Code should not be duplicated 2

  • Minor
  • Architecture

More information: https://insight.sensiolabs.com/what-we-analyse/php.duplicated_code

  1. )
  2. );
  3. }
  4. // Make sure the passwords are identical and some other check, with a custom validator..
  5. $form->addEventListener(

    The next 25 lines appear both in src/Controllers/Backend.php:1254 and src/Controllers/Backend.php:1375.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  6. FormEvents::POST_SUBMIT,
  7. function (FormEvent $event) use ($app) {
  8. $form = $event->getForm();
  9. $id = $form['id']->getData();
  10. $pass1 = $form['password']->getData();
  1. if (!$app['users']->checkAvailability('username', $form['username']->getData(), $id)) {
  2. $form['username']->addError(new FormError(Trans::__('page.edit-users.error.username-used')));
  3. }
  4. // Email addresses must be unique..
  5. if (!$app['users']->checkAvailability('email', $form['email']->getData(), $id)) {

    The next 23 lines appear both in src/Controllers/Backend.php:1280 and src/Controllers/Backend.php:1399.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  6. $form['email']->addError(new FormError(Trans::__('page.edit-users.error.email-used')));
  7. }
  8. // Displaynames must be unique..
  9. if (!$app['users']->checkAvailability('displayname', $form['displayname']->getData(), $id)) {

Source code should not contain TODO comments 52

  • Minor
  • Architecture

More information: https://insight.sensiolabs.com/what-we-analyse/task_todo_comment

  1. } else {
  2. $relations = null;
  3. }
  4. /**
  5. * TODO: Set the amount of items to show per page.

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by bobdenotter
  6. * if (empty($contenttype['recordsperpage'])) {
  7. * $limit = $app['config']->get('general/recordsperpage');
  8. * } else {
  9. * $limit = $contenttype['recordsperpage'];
  10. * }
  1. if (empty($contenttype)) {
  2. // Case 1: No content type given, show from *all* items.
  3. // This is easy:
  4. $title = Trans::__('All content types');
  5. $logEntries = $app['storage']->getChangelog($options);
  6. // @todo: Unused in template. Leave it in for now

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  7. $itemcount = $app['storage']->countChangelog($options);
  8. } else {
  9. // We have a content type, and possibly a contentid.
  10. $contenttypeObj = $app['storage']->getContentType($contenttype);
  11. if ($contentid) {
  1. $content = $app['storage']->getContent($contenttype, array('id' => $contentid, 'hydrate' => false));
  2. $options['contentid'] = $contentid;
  3. }
  4. // Getting a slice of data and the total count
  5. $logEntries = $app['storage']->getChangelogByContentType($contenttype, $options);
  6. // @todo: Unused in template. Leave it in for now

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  7. $itemcount = $app['storage']->countChangelogByContentType($contenttype, $options);
  8. // The page title we're sending to the template depends on a few
  9. // things: if no contentid is given, we'll use the plural form
  10. // of the content type; otherwise, we'll derive it from the
in src/Content.php, line 210
  1. return;
  2. }
  3. if (in_array($key, array('datecreated', 'datechanged', 'datepublish', 'datedepublish'))) {
  4. if (!preg_match("/(\d{4})-(\d{2})-(\d{2}) (\d{2}):(\d{2}):(\d{2})/", $value)) {
  5. // @todo Try better date-parsing, instead of just setting it to

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  6. // 'now' (or 'the past' for datedepublish)
  7. if ($key == 'datedepublish') {
  8. $value = date("1900-01-01 00:00:00");
  9. } else {
  10. $value = date("Y-m-d H:i:s");
in src/Content.php, line 278
  1. unset($values['taxonomy']);
  2. unset($values['taxonomy-order']);
  3. }
  4. // Get the relations from the POST-ed values.
  5. // @todo use $this->setRelation() for this

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Bob den Otter
  6. if (!empty($values['relation'])) {
  7. $this->relation = $values['relation'];
  8. unset($values['relation']);
  9. } else {
  10. $this->relation = array();
in src/Content.php, line 286
  1. unset($values['relation']);
  2. } else {
  3. $this->relation = array();
  4. }
  5. // @todo check for allowed file types..

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Bob den Otter
  6. // Handle file-uploads.
  7. if (!empty($_FILES)) {
  8. foreach ($_FILES as $key => $file) {
in src/Content.php, line 1221
  1. }
  2. /**
  3. * ArrayAccess support
  4. *
  5. * @todo we could implement an setDecodedValue() function to do the encoding here

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Marcel Wouters
  6. */
  7. public function offsetSet($offset, $value)
  8. {
  9. $this->values[$offset] = $value;
  10. }
in src/Application.php, line 287
  1. function () {
  2. return new Stopwatch\Stopwatch();
  3. }
  4. );
  5. // @todo: make a provider for the Random generator..

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Rixbeck
  6. }
  7. public function initExtensions()
  8. {
  9. $this['extensions']->initialize();
  1. <li>{{ __('Class:') }} {{ context.class }}</li>
  2. <li>{{ __('Message:') }} <strong>{{ context.message }}</strong></li>
  3. <li>{{ __('Code:') }} {{ context.code }}</li>
  4. </ul>
  5. {# @TODO: This perhaps is better checked in the ErrorHandler and an empty trace array would be delivered #}

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by bobdenotter
  6. {% if app.config.get('general/debug') and app.session.get('user') is not null %}
  7. {% for i in context.trace %}
  8. {% if i.line is defined and i.class is defined %}
  9. <p>
  10. <strong>{{ i.class }}{{ i.type }}{{ i.function }}()</strong><br>
in app/view/js/bolt.js, line 297
  1. var videoembedtimeout;
  2. function bindVideoEmbedAjax(key) {
  3. // oembed endpoint http://api.embed.ly/1/oembed?format=json&callback=:callbackurl=
  4. // @todo make less dependant on key.

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  5. var endpoint = 'http://api.embed.ly/1/oembed?format=json&key=51fa004148ad4d05b115940be9dd3c7e&url=',
  6. val = $('#video-' + key).val(),
  7. url = endpoint + encodeURI(val);
  8. // If val is emptied, clear the video fields.
in app/view/js/bolt.js, line 1092
  1. // If we are on the files table, remove image row from the table, as visual feedback
  2. if (element !== null) {
  3. $(element).closest('tr').slideUp();
  4. }
  5. // TODO delete from Stack if applicable

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  6. },
  7. error: function () {
  8. console.log('Failed to delete the file from the server');
  9. }
in app/view/js/bolt.js, line 1606
  1. }
  2. },
  3. /*
  4. * Notice when (auto)depublish date is in the past
  5. * TODO: add timer, to check depublish date has passed during editing.

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Bob den Otter
  6. *
  7. * @returns {undefined}
  8. */
  9. depublishTracking: function () {
  10. var noticeID = 'dateDepublishNotice',
in app/view/js/bolt.js, line 2306
  1. * Show 'dropzone' for jQuery file uploader.
  2. *
  3. * @returns {undefined}
  4. */
  5. dropZone: function () {
  6. // @todo make it prettier, and distinguish between '.in' and '.hover'.

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  7. $(document).bind('dragover', function (e) {
  8. var dropZone = $('.dropzone'),
  9. timeout = window.dropZoneTimeout;
  10. if (!timeout) {
  11. dropZone.addClass('in');
  1. if ( event.ctrlKey && special !== "ctrl" ) {
  2. modif += "ctrl_";
  3. }
  4. // TODO: Need to make sure this works consistently across platforms

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Bob den Otter
  5. if ( event.metaKey && !event.ctrlKey && special !== "meta" ) {
  6. modif += "meta_";
  7. }
  8. if ( event.shiftKey && special !== "shift" ) {
  1. }
  2. },
  3. /*
  4. * Notice when (auto)depublish date is in the past
  5. * TODO: add timer, to check depublish date has passed during editing.

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by GDmac
  6. *
  7. * @returns {undefined}
  8. */
  9. depublishTracking: function () {
  10. var noticeID = 'dateDepublishNotice',
  1. * Show 'dropzone' for jQuery file uploader.
  2. *
  3. * @returns {undefined}
  4. */
  5. dropZone: function () {
  6. // @todo make it prettier, and distinguish between '.in' and '.hover'.

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  7. $(document).bind('dragover', function (e) {
  8. var dropZone = $('.dropzone'),
  9. timeout = window.dropZoneTimeout;
  10. if (!timeout) {
  11. dropZone.addClass('in');
  1. // If we are on the files table, remove image row from the table, as visual feedback
  2. if (element !== null) {
  3. $(element).closest('tr').slideUp();
  4. }
  5. // TODO delete from Stack if applicable

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  6. },
  7. error: function () {
  8. console.log('Failed to delete the file from the server');
  9. }
  1. var videoembedtimeout;
  2. function bindVideoEmbedAjax(key) {
  3. // oembed endpoint http://api.embed.ly/1/oembed?format=json&callback=:callbackurl=
  4. // @todo make less dependant on key.

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  5. var endpoint = 'http://api.embed.ly/1/oembed?format=json&key=51fa004148ad4d05b115940be9dd3c7e&url=',
  6. val = $('#video-' + key).val(),
  7. url = endpoint + encodeURI(val);
  8. // If val is emptied, clear the video fields.
  1. // CodeMirror, copyright (c) by Marijn Haverbeke and others
  2. // Distributed under an MIT license: http://codemirror.net/LICENSE
  3. // TODO actually recognize syntax of TypeScript constructs

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Bob den Otter
  4. (function(mod) {
  5. if (typeof exports == "object" && typeof module == "object") // CommonJS
  6. mod(require("../../lib/codemirror"));
  7. else if (typeof define == "function" && define.amd) // AMD
  1. }
  2. /**
  3. *
  4. * TODO: Everything below is copy/pasted from bolt.css, and needs to be reworked into the correct locations.

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Bob den Otter
  5. *
  6. */
  7. /* Login Page */
  1. <option{{ macro.attr(attr_opt) }}>{{ is_array ? value[1] : value }}</option>
  2. {% endfor %}
  3. </select>
  4. <div>{# TODO: move onclick-events to JS #}

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  5. <a href="#" class="btn btn-default btn-xs" onclick="jQuery('#{{ key }} option').prop('selected', true); return false;">
  6. <i class="fa fa-fw fa-check-square-o"></i>{{ __("Select all") }}
  7. </a>
  8. <a href="#" class="btn btn-default btn-xs" onclick="jQuery('#{{ key }} option').prop('selected', false); return false;">
  9. <i class="fa fa-fw fa-square-o"></i>{{ __("Select none") }}
  1. </select>
  2. {% if taxonomy.multiple is defined and taxonomy.multiple == 1 %}
  3. <label><span class="left" style="line-height: 1px;">&nbsp;</span></label>
  4. <div style="margin-top: -14px;">{# TODO:onclick-events to JS #}

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Xiao Hu Tai
  5. <a href="#" class="btn btn-default btn-xs" onclick="jQuery('#taxonomy-{{taxonomy.slug}} option').prop('selected', true); return false;">
  6. <i class="fa fa-fw fa-check-square-o"></i>{{ __("Select all") }}
  7. </a>
  8. <a href="#" class="btn btn-default btn-xs" onclick="jQuery('#taxonomy-{{taxonomy.slug}} option').prop('selected', false); return false;">
  9. <i class="fa fa-fw fa-square-o"></i>{{ __("Select none") }}
  1. </tr>
  2. {% endif %}
  3. {% endfor %}
  4. </tbody>
  5. </table>
  6. {# todo: pagination, limit, offset? #}

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  7. {% endif %}
  8. {% if not has_results and context.query %}
  9. <p>{{ __("No results found for '%search%'. Please try another search.", { '%search%': context.query|escape }) }}</p>
  10. {% elseif not has_results %}
  1. <a class="btn btn-default" href="{{ path('editcontent', {'contenttypeslug': context.contenttype.slug, 'id': context.id }) }}">
  2. <i class="fa fa-edit"></i> {{ __('contenttypes.generic.edit', {'%contenttype%': context.contenttype.slug}) }}
  3. </a>
  4. {% endif %}
  5. {# TODO: add filtering

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  6. {% if request('filter') or request('order') %}
  7. <a class="btn" href="?">{{ __('Clear sort/filter') }}</a>
  8. {% endif %}
  9. <form class="form-inline" style="margin-top:15px;">
  1. {% block page_subtitle context.name ~ ' › '~ context.title %}
  2. {% block page_main %}
  3. {# TODO: add pager

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  4. <div class="row">
  5. <div class="col-xs-12">
  6. <h1 class="page-header">
  7. {% if pager is defined and pager.totalpages > 1 %}
  8. <span>
  1. <div class="row">
  2. <div class="col-xs-12">
  3. {% if context.show_contenttype %}
  4. <div class="col-md-9">
  5. {% include 'relatedto/_toolbar.twig' %}
  6. {# TODO: add order #}

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  7. {{ list(context.show_contenttype, context.related_content, '') }}
  8. </div>
  9. <aside class="col-md-3">
  10. {% include 'relatedto/_panel-actions_relatedto.twig' %}
in src/ChangelogItem.php, line 131
  1. }
  2. /**
  3. * ArrayAccess support
  4. *
  5. * @todo we could implement an setDecodedValue() function to do the encoding here

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Tobias Dammers
  6. */
  7. public function offsetSet($offset, $value)
  8. {
  9. $this->$offset = $value;
  10. }
in src/Config.php, line 205
  1. $this->app['resources']->initializeConfig($config);
  2. $paths = $this->app['resources']->getPaths();
  3. $themeConfigFile = $paths['themepath'] . '/config.yml';
  4. $config['theme'] = $this->parseConfigYaml($themeConfigFile, array(), false);
  5. // @todo: If no config files can be found, get them from bolt.cm/files/default/

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Bob den Otter
  6. $this->paths = $this->app['resources']->getPaths();
  7. $this->setDefaults();
  8. // Make sure old settings for 'contentsCss' are still picked up correctly
  1. $output = str_replace('%error_title%', 'Bolt - Fatal Error', $html);
  2. $message = nl2br($message);
  3. $output = str_replace('%error%', $message, $output);
  4. $output = str_replace('%info%', $info, $output);
  5. // TODO: Information disclosure vulnerability. A misconfigured system

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Rixbeck
  6. // will give an attacker detailed information about the state of the
  7. // system.
  8. // Suggested solution: in the config file, provide a whitelist of hosts
  9. // that may access the self-configuration functionality, and only
  10. // expose the information to hosts on the whitelist.
  1. // Start the 'stopwatch' for the profiler.
  2. $app['stopwatch']->start('bolt.async.before');
  3. // Only set which endpoint it is, if it's not already set. Which it is, in cases like
  4. // when it's embedded on a page using {{ render() }}
  5. // @todo Is this still needed?

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Ross Riley
  6. if (empty($app['end'])) {
  7. $app['end'] = "asynchronous";
  8. }
  9. // If there's no active session, don't do anything..
  1. $this->next_run_time[$interim] = $this->runtime;
  2. $this->insert[$interim] = true;
  3. } else {
  4. $this->next_run_time[$interim] = $this->getNextIterimRunTime($interim, $result['lastrun']);
  5. // @TODO remove this in v3.0

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Gawain Lynch
  6. // Update old record types
  7. if ($result['interim'] == $oldname) {
  8. $this->insert[$interim] = true;
  9. } else {
  10. $this->insert[$interim] = false;
  1. * Add routes from a configuration file.
  2. */
  3. class Routing implements ControllerProviderInterface
  4. {
  5. // Dirty trick to allow for easy route-requirements
  6. // @todo fix this (create service, abstract away, figure something else..)

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Marcel Wouters
  7. private static $app = false;
  8. /**
  9. * Connect this controller to the application
  10. */
  1. $tables = array();
  2. $authtokenTable = $schema->createTable($this->prefix . 'authtoken');
  3. $authtokenTable->addColumn('id', 'integer', array('autoincrement' => true));
  4. $authtokenTable->setPrimaryKey(array('id'));
  5. // TODO: addColumn("userid"...), phase out referencing users by username

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Tobias Dammers
  6. $authtokenTable->addColumn('username', 'string', array('length' => 32, 'default' => ''));
  7. $authtokenTable->addIndex(array('username'));
  8. $authtokenTable->addColumn('token', 'string', array('length' => 128));
  9. $authtokenTable->addColumn('salt', 'string', array('length' => 128));
  10. $authtokenTable->addColumn('lastseen', 'datetime', array('default' => '1900-01-01 00:00:00'));
  1. }
  2. // Ugh, for some reason the foldername for the theme is included twice. Why?
  3. // For now we 'fix' this with an ugly hack, replacing it. :-/
  4. // TODO: dig into Filesystem and figure out why this happens.

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Bob den Otter
  5. $pathsegments = explode('/', $entry['path']);
  6. if (!empty($pathsegments[0])) {
  7. $url = str_replace('/' . $pathsegments[0] . '/' . $pathsegments[0] . '/', '/' . $pathsegments[0] . '/', $url);
  8. }
in src/Omnisearch.php, line 12
  1. use Bolt\Translation\Translator as Trans;
  2. /**
  3. * Simple search implementation for the Bolt backend.
  4. *
  5. * TODO:

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Bob den Otter
  6. * - permissions
  7. * - a config.yml for search options
  8. *
  9. * @author Xiao-HuTai, xiao@twokings.nl
  10. *
in src/Omnisearch.php, line 51
  1. $this->app = $app;
  2. $this->backend = $app['paths']['bolt'];
  3. $this->initialize();
  4. // todo: config.yml

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Bob den Otter
  5. }
  6. public function initialize()
  7. {
  8. $this->initContenttypes();
in src/Omnisearch.php, line 284
  1. $options[] = $item;
  2. }
  3. }
  4. if ($this->showLandingpage) {
  5. // todo: Do we want to add this at the beginning, at the end,

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Xiao Hu Tai
  6. // or maybe after x results.
  7. $options[] = array(
  8. 'keywords' => array('Omnisearch'),
  9. 'label' => sprintf("%s", Trans::__('Omnisearch')),
  1. $arguments = array();
  2. foreach (array_chunk($array->getIterator()->getArrayCopy(), 2) as $pair) {
  3. if (count($pair) == 2) {
  4. $key = $pair[0]->getAttribute('value');
  5. $value = $pair[1]->getAttribute('value'); // @todo support for multiple types

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Bob den Otter
  6. $arguments[$key] = $value;
  7. }
  8. }
in src/Storage.php, line 950
  1. $tags_query_2 = implode(' OR ', $tags_where);
  2. $tags_query = sprintf(' OR (%s AND (%s))', $tags_query_1, $tags_query_2);
  3. }
  4. // Build filter 'WHERE"
  5. // @todo make relations work as well

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Marcel Wouters
  6. $filter_where = array();
  7. if (!is_null($filter)) {
  8. foreach ($fields as $field => $fieldconfig) {
  9. if (isset($filter[$field])) {
  10. $filter_where[] = $this->parseWhereParameter($table . '.' . $field, $filter[$field]);
in src/Storage.php, line 1145
  1. $where[] = $this->parseWhereParameter($key, $value);
  2. }
  3. // @todo update with nice search string

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by pvankouteren
  4. // If we need to filter, add the WHERE for that.
  5. // Meh, InnoDB doesn't support full text search.
  6. if (!empty($parameters['filter'])) {
  7. $filter = $this->app['db']->quote($parameters['filter']);
in src/Storage.php, line 1210
  1. $content = array();
  2. foreach ($rows as $row) {
  3. $content[$row['id']] = $this->getContentObject($contenttype, $row);
  4. }
  5. // TODO: Check if we need to hydrate here!

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Bob den Otter
  6. // Make sure all content has their taxonomies and relations
  7. $this->getTaxonomy($content);
  8. $this->getRelation($content);
in src/Storage.php, line 1281
  1. $query = $this->app['db']->getDatabasePlatform()->modifyLimitQuery($query, $limit, ($page - 1) * $limit);
  2. $taxorows = $this->app['db']->fetchAll($query);
  3. if (!empty($parameters['printquery'])) {
  4. // @todo formalize this

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Bob den Otter
  5. echo nl2br(htmlentities($query));
  6. }
  7. $content = array();
in src/Storage.php, line 1922
  1. }
  2. $offset = ($decoded['parameters']['page'] - 1) * $decoded['parameters']['limit'];
  3. $limit = $decoded['parameters']['limit'];
  4. // @todo this will fail when actually using params on certain databases

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Marcel Wouters
  5. $statement = $this->app['db']->getDatabasePlatform()->modifyLimitQuery($statement, $limit, $offset);
  6. } else if (!empty($decoded['parameters']['limit'])) {
  7. // If we're not paging, but we _did_ provide a limit.
  8. $limit = $decoded['parameters']['limit'];
  9. $statement = $this->app['db']->getDatabasePlatform()->modifyLimitQuery($statement, $limit);
in src/Storage.php, line 1931
  1. $limit = $decoded['parameters']['limit'];
  2. $statement = $this->app['db']->getDatabasePlatform()->modifyLimitQuery($statement, $limit);
  3. }
  4. if (!empty($decoded['parameters']['printquery'])) {
  5. // @todo formalize this

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Marcel Wouters
  6. echo nl2br(htmlentities($statement));
  7. }
  8. $rows = $this->app['db']->fetchAll($statement, $query['params']);
in src/Storage.php, line 2589
  1. foreach ($newslugs as $slug) {
  2. // If it's like 'desktop#10', split it into value and sortorder..
  3. list($slug, $sortorder) = explode('#', $slug . "#");
  4. // @todo clean up and/or refactor

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Xiao Hu Tai
  5. // If you save this content via anything other than the Bolt
  6. // backend (see Content->setFromPost), then taxonomies that
  7. // behave like groupings, will have their sortorders reset to 0.
  8. if ($configTaxonomies[$taxonomytype]['behaves_like'] == 'grouping' && empty($sortorder) && $sortorder !== '0') {
  9. $sortorder = $currentsortorder;
  1. }
  2. $this->addTranslatable($string);
  3. //
  4. // TODO: retrieve domain?
  5. }
  6. }

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  7. }
  8. }
  9. }
  10. }
  1. return $flattened;
  2. } catch (ParseException $e) {
  3. $this->app['session']->getFlashBag()->add('error', '<strong>Unable to parse the YAML translations</strong><br>' . $e->getMessage());
  4. // Todo: do something better than just returning an empty array
  5. }
  6. }

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  7. return array();
  8. }
  9. /**
in src/TwigExtension.php, line 701
  1. $options['order'] = $relationoptions['order'];
  2. $options['limit'] = 10000;
  3. $options['hydrate'] = false;
  4. }
  5. // @todo Perhaps make something more lightweight for this?

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Bob den Otter
  6. $results = $this->app['storage']->getContent($contenttype, $options);
  7. // Loop the array, set records in 'current' to have a 'selected' flag.
  8. if (!empty($current) && !empty($results)) {
  9. foreach ($results as $key => $result) {
in src/TwigExtension.php, line 741
  1. $thisPager = empty($pagerName) ? array_pop($pager) : $pager[$pagerName];
  2. $context = array(
  3. 'pager' => $thisPager,
  4. 'surr' => $surr, // TODO: rename to amountsurroundin, surroundamount, ...?

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  5. 'class' => $class,
  6. );
  7. /* Little hack to avoid doubling this function and having context without breaking frontend */
  8. if ($template == 'backend') {
in src/TwigExtension.php, line 795
  1. *
  2. * @param boolean $value
  3. */
  4. public function debugBar($value)
  5. {
  6. // @todo Should we enforce boolean values by using a === comparator?

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by pvankouteren
  7. // Make sure it's actually true or false;
  8. $value = ($value) ? true : false;
  9. $this->app['debugbar'] = $value;
  10. }
in src/YamlUpdater.php, line 176
  1. * Verify if the modified yaml is still a valid .yml file, and if we
  2. * are actually allowed to write and update the current file.
  3. */
  4. public function verify()
  5. {
  6. // @todo IMPLEMENT ME :'(

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by pvankouteren
  7. }
  8. /**
  9. * Save our modified .yml file.
  10. * @param bool $makebackup
in src/YamlUpdater.php, line 187
  1. * @return bool true if save was successful
  2. */
  3. public function save($makebackup = true)
  4. {
  5. if ($makebackup) {
  6. // TODO: make a backup..

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Bob den Otter
  7. }
  8. $tmpfile = $this->filename . '.tmp';
  9. file_put_contents($tmpfile, implode('', $this->file));

Include statements should not be used 3

  • Minor
  • Architecture

More information: https://insight.sensiolabs.com/what-we-analyse/symfony.include_statement_used

in src/Extensions.php, line 141
  1. if (is_readable($filepath)) {
  2. $files = include $filepath;
  3. foreach ($files as $file) {
  4. try {
  5. if (is_readable($file)) {
  6. require $file;

    Using include() or require() bypasses lazy-loading of third-party classes. Prefer using autoloading.

    Time to fix: about 3 hours
    Open Issue Permalink
    Last edited by Ross Riley
  7. }
  8. } catch (\Exception $e) {
  9. }
  10. }
  11. }
in src/Extensions.php, line 172
  1. ->depth('== 2');
  2. foreach ($finder as $file) {
  3. try {
  4. // Include the extensions core file
  5. require_once dirname($file->getRealpath()) . '/Extension.php';

    Using include() or require() bypasses lazy-loading of third-party classes. Prefer using autoloading.

    Time to fix: about 3 hours
    Open Issue Permalink
    Last edited by Gawain Lynch
  6. // Include the init file
  7. require_once $file->getRealpath();
  8. } catch (\Exception $e) {
  9. }
in src/Extensions.php, line 175
  1. try {
  2. // Include the extensions core file
  3. require_once dirname($file->getRealpath()) . '/Extension.php';
  4. // Include the init file
  5. require_once $file->getRealpath();

    Using include() or require() bypasses lazy-loading of third-party classes. Prefer using autoloading.

    Time to fix: about 3 hours
    Open Issue Permalink
    Last edited by Gawain Lynch
  6. } catch (\Exception $e) {
  7. }
  8. }
  9. }
  10. }

Version of dependencies should be fixed

  • Minor
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/composer.unfixed_dependency_version

Package ircmaxell/random-lib#dev-master is not fixed.

Time to fix: about 1 hour
Open Issue Permalink
Collective

Object parameters should be type hinted

  • Minor
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/php.object_parameter_not_type_hinted

  1. <?php
  2. namespace Bolt\Composer;
  3. class ExtensionInstaller
  4. {
  5. public static function handle($event)

    The parameter event, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Ross Riley
  6. {
  7. try {
  8. $installedPackage = $event->getOperation()->getPackage();
  9. } catch (\Exception $e) {
  10. return;

Error silenced by the at sign (@) 9

  • Minor
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/php.silenced_error

  1. htmlspecialchars($this->config->getPath('config'), ENT_QUOTES)
  2. );
  3. throw new LowlevelException($error);
  4. }
  5. if (!@copy($distname, $ymlname)) {

    Adding "@" before copy($distname, $ymlname) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Tobias Dammers
  6. $message = sprintf(
  7. "Couldn't create a new <code>%s</code>-file inside <code>%s</code>. Create the file manually by copying
  8. <code>%s</code>, and optionally make it writable to the user that the webserver is using.",
  9. htmlspecialchars($name . ".yml", ENT_QUOTES),
  10. htmlspecialchars($this->config->getPath('config'), ENT_QUOTES),
in src/Content.php, line 136
  1. );
  2. // Check if the values need to be unserialized, and pre-processed.
  3. foreach ($this->values as $key => $value) {
  4. if (in_array($this->fieldtype($key), $serialized_field_types)) {
  5. if (!empty($value) && is_string($value) && (substr($value, 0, 2) == "a:" || $value[0] === '[' || $value[0] === '{')) {
  6. $unserdata = @Lib::smartUnserialize($value);

    Adding "@" before \Bolt\Library::smartUnserialize($value) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  7. if ($unserdata !== false) {
  8. $this->values[$key] = $unserdata;
  9. }
  10. }
  11. }
in src/Content.php, line 186
  1. public function setValue($key, $value)
  2. {
  3. // Check if the value need to be unserialized..
  4. if (is_string($value) && substr($value, 0, 2) == "a:") {
  5. $unserdata = @Lib::smartUnserialize($value);

    Adding "@" before \Bolt\Library::smartUnserialize($value) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by rarila
  6. if ($unserdata !== false) {
  7. $value = $unserdata;
  8. }
  9. }
  1. }
  2. public function recordInstall($package, $version)
  3. {
  4. $url = sprintf($this->app['extend.site'].$this->urls['install'], $package, $version);
  5. @file_get_contents($url);

    Adding "@" before file_get_contents($url) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Ross Riley
  6. }
  7. }
in src/Library.php, line 42
  1. $new_path = array();
  2. foreach ($patharray as $item) {
  3. if ($item == '..') {
  4. // remove the previous element
  5. @array_pop($new_path);

    Adding "@" before array_pop($new_path) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Gawain Lynch
  6. } elseif ($item == 'http:') {
  7. // Don't break for URLs with http:// scheme
  8. $new_path[] = 'http:/';
  9. } elseif ($item == 'https:') {
  10. // Don't break for URLs with https:// scheme
in src/Library.php, line 253
  1. }
  2. // old-style serialized data; to be phased out, but leaving intact for
  3. // backwards-compatibility. Up until Bolt 1.5, we used to serialize certain
  4. // fields, so reading in those old records will still use the code below.
  5. @$data = unserialize($serialized_data);

    Adding "@" before $data = unserialize($serialized_data) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Gawain Lynch
  6. if (is_array($data)) {
  7. return $data;
  8. } else {
  9. $temp_serialized_data = preg_replace("/\r\n/", "\n", $serialized_data);
  10. if (@$data = unserialize($temp_serialized_data)) {
in src/Library.php, line 258
  1. @$data = unserialize($serialized_data);
  2. if (is_array($data)) {
  3. return $data;
  4. } else {
  5. $temp_serialized_data = preg_replace("/\r\n/", "\n", $serialized_data);
  6. if (@$data = unserialize($temp_serialized_data)) {

    Adding "@" before $data = unserialize($temp_serialized_data) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Gawain Lynch
  7. return $data;
  8. } else {
  9. $temp_serialized_data = preg_replace("/\n/", "\r\n", $serialized_data);
  10. if (@$data = unserialize($temp_serialized_data)) {
  11. return $data;
in src/Library.php, line 262
  1. $temp_serialized_data = preg_replace("/\r\n/", "\n", $serialized_data);
  2. if (@$data = unserialize($temp_serialized_data)) {
  3. return $data;
  4. } else {
  5. $temp_serialized_data = preg_replace("/\n/", "\r\n", $serialized_data);
  6. if (@$data = unserialize($temp_serialized_data)) {

    Adding "@" before $data = unserialize($temp_serialized_data) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Gawain Lynch
  7. return $data;
  8. } else {
  9. return false;
  10. }
  11. }
in src/Users.php, line 678
  1. */
  2. public function logout()
  3. {
  4. $this->session->getFlashBag()->set('info', Trans::__('You have been logged out.'));
  5. $this->session->remove('user');
  6. @$this->session->migrate(true);

    Adding "@" before $this->session->migrate(true) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Bob den Otter
  7. // Remove all auth tokens when logging off a user (so we sign out _all_ this user's sessions on all locations)
  8. try {
  9. $this->db->delete($this->authtokentable, array('username' => $this->currentuser['username']));
  10. } catch (\Exception $e) {

User specific files should not appear in .gitignore 3

  • Minor
  • Codestyle

More information: https://insight.sensiolabs.com/what-we-analyse/git.user_specific_ignored_file

in .gitignore, line 19
  1. composer.lock
  2. # Files related to testing, file-system cruft and temporary files.
  3. scrutinizer.phar
  4. php-cs-fixer.phar
  5. .DS_Store

    .DS_Store is user-specific and should not appear in a project .gitignore. Consider adding it to the user global .gitignore instead.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Bob den Otter
  6. .idea
  7. __*
  8. ._*
  9. web
  10. Vagrantfile
in .gitignore, line 20
  1. # Files related to testing, file-system cruft and temporary files.
  2. scrutinizer.phar
  3. php-cs-fixer.phar
  4. .DS_Store
  5. .idea

    .idea is user-specific and should not appear in a project .gitignore. Consider adding it to the user global .gitignore instead.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Bob den Otter
  6. __*
  7. ._*
  8. web
  9. Vagrantfile
  10. .vagrant*
in .gitignore, line 29
  1. Vagrantfile
  2. .vagrant*
  3. *.sublime-*
  4. /tags
  5. .*.swp
  6. .swp

    .swp is user-specific and should not appear in a project .gitignore. Consider adding it to the user global .gitignore instead.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Tobias Dammers
  7. *.lock
  8. .gitignore
  9. test/_log
  10. test/*/*Guy.php
  11. .buildpath

Unused method, property, variable or parameter

  • Minor
  • Deadcode

More information: https://insight.sensiolabs.com/what-we-analyse/php.unused_local_variable_or_private_member

  1. *
  2. * @param Request $request The Symfony Request
  3. * @param \Bolt\Application $app The appliction/container
  4. * @return mixed
  5. */
  6. public static function before(Request $request, \Bolt\Application $app)

    This request argument is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Marcel Wouters
  7. {
  8. // Start the 'stopwatch' for the profiler.
  9. $app['stopwatch']->start('bolt.frontend.before');
  10. // If there are no users in the users table, or the table doesn't exist. Repair

.htaccess should be avoided 2

  • Info
  • Performance

More information: https://insight.sensiolabs.com/what-we-analyse/web.apache_config

A .htaccess file has been spotted. You should consider moving it to the server configuration to improve global performances.

Time to fix: about 1 hour
Open Issue Permalink
Collective

A .htaccess file has been spotted. You should consider moving it to the server configuration to improve global performances.

Time to fix: about 1 hour
Open Issue Permalink
Collective