Issues in mod_geo.php (master) - Issues in master - Ariadne-CMS/ariadne - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1751)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

lib/modules/mod_geo.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * mod_geo, a helper module for Ariadne to get geotag addresses in pinp/php.
 *
 * mod_geo needs a Google Maps key to function. Set it once using init()
 *
 * @author Gerhard Hoogterp <[email protected]>
 * @author Auke van Slooten <[email protected]>
*/

/**
 * This is the Google Maps geo helper/getter class
 */
class geo_gmap {
	public $api_key;

	public function getRawData($address, $output='php') {
		$address = urlencode($address);
		if ($output=='php') {
			$send_output = 'json';
		} else {
			$send_output = $output;
		}
		$url="http://maps.google.com/maps/geo?q=".$address."&output=".$send_output."&key=".$this->api_key;
		$res = file_get_contents($url);
		if ($output=='php') {
			return json_decode($res, true);
		} else {
			return $res;
		}
	}

	public function getLatLong($address) {
		$data=$this->getRawData($address, 'php');
		if ($data->Status->code!=200) {
			return ar_error::raiseError('MOD_GEO: connection to Google Maps failed: '.$data->Status->code, 'geo_4');
		} else {
			$coordinates = $data->Placemark[0]->Point->coordinates;
			return array('lat' => $coordinates[1], 'long' => $coordinates[0], 'alt' => $coordinates[2]);
		}
	}
}

/**
 * This is the main mod_geo class
 */
class geo {
	protected $output;
	protected $api;
	protected $api_key;
	protected $getter;

	/**
	*  init configures the geo module to use the given API and any necessary extra parameters for that API
	*
	* @param 	hash	$config	hash containing at least 'API', default is 'GMap' for Google Maps.
	*/
	public function init($config) {
		if (!$config['API'] || $config['API']=='GMap') {
			$this->api = 'GMap';
			$this->api_key = $config['KEY'];
			if (!$this->api_key) {
				return ar_error::raiseError('MOD_GEO: Google Maps needs an API KEY, please provide one','geo_3');
			}
			$this->output = $config['OUTPUT'];
			if (!$this->output) {
				$this->output = 'php';
			}
			$this->getter = new geo_gmap();
			$this->getter->api_key = $this->api_key;
			return true;
		} else {
			return ar_error::raiseError('MOD_GEO: API "'.$config['API'].'" not supported', 'geo_0');
		}
	}

	/**
	*  getRawData returns full address data for a given address, as returned by Google Maps
	*
	* returns the data for the address $address in the format specified by $output.
	* default is php. Other options area xml, kml, json and cvs.
	*
	* @param	string	$address	street address, format is 'streetname  housenumber, zipcode, state,  country'. You may skip values if unknown or not applicable.
	* @param	string	$output	type of output to return, possible values are 'xml','kml','cvs' and 'json'. Default is 'json'. In the case of 'json' the result will automatically be converted to PHP arrays
	*/
	public function getRawData($address, $output = null) {
		if (!$output) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
			$output = $this->output;
		}
		if (!$address) {
			return ar_error::raiseError('MOD_GEO: No address given to getRawData', 'geo_1');
		} else if ($this->getter) {
			return $this->getter->getRawData($address, $output);
		} else {
			return ar_error::raiseError('MOD_GEO: GEO module not initialized, call init method first', 'geo_2');
		}
	}

	/**
	*   returns a string with Lat,Lng,Alt for the given address.
	*
	* @param	string	$address	street address, format is 'streetname  housenumber, zipcode, state,  country'. You may skip values if unknown or not applicable.
	*/

	public function getLatLong($address) {
		if (!$address) {
			return ar_error::raiseError('MOD_GEO: No address given to getLatLong', 'geo_5');
		} else if ($this->getter) {
			return $this->getter->getLatLong($address);
		} else {
			return ar_error::raiseError('MOD_GEO: GEO module not initialized, call init method first', 'geo_2');
		}
	}

	/**
	*   returns an array with a lat and a long as calculated from the exif GPS info.
	*
	* @param	array	$exif	An exif block as returned by exif_read_data() and pphoto::getExif(). Make sure the GPS part is included.
	*/
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}

	public function parseNumber($number) {
		$parts = explode("/", $number);
		if ($parts[1] != 0) {
			return $parts[0] / $parts[1];
		}
		return false;
	}

	public function exifToLatLong($exif) {
		if ($exif['GPS'] && is_array($exif['GPS']['GPSLatitude']) && is_array($exif['GPS']['GPSLongitude']) ) {
			$lat_degree = (float)self::parseNumber($exif["GPS"]["GPSLatitude"][0]);
			$lat_mins   = (float)self::parseNumber($exif["GPS"]["GPSLatitude"][1]);
			$lat_secs   = (float)self::parseNumber($exif["GPS"]["GPSLatitude"][2]);
			$result = array();
			$result['lat'] = $lat_degree + ( $lat_mins / 60 ) + ( $lat_secs / 3600 );
			if( $exif['GPS']['GPSLatitudeRef'] == 'S' ) {
				$result['lat'] = (-1) * $result['lat'];
			}

			$lng_degree = (float)self::parseNumber($exif["GPS"]["GPSLongitude"][0]);
			$lng_mins   = (float)self::parseNumber($exif["GPS"]["GPSLongitude"][1]);
			$lng_secs   = (float)self::parseNumber($exif["GPS"]["GPSLongitude"][2]);
			$result['lng'] = $lng_degree + ( $lng_mins / 60 ) + ( $lng_secs / 3600 );
			if( $exif['GPS']['GPSLongitudeRef'] == 'W' ) {
				$result['lng'] = (-1) * $result['lng'];
			}
			return $result;
		} else {
			return ar_error::raiseError('MOD_GEO: No EXIF GPS block given', 'geo_6');
		}
	}

	//
	// Convert Rijksdriehoekscodinaten to latitude/longitude
	// http://nl.wikipedia.org/wiki/Rijksdriehoeksco%C3%B6rdinaten
	//
	public function rd2wgs ($x, $y) {
		// Calculate WGS84 co�rdinates
		$dX = ($x - 155000) * pow(10, - 5);
		$dY = ($y - 463000) * pow(10, - 5);
		$SomN = (3235.65389 * $dY) + (- 32.58297 * pow($dX, 2)) + (- 0.2475 *
			pow($dY, 2)) + (- 0.84978 * pow($dX, 2) *
			$dY) + (- 0.0655 * pow($dY, 3)) + (- 0.01709 *
			pow($dX, 2) * pow($dY, 2)) + (- 0.00738 *
			$dX) + (0.0053 * pow($dX, 4)) + (- 0.00039 *
			$dX ^ 2 * pow($dY, 3)) + (0.00033 * pow(
				$dX, 4) * $dY) + (- 0.00012 *
			$dX * $dY);
		$SomE = (5260.52916 * $dX) + (105.94684 * $dX * $dY) + (2.45656 *
			$dX * pow($dY, 2)) + (- 0.81885 * pow(
				$dX, 3)) + (0.05594 *
			$dX * pow($dY, 3)) + (- 0.05607 * pow(
				$dX, 3) * $dY) + (0.01199 *
			$dY) + (- 0.00256 * pow($dX, 3) * pow(
				$dY, 2)) + (0.00128 *
			$dX * pow($dY, 4)) + (0.00022 * pow($dY,
				2)) + (- 0.00022 * pow(
				$dX, 2)) + (0.00026 *
			pow($dX, 5));

		$Latitude = 52.15517 + ($SomN / 3600);
		$Longitude = 5.387206 + ($SomE / 3600);

		return array(
			'latitude' => $Latitude ,
			'longitude' => $Longitude);
		}
	}


/**
 * This is the PINP mod_geo wrapper class.
 */
class pinp_geo extends geo {

	public function _init($config) {
		$geo = new pinp_geo();
		$result = $geo->init($config);
		if (!ar_error::isError($result)) {
			return $geo;
		} else {
			return $result;
		}
	}

	public function _getRawData($address, $output = null) {
		return parent::getRawData($address, $output);
	}

	public function _getLatLong($address) {
		return parent::getLatLong($address);
	}

	public function _exifToLatLong($exif) {
		return parent::exifToLatLong($exif);
	}

	public function _rd2wgs($x,$y) {
		return parent::rd2wgs($x,$y);
	}

}


1		<?php
2		/**
3		* mod_geo, a helper module for Ariadne to get geotag addresses in pinp/php.
4		*
5		* mod_geo needs a Google Maps key to function. Set it once using init()
6		*
7		* @author Gerhard Hoogterp <[email protected]>
8		* @author Auke van Slooten <[email protected]>
9		*/
10
11		/**
12		* This is the Google Maps geo helper/getter class
13		*/
14		class geo_gmap {
15		public $api_key;
16
17		public function getRawData($address, $output='php') {
18		$address = urlencode($address);
19		if ($output=='php') {
20		$send_output = 'json';
21		} else {
22		$send_output = $output;
23		}
24		$url="http://maps.google.com/maps/geo?q=".$address."&output=".$send_output."&key=".$this->api_key;
25		$res = file_get_contents($url);
26		if ($output=='php') {
27		return json_decode($res, true);
28		} else {
29		return $res;
30		}
31		}
32
33		public function getLatLong($address) {
34		$data=$this->getRawData($address, 'php');
35		if ($data->Status->code!=200) {
36		return ar_error::raiseError('MOD_GEO: connection to Google Maps failed: '.$data->Status->code, 'geo_4');
37		} else {
38		$coordinates = $data->Placemark[0]->Point->coordinates;
39		return array('lat' => $coordinates[1], 'long' => $coordinates[0], 'alt' => $coordinates[2]);
40		}
41		}
42		}
43
44		/**
45		* This is the main mod_geo class
46		*/
47		class geo {
48		protected $output;
49		protected $api;
50		protected $api_key;
51		protected $getter;
52
53		/**
54		* init configures the geo module to use the given API and any necessary extra parameters for that API
55		*
56		* @param hash $config hash containing at least 'API', default is 'GMap' for Google Maps.
57		*/
58		public function init($config) {
59		if (!$config['API'] \|\| $config['API']=='GMap') {
60		$this->api = 'GMap';
61		$this->api_key = $config['KEY'];
62		if (!$this->api_key) {
63		return ar_error::raiseError('MOD_GEO: Google Maps needs an API KEY, please provide one','geo_3');
64		}
65		$this->output = $config['OUTPUT'];
66		if (!$this->output) {
67		$this->output = 'php';
68		}
69		$this->getter = new geo_gmap();
70		$this->getter->api_key = $this->api_key;
71		return true;
72		} else {
73		return ar_error::raiseError('MOD_GEO: API "'.$config['API'].'" not supported', 'geo_0');
74		}
75		}
76
77		/**
78		* getRawData returns full address data for a given address, as returned by Google Maps
79		*
80		* returns the data for the address $address in the format specified by $output.
81		* default is php. Other options area xml, kml, json and cvs.
82		*
83		* @param string $address street address, format is 'streetname housenumber, zipcode, state, country'. You may skip values if unknown or not applicable.
84		* @param string $output type of output to return, possible values are 'xml','kml','cvs' and 'json'. Default is 'json'. In the case of 'json' the result will automatically be converted to PHP arrays
85		*/
86		public function getRawData($address, $output = null) {
87		if (!$output) {
		0 ignored issues – show Bug Best Practice introduced 2015-11-26 08:52 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$output` of type `string\|null` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
88		$output = $this->output;
89		}
90	View Code Duplication	if (!$address) {
91		return ar_error::raiseError('MOD_GEO: No address given to getRawData', 'geo_1');
92		} else if ($this->getter) {
93		return $this->getter->getRawData($address, $output);
94		} else {
95		return ar_error::raiseError('MOD_GEO: GEO module not initialized, call init method first', 'geo_2');
96		}
97		}
98
99		/**
100		* returns a string with Lat,Lng,Alt for the given address.
101		*
102		* @param string $address street address, format is 'streetname housenumber, zipcode, state, country'. You may skip values if unknown or not applicable.
103		*/
104
105		public function getLatLong($address) {
106	View Code Duplication	if (!$address) {
107		return ar_error::raiseError('MOD_GEO: No address given to getLatLong', 'geo_5');
108		} else if ($this->getter) {
109		return $this->getter->getLatLong($address);
110		} else {
111		return ar_error::raiseError('MOD_GEO: GEO module not initialized, call init method first', 'geo_2');
112		}
113		}
114
115		/**
116		* returns an array with a lat and a long as calculated from the exif GPS info.
117		*
118		* @param array $exif An exif block as returned by exif_read_data() and pphoto::getExif(). Make sure the GPS part is included.
119		*/
		0 ignored issues – show Bug introduced 2015-11-26 08:52 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$exif`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
120
121		public function parseNumber($number) {
122		$parts = explode("/", $number);
123		if ($parts[1] != 0) {
124		return $parts[0] / $parts[1];
125		}
126		return false;
127		}
128
129		public function exifToLatLong($exif) {
130		if ($exif['GPS'] && is_array($exif['GPS']['GPSLatitude']) && is_array($exif['GPS']['GPSLongitude']) ) {
131		$lat_degree = (float)self::parseNumber($exif["GPS"]["GPSLatitude"][0]);
132		$lat_mins = (float)self::parseNumber($exif["GPS"]["GPSLatitude"][1]);
133		$lat_secs = (float)self::parseNumber($exif["GPS"]["GPSLatitude"][2]);
134		$result = array();
135		$result['lat'] = $lat_degree + ( $lat_mins / 60 ) + ( $lat_secs / 3600 );
136		if( $exif['GPS']['GPSLatitudeRef'] == 'S' ) {
137		$result['lat'] = (-1) * $result['lat'];
138		}
139
140		$lng_degree = (float)self::parseNumber($exif["GPS"]["GPSLongitude"][0]);
141		$lng_mins = (float)self::parseNumber($exif["GPS"]["GPSLongitude"][1]);
142		$lng_secs = (float)self::parseNumber($exif["GPS"]["GPSLongitude"][2]);
143		$result['lng'] = $lng_degree + ( $lng_mins / 60 ) + ( $lng_secs / 3600 );
144		if( $exif['GPS']['GPSLongitudeRef'] == 'W' ) {
145		$result['lng'] = (-1) * $result['lng'];
146		}
147		return $result;
148		} else {
149		return ar_error::raiseError('MOD_GEO: No EXIF GPS block given', 'geo_6');
150		}
151		}
152
153		//
154		// Convert Rijksdriehoekscodinaten to latitude/longitude
155		// http://nl.wikipedia.org/wiki/Rijksdriehoeksco%C3%B6rdinaten
156		//
157		public function rd2wgs ($x, $y) {
158		// Calculate WGS84 co�rdinates
159		$dX = ($x - 155000) * pow(10, - 5);
160		$dY = ($y - 463000) * pow(10, - 5);
161		$SomN = (3235.65389 * $dY) + (- 32.58297 * pow($dX, 2)) + (- 0.2475 *
162		pow($dY, 2)) + (- 0.84978 * pow($dX, 2) *
163		$dY) + (- 0.0655 * pow($dY, 3)) + (- 0.01709 *
164		pow($dX, 2) * pow($dY, 2)) + (- 0.00738 *
165		$dX) + (0.0053 * pow($dX, 4)) + (- 0.00039 *
166		$dX ^ 2 * pow($dY, 3)) + (0.00033 * pow(
167		$dX, 4) * $dY) + (- 0.00012 *
168		$dX * $dY);
169		$SomE = (5260.52916 * $dX) + (105.94684 * $dX * $dY) + (2.45656 *
170		$dX * pow($dY, 2)) + (- 0.81885 * pow(
171		$dX, 3)) + (0.05594 *
172		$dX * pow($dY, 3)) + (- 0.05607 * pow(
173		$dX, 3) * $dY) + (0.01199 *
174		$dY) + (- 0.00256 * pow($dX, 3) * pow(
175		$dY, 2)) + (0.00128 *
176		$dX * pow($dY, 4)) + (0.00022 * pow($dY,
177		2)) + (- 0.00022 * pow(
178		$dX, 2)) + (0.00026 *
179		pow($dX, 5));
180
181		$Latitude = 52.15517 + ($SomN / 3600);
182		$Longitude = 5.387206 + ($SomE / 3600);
183
184		return array(
185		'latitude' => $Latitude ,
186		'longitude' => $Longitude);
187		}
188		}
189
190
191		/**
192		* This is the PINP mod_geo wrapper class.
193		*/
194		class pinp_geo extends geo {
195
196		public function _init($config) {
197		$geo = new pinp_geo();
198		$result = $geo->init($config);
199		if (!ar_error::isError($result)) {
200		return $geo;
201		} else {
202		return $result;
203		}
204		}
205
206		public function _getRawData($address, $output = null) {
207		return parent::getRawData($address, $output);
208		}
209
210		public function _getLatLong($address) {
211		return parent::getLatLong($address);
212		}
213
214		public function _exifToLatLong($exif) {
215		return parent::exifToLatLong($exif);
216		}
217
218		public function _rd2wgs($x,$y) {
219		return parent::rd2wgs($x,$y);
220		}
221
222		}
223

Ariadne-CMS / ariadne

Issues (1751)

Security Analysis not enabled

lib/modules/mod_geo.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like