Issues in mod_page.php (master) - Issues in master - Ariadne-CMS/ariadne - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1751)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

lib/modules/mod_page.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php


//include_once($me->store->get_config('code')."modules/mod_debug.php");

class pinp_page {

	public static function _getBody($page) {
		return page::getBody($page);
	}

	public static function _parse($page, $full=false) {
		return page::parse($page, $full);
	}

	public static function _isEmpty($page, $full=false) {

		return page::isEmpty($page);
	}

	public static function _clean($page, $settings=false) {
		return page::clean($page, $settings);
	}

	public static function _compile($page, $language='') {
		return page::compile($page, $language);
	}

	public static function _getReferences($page) {
		return page::getReferences($page);
	}

	public static function _stripARNameSpace($page) {
		return page::stripARNameSpace($page);
	}

}

class page {

	private function pregError( $errno ) {
		switch($errno) {
			case PREG_NO_ERROR:
				$result = 'There is no error.';
				break;
			case PREG_INTERNAL_ERROR:
				$result = 'There is an internal error!';
				break;
			case PREG_BACKTRACK_LIMIT_ERROR:
				$result = 'Backtrack limit was exhausted!';
				break;
			case PREG_RECURSION_LIMIT_ERROR:
				$result = 'Recursion limit was exhausted!';
				break;
			case PREG_BAD_UTF8_ERROR:
				$result = 'Bad UTF8 error!';
				break;
			case PREG_BAD_UTF8_OFFSET_ERROR:
				$result = 'Bad UTF8 offset error!';
				break;
			default:
				$result = 'Unknown preg errno '.$errno;
		}
		return $result;
	}

	public static function getBody($page) {
		if (stripos($page, "</body") !== false) {
			$page = preg_replace('|</BODY.*$|is', '', $page);
			$errno = preg_last_error();
			if( $page === null || $errno != PREG_NO_ERROR ){
				debug('preg_replace returned null errno '. $errno .' in ' .
					__CLASS__ . ':' . __FUNCTION__ . ':' . __LINE__ . '?');
				debug('preg error:'. page::pregError($errno));
				return '<!-- Error: Backtrack limit was exhausted (531) -->';
			}
		}
		if (stripos($page, "<body") !== false) {
			$page = preg_replace('/^.*<BODY[^>]*>/is', '', $page);
			$errno = preg_last_error();
			if( $page === null || $errno != PREG_NO_ERROR ){
				debug('preg_replace returned null, errno '. $errno .' in ' .
					__CLASS__ . ':' . __FUNCTION__ . ':' . __LINE__ . '?');
				debug('preg error:'. page::pregError($errno));
				return '<!-- Error: Backtrack limit was exhausted (532) -->';
			}
		}
		return $page;
	}

	public static function parse($page, $full=false) {
		$context = pobject::getContext();
		$me = $context["arCurrentObject"];
		include_once($me->store->get_config('code')."modules/mod_url.php");
		if (!$full) {
			$page = page::getBody($page);
		}
		return URL::ARtoRAW($page);
	}

	public static function isEmpty($page) {
		$page = page::getBody($page);
		return trim(str_replace('&nbsp;',' ',strip_tags($page, '<img><object><embed><iframe>')))=='';
	}

	public static function clean($page, $settings=false) {
		global $AR;
		global $ARCurrent;
		$context = pobject::getContext();
		$me = $context["arCurrentObject"];

		if( !$settings ) {
			if (!$ARCurrent->arEditorSettings) {
				$settings = $me->call("editor.ini");
			} else {
				$settings = $ARCurrent->arEditorSettings;
			}
		}

		if ($settings["htmlcleaner"]["enabled"] || $settings["htmlcleaner"]===true) {
			require_once($me->store->get_config("code")."modules/mod_htmlcleaner.php");
			$config = $settings["htmlcleaner"];
			$page   = htmlcleaner::cleanup($page, $config);
		}

		if ($settings["htmltidy"]["enabled"] || $settings["htmltidy"]===true) {
			require_once($me->store->get_config("code")."modules/mod_tidy.php");
			if ($settings["htmltidy"]===true) {
				$config = array();
				$config["options"] = $AR->Tidy->options;
			} else {
				$config = $settings["htmltidy"];
			}
			$config["temp"] = $me->store->get_config("files")."temp/";
			$config["path"] = $AR->Tidy->path;
			$tidy    = new ARtidy($config);
			$result  = $tidy->clean($page);
			$page    = $result["html"];
		}

		if ($settings["allow_tags"]) {
			$page    = strip_tags($page, $settings["allow_tags"]);
		}

		return $page;
	}

	public static function compile($page, $language='') {
		$context = pobject::getContext();
		$me = $context["arCurrentObject"];
		include_once($me->store->get_config('code')."modules/mod_url.php");
		include_once($me->store->get_config('code')."modules/mod_htmlparser.php");
		if (!$language) {
			$language = $me->nls;
		}
		$page = URL::RAWtoAR($page, $language);
		$newpage = $page;
		$nodes = htmlparser::parse($newpage, array('noTagResolving' => true));
		// FIXME: the isChanged check is paranoia mode on. New code ahead.
		// will only use the new compile method when it is needed (htmlblocks)
		// otherwise just return the $page, so 99.9% of the sites don't walk
		// into bugs. 21-05-2007
		$isChanged = page::compileWorker($nodes);
		if ($isChanged) {
			return htmlparser::compile($nodes);
		} else {
			return $page;
		}
	}

	public static function compileWorker(&$node) {
		$result = false;
		$contentEditable = "";
		if (isset($node['attribs']['contenteditable'])) {
			$contentEditable = "contenteditable";
		} else if (isset($node['attribs']['contentEditable'])) {
			$contentEditable = "contentEditable";
		}
		if ($contentEditable) {
			$node['attribs']['ar:editable'] = $node['attribs'][$contentEditable];
			unset($node['attribs'][$contentEditable]);
			$result = true;
		}
		if ($node['attribs']['ar:type'] == "template") {
				$path     = $node['attribs']['ar:path'];
				$template = $node['attribs']['ar:name'];
				$argsarr  = array();
				if (is_array($node['attribs'])) {
					foreach ($node['attribs'] as $key => $value) {
						if (substr($key, 0, strlen('arargs:')) == 'arargs:') {
							$name = substr($key, strlen('arargs:'));
							$argsarr[$name] = $name."=".$value;
						}
					}
				}
				$args = implode('&', $argsarr);

				$node['children'] = array();
				$node['children'][] = array(
					"type" => "text",
					"html" => "{arCall:$path$template?$args}"
				);
				// return from worker function
				return true;
		}
		if (is_array($node['children'])) {
			foreach ($node['children'] as $key => $child) {
				// single | makes the following line always run the compileworker
				// method, while any return true in that method makes $result true
				$result = $result | page::compileWorker($node['children'][$key]);
			}
		}
		return $result;
	}

	public static function getReferences($page) {
		$context = pobject::getContext();
		$me = $context["arCurrentObject"];
		// Find out all references to other objects
		// (images, links) in this object, so we can
		// warn the user if he tries to delete/rename
		// an object which is still referenced somewhere
		// Use Perl compatible regex for non-greedy matching
		preg_match_all("/['\"](\{(arSite|arRoot|arBase|arCurrentPage)(\/[a-z][a-z])?}.*?)['\"]/", $page, $matches);
		$refs	= preg_replace(
			array(
				"|{arSite(/[a-z][a-z])?}|",
				"|{arRoot(/[a-z][a-z])?}|",
				"|{arBase(/[a-z][a-z])?}|",
				"|{arCurrentPage(/[a-z][a-z])?}|" ),
			array(
				$me->currentsite(),
				"",
				"",
				$me->path),
			$matches[1]);

		$result = array();
		foreach ($refs as $ref) {
			if (substr($ref, -1) != '/' && !$me->exists($ref)) {
				// Drop the template name
				$ref = substr($ref, 0, strrpos($ref, "/")+1);
			}
			$result[] = $ref;
		}
		return $result;
	}

	public static function stripARNameSpace($page) {
		$context = pobject::getContext();
		$me = $context["arCurrentObject"];
		include_once($me->store->get_config('code')."modules/mod_htmlcleaner.php");
		$cleanAR = array(
			'rewrite' => array(
				'^(A|IMG|DIV)$' => array(
					'^ar:.*' => false,
					'^arargs:.*' => false,
					'^class' => array(
						'htmlblock[ ]*uneditable[ ]*' => false
					),
					'^data-vedor-*' => false
				)
			),
			'delete_emptied' => array(
				'div', 'a'
			)
		);
		return htmlcleaner::cleanup( $page, $cleanAR );
	}

}


1			<?php
2
3
4			//include_once($me->store->get_config('code')."modules/mod_debug.php");
5
6			class pinp_page {
7
8			public static function _getBody($page) {
9			return page::getBody($page);
10			}
11
12			public static function _parse($page, $full=false) {
13			return page::parse($page, $full);
14			}
15
16			public static function _isEmpty($page, $full=false) {
			0 ignored issues – show Unused Code introduced 2015-11-26 08:52 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$full` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
17			return page::isEmpty($page);
18			}
19
20	12		public static function _clean($page, $settings=false) {
21			return page::clean($page, $settings);
22	12		}
23
24			public static function _compile($page, $language='') {
25			return page::compile($page, $language);
26			}
27
28			public static function _getReferences($page) {
29			return page::getReferences($page);
30			}
31
32			public static function _stripARNameSpace($page) {
33			return page::stripARNameSpace($page);
34			}
35
36			}
37
38			class page {
39
40		View Code Duplication	private function pregError( $errno ) {
41			switch($errno) {
42			case PREG_NO_ERROR:
43			$result = 'There is no error.';
44			break;
45			case PREG_INTERNAL_ERROR:
46			$result = 'There is an internal error!';
47			break;
48			case PREG_BACKTRACK_LIMIT_ERROR:
49			$result = 'Backtrack limit was exhausted!';
50			break;
51			case PREG_RECURSION_LIMIT_ERROR:
52			$result = 'Recursion limit was exhausted!';
53			break;
54			case PREG_BAD_UTF8_ERROR:
55			$result = 'Bad UTF8 error!';
56			break;
57			case PREG_BAD_UTF8_OFFSET_ERROR:
58			$result = 'Bad UTF8 offset error!';
59			break;
60			default:
61			$result = 'Unknown preg errno '.$errno;
62			}
63			return $result;
64			}
65
66	12		public static function getBody($page) {
67		View Code Duplication	if (stripos($page, "</body") !== false) {
68			$page = preg_replace('\|</BODY.*$\|is', '', $page);
69			$errno = preg_last_error();
70			if( $page === null \|\| $errno != PREG_NO_ERROR ){
71			debug('preg_replace returned null errno '. $errno .' in ' .
72	12		__CLASS__ . ':' . __FUNCTION__ . ':' . __LINE__ . '?');
73			debug('preg error:'. page::pregError($errno));
74	12		return '<!-- Error: Backtrack limit was exhausted (531) -->';
75			}
76			}
77		View Code Duplication	if (stripos($page, "<body") !== false) {
78			$page = preg_replace('/^.<BODY[^>]>/is', '', $page);
79			$errno = preg_last_error();
80			if( $page === null \|\| $errno != PREG_NO_ERROR ){
81			debug('preg_replace returned null, errno '. $errno .' in ' .
82			__CLASS__ . ':' . __FUNCTION__ . ':' . __LINE__ . '?');
83			debug('preg error:'. page::pregError($errno));
84			return '<!-- Error: Backtrack limit was exhausted (532) -->';
85			}
86			}
87			return $page;
88			}
89
90		View Code Duplication	public static function parse($page, $full=false) {
91			$context = pobject::getContext();
92			$me = $context["arCurrentObject"];
93			include_once($me->store->get_config('code')."modules/mod_url.php");
94			if (!$full) {
95			$page = page::getBody($page);
96			}
97			return URL::ARtoRAW($page);
98			}
99
100			public static function isEmpty($page) {
101			$page = page::getBody($page);
102			return trim(str_replace(' ',' ',strip_tags($page, '<img><object><embed><iframe>')))=='';
103			}
104
105			public static function clean($page, $settings=false) {
106			global $AR;
107			global $ARCurrent;
108			$context = pobject::getContext();
109			$me = $context["arCurrentObject"];
110
111		View Code Duplication	if( !$settings ) {
112			if (!$ARCurrent->arEditorSettings) {
113			$settings = $me->call("editor.ini");
114			} else {
115			$settings = $ARCurrent->arEditorSettings;
116			}
117			}
118
119		View Code Duplication	if ($settings["htmlcleaner"]["enabled"] \|\| $settings["htmlcleaner"]===true) {
120			require_once($me->store->get_config("code")."modules/mod_htmlcleaner.php");
121			$config = $settings["htmlcleaner"];
122			$page = htmlcleaner::cleanup($page, $config);
123			}
124
125		View Code Duplication	if ($settings["htmltidy"]["enabled"] \|\| $settings["htmltidy"]===true) {
126			require_once($me->store->get_config("code")."modules/mod_tidy.php");
127			if ($settings["htmltidy"]===true) {
128			$config = array();
129			$config["options"] = $AR->Tidy->options;
130			} else {
131			$config = $settings["htmltidy"];
132			}
133			$config["temp"] = $me->store->get_config("files")."temp/";
134			$config["path"] = $AR->Tidy->path;
135			$tidy = new ARtidy($config);
136			$result = $tidy->clean($page);
137			$page = $result["html"];
138			}
139
140			if ($settings["allow_tags"]) {
141			$page = strip_tags($page, $settings["allow_tags"]);
142			}
143
144			return $page;
145			}
146
147	12	View Code Duplication	public static function compile($page, $language='') {
148	12		$context = pobject::getContext();
149	12		$me = $context["arCurrentObject"];
150	12		include_once($me->store->get_config('code')."modules/mod_url.php");
151	12		include_once($me->store->get_config('code')."modules/mod_htmlparser.php");
152	12		if (!$language) {
153			$language = $me->nls;
154			}
155	12		$page = URL::RAWtoAR($page, $language);
156	12		$newpage = $page;
157	12		$nodes = htmlparser::parse($newpage, array('noTagResolving' => true));
158			// FIXME: the isChanged check is paranoia mode on. New code ahead.
159			// will only use the new compile method when it is needed (htmlblocks)
160			// otherwise just return the $page, so 99.9% of the sites don't walk
161			// into bugs. 21-05-2007
162	12		$isChanged = page::compileWorker($nodes);
163	12		if ($isChanged) {
164			return htmlparser::compile($nodes);
165			} else {
166	12		return $page;
167			}
168			}
169
170	12		public static function compileWorker(&$node) {
171	12		$result = false;
172	12		$contentEditable = "";
173	12	View Code Duplication	if (isset($node['attribs']['contenteditable'])) {
174			$contentEditable = "contenteditable";
175	12		} else if (isset($node['attribs']['contentEditable'])) {
176			$contentEditable = "contentEditable";
177			}
178	12	View Code Duplication	if ($contentEditable) {
179			$node['attribs']['ar:editable'] = $node['attribs'][$contentEditable];
180			unset($node['attribs'][$contentEditable]);
181			$result = true;
182			}
183	12	View Code Duplication	if ($node['attribs']['ar:type'] == "template") {
184			$path = $node['attribs']['ar:path'];
185			$template = $node['attribs']['ar:name'];
186			$argsarr = array();
187			if (is_array($node['attribs'])) {
188			foreach ($node['attribs'] as $key => $value) {
189			if (substr($key, 0, strlen('arargs:')) == 'arargs:') {
190			$name = substr($key, strlen('arargs:'));
191			$argsarr[$name] = $name."=".$value;
192			}
193			}
194			}
195			$args = implode('&', $argsarr);
196
197			$node['children'] = array();
198			$node['children'][] = array(
199			"type" => "text",
200			"html" => "{arCall:$path$template?$args}"
201			);
202			// return from worker function
203			return true;
204			}
205	12	View Code Duplication	if (is_array($node['children'])) {
206	12		foreach ($node['children'] as $key => $child) {
207			// single \| makes the following line always run the compileworker
208			// method, while any return true in that method makes $result true
209			$result = $result \| page::compileWorker($node['children'][$key]);
210	12		}
211	12		}
212	12		return $result;
213			}
214
215		View Code Duplication	public static function getReferences($page) {
216			$context = pobject::getContext();
217			$me = $context["arCurrentObject"];
218			// Find out all references to other objects
219			// (images, links) in this object, so we can
220			// warn the user if he tries to delete/rename
221			// an object which is still referenced somewhere
222			// Use Perl compatible regex for non-greedy matching
223			preg_match_all("/['\"](\{(arSite\|arRoot\|arBase\|arCurrentPage)(\/[a-z][a-z])?}.*?)['\"]/", $page, $matches);
224			$refs = preg_replace(
225			array(
226			"\|{arSite(/[a-z][a-z])?}\|",
227			"\|{arRoot(/[a-z][a-z])?}\|",
228			"\|{arBase(/[a-z][a-z])?}\|",
229			"\|{arCurrentPage(/[a-z][a-z])?}\|" ),
230			array(
231			$me->currentsite(),
232			"",
233			"",
234			$me->path),
235			$matches[1]);
236
237			$result = array();
238			foreach ($refs as $ref) {
239			if (substr($ref, -1) != '/' && !$me->exists($ref)) {
240			// Drop the template name
241			$ref = substr($ref, 0, strrpos($ref, "/")+1);
242			}
243			$result[] = $ref;
244			}
245			return $result;
246			}
247
248		View Code Duplication	public static function stripARNameSpace($page) {
249			$context = pobject::getContext();
250			$me = $context["arCurrentObject"];
251			include_once($me->store->get_config('code')."modules/mod_htmlcleaner.php");
252			$cleanAR = array(
253			'rewrite' => array(
254			'^(A\|IMG\|DIV)$' => array(
255			'^ar:.*' => false,
256			'^arargs:.*' => false,
257			'^class' => array(
258			'htmlblock[ ]uneditable[ ]' => false
259			),
260			'^data-vedor-*' => false
261			)
262			),
263			'delete_emptied' => array(
264			'div', 'a'
265			)
266			);
267			return htmlcleaner::cleanup( $page, $cleanAR );
268			}
269
270			}
271

Ariadne-CMS / ariadne

Issues (1751)

Security Analysis not enabled

lib/modules/mod_page.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like