Issues in View.php (master) - Issues in master - ByTIC/framework - Measure and Improve Code Quality continuously with Scrutinizer

Issues (917)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/View.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Nip;

/**
 * Class View
 *
 * @method Helpers\View\Breadcrumbs Breadcrumbs()
 * @method Helpers\View\Doctype Doctype()
 * @method Helpers\View\Flash Flash()
 * @method Helpers\View\FacebookMeta FacebookMeta()
 * @method Helpers\View\GoogleAnalytics GoogleAnalytics()
 * @method Helpers\View\HTML HTML()
 * @method Helpers\View\Messages Messages()
 * @method Helpers\View\Meta Meta()
 * @method Helpers\View\Paginator Paginator()
 * @method Helpers\View\Scripts Scripts()
 * @method Helpers\View\StyleSheets StyleSheets()
 * @method Helpers\View\TinyMCE TinyMCE()
 * @method Helpers\View\Url Url()
 *
 */
class View
{
    protected $request = null;

    protected $helpers = [];

    protected $data = [];
    protected $blocks = [];
    protected $basePath = null;

    /**
     * @param $name
     * @param $arguments
     * @return mixed|null
     */
    public function __call($name, $arguments)

    {
        if ($name === ucfirst($name)) {
            return $this->getHelper($name);
        } else {
            trigger_error("Call to undefined method $name", E_USER_ERROR);
        }
        return null;
    }

    /**
     * @param $name
     * @return mixed
     */
    public function getHelper($name)
    {
        if (!isset($this->helpers[$name])) {
            $this->initHelper($name);
        }

        return $this->helpers[$name];
    }

    /**
     * @param $name
     */
    public function initHelper($name)
    {
        $this->helpers[$name] = $this->newHelper($name);
    }

    /**
     * @param $name
     * @return Helpers\View\AbstractHelper
     */
    public function newHelper($name)
    {
        $class = $this->getHelperClass($name);
        $helper = new $class();
        /** @var \Nip\Helpers\View\AbstractHelper $helper */
        $helper->setView($this);

        return $helper;
    }

    /**
     * @param $name
     * @return string
     */
    public function getHelperClass($name)
    {
        return '\Nip\Helpers\View\\' . $name;
    }

    /**
     * @param $name
     * @return mixed|null
     */
    public function __get($name)
    {
        return $this->get($name);
    }

    /**
     * @param $name
     * @param $value
     * @return View
     */
    public function __set($name, $value)
    {
        return $this->set($name, $value);
    }

    /**
     * @param  string $name
     * @return mixed|null
     */
    public function get($name)
    {
        if ($this->has($name)) {
            return $this->data[$name];
        } else {
            return null;
        }
    }

    /**
     * @param string $name
     * @return bool
     */
    public function has($name)
    {
        return isset($this->data[$name]);
    }

    /**
     * @param string $name
     * @param mixed $value
     * @return $this
     */
    public function set($name, $value)
    {
        $this->data[$name] = $value;
        return $this;
    }

    /**
     * @param $name
     * @return bool
     */
    public function __isset($name)
    {
        return isset($this->data[$name]);
    }

    /**
     * @param $name
     */
    public function __unset($name)
    {
        unset($this->data[$name]);
    }

    /**
     * @param string $name
     * @param string $appended
     * @return View
     */
    public function append($name, $appended)
    {
        $value = $this->has($name) ? $this->get($name) : '';
        $value .= $appended;
        return $this->set($name, $value);
    }

    /**
     * @param $name
     * @param $block
     */
    public function setBlock($name, $block)
    {
        $this->blocks[$name] = $block;
    }

    /**
     * @param $view
     * @return bool
     */
    public function existPath($view)
    {
        return is_file($this->buildPath($view));
    }

    /**
     * Builds path for including
     * If $view starts with / the path will be relative to the root of the views folder.
     * Otherwise to caller file location.
     *
     * @param string $view
     * @return string
     */
    protected function buildPath($view)
    {
        if ($view[0] == '/') {
            return $this->getBasePath() . ltrim($view, "/") . '.php';
        } else {
            $backtrace = debug_backtrace();
            $caller = $backtrace[3]['file'];

            return dirname($caller) . "/" . $view . ".php";
        }
    }

    /**
     * @return string
     */
    public function getBasePath()
    {
        if ($this->basePath === null) {
            $this->initBasePath();
        }

        return $this->basePath;
    }

    /**
     * @param $path
     * @return $this
     */
    public function setBasePath($path)
    {
        $path = rtrim($path, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR;
        $this->basePath = $path;

        return $this;
    }

    protected function initBasePath()
    {
        $this->setBasePath($this->generateBasePath());
    }

    /**
     * @return string
     */
    protected function generateBasePath()
    {
        if (defined('VIEWS_PATH')) {
            return VIEWS_PATH;
        }
        return false;
class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}
    }

    /**
     * @param string $block
     */
    public function render($block = 'default')
    {
        if (!empty($this->blocks[$block])) {
            $this->load("/" . $this->blocks[$block]);
        } else {
            trigger_error("No $block block", E_USER_ERROR);
        }
    }

    /** @noinspection PhpInconsistentReturnPointsInspection
     *
     * @param $view
     * @param array $variables
     * @param bool $return
     * @return string|null
     */
    public function load($view, $variables = [], $return = false)
    {
        $html = $this->getContents($view, $variables);

        if ($return === true) {
            return $html;
        }

        echo $html;
    }

    /**
     * @param $view
     * @param array $variables
     * @return string
     */
    public function getContents($view, $variables = [])
    {
        extract($variables);

        $path = $this->buildPath($view);

        unset($view, $variables);
        ob_start();
        /** @noinspection PhpIncludeInspection */
        include($path);
        $html = ob_get_contents();
        ob_end_clean();
        return $html;
    }

    /**
     * @param string $block
     * @return bool
     */
    public function isBlock($block = 'default')
    {
        return empty($this->blocks[$block]) ? false : true;
    }

    /**
     * Assigns variables in bulk in the current scope
     *
     * @param array $array
     * @return $this
     */
    public function assign($array = [])
    {
        foreach ($array as $key => $value) {
            if (is_string($key)) {
                $this->set($key, $value);
            }
        }
        return $this;
    }

    /**
     * @return mixed
     */
    public function getRequest()
    {
        return $this->request;
    }

    /**
     * @param mixed $request
     */
    public function setRequest($request)
    {
        $this->request = $request;
    }
}


GitHub Access Token became invalid

Issues (917)

Security Analysis not enabled

src/View.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2
3			namespace Nip;
4
5			/**
6			* Class View
7			*
8			* @method Helpers\View\Breadcrumbs Breadcrumbs()
9			* @method Helpers\View\Doctype Doctype()
10			* @method Helpers\View\Flash Flash()
11			* @method Helpers\View\FacebookMeta FacebookMeta()
12			* @method Helpers\View\GoogleAnalytics GoogleAnalytics()
13			* @method Helpers\View\HTML HTML()
14			* @method Helpers\View\Messages Messages()
15			* @method Helpers\View\Meta Meta()
16			* @method Helpers\View\Paginator Paginator()
17			* @method Helpers\View\Scripts Scripts()
18			* @method Helpers\View\StyleSheets StyleSheets()
19			* @method Helpers\View\TinyMCE TinyMCE()
20			* @method Helpers\View\Url Url()
21			*
22			*/
23			class View
24			{
25			protected $request = null;
26
27			protected $helpers = [];
28
29			protected $data = [];
30			protected $blocks = [];
31			protected $basePath = null;
32
33			/**
34			* @param $name
35			* @param $arguments
36			* @return mixed\|null
37			*/
38	2	View Code Duplication	public function __call($name, $arguments)
			0 ignored issues – show Duplication introduced 2017-08-03 19:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
39			{
40	2		if ($name === ucfirst($name)) {
41	2		return $this->getHelper($name);
42			} else {
43			trigger_error("Call to undefined method $name", E_USER_ERROR);
44			}
45			return null;
46			}
47
48			/**
49			* @param $name
50			* @return mixed
51			*/
52	2		public function getHelper($name)
53			{
54	2		if (!isset($this->helpers[$name])) {
55	2		$this->initHelper($name);
56			}
57
58	2		return $this->helpers[$name];
59			}
60
61			/**
62			* @param $name
63			*/
64	2		public function initHelper($name)
65			{
66	2		$this->helpers[$name] = $this->newHelper($name);
67	2		}
68
69			/**
70			* @param $name
71			* @return Helpers\View\AbstractHelper
72			*/
73	2		public function newHelper($name)
74			{
75	2		$class = $this->getHelperClass($name);
76	2		$helper = new $class();
77			/** @var \Nip\Helpers\View\AbstractHelper $helper */
78	2		$helper->setView($this);
79
80	2		return $helper;
81			}
82
83			/**
84			* @param $name
85			* @return string
86			*/
87	3		public function getHelperClass($name)
88			{
89	3		return '\Nip\Helpers\View\\' . $name;
90			}
91
92			/**
93			* @param $name
94			* @return mixed\|null
95			*/
96			public function __get($name)
97			{
98			return $this->get($name);
99			}
100
101			/**
102			* @param $name
103			* @param $value
104			* @return View
105			*/
106			public function __set($name, $value)
107			{
108			return $this->set($name, $value);
109			}
110
111			/**
112			* @param string $name
113			* @return mixed\|null
114			*/
115			public function get($name)
116			{
117			if ($this->has($name)) {
118			return $this->data[$name];
119			} else {
120			return null;
121			}
122			}
123
124			/**
125			* @param string $name
126			* @return bool
127			*/
128			public function has($name)
129			{
130			return isset($this->data[$name]);
131			}
132
133			/**
134			* @param string $name
135			* @param mixed $value
136			* @return $this
137			*/
138			public function set($name, $value)
139			{
140			$this->data[$name] = $value;
141			return $this;
142			}
143
144			/**
145			* @param $name
146			* @return bool
147			*/
148			public function __isset($name)
149			{
150			return isset($this->data[$name]);
151			}
152
153			/**
154			* @param $name
155			*/
156			public function __unset($name)
157			{
158			unset($this->data[$name]);
159			}
160
161			/**
162			* @param string $name
163			* @param string $appended
164			* @return View
165			*/
166			public function append($name, $appended)
167			{
168			$value = $this->has($name) ? $this->get($name) : '';
169			$value .= $appended;
170			return $this->set($name, $value);
171			}
172
173			/**
174			* @param $name
175			* @param $block
176			*/
177			public function setBlock($name, $block)
178			{
179			$this->blocks[$name] = $block;
180			}
181
182			/**
183			* @param $view
184			* @return bool
185			*/
186			public function existPath($view)
187			{
188			return is_file($this->buildPath($view));
189			}
190
191			/**
192			* Builds path for including
193			* If $view starts with / the path will be relative to the root of the views folder.
194			* Otherwise to caller file location.
195			*
196			* @param string $view
197			* @return string
198			*/
199			protected function buildPath($view)
200			{
201			if ($view[0] == '/') {
202			return $this->getBasePath() . ltrim($view, "/") . '.php';
203			} else {
204			$backtrace = debug_backtrace();
205			$caller = $backtrace[3]['file'];
206
207			return dirname($caller) . "/" . $view . ".php";
208			}
209			}
210
211			/**
212			* @return string
213			*/
214			public function getBasePath()
215			{
216			if ($this->basePath === null) {
217			$this->initBasePath();
218			}
219
220			return $this->basePath;
221			}
222
223			/**
224			* @param $path
225			* @return $this
226			*/
227			public function setBasePath($path)
228			{
229			$path = rtrim($path, DIRECTORY_SEPARATOR) . DIRECTORY_SEPARATOR;
230			$this->basePath = $path;
231
232			return $this;
233			}
234
235			protected function initBasePath()
236			{
237			$this->setBasePath($this->generateBasePath());
238			}
239
240			/**
241			* @return string
242			*/
243			protected function generateBasePath()
244			{
245			if (defined('VIEWS_PATH')) {
246			return VIEWS_PATH;
247			}
248			return false;
			0 ignored issues – show Bug Best Practice introduced 2017-03-05 14:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type of `return false;` (`false`) is incompatible with the return type documented by `Nip\View::generateBasePath` of type `string`. If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author { private $name; public function __construct($name) { $this->name = $name; } public function getName() { return $this->name; } } abstract class Post { public function getAuthor() { return 'Johannes'; } } class BlogPost extends Post { public function getAuthor() { return new Author('Johannes'); } } class ForumPost extends Post { /* ... */ } function my_function(Post $post) { echo strtoupper($post->getAuthor()); } Our function `my_function` expects a `Post` object, and outputs the author of the post. The base class `Post` returns a simple string and outputting a simple string will work just fine. However, the child class `BlogPost` which is a sub-type of `Post` instead decided to return an `object`, and is therefore violating the SOLID principles. If a `BlogPost` were passed to `my_function`, PHP would not complain, but ultimately fail when executing the `strtoupper` call in its body. Loading history...
249			}
250
251			/**
252			* @param string $block
253			*/
254			public function render($block = 'default')
255			{
256			if (!empty($this->blocks[$block])) {
257			$this->load("/" . $this->blocks[$block]);
258			} else {
259			trigger_error("No $block block", E_USER_ERROR);
260			}
261			}
262
263			/** @noinspection PhpInconsistentReturnPointsInspection
264			*
265			* @param $view
266			* @param array $variables
267			* @param bool $return
268			* @return string\|null
269			*/
270			public function load($view, $variables = [], $return = false)
271			{
272			$html = $this->getContents($view, $variables);
273
274			if ($return === true) {
275			return $html;
276			}
277
278			echo $html;
279			}
280
281			/**
282			* @param $view
283			* @param array $variables
284			* @return string
285			*/
286			public function getContents($view, $variables = [])
287			{
288			extract($variables);
289
290			$path = $this->buildPath($view);
291
292			unset($view, $variables);
293			ob_start();
294			/** @noinspection PhpIncludeInspection */
295			include($path);
296			$html = ob_get_contents();
297			ob_end_clean();
298			return $html;
299			}
300
301			/**
302			* @param string $block
303			* @return bool
304			*/
305			public function isBlock($block = 'default')
306			{
307			return empty($this->blocks[$block]) ? false : true;
308			}
309
310			/**
311			* Assigns variables in bulk in the current scope
312			*
313			* @param array $array
314			* @return $this
315			*/
316			public function assign($array = [])
317			{
318			foreach ($array as $key => $value) {
319			if (is_string($key)) {
320			$this->set($key, $value);
321			}
322			}
323			return $this;
324			}
325
326			/**
327			* @return mixed
328			*/
329			public function getRequest()
330			{
331			return $this->request;
332			}
333
334			/**
335			* @param mixed $request
336			*/
337			public function setRequest($request)
338			{
339			$this->request = $request;
340			}
341			}
342

ByTIC / framework

GitHub Access Token became invalid

Issues (917)

Security Analysis not enabled

src/View.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like