diff --git a/src/Controller/Admin/DataObject/ClassController.php b/src/Controller/Admin/DataObject/ClassController.php index 2bd78f92..c5fa7a0f 100644 --- a/src/Controller/Admin/DataObject/ClassController.php +++ b/src/Controller/Admin/DataObject/ClassController.php @@ -1820,6 +1820,9 @@ public function getIconsAction(Request $request, EventDispatcherInterface $event for ($i = $startIndex; $i < $limit; $i++) { $icon = $icons[$i]; $content = file_get_contents(OPENDXP_WEB_ROOT . $icon); + if ($content === false) { + continue; + } $result[] = [ 'text' => sprintf( '', diff --git a/src/Controller/Admin/DataObject/QuantityValueController.php b/src/Controller/Admin/DataObject/QuantityValueController.php index 9bd3971e..354cc1c4 100644 --- a/src/Controller/Admin/DataObject/QuantityValueController.php +++ b/src/Controller/Admin/DataObject/QuantityValueController.php @@ -27,6 +27,7 @@ use Symfony\Component\HttpFoundation\JsonResponse; use Symfony\Component\HttpFoundation\Request; use Symfony\Component\HttpFoundation\Response; +use Symfony\Component\HttpKernel\Exception\BadRequestHttpException; use Symfony\Component\Routing\Attribute\Route; /** @@ -46,6 +47,9 @@ public function unitImportAction(Request $request): JsonResponse $uploadFile = $request->files->get('Filedata'); $json = file_get_contents($uploadFile->getPathname()); + if ($json === false) { + throw new BadRequestHttpException('Failed to read file'); + } $success = $this->service->importDefinitionFromJson($json); $response = $this->adminJson(['success' => $success]); $response->headers->set('Content-Type', 'text/html'); @@ -126,10 +130,14 @@ public function unitProxyAction(Request $request): JsonResponse $this->checkPermission('quantityValueUnits'); if ($request->request->has('data')) { + $data = json_decode($request->request->get('data'), true); + if (!is_array($data)) { + throw new BadRequestHttpException('Invalid data format'); + } + $id = $data['id']; + $unit = Unit::getById($id); + if ($request->query->get('xaction') === 'destroy') { - $data = json_decode($request->request->get('data'), true); - $id = $data['id']; - $unit = \OpenDxp\Model\DataObject\QuantityValue\Unit::getById($id); if (!empty($unit)) { $unit->delete(); @@ -139,8 +147,6 @@ public function unitProxyAction(Request $request): JsonResponse throw new Exception('Unit with id ' . $id . ' not found.'); } if ($request->query->get('xaction') === 'update') { - $data = json_decode($request->request->get('data'), true); - $unit = Unit::getById($data['id']); if (!empty($unit)) { if (($data['baseunit'] ?? null) == -1) { $data['baseunit'] = null; @@ -151,15 +157,14 @@ public function unitProxyAction(Request $request): JsonResponse return $this->adminJson(['data' => $unit->getObjectVars(), 'success' => true]); } - throw new Exception('Unit with id ' . $data['id'] . ' not found.'); + throw new Exception('Unit with id ' . $id . ' not found.'); } if ($request->query->get('xaction') === 'create') { - $data = json_decode($request->request->get('data'), true); if (isset($data['baseunit']) && $data['baseunit'] === -1) { $data['baseunit'] = null; } - $id = $data['id']; - if (Unit::getById($id)) { + + if ($unit instanceof Unit) { throw new Exception('unit with ID [' . $id . '] already exists'); } if (mb_strlen($id) > 50) { diff --git a/src/GDPR/DataProvider/Assets.php b/src/GDPR/DataProvider/Assets.php index fa4fe118..9b62ecda 100644 --- a/src/GDPR/DataProvider/Assets.php +++ b/src/GDPR/DataProvider/Assets.php @@ -64,6 +64,9 @@ public function doExportData(Asset $asset): Response foreach (array_keys($this->exportIds) as $id) { $theAsset = Asset::getById((int) $id); + if (!$theAsset instanceof Asset) { + continue; + } $resultItem = Exporter::exportAsset($theAsset); $resultItem = json_encode($resultItem); diff --git a/src/GDPR/DataProvider/DataObjects.php b/src/GDPR/DataProvider/DataObjects.php index c34196fa..12c21771 100644 --- a/src/GDPR/DataProvider/DataObjects.php +++ b/src/GDPR/DataProvider/DataObjects.php @@ -62,13 +62,17 @@ public function doExportData(AbstractObject $object): array if (!empty($this->exportIds['object'])) { foreach (array_keys($this->exportIds['object']) as $id) { $object = AbstractObject::getById((int)$id); - $exportResult[] = Exporter::exportObject($object); + if ($object instanceof AbstractObject) { + $exportResult[] = Exporter::exportObject($object); + } } } if (!empty($this->exportIds['image'])) { foreach (array_keys($this->exportIds['image']) as $id) { $theAsset = Asset::getById((int) $id); - $exportResult[] = Exporter::exportAsset($theAsset); + if ($theAsset instanceof Asset) { + $exportResult[] = Exporter::exportAsset($theAsset); + } } } diff --git a/src/Twig/Extension/AdminExtension.php b/src/Twig/Extension/AdminExtension.php index a0c3c4dc..e13a8530 100644 --- a/src/Twig/Extension/AdminExtension.php +++ b/src/Twig/Extension/AdminExtension.php @@ -135,7 +135,14 @@ public function getLoginBackgroundImage(string $overwrite = ''): string #[\Twig\Attribute\AsTwigFilter('opendxp_inline_icon')] public function inlineIcon(string $icon): string { + if (!is_file($icon)) { + return ''; + } + $content = file_get_contents($icon); + if ($content === false) { + return ''; + } return sprintf( '',