Issues in T3libPageTtcontentTest.php (master) - Issues in master - AOEpeople/languagevisibility - Measure and Improve Code Quality continuously with Scrutinizer

Issues (106)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Tests/Functional/Hooks/T3libPageTtcontentTest.php (1 issue)

Labels

Best Practice 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace AOE\Languagevisibility\Tests\Functional\Hooks;
/***************************************************************
 * Copyright notice
 *
 * (c) 2016 AOE GmbH <[email protected]>
 * All rights reserved
 *
 * This script is part of the TYPO3 project. The TYPO3 project is
 * free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * The GNU General Public License can be found at
 * http://www.gnu.org/copyleft/gpl.html.
 *
 * This script is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * This copyright notice MUST APPEAR in all copies of the script!
 ***************************************************************/

use AOE\Languagevisibility\Tests\Functional\DatabaseTtContentTest;

/**
 * Class T3libPageTtcontentTest
 * @package AOE\Languagevisibility\Tests\Functional\Hooks
 */
class T3libPageTtcontentTest extends DatabaseTtContentTest {

	/**
	 * @var \TYPO3\CMS\Frontend\Page\PageRepository
	 */
	protected $pageRepository;

	public function setUp() {
		parent::setUp();

		$this->makeSureContentElementsImported();
		$this->makeSureLanguagesImported();

		$this->pageRepository = new \TYPO3\CMS\Frontend\Page\PageRepository();
		$this->pageRepository->init(FALSE);
	}

	/**
	 * Check the visibility of some content elements with overlay-records
	 *
	 * @test
	 * @dataProvider getTtContentDataSets
	 * @param integer $uid
	 * @param integer $language
	 * @param integer $assertUid assert that record with this uid is used as overlay. NULL means record is removed.
	 * @param string $comment
	 */
	function visibility_overlay_ttcontent($uid, $language, $assertUid, $comment = '') {

		// check environment ...
		if (!\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('version')) {
			$this->markTestSkipped('Not relevant if "version" is not installed');
		}

		if (is_object($GLOBALS['TSFE'])) {
			$this->markTestSkipped('Please turn off the fake frontend (phpunit extension configuration) - this test won\'t work with "fake" frontends ;)');
		}

		// ... get original record ...
		$unOverlayedRow = $this->getContentElementRow($uid);
		$this->assertTrue(
			is_array($unOverlayedRow) && $unOverlayedRow['uid'] == $uid,
			sprintf('record with uid %d found', $uid)
		);

		// ... overlay ...
		$overlayedRow = $this->pageRepository->getRecordOverlay('tt_content', $unOverlayedRow, $language);

		// ... test
		if ($assertUid === NULL) {
			$this->assertEquals(
				FALSE,
				$overlayedRow,
				sprintf('record with id %d is removed or not visible in language %d', $uid, $language)
			);
		} elseif (array_key_exists('_LOCALIZED_UID', $overlayedRow)) {
			$this->assertSame(
				$assertUid,
				$overlayedRow['_LOCALIZED_UID'],
				sprintf('record %d in language %d is overlaid with record %d', $uid, $language, $assertUid)
			);
		} else {
			$this->assertSame(
				$assertUid,
				$overlayedRow['uid'],
				sprintf('record %d in language %d uses record %d', $uid, $language, $assertUid)
			);
		}
	}

	public function getTtContentDataSets() {
		$testDataSet = array(
			array(1,  1, '1',   '"default" without translation'),
			array(2,  1, '3',   '"default" with translation'),
			array(2,  2, '3',   '"default" with translation in fallback'),
			array(19, 1, '19',  '"forcedToYes" without translation'),
			array(20, 1, '21',  '"forcedToYes" with translation'),
			array(20, 2, '21',  '"forcedToYes" with translation in fallback'),
			array(22, 0, NULL,  '"forcedToNo" without translation (default language)'),
			array(22, 3, NULL,  '"forcedToNo" without translation'),
			array(22, 1, NULL,  '"forcedToNo" with translation'),
			array(22, 2, NULL,  '"forcedToNo" with translation in fallback'),
			array(15, 4, '16',  '"ifTranslated" with translation'),
			array(15, 5, NULL,  '"ifTranslated" with hidden translation'),
			array(24, 3, NULL,  '"ifTranslated" without translation'),
			array(24, 2, NULL,  '"ifTranslated" with translation in fallback'),
			array(26, 1, '27',  '"ifTranslatedInFallback" with translation'),
			array(26, 7, NULL,  '"ifTranslatedInFallback" without translation in any fallback'),
			array(26, 2, '27',  '"ifTranslatedInFallback" with translation in fallback'),

			// edge cases
			array(4,  1, NULL,  '"forcedToYes" in record, but "forcedToNo" set in overlay'),
			array(10, 1, NULL,  '"forcedToNo" in record, but "forcedToYes" set in overlay'),
			array(12, 1, '13',  'corrupted visibility setting in element is ignored'),
		);

		// set comment as key for each entry in the array (this labels the data set when running the test)
		return array_combine(array_map(function($row) { return $row[3]; }, $testDataSet), $testDataSet);
	}

	protected function getContentElementRow($uid) {
		return $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow(
			'*',
			'tt_content',
			'uid = ' . intval($uid) . ' AND deleted = 0 AND hidden = 0 AND l18n_parent = 0 AND sys_language_uid IN (-1,0)'
		);
	}
}


1			<?php
2
3			namespace AOE\Languagevisibility\Tests\Functional\Hooks;
4			/***************************************************************
5			* Copyright notice
6			*
7			* (c) 2016 AOE GmbH <[email protected]>
8			* All rights reserved
9			*
10			* This script is part of the TYPO3 project. The TYPO3 project is
11			* free software; you can redistribute it and/or modify
12			* it under the terms of the GNU General Public License as published by
13			* the Free Software Foundation; either version 2 of the License, or
14			* (at your option) any later version.
15			*
16			* The GNU General Public License can be found at
17			* http://www.gnu.org/copyleft/gpl.html.
18			*
19			* This script is distributed in the hope that it will be useful,
20			* but WITHOUT ANY WARRANTY; without even the implied warranty of
21			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22			* GNU General Public License for more details.
23			*
24			* This copyright notice MUST APPEAR in all copies of the script!
25			***************************************************************/
26
27			use AOE\Languagevisibility\Tests\Functional\DatabaseTtContentTest;
28
29			/**
30			* Class T3libPageTtcontentTest
31			* @package AOE\Languagevisibility\Tests\Functional\Hooks
32			*/
33			class T3libPageTtcontentTest extends DatabaseTtContentTest {
34
35			/**
36			* @var \TYPO3\CMS\Frontend\Page\PageRepository
37			*/
38			protected $pageRepository;
39
40			public function setUp() {
41			parent::setUp();
42
43			$this->makeSureContentElementsImported();
44			$this->makeSureLanguagesImported();
45
46			$this->pageRepository = new \TYPO3\CMS\Frontend\Page\PageRepository();
47			$this->pageRepository->init(FALSE);
48			}
49
50			/**
51			* Check the visibility of some content elements with overlay-records
52			*
53			* @test
54			* @dataProvider getTtContentDataSets
55			* @param integer $uid
56			* @param integer $language
57			* @param integer $assertUid assert that record with this uid is used as overlay. NULL means record is removed.
58			* @param string $comment
59			*/
60			function visibility_overlay_ttcontent($uid, $language, $assertUid, $comment = '') {
			0 ignored issues – show Best Practice introduced 2016-02-11 15:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
61			// check environment ...
62			if (!\TYPO3\CMS\Core\Utility\ExtensionManagementUtility::isLoaded('version')) {
63			$this->markTestSkipped('Not relevant if "version" is not installed');
64			}
65
66			if (is_object($GLOBALS['TSFE'])) {
67			$this->markTestSkipped('Please turn off the fake frontend (phpunit extension configuration) - this test won\'t work with "fake" frontends ;)');
68			}
69
70			// ... get original record ...
71			$unOverlayedRow = $this->getContentElementRow($uid);
72			$this->assertTrue(
73			is_array($unOverlayedRow) && $unOverlayedRow['uid'] == $uid,
74			sprintf('record with uid %d found', $uid)
75			);
76
77			// ... overlay ...
78			$overlayedRow = $this->pageRepository->getRecordOverlay('tt_content', $unOverlayedRow, $language);
79
80			// ... test
81			if ($assertUid === NULL) {
82			$this->assertEquals(
83			FALSE,
84			$overlayedRow,
85			sprintf('record with id %d is removed or not visible in language %d', $uid, $language)
86			);
87			} elseif (array_key_exists('_LOCALIZED_UID', $overlayedRow)) {
88			$this->assertSame(
89			$assertUid,
90			$overlayedRow['_LOCALIZED_UID'],
91			sprintf('record %d in language %d is overlaid with record %d', $uid, $language, $assertUid)
92			);
93			} else {
94			$this->assertSame(
95			$assertUid,
96			$overlayedRow['uid'],
97			sprintf('record %d in language %d uses record %d', $uid, $language, $assertUid)
98			);
99			}
100			}
101
102			public function getTtContentDataSets() {
103			$testDataSet = array(
104			array(1, 1, '1', '"default" without translation'),
105			array(2, 1, '3', '"default" with translation'),
106			array(2, 2, '3', '"default" with translation in fallback'),
107			array(19, 1, '19', '"forcedToYes" without translation'),
108			array(20, 1, '21', '"forcedToYes" with translation'),
109			array(20, 2, '21', '"forcedToYes" with translation in fallback'),
110			array(22, 0, NULL, '"forcedToNo" without translation (default language)'),
111			array(22, 3, NULL, '"forcedToNo" without translation'),
112			array(22, 1, NULL, '"forcedToNo" with translation'),
113			array(22, 2, NULL, '"forcedToNo" with translation in fallback'),
114			array(15, 4, '16', '"ifTranslated" with translation'),
115			array(15, 5, NULL, '"ifTranslated" with hidden translation'),
116			array(24, 3, NULL, '"ifTranslated" without translation'),
117			array(24, 2, NULL, '"ifTranslated" with translation in fallback'),
118			array(26, 1, '27', '"ifTranslatedInFallback" with translation'),
119			array(26, 7, NULL, '"ifTranslatedInFallback" without translation in any fallback'),
120			array(26, 2, '27', '"ifTranslatedInFallback" with translation in fallback'),
121
122			// edge cases
123			array(4, 1, NULL, '"forcedToYes" in record, but "forcedToNo" set in overlay'),
124			array(10, 1, NULL, '"forcedToNo" in record, but "forcedToYes" set in overlay'),
125			array(12, 1, '13', 'corrupted visibility setting in element is ignored'),
126			);
127
128			// set comment as key for each entry in the array (this labels the data set when running the test)
129			return array_combine(array_map(function($row) { return $row[3]; }, $testDataSet), $testDataSet);
130			}
131
132			protected function getContentElementRow($uid) {
133			return $GLOBALS['TYPO3_DB']->exec_SELECTgetSingleRow(
134			'*',
135			'tt_content',
136			'uid = ' . intval($uid) . ' AND deleted = 0 AND hidden = 0 AND l18n_parent = 0 AND sys_language_uid IN (-1,0)'
137			);
138			}
139			}
140

AOEpeople / languagevisibility

Issues (106)

Security Analysis not enabled

Tests/Functional/Hooks/T3libPageTtcontentTest.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like