_code

  1. if ($request->server->has('USER_AGENT')) {
  2. $requestArgs['USER_AGENT'] = $request->server->get('USER_AGENT');
  3. }
  4. // while i think that REQUEST_URI is unnecessary,
  5. // the REFERER would be important, but results in way too many false positives
  6. /*

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Axel Guckelsberger
  7. if ($request->server->has('REQUEST_URI')) {
  8. $requestArgs['REQUEST_URI'] = $request->server->get('REQUEST_URI');
  9. }
  10. if ($request->server->has('HTTP_REFERER')) {
  11. $requestArgs['REFERER'] = $request->server->get('HTTP_REFERER');
  1. $config['General']['filter_type'] = $this->getSystemVar('idsfilter', 'xml');
  2. if (empty($config['General']['filter_type'])) {
  3. $config['General']['filter_type'] = 'xml';
  4. }
  5. $config['General']['base_path'] = ''; //PHPIDS_PATH_PREFIX;

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Craig Heydenburg
  6. // we don't use the base path because the tmp directory is in zkTemp (see below)
  7. $config['General']['use_base_path'] = false;
  8. // path to the filters used
  9. $config['General']['filter_path'] = $this->getSystemVar('idsrulepath', 'system/SecurityCenterModule/Resources/config/phpids_zikula_default.xml');
in src/Kernel.php, line 15
  1. * For the full copyright and license information, please view the LICENSE
  2. * file that was distributed with this source code.
  3. */
  4. use Symfony\Bundle\FrameworkBundle\Kernel\MicroKernelTrait;
  5. //use Symfony\Bundle\FrameworkBundle\Routing\Loader\Configurator\RoutingConfigurator;

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Guite
  6. use Symfony\Component\Config\Loader\LoaderInterface;
  7. use Symfony\Component\Config\Resource\FileResource;
  8. use Symfony\Component\DependencyInjection\ContainerBuilder;
  9. //use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;
  10. use Symfony\Component\Routing\RouteCollectionBuilder;
in src/Kernel.php, line 19
  1. use Symfony\Bundle\FrameworkBundle\Kernel\MicroKernelTrait;
  2. //use Symfony\Bundle\FrameworkBundle\Routing\Loader\Configurator\RoutingConfigurator;
  3. use Symfony\Component\Config\Loader\LoaderInterface;
  4. use Symfony\Component\Config\Resource\FileResource;
  5. use Symfony\Component\DependencyInjection\ContainerBuilder;
  6. //use Symfony\Component\DependencyInjection\Loader\Configurator\ContainerConfigurator;

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Axel Guckelsberger
  7. use Symfony\Component\Routing\RouteCollectionBuilder;
  8. use Zikula\Bundle\CoreBundle\DynamicConfigDumper;
  9. use Zikula\Bundle\CoreBundle\Helper\PersistedBundleHelper;
  10. use Zikula\Bundle\CoreBundle\HttpKernel\ZikulaKernel;
  1. }
  2. try {
  3. $blockInstance = $this->blockApi->createInstanceFromBKey($block->getBkey());
  4. } catch (RuntimeException $exception) {
  5. //return 'Error during block creation: ' . $exception->getMessage();

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Guite
  6. return '';
  7. }
  8. $blockProperties = $block->getProperties();
  9. $blockProperties['bid'] = $block->getBid();
  10. $blockProperties['title'] = $block->getTitle();
  1. /** @var AbstractCategoryAssignment $categoryAssignmentEntity */
  2. foreach ($value as $categoryAssignmentEntity) {
  3. $registryKey = 'registry_' . $categoryAssignmentEntity->getCategoryRegistryId();
  4. $category = $categoryAssignmentEntity->getCategory();
  5. if (false !== mb_strpos(get_class($category), 'DoctrineProxy')) {
  6. //$this->entityManager->detach($category);

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Guite
  7. $category = $this->entityManager->find(CategoryEntity::class, $category->getId());
  8. //$this->entityManager->persist($category);
  9. }
  10. if ($this->multiple) {
  1. $registryKey = 'registry_' . $categoryAssignmentEntity->getCategoryRegistryId();
  2. $category = $categoryAssignmentEntity->getCategory();
  3. if (false !== mb_strpos(get_class($category), 'DoctrineProxy')) {
  4. //$this->entityManager->detach($category);
  5. $category = $this->entityManager->find(CategoryEntity::class, $category->getId());
  6. //$this->entityManager->persist($category);

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Guite
  7. }
  8. if ($this->multiple) {
  9. $data[$registryKey][] = $category;
  10. } else {
  1. $themeVarsPath = $this->getConfigPath() . '/variables.yaml';
  2. if (!file_exists($themeVarsPath)) {
  3. return $defaultVars;
  4. }
  5. /*if (!$this->getContainer()) {

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Craig Heydenburg
  6. return $defaultVars;
  7. }*/
  8. $yamlVars = Yaml::parse(file_get_contents($themeVarsPath));
  9. if (!is_array($yamlVars)) {
  1. }
  2. }
  3. public function isValid(): bool
  4. {
  5. //return 1 < count($this->getErrors());

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Craig Heydenburg
  6. return empty($this->getErrors());
  7. }
  8. public function getErrors(): array
  9. {
  1. $logger->addError("Could not send message to: ${emailList} :: " . $this->message->toString());
  2. }
  3. $this->eventDispatcher->dispatch($event, MailerEvents::SEND_MESSAGE_FAILURE);
  4. //throw new RuntimeException($this->trans('Error! A problem occurred while sending the e-mail message.'));

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Craig Heydenburg
  5. return false;
  6. }
  7. if ($this->dataValues['enableLogging']) {
  1. * MenuItemEntity constructor.
  2. */
  3. public function __construct()
  4. {
  5. $this->title = '';
  6. $this->options = []; /*new ArrayCollection();

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Guite
  7. $this->options = [
  8. 'routeParameters' => [],
  9. 'attributes' => [],
  10. 'linkAttributes' => [],
  11. 'childrenAttributes' => [],
  1. if ($this->has($bundleName)) {
  2. try {
  3. $menu = $this->extensionMenus[$bundleName]->get($type);
  4. } catch (\Exception $exception) {
  5. // do nothing
  6. //throw $exception;

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Axel Guckelsberger
  7. return null;
  8. }
  9. // fire event here to add more menu items like hooks, moduleServices, etc
  10. $event = new ExtensionMenuEvent($bundleName, $type, $menu);
  1. $record['instance'] = ':(ZikulaRssTheme|ZikulaPrinterTheme|ZikulaAtomTheme):';
  2. $record['level'] = ACCESS_COMMENT; // 300
  3. $this->entityManager->persist($record);
  4. $lastPerm->setSequence($record->getSequence() + 1);
  5. $this->entityManager->flush();
  6. //$this->addFlash('success', 'A permission rule was added to allow users access to "utility" themes. Please check the sequence.');

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Axel Guckelsberger
  7. case '1.1.2':
  8. case '1.2.0':
  9. case '1.2.1':
  10. $this->delVar('rowview');
  1. $transConfigNew['configs'][mb_strtolower($bundle->getName())] = $bundleConfig;
  2. }
  3. foreach ($this->kernel->getThemes() as $bundle) {
  4. // lets include core themes as they need translation as all other themes, too
  5. // (/system is included in "zikula" config while /themes is not)
  6. /*if (in_array($bundle->getName(), ['ZikulaBootstrapTheme', 'ZikulaAtomTheme', 'ZikulaPrinterTheme', 'ZikulaRssTheme'], true)) {

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Axel Guckelsberger
  7. continue;
  8. }*/
  9. $bundleConfig = $configTemplate;
  10. $translationDirectory = $bundle->getPath() . '/Resources/translations';
  11. $bundleConfig['output_dir'] = $translationDirectory;
  1. }
  2. $response = $event->getResponse();
  3. $response->headers->set('X-Frame-Options', $this->xFrameOptions);
  4. //$response->headers->set('X-Content-Security-Policy', "frame-ancestors 'self'");

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Guite
  5. $response->headers->set('X-XSS-Protection', '1');
  6. }
  7. }
  1. }
  2. private function protectFile(string $filePath): void
  3. {
  4. return; // see #4099
  5. //@chmod($filePath, 0400);

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Open Issue Permalink
    Last edited by Axel Guckelsberger
  6. //if (!is_readable($filePath)) {
  7. @chmod($filePath, 0440);
  8. if (!is_readable($filePath)) {
  9. @chmod($filePath, 0444);
  10. }

Unused method, property, variable or parameter 11

More information: https://insight.symfony.com/what-we-analyse/php.unused_local_variable_or_private_member

  1. ) {
  2. $this->factory = $factory;
  3. $this->permissionApi = $permissionApi;
  4. }
  5. public function createAdminMenu(array $options = []): ItemInterface

    This options argument is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Guite
  6. {
  7. $menu = $this->factory->createItem('bootstrapThemeAdminMenu');
  8. $menu->setChildrenAttribute('class', 'navbar-nav');
  9. $menu->addChild('Home', ['route' => 'home']);
  10. if ($this->permissionApi->hasPermission('ZikulaSettingsModule::', '::', ACCESS_ADMIN)) {
  1. $this->setTranslator($translator);
  2. $this->factory = $factory;
  3. $this->capabilityApi = $capabilityApi;
  4. }
  5. public function createAdminMenu(array $options): ItemInterface

    This options argument is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Guite
  6. {
  7. // @see https://gist.github.com/nateevans/9958390
  8. $menu = $this->factory->createItem('menuModuleAdminMenu');
  9. $menu->setChildrenAttribute('class', 'nav navbar-nav');
  1. $args['commandName'] = 'submit';
  2. $this->repeatCreateAction = true;
  3. }
  4. $action = $args['commandName'];
  5. $isRegularAction = 'delete' !== $action;

    This isRegularAction local variable is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Guite
  6. $this->fetchInputData();
  7. $success = $this->applyAction($args);
  8. if (!$success) {
  1. }
  2. /**
  3. * Returns an array of additional template variables for view quick navigation forms.
  4. */
  5. protected function getViewQuickNavParametersForRoute(string $context = '', array $args = []): array

    This args argument is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Guite
  6. {
  7. $parameters = [];
  8. $request = $this->requestStack->getCurrentRequest();
  9. if (null === $request) {
  10. return $parameters;
  1. }
  2. /**
  3. * Returns an array of additional template variables for view quick navigation forms.
  4. */
  5. protected function getViewQuickNavParametersForRoute(string $context = '', array $args = []): array

    This context argument is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Guite
  6. {
  7. $parameters = [];
  8. $request = $this->requestStack->getCurrentRequest();
  9. if (null === $request) {
  10. return $parameters;
  1. /**
  2. * Returns an array of all allowed object types in ZikulaRoutesModule.
  3. *
  4. * @return string[] List of allowed object types
  5. */
  6. public function getObjectTypes(string $context = '', array $args = []): array

    This args argument is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Guite
  7. {
  8. $allowedContexts = ['controllerAction', 'api', 'helper', 'actionHandler', 'block', 'contentType', 'mailz'];
  9. if (!in_array($context, $allowedContexts, true)) {
  10. $context = 'controllerAction';
  11. }
  1. }
  2. /**
  3. * Returns the default object type in ZikulaRoutesModule.
  4. */
  5. public function getDefaultObjectType(string $context = '', array $args = []): string

    This args argument is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Guite
  6. {
  7. $allowedContexts = ['controllerAction', 'api', 'helper', 'actionHandler', 'block', 'contentType', 'mailz'];
  8. if (!in_array($context, $allowedContexts, true)) {
  9. $context = 'controllerAction';
  10. }
  1. /**
  2. * Filters a given collection of entities based on different permission checks.
  3. *
  4. * @param array|ArrayCollection $entities The given list of entities
  5. */
  6. public function filterCollection($objectType, $entities, int $permissionLevel, int $userId = null): array

    This objectType argument is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Guite
  7. {
  8. $filteredEntities = [];
  9. foreach ($entities as $routes) {
  10. if (!$this->hasEntityPermission($routes, $permissionLevel, $userId)) {
  11. continue;
  1. }
  2. /**
  3. * Returns a translatable title for a certain action.
  4. */
  5. protected function getTitleForAction(string $currentState, string $actionId): string

    This currentState argument is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Guite
  6. {
  7. $title = '';
  8. switch ($actionId) {
  9. case 'submit':
  10. $title = $this->translator->trans('Submit');
  1. $entity = $event->getSubject();
  2. if (!$this->isEntityManagedByThisBundle($entity) || !method_exists($entity, 'get_objectType')) {
  3. return;
  4. }
  5. $objectType = $entity->get_objectType();

    This objectType local variable is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Axel Guckelsberger
  6. $permissionLevel = ACCESS_READ;
  7. $transitionName = $event->getTransition()->getName();
  8. $hasApproval = false;
  1. 'combined_assets',
  2. $this->lifetime,
  3. $this->kernel->getCacheDir() . '/assets/' . $type
  4. );
  5. $key = md5(serialize($assets)) . (int)$this->minify . (int)$this->compress . $this->lifetime . '.combined.' . $type;
  6. $data = $cacheService->get($key, function() use ($cachedFiles, $type) {

    This data local variable is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Guite
  7. $data = [];
  8. foreach ($cachedFiles as $k => $file) {
  9. $this->readFile($data, $file, $type);
  10. // avoid exposure of absolute server path
  11. $pathParts = explode($this->rootDir, $file);

PHP code should follow PSR-1 basic coding standard 2

More information: https://insight.symfony.com/what-we-analyse/php.psr1

  1. */
  2. public function __construct()
  3. {
  4. }
  5. public function get_objectType(): string

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Guite
  6. {
  7. return $this->_objectType;
  8. }
  9. public function set_objectType(string $_objectType): void
  1. public function get_objectType(): string
  2. {
  3. return $this->_objectType;
  4. }
  5. public function set_objectType(string $_objectType): void

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Guite
  6. {
  7. if ($this->_objectType !== $_objectType) {
  8. $this->_objectType = $_objectType ?? '';
  9. }
  10. }