Issues in collection.class.php (master) - Issues in master - cantico/absences - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1940)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

programs/utilit/collection.class.php (6 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/************************************************************************
 * OVIDENTIA http://www.ovidentia.org                                   *
 ************************************************************************
 * Copyright (c) 2003 by CANTICO ( http://www.cantico.fr )              *
 *                                                                      *
 * This file is part of Ovidentia.                                      *
 *                                                                      *
 * Ovidentia is free software; you can redistribute it and/or modify    *
 * it under the terms of the GNU General Public License as published by *
 * the Free Software Foundation; either version 2, or (at your option)  *
 * any later version.													*
 *																		*
 * This program is distributed in the hope that it will be useful, but  *
 * WITHOUT ANY WARRANTY; without even the implied warranty of			*
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.					*
 * See the  GNU General Public License for more details.				*
 *																		*
 * You should have received a copy of the GNU General Public License	*
 * along with this program; if not, write to the Free Software			*
 * Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,*
 * USA.																	*
************************************************************************/

require_once dirname(__FILE__).'/record.class.php';



/**
 * 
 * @property string $name
 * @property string $description
 * @property string $id_cat
 *
 */
class absences_Collection extends absences_Record
{
	
	
	
	public static function getById($id)
	{
		$collection = new absences_Collection;
		$collection->id = $id;
		
		return $collection;
	}
	
	
	/**
	 * Table row as an array
	 * @return array
	 */
	public function getRow()
	{
		if (null === $this->row)
		{
			global $babDB;
			$res = $babDB->db_query('SELECT * FROM absences_collections WHERE id='.$babDB->quote($this->id));
			$this->setRow($babDB->db_fetch_assoc($res));
		}
	
		return $this->row;
	}
	
	/**
	 * @return absences_AgentIterator
	 */
	public function getAgentIterator()
	{
		require_once dirname(__FILE__).'/agent.class.php';
		$I = new absences_AgentIterator;
		$I->setCollection($this);
		
		return $I;
	}
	

	/**
	 * Add a vacation right to the collection
	 * @param	absences_Right	$right
	 * @return absences_Collection 
	 */
	public function addRight(absences_Right $right)

	{
		global $babDB;
		$babDB->db_queryWem('INSERT INTO absences_coll_rights (id_coll, id_right) VALUES ('.$babDB->quote($this->id).', '.$babDB->quote($right->id).')');
		
		$right->addMovement(sprintf(absences_translate('The collection %s has been linked to the right %s'), $this->name, $this->description));
		
		return $this;
	}
	
	/**
	 * Link all agents with the regime to the right given in parameter
	 * Must be used il a progress bar context
	 * 
	 * @param	absences_Right			$right
	 * @param   Widget_ProgressBar		$progress
	 * 
	 * @return absences_Collection
	 */
	public function linkAgentsToRight(absences_Right $right, Widget_ProgressBar $progress)

	{
		foreach($this->getAgentIterator() as $agent)
		{	
		    bab_setTimeLimit(5); // 5s per agent
		    
			/*@var $agent absences_Agent */
		    
			if ($agent->addRight($right))
			{
				try {
					$agent->addFixedEntry($right);
				} catch (absences_EntryException $e)
				{
					$agent = $e->entry->getAgent();
					echo bab_toHtml(sprintf(absences_translate('Failed to update the period for %s, %s (%s)'), 
							$agent->getName(), 
							$e->getMessage(),
							absences_DateTimePeriod($e->entry->date_begin, $e->entry->date_end))
					, BAB_HTML_ALL);
				}
			}

		}
		
		bab_setTimeLimit(60);
		
		return $this;
	}
	
	/**
	 * Mettre a jour la demande des agents de ce regime
	 * les agents sont deja lies au droit, mais il faut creer la demande si ce n'est pas deja fait pour les droits a date fixe
	 * 
	 * @param	absences_Right			$right
	 * @param   Widget_ProgressBar		$progress
	 */
	public function updateAgents(absences_Right $right, Widget_ProgressBar $progress)

	{
	    foreach ($this->getAgentIterator() as $agent) {
	        /*@var $agent absences_Agent */
	        
	        // per user time limit
	        bab_setTimeLimit(5);
	        ini_set('memory_limit', '256M'); // mises a jour caldav massives
	        
	        try {
	            $agent->addFixedEntryIfNotExists($right);
	        } catch (absences_EntryException $e)
	        {
	            
	            echo bab_toHtml(sprintf(absences_translate('Failed to update the period for %s, %s (%s)'),
	                    $agent->getName(),
	                    $e->getMessage(),
	                    absences_DateTimePeriod($e->entry->date_begin, $e->entry->date_end))
	                    , BAB_HTML_ALL);
	        } catch (Exception $e)
	        {
	            echo bab_toHtml($e->getMessage(), BAB_HTML_ALL);
	        }
	    }
	    
	    bab_setTimeLimit(30);
	}
	
	
	/**
	 * Remove vacation right from collection
	 * @param	absences_Right	$right
	 * @return absences_Collection
	 */
	public function removeRight(absences_Right $right)

	{
		global $babDB;
		$babDB->db_query('DELETE FROM absences_coll_rights WHERE id_coll='.$babDB->quote($this->id).' AND id_right='.$babDB->quote($right->id));
		
		$right->addMovement(sprintf(absences_translate('The collection %s has been unlinked from the right %s'), $this->name, $this->description));
		
		return $this;
	}
	
	/**
	 * Unlink all agents with the collection from the right given in parameter
	 * @param	absences_Right	$right
	 * @return absences_Collection
	 */
	public function unlinkAgentsFromRight(absences_Right $right)
	{
	    
		foreach($this->getAgentIterator() as $agent)
		{
		    bab_setTimeLimit(5);

			if ($agent->removeRight($right))
			{
				$agent->removeFixedEntry($right);
			}
		}
		
		bab_setTimeLimit(10);
		
		return $this;
	}
	
	
	/**
	 * Test if agent is linked to collection
	 * @param absences_Agent $agent
	 * @return bool
	 */
	public function isLinkedToAgent(absences_Agent $agent)
	{
		require_once dirname(__FILE__).'/agent.class.php';
		
		return (((int) $agent->id_coll) === ((int) $this->id));
	}
	
	/**
	 * Test if right is linked to collection
	 * @param absences_Right $right
	 * @return boolean
	 */
	public function isLinkedToRight(absences_Right $right)

	{
		require_once dirname(__FILE__).'/collection_right.class.php';
		
		$link = new absences_CollectionRight;
		$link->setCollection($this);
		$link->setRight($right);
		$row = $link->getRow();
		
		if ($row)

		{
			return true;
		}
		return false;
	}
	
	
}










class absences_CollectionIterator extends absences_Iterator
{
	/**
	 * @var absences_Right
	 */
	protected $right;



	public function setRight(absences_Right $right)
	{
		$this->right = $right;
	}


	public function getObject($data)
	{
		$collection = new absences_Collection;
		$collection->setRow($data);

		return $collection;
	}

	public function executeQuery()
	{
		if(is_null($this->_oResult))
		{
			global $babDB;
			
			$query = 'SELECT c.* FROM absences_coll_rights cr, absences_collections c WHERE  c.id=cr.id_coll';

			if (isset($this->right))
			{
			    $query .= ' AND cr.id_right='.$babDB->quote($this->right->id);
			}
			
			$query .= ' ORDER BY c.name';

			$this->setMySqlResult($this->getDataBaseAdapter()->db_query($query));
		}
	}

}

1		<?php
2		/************************************************************************
3		* OVIDENTIA http://www.ovidentia.org *
4		************************************************************************
5		* Copyright (c) 2003 by CANTICO ( http://www.cantico.fr ) *
6		* *
7		* This file is part of Ovidentia. *
8		* *
9		* Ovidentia is free software; you can redistribute it and/or modify *
10		* it under the terms of the GNU General Public License as published by *
11		* the Free Software Foundation; either version 2, or (at your option) *
12		* any later version. *
13		* *
14		* This program is distributed in the hope that it will be useful, but *
15		* WITHOUT ANY WARRANTY; without even the implied warranty of *
16		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. *
17		* See the GNU General Public License for more details. *
18		* *
19		* You should have received a copy of the GNU General Public License *
20		* along with this program; if not, write to the Free Software *
21		* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307,*
22		* USA. *
23		************************************************************************/
24
25		require_once dirname(__FILE__).'/record.class.php';
26
27
28
29		/**
30		*
31		* @property string $name
32		* @property string $description
33		* @property string $id_cat
34		*
35		*/
36		class absences_Collection extends absences_Record
37		{
38
39
40
41		public static function getById($id)
42		{
43		$collection = new absences_Collection;
44		$collection->id = $id;
45
46		return $collection;
47		}
48
49
50		/**
51		* Table row as an array
52		* @return array
53		*/
54		public function getRow()
55		{
56		if (null === $this->row)
57		{
58		global $babDB;
59		$res = $babDB->db_query('SELECT * FROM absences_collections WHERE id='.$babDB->quote($this->id));
60		$this->setRow($babDB->db_fetch_assoc($res));
61		}
62
63		return $this->row;
64		}
65
66		/**
67		* @return absences_AgentIterator
68		*/
69		public function getAgentIterator()
70		{
71		require_once dirname(__FILE__).'/agent.class.php';
72		$I = new absences_AgentIterator;
73		$I->setCollection($this);
74
75		return $I;
76		}
77
78
79		/**
80		* Add a vacation right to the collection
81		* @param absences_Right $right
82		* @return absences_Collection
83		*/
84	View Code Duplication	public function addRight(absences_Right $right)
		0 ignored issues – show Duplication introduced 2017-08-01 08:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
85		{
86		global $babDB;
87		$babDB->db_queryWem('INSERT INTO absences_coll_rights (id_coll, id_right) VALUES ('.$babDB->quote($this->id).', '.$babDB->quote($right->id).')');
88
89		$right->addMovement(sprintf(absences_translate('The collection %s has been linked to the right %s'), $this->name, $this->description));
90
91		return $this;
92		}
93
94		/**
95		* Link all agents with the regime to the right given in parameter
96		* Must be used il a progress bar context
97		*
98		* @param absences_Right $right
99		* @param Widget_ProgressBar $progress
100		*
101		* @return absences_Collection
102		*/
103		public function linkAgentsToRight(absences_Right $right, Widget_ProgressBar $progress)
		0 ignored issues – show Unused Code introduced 2017-08-01 08:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$progress` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
104		{
105		foreach($this->getAgentIterator() as $agent)
106		{
107		bab_setTimeLimit(5); // 5s per agent
108
109		/@var $agent absences_Agent /
110
111		if ($agent->addRight($right))
112		{
113		try {
114		$agent->addFixedEntry($right);
115		} catch (absences_EntryException $e)
116		{
117		$agent = $e->entry->getAgent();
118		echo bab_toHtml(sprintf(absences_translate('Failed to update the period for %s, %s (%s)'),
119		$agent->getName(),
120		$e->getMessage(),
121		absences_DateTimePeriod($e->entry->date_begin, $e->entry->date_end))
122		, BAB_HTML_ALL);
123		}
124		}
125
126		}
127
128		bab_setTimeLimit(60);
129
130		return $this;
131		}
132
133		/**
134		* Mettre a jour la demande des agents de ce regime
135		* les agents sont deja lies au droit, mais il faut creer la demande si ce n'est pas deja fait pour les droits a date fixe
136		*
137		* @param absences_Right $right
138		* @param Widget_ProgressBar $progress
139		*/
140		public function updateAgents(absences_Right $right, Widget_ProgressBar $progress)
		0 ignored issues – show Unused Code introduced 2017-08-01 08:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$progress` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
141		{
142		foreach ($this->getAgentIterator() as $agent) {
143		/@var $agent absences_Agent /
144
145		// per user time limit
146		bab_setTimeLimit(5);
147		ini_set('memory_limit', '256M'); // mises a jour caldav massives
148
149		try {
150		$agent->addFixedEntryIfNotExists($right);
151		} catch (absences_EntryException $e)
152		{
153
154		echo bab_toHtml(sprintf(absences_translate('Failed to update the period for %s, %s (%s)'),
155		$agent->getName(),
156		$e->getMessage(),
157		absences_DateTimePeriod($e->entry->date_begin, $e->entry->date_end))
158		, BAB_HTML_ALL);
159		} catch (Exception $e)
160		{
161		echo bab_toHtml($e->getMessage(), BAB_HTML_ALL);
162		}
163		}
164
165		bab_setTimeLimit(30);
166		}
167
168
169		/**
170		* Remove vacation right from collection
171		* @param absences_Right $right
172		* @return absences_Collection
173		*/
174	View Code Duplication	public function removeRight(absences_Right $right)
		0 ignored issues – show Duplication introduced 2017-08-01 08:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
175		{
176		global $babDB;
177		$babDB->db_query('DELETE FROM absences_coll_rights WHERE id_coll='.$babDB->quote($this->id).' AND id_right='.$babDB->quote($right->id));
178
179		$right->addMovement(sprintf(absences_translate('The collection %s has been unlinked from the right %s'), $this->name, $this->description));
180
181		return $this;
182		}
183
184		/**
185		* Unlink all agents with the collection from the right given in parameter
186		* @param absences_Right $right
187		* @return absences_Collection
188		*/
189		public function unlinkAgentsFromRight(absences_Right $right)
190		{
191
192		foreach($this->getAgentIterator() as $agent)
193		{
194		bab_setTimeLimit(5);
195
196		if ($agent->removeRight($right))
197		{
198		$agent->removeFixedEntry($right);
199		}
200		}
201
202		bab_setTimeLimit(10);
203
204		return $this;
205		}
206
207
208		/**
209		* Test if agent is linked to collection
210		* @param absences_Agent $agent
211		* @return bool
212		*/
213		public function isLinkedToAgent(absences_Agent $agent)
214		{
215		require_once dirname(__FILE__).'/agent.class.php';
216
217		return (((int) $agent->id_coll) === ((int) $this->id));
218		}
219
220		/**
221		* Test if right is linked to collection
222		* @param absences_Right $right
223		* @return boolean
224		*/
225	View Code Duplication	public function isLinkedToRight(absences_Right $right)
		0 ignored issues – show Duplication introduced 2017-08-01 08:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
226		{
227		require_once dirname(__FILE__).'/collection_right.class.php';
228
229		$link = new absences_CollectionRight;
230		$link->setCollection($this);
231		$link->setRight($right);
232		$row = $link->getRow();
233
234		if ($row)
		0 ignored issues – show Bug Best Practice introduced 2015-11-30 13:10 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$row` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
235		{
236		return true;
237		}
238		return false;
239		}
240
241
242		}
243
244
245
246
247
248
249
250
251
252
253		class absences_CollectionIterator extends absences_Iterator
254		{
255		/**
256		* @var absences_Right
257		*/
258		protected $right;
259
260
261
262		public function setRight(absences_Right $right)
263		{
264		$this->right = $right;
265		}
266
267
268		public function getObject($data)
269		{
270		$collection = new absences_Collection;
271		$collection->setRow($data);
272
273		return $collection;
274		}
275
276		public function executeQuery()
277		{
278		if(is_null($this->_oResult))
279		{
280		global $babDB;
281
282		$query = 'SELECT c.* FROM absences_coll_rights cr, absences_collections c WHERE c.id=cr.id_coll';
283
284		if (isset($this->right))
285		{
286		$query .= ' AND cr.id_right='.$babDB->quote($this->right->id);
287		}
288
289		$query .= ' ORDER BY c.name';
290
291		$this->setMySqlResult($this->getDataBaseAdapter()->db_query($query));
292		}
293		}
294
295		}

cantico / absences

Issues (1940)

Security Analysis not enabled

programs/utilit/collection.class.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like