Issues in settings.php - Fixed Issues - Inspection of "Merge pull request #11258 from jeabakker/site-secr..." - Elgg/Elgg - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 8e249d...fb189b )

by Jerome

created 2017-10-10 12:46 UTC

views/default/forms/admin/security/settings.php (7 issues)

Labels

Deprecated Code 7

Severity

Minor 7

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

// hardening
$hardening = '';
// protect upgrade.php
$protect_upgrade = (bool) get_config('security_protect_upgrade');

$hardening .= elgg_view_field([
	'#type' => 'checkbox',
	'label' => elgg_echo('admin:security:settings:protect_upgrade'),
	'#help' => elgg_echo('admin:security:settings:protect_upgrade:help'),
	'name' => 'security_protect_upgrade',
	'default' => 0,
	'value' => 1,
	'switch' => true,
	'checked' => $protect_upgrade,
]);
if ($protect_upgrade) {
	$url = elgg_http_get_signed_url('upgrade.php');
	$url = elgg_format_element('pre', [], $url);
	
	$hardening .= elgg_format_element('div', [
		'class' => 'elgg-divide-left plm',
	], elgg_echo('admin:security:settings:protect_upgrade:token') . $url);
}

// protect /cron
$protect_cron = (bool) get_config('security_protect_cron');

$hardening .= elgg_view_field([
	'#type' => 'checkbox',
	'label' => elgg_echo('admin:security:settings:protect_cron'),
	'#help' => elgg_echo('admin:security:settings:protect_cron:help'),
	'name' => 'security_protect_cron',
	'default' => 0,
	'value' => 1,
	'switch' => true,
	'checked' => $protect_cron,
]);
if ($protect_cron) {
	$periods = elgg_get_config('elgg_cron_periods');
	$rows = [];
	
	// header for table
	$cells = [];
	$cells[] = elgg_format_element('th', [], elgg_echo('admin:cron:period'));
	$cells[] = elgg_format_element('th', [], 'URL');
	
	$rows[] = elgg_format_element('tr', [], implode('', $cells));
	
	// add inverval urls
	foreach ($periods as $period) {
		$cells = [];
		
		$cells[] = elgg_format_element('td', [], elgg_echo("interval:{$period}"));
		$cells[] = elgg_format_element('td', [], elgg_http_get_signed_url("cron/{$period}"));
		
		$rows[] = elgg_format_element('tr', [], implode('', $cells));
	}
	
	// cron url table
	$table = elgg_format_element('table', [
		'id' => 'security-cron-urls',
		'class' => 'elgg-table mvm hidden',
	], implode('', $rows));
	
	$content = elgg_echo('admin:security:settings:protect_cron:token');
	$content .= ' ' . elgg_view('output/url', [
		'text' => elgg_echo('admin:security:settings:protect_cron:toggle'),
		'href' => '#security-cron-urls',
		'rel' => 'toggle',
	]);
	$content .= $table;
	
	$hardening .= elgg_format_element('div', [
		'class' => 'elgg-divide-left plm mbm',
	], $content);
}

// disable autocomplete on password forms
$hardening .= elgg_view_field([
	'#type' => 'checkbox',
	'label' => elgg_echo('admin:security:settings:disable_password_autocomplete'),
	'#help' => elgg_echo('admin:security:settings:disable_password_autocomplete:help'),
	'name' => 'security_disable_password_autocomplete',
	'default' => 0,
	'value' => 1,
	'switch' => true,
	'checked' => (bool) get_config('security_disable_password_autocomplete'),

]);

// require password the changing email address
$hardening .= elgg_view_field([
	'#type' => 'checkbox',
	'label' => elgg_echo('admin:security:settings:email_require_password'),
	'#help' => elgg_echo('admin:security:settings:email_require_password:help'),
	'name' => 'security_email_require_password',
	'default' => 0,
	'value' => 1,
	'switch' => true,
	'checked' => (bool) get_config('security_email_require_password'),

]);

// allow others to extend this section
$hardening .= elgg_view('admin/security/settings/extend/hardening');

echo elgg_view_module('inline', elgg_echo('admin:security:settings:label:hardening'), $hardening);

// notifications
$notifications = '';
// notify admins about add/remove of another admin
$notifications .= elgg_view_field([
	'#type' => 'checkbox',
	'label' => elgg_echo('admin:security:settings:notify_admins'),
	'#help' => elgg_echo('admin:security:settings:notify_admins:help'),
	'name' => 'security_notify_admins',
	'default' => 0,
	'value' => 1,
	'switch' => true,
	'checked' => (bool) get_config('security_notify_admins'),

]);

// notify user about add/remove admin of his/her account
$notifications .= elgg_view_field([
	'#type' => 'checkbox',
	'label' => elgg_echo('admin:security:settings:notify_user_admin'),
	'#help' => elgg_echo('admin:security:settings:notify_user_admin:help'),
	'name' => 'security_notify_user_admin',
	'default' => 0,
	'value' => 1,
	'switch' => true,
	'checked' => (bool) get_config('security_notify_user_admin'),

]);

// notify user about (un)ban of his/her account
$notifications .= elgg_view_field([
	'#type' => 'checkbox',
	'label' => elgg_echo('admin:security:settings:notify_user_ban'),
	'#help' => elgg_echo('admin:security:settings:notify_user_ban:help'),
	'name' => 'security_notify_user_ban',
	'default' => 0,
	'value' => 1,
	'switch' => true,
	'checked' => (bool) get_config('security_notify_user_ban'),

]);

// allow others to extend this section
$notifications .= elgg_view('admin/security/settings/extend/notification');

echo elgg_view_module('inline', elgg_echo('admin:security:settings:label:notifications'), $notifications);

// footer
$footer = elgg_view_field([
	'#type' => 'submit',
	'value' => elgg_echo('save'),
]);

elgg_set_form_footer($footer);


1			<?php
2
3			// hardening
4			$hardening = '';
5			// protect upgrade.php
6			$protect_upgrade = (bool) get_config('security_protect_upgrade');
			0 ignored issues – show Deprecated Code introduced 2016-11-09 04:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `get_config()` has been deprecated with message: Use elgg_get_config() This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead. Loading history...
7			$hardening .= elgg_view_field([
8			'#type' => 'checkbox',
9			'label' => elgg_echo('admin:security:settings:protect_upgrade'),
10			'#help' => elgg_echo('admin:security:settings:protect_upgrade:help'),
11			'name' => 'security_protect_upgrade',
12			'default' => 0,
13			'value' => 1,
14			'switch' => true,
15			'checked' => $protect_upgrade,
16			]);
17			if ($protect_upgrade) {
18			$url = elgg_http_get_signed_url('upgrade.php');
19			$url = elgg_format_element('pre', [], $url);
20
21			$hardening .= elgg_format_element('div', [
22			'class' => 'elgg-divide-left plm',
23			], elgg_echo('admin:security:settings:protect_upgrade:token') . $url);
24			}
25
26			// protect /cron
27			$protect_cron = (bool) get_config('security_protect_cron');
			0 ignored issues – show Deprecated Code introduced 2016-11-09 04:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `get_config()` has been deprecated with message: Use elgg_get_config() This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead. Loading history...
28			$hardening .= elgg_view_field([
29			'#type' => 'checkbox',
30			'label' => elgg_echo('admin:security:settings:protect_cron'),
31			'#help' => elgg_echo('admin:security:settings:protect_cron:help'),
32			'name' => 'security_protect_cron',
33			'default' => 0,
34			'value' => 1,
35			'switch' => true,
36			'checked' => $protect_cron,
37			]);
38			if ($protect_cron) {
39			$periods = elgg_get_config('elgg_cron_periods');
40			$rows = [];
41
42			// header for table
43			$cells = [];
44			$cells[] = elgg_format_element('th', [], elgg_echo('admin:cron:period'));
45			$cells[] = elgg_format_element('th', [], 'URL');
46
47			$rows[] = elgg_format_element('tr', [], implode('', $cells));
48
49			// add inverval urls
50			foreach ($periods as $period) {
51			$cells = [];
52
53			$cells[] = elgg_format_element('td', [], elgg_echo("interval:{$period}"));
54			$cells[] = elgg_format_element('td', [], elgg_http_get_signed_url("cron/{$period}"));
55
56			$rows[] = elgg_format_element('tr', [], implode('', $cells));
57			}
58
59			// cron url table
60			$table = elgg_format_element('table', [
61			'id' => 'security-cron-urls',
62			'class' => 'elgg-table mvm hidden',
63			], implode('', $rows));
64
65			$content = elgg_echo('admin:security:settings:protect_cron:token');
66			$content .= ' ' . elgg_view('output/url', [
67			'text' => elgg_echo('admin:security:settings:protect_cron:toggle'),
68			'href' => '#security-cron-urls',
69			'rel' => 'toggle',
70			]);
71			$content .= $table;
72
73			$hardening .= elgg_format_element('div', [
74			'class' => 'elgg-divide-left plm mbm',
75			], $content);
76			}
77
78			// disable autocomplete on password forms
79			$hardening .= elgg_view_field([
80			'#type' => 'checkbox',
81			'label' => elgg_echo('admin:security:settings:disable_password_autocomplete'),
82			'#help' => elgg_echo('admin:security:settings:disable_password_autocomplete:help'),
83			'name' => 'security_disable_password_autocomplete',
84			'default' => 0,
85			'value' => 1,
86			'switch' => true,
87			'checked' => (bool) get_config('security_disable_password_autocomplete'),
			0 ignored issues – show Deprecated Code introduced 2016-11-09 04:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `get_config()` has been deprecated with message: Use elgg_get_config() This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead. Loading history...
88			]);
89
90			// require password the changing email address
91			$hardening .= elgg_view_field([
92			'#type' => 'checkbox',
93			'label' => elgg_echo('admin:security:settings:email_require_password'),
94			'#help' => elgg_echo('admin:security:settings:email_require_password:help'),
95			'name' => 'security_email_require_password',
96			'default' => 0,
97			'value' => 1,
98			'switch' => true,
99			'checked' => (bool) get_config('security_email_require_password'),
			0 ignored issues – show Deprecated Code introduced 2016-11-09 04:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `get_config()` has been deprecated with message: Use elgg_get_config() This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead. Loading history...
100			]);
101
102			// allow others to extend this section
103			$hardening .= elgg_view('admin/security/settings/extend/hardening');
104
105			echo elgg_view_module('inline', elgg_echo('admin:security:settings:label:hardening'), $hardening);
106
107			// notifications
108			$notifications = '';
109			// notify admins about add/remove of another admin
110			$notifications .= elgg_view_field([
111			'#type' => 'checkbox',
112			'label' => elgg_echo('admin:security:settings:notify_admins'),
113			'#help' => elgg_echo('admin:security:settings:notify_admins:help'),
114			'name' => 'security_notify_admins',
115			'default' => 0,
116			'value' => 1,
117			'switch' => true,
118			'checked' => (bool) get_config('security_notify_admins'),
			0 ignored issues – show Deprecated Code introduced 2016-11-09 04:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `get_config()` has been deprecated with message: Use elgg_get_config() This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead. Loading history...
119			]);
120
121			// notify user about add/remove admin of his/her account
122			$notifications .= elgg_view_field([
123			'#type' => 'checkbox',
124			'label' => elgg_echo('admin:security:settings:notify_user_admin'),
125			'#help' => elgg_echo('admin:security:settings:notify_user_admin:help'),
126			'name' => 'security_notify_user_admin',
127			'default' => 0,
128			'value' => 1,
129			'switch' => true,
130			'checked' => (bool) get_config('security_notify_user_admin'),
			0 ignored issues – show Deprecated Code introduced 2016-11-09 04:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `get_config()` has been deprecated with message: Use elgg_get_config() This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead. Loading history...
131			]);
132
133			// notify user about (un)ban of his/her account
134			$notifications .= elgg_view_field([
135			'#type' => 'checkbox',
136			'label' => elgg_echo('admin:security:settings:notify_user_ban'),
137			'#help' => elgg_echo('admin:security:settings:notify_user_ban:help'),
138			'name' => 'security_notify_user_ban',
139			'default' => 0,
140			'value' => 1,
141			'switch' => true,
142			'checked' => (bool) get_config('security_notify_user_ban'),
			0 ignored issues – show Deprecated Code introduced 2016-11-09 04:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `get_config()` has been deprecated with message: Use elgg_get_config() This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead. Loading history...
143			]);
144
145			// allow others to extend this section
146			$notifications .= elgg_view('admin/security/settings/extend/notification');
147
148			echo elgg_view_module('inline', elgg_echo('admin:security:settings:label:notifications'), $notifications);
149
150			// footer
151			$footer = elgg_view_field([
152			'#type' => 'submit',
153			'value' => elgg_echo('save'),
154			]);
155
156			elgg_set_form_footer($footer);
157

Elgg / Elgg

Push — master ( 8e249d...fb189b )

views/default/forms/admin/security/settings.php (7 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like