Issues in extension.driver.php (master) - Issues in master - DeuxHuitHuit/entry_relationship_field - Measure and Improve Code Quality continuously with Scrutinizer

Issues (19)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

extension.driver.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
	/*
	Copyight: Deux Huit Huit 2014
	LICENCE: MIT https://deuxhuithuit.mit-license.org
	*/
	
	if(!defined("__IN_SYMPHONY__")) die("<h2>Error</h2><p>You cannot directly access this file</p>");
	
	require_once(EXTENSIONS . '/entry_relationship_field/fields/field.entry_relationship.php');
	require_once(EXTENSIONS . '/entry_relationship_field/fields/field.reverse_relationship.php');
	
	/**
	 *
	 * @author Deux Huit Huit
	 * https://deuxhuithuit.com/
	 *
	 */
	class extension_entry_relationship_field extends Extension {

		/**
		 * Name of the extension
		 * @var string
		 */
		const EXT_NAME = 'Entry Relationship Field';
		
		/**
		 * Symphony utility function that permits to
		 * implement the Observer/Observable pattern.
		 * We register here delegate that will be fired by Symphony
		 */

		public function getSubscribedDelegates(){
			return array(
				array(
					'page' => '/backend/',
					'delegate' => 'InitaliseAdminPageHead',
					'callback' => 'appendAssets'
				)
			);
		}

		/**
		 * Delegate fired to add a link to Cache Management
		 */
		public function fetchNavigation() {
			if (is_callable(array('Symphony', 'Author'))) {
				$author = Symphony::Author();
			} else {
				$author = Administration::instance()->Author;
			}
			
			// Work around single group limit in nav
			$group = $author->isDeveloper() ? 'developer' : 'manager';
			
			return array(
					array (
						'location' => __('System'),
						'name' => __('ERF Clean up'),
						'link' => 'cleanup',
						'limit' => $group,
					) // nav group
			); // nav
		}

		/**
		 *
		 * Appends javascript file references into the head, if needed
		 * @param array $context
		 */
		public function appendAssets(array $context) {
			// store the callback array locally
			$c = Administration::instance()->getPageCallback();
			
			// publish page
			if($c['driver'] == 'publish') {
				Administration::instance()->Page->addStylesheetToHead(
					URL . '/extensions/entry_relationship_field/assets/publish.entry_relationship_field.css',
					'screen',
					time() + 1,
					false
				);
				Administration::instance()->Page->addScriptToHead(
					URL . '/extensions/entry_relationship_field/assets/publish.entry_relationship_field.js',
					10,
					false
				);
				
			} else if ($c['driver'] == 'blueprintssections') {
				Administration::instance()->Page->addStylesheetToHead(
					URL . '/extensions/entry_relationship_field/assets/section.entry_relationship_field.css',
					'screen',
					time() + 1,
					false
				);
				Administration::instance()->Page->addScriptToHead(
					URL . '/extensions/entry_relationship_field/assets/section.entry_relationship_field.js',
					time(),
					false
				);
			}
		}

		/* ********* INSTALL/UPDATE/UNINSTALL ******* */

		/**
		 * Creates the table needed for the settings of the field
		 */
		public function install() {
			General::realiseDirectory(WORKSPACE . '/er-templates');
			return FieldEntry_Relationship::createFieldTable() && FieldReverse_Relationship::createFieldTable();
		}

		/**
		 * This method will update the extension according to the
		 * previous and current version parameters.
		 * @param string $previousVersion
		 */
		public function update($previousVersion = false) {
			$ret = true;
			
			if (!$previousVersion) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
				$previousVersion = '0.0.1';
			}
			
			// less than 1.0.2
			if ($ret && version_compare($previousVersion, '1.0.2', '<')) {
				$ret = FieldEntry_Relationship::update_102();
			}
			
			// less than 1.0.3
			if ($ret && version_compare($previousVersion, '1.0.3', '<')) {
				$ret = FieldEntry_Relationship::update_103();
			}
			
			// less than 2.0.0.beta5
			if ($ret && version_compare($previousVersion, '2.0.0.beta5', '<')) {
				$ret = FieldEntry_Relationship::update_200();
			}
			
			// less than 2.0.0.beta6
			if ($ret && version_compare($previousVersion, '2.0.0.beta6', '<')) {
				$ret = FieldReverse_Relationship::update_200();
			}
			
			// less than 2.0.0.beta8
			if ($ret && version_compare($previousVersion, '2.0.0.beta8', '<')) {
				$ret = FieldEntry_Relationship::update_2008();
			}
			
			// less than 2.1.0 and more recent than 2.0.0.beta6
			if ($ret && version_compare($previousVersion, '2.1.0', '<') &&
				version_compare($previousVersion, '2.0.0.beta6', '>=')) {
				$ret = FieldReverse_Relationship::update_210();
			}
			
			return $ret;
		}

		/**
		 * Drops the table needed for the settings of the field
		 */
		public function uninstall() {
			return FieldEntry_Relationship::deleteFieldTable() && FieldReverse_Relationship::deleteFieldTable();
		}

	}

1			<?php
2			/*
3			Copyight: Deux Huit Huit 2014
4			LICENCE: MIT https://deuxhuithuit.mit-license.org
5			*/
6
7			if(!defined("__IN_SYMPHONY__")) die("<h2>Error</h2><p>You cannot directly access this file</p>");
8
9			require_once(EXTENSIONS . '/entry_relationship_field/fields/field.entry_relationship.php');
10			require_once(EXTENSIONS . '/entry_relationship_field/fields/field.reverse_relationship.php');
11
12			/**
13			*
14			* @author Deux Huit Huit
15			* https://deuxhuithuit.com/
16			*
17			*/
18			class extension_entry_relationship_field extends Extension {
19
20			/**
21			* Name of the extension
22			* @var string
23			*/
24			const EXT_NAME = 'Entry Relationship Field';
25
26			/**
27			* Symphony utility function that permits to
28			* implement the Observer/Observable pattern.
29			* We register here delegate that will be fired by Symphony
30			*/
31
32			public function getSubscribedDelegates(){
33			return array(
34			array(
35			'page' => '/backend/',
36			'delegate' => 'InitaliseAdminPageHead',
37			'callback' => 'appendAssets'
38			)
39			);
40			}
41
42			/**
43			* Delegate fired to add a link to Cache Management
44			*/
45			public function fetchNavigation() {
46			if (is_callable(array('Symphony', 'Author'))) {
47			$author = Symphony::Author();
48			} else {
49			$author = Administration::instance()->Author;
50			}
51
52			// Work around single group limit in nav
53			$group = $author->isDeveloper() ? 'developer' : 'manager';
54
55			return array(
56			array (
57			'location' => __('System'),
58			'name' => __('ERF Clean up'),
59			'link' => 'cleanup',
60			'limit' => $group,
61			) // nav group
62			); // nav
63			}
64
65			/**
66			*
67			* Appends javascript file references into the head, if needed
68			* @param array $context
69			*/
70			public function appendAssets(array $context) {
71			// store the callback array locally
72			$c = Administration::instance()->getPageCallback();
73
74			// publish page
75			if($c['driver'] == 'publish') {
76			Administration::instance()->Page->addStylesheetToHead(
77			URL . '/extensions/entry_relationship_field/assets/publish.entry_relationship_field.css',
78			'screen',
79			time() + 1,
80			false
81			);
82			Administration::instance()->Page->addScriptToHead(
83			URL . '/extensions/entry_relationship_field/assets/publish.entry_relationship_field.js',
84			10,
85			false
86			);
87
88			} else if ($c['driver'] == 'blueprintssections') {
89			Administration::instance()->Page->addStylesheetToHead(
90			URL . '/extensions/entry_relationship_field/assets/section.entry_relationship_field.css',
91			'screen',
92			time() + 1,
93			false
94			);
95			Administration::instance()->Page->addScriptToHead(
96			URL . '/extensions/entry_relationship_field/assets/section.entry_relationship_field.js',
97			time(),
98			false
99			);
100			}
101			}
102
103			/* ******* INSTALL/UPDATE/UNINSTALL ***** */
104
105			/**
106			* Creates the table needed for the settings of the field
107			*/
108			public function install() {
109			General::realiseDirectory(WORKSPACE . '/er-templates');
110			return FieldEntry_Relationship::createFieldTable() && FieldReverse_Relationship::createFieldTable();
111			}
112
113			/**
114			* This method will update the extension according to the
115			* previous and current version parameters.
116			* @param string $previousVersion
117			*/
118			public function update($previousVersion = false) {
119			$ret = true;
120
121			if (!$previousVersion) {
			0 ignored issues – show Bug Best Practice introduced 2016-02-11 22:48 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$previousVersion` of type `false\|string` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== false` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
122			$previousVersion = '0.0.1';
123			}
124
125			// less than 1.0.2
126			if ($ret && version_compare($previousVersion, '1.0.2', '<')) {
127			$ret = FieldEntry_Relationship::update_102();
128			}
129
130			// less than 1.0.3
131			if ($ret && version_compare($previousVersion, '1.0.3', '<')) {
132			$ret = FieldEntry_Relationship::update_103();
133			}
134
135			// less than 2.0.0.beta5
136			if ($ret && version_compare($previousVersion, '2.0.0.beta5', '<')) {
137			$ret = FieldEntry_Relationship::update_200();
138			}
139
140			// less than 2.0.0.beta6
141			if ($ret && version_compare($previousVersion, '2.0.0.beta6', '<')) {
142			$ret = FieldReverse_Relationship::update_200();
143			}
144
145			// less than 2.0.0.beta8
146			if ($ret && version_compare($previousVersion, '2.0.0.beta8', '<')) {
147			$ret = FieldEntry_Relationship::update_2008();
148			}
149
150			// less than 2.1.0 and more recent than 2.0.0.beta6
151			if ($ret && version_compare($previousVersion, '2.1.0', '<') &&
152			version_compare($previousVersion, '2.0.0.beta6', '>=')) {
153			$ret = FieldReverse_Relationship::update_210();
154			}
155
156			return $ret;
157			}
158
159			/**
160			* Drops the table needed for the settings of the field
161			*/
162			public function uninstall() {
163			return FieldEntry_Relationship::deleteFieldTable() && FieldReverse_Relationship::deleteFieldTable();
164			}
165
166			}

DeuxHuitHuit / entry_relationship_field

Issues (19)

Security Analysis not enabled

extension.driver.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like