Issues in Example.php (master) - Issues in master - Erdiko/erdiko - Measure and Improve Code Quality continuously with Scrutinizer

Issues (20)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

app/controllers/Example.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Examples Controller
 * Multiple examples of how you can use erdiko.  It includes some simple use cases.
 *
 * @category    app
 * @package     controllers
 * @copyright   Copyright (c) 2016, Arroyo Labs, www.arroyolabs.com
 * @author      John Arroyo, [email protected]
 */
namespace app\controllers;


/**
 * Example Controller Class
 */
class Example extends \erdiko\core\Controller
{
    /**
     * Before action hook
     * Anything here gets called immediately BEFORE the Action method runs.
     * Typically used for theming, ACL and other controller wide set up code
     */
    public function _before()
    {
        /** 
         * Important notes about theming:
         * Changing your default site wide theme should be done in the default/application.json file
         *
         * If you want to switch themes in your controller uncomment out this line.
         * $this->setThemeName('my_theme_name');
         * 
         * You can also switch themes on a per action basis.  
         * This would be done by putting this code at the top of your action method
         * $this->setTheme('my_theme_name');
         */
        // $this->setThemeName('my_theme_name');


        // Run the parent beore filter to prep the theme
        parent::_before();
    }

    /** Get Hello */
    public function getHello()
    {
        $this->setTitle('Hello World');
        $this->setContent("Hello World");
    }

    /**
     * Homepage Action (index)
     */
    public function getIndex()
    {
        // Add page data
        $this->setTitle('Welcome to Erdiko');
        $this->addView('examples/home');
        $this->addMeta("description", "index page meta description");
    }

    /**
     * Advanced Action 
     */
    public function getAdvanced()
    {
        // Add page data
        $this->setTitle('Advanced use cases');
        $this->addMeta("description", "Advanced use cases and examples");

        // Add additional js and css files
        $this->addCss('my-css','/css/my-css-file.css');
        $this->addJs('my-js','/js/my-js-file.js');

        // Add additional fields to the theme
        $this->getResponse()->getTheme()->custom_var = "Booyah";
        echo $this->getResponse()->getTheme()->custom_var;

        // Add additional fields to the view
        $this->getResponse()->getTheme()->custom_var = "Booyah";
        echo $this->getResponse()->getTheme()->custom_var;

        // Get a view object
        $view = $this->getView('examples/advanced');

        // Add a field to the view that can be used directly in the view
        $view->title = $this->getTitle();

        // Add the view to the content
        $this->setContent($view);
    }

    /**
     * Examples Action
     */
    public function getExamples()
    {
        // Add page data
        $this->setTitle('Erdiko page examples');
        $this->addView('examples/list');
    }

    /**
     * Get baseline, the simplest page around town
     */
    public function getBaseline()
    {
        // Entering raw text on the page
        $this->setContent("
            <div class=\"container\"><p>
            This is the simplest page possible.</p>
            </div>");
    }

    /**
     * Get full page
     */
    public function getFullpage()
    {
        $this->setThemeTemplate('fullpage');
        $this->setContent("This is a fullpage layout (sans header/footer)");
    }

    /**
     * Get set view
     */
    public function getSetview()
    {
        $this->setTitle('Page with a single view');
        $this->addView('examples/setview');
    }

    /**
     * Get multiple views
     */
    public function getSetmultipleviews()
    {
        $this->setTitle('Page with multiple views');

        // Include multiple views directly
        $content = $this->getView('examples/one');
        $content .= $this->getView('examples/two');
        $content .= $this->getView('examples/three');

        $this->setContent($content);
    }

    /**
     * Get multiple views at
     */
    public function getSetmultipleviewsAlt()
    {
        $this->setTitle('Page with multiple views (alt)');

        // Add multiple views using api (better approach)
        $this->addView('examples/one');
        $this->addView('examples/two');
        $this->addView('examples/three');
    }

    /**
     * Get view2
     * Another way to inject views into a layout
     */
    public function getSetview2()
    {
        // Include multiple views indirectly
        $page = array(
            'content' => array(
                'view1' => $this->getView('examples/one'),
                'view2' => $this->getView('examples/two'),
                'view3' => $this->getView('examples/three')
                )
            );

        $this->setTitle('Example: Multiple views take 2');
        $this->addView('examples/setview2', $page);
    }

    /**
     * Slideshow Action
     */
    public function getCarousel()
    {
        // Add page data
        $this->setTitle('Example: Carousel');
        $this->addView('examples/carousel');

        // Inject the carousel js code
        $this->getResponse()
            ->getTheme();
    }

    /**
     * Flash Messages Action
     */
    public function getFlashmessages()
    {
        \erdiko\core\helpers\FlashMessages::set("This is a success message", "success");
        \erdiko\core\helpers\FlashMessages::set("This is an info message", "info");
        \erdiko\core\helpers\FlashMessages::set("This is a warning message", "warning");
        \erdiko\core\helpers\FlashMessages::set("This is a danger/error message", "danger");
    }

    /**
     * Get php info
     */
    public function getPhpinfo()
    {
        phpinfo();
        exit;

    }

    /**
     * Get Mark Up
     *
     * @usage This is an alternate way to add page content data
     * You can load a view directly into the content.
     * This is not the preferred way to add content.
     * Use the addView() method or a Layout when possible.
     */
    public function getMarkup()
    {
        $this->setTitle('Example Mark-Up');
        
        $this->addView('examples/markup');
        $this->addView('examples/tables');
        $this->addView('examples/forms');
    }

    /**
     * Get one column layout example
     */
    public function getOnecolumn()
    {
        // Set page using a layout
        $columns = array(
            'body' => $this->getView('examples/one'),
            );
        
        $this->setTitle('1 Column Layout');
        $this->setContent($this->getLayout('1column', $columns));
    }

    /**
     * Get two column layout example
     */
    public function getTwocolumn()

    {
        // Set columns directly using a layout
        $columns = array(
            'one' => $this->getView('examples/one'),
            'two' => $this->getView('examples/nested_view')
            );
        
        $this->setTitle('2 Column Layout');
        $this->setContent($this->getLayout('2column', $columns));
    }

    /**
     * Get three column layout example
     */
    public function getThreecolumn()

    {
        // Set each column using a layout
        $columns = array(
            'one' => $this->getView('examples/one'),
            'two' => $this->getView('examples/two'),
            'three' => $this->getView('examples/three')
            );
        
        $this->setTitle('3 Column Layout');
        $this->setContent($this->getLayout('3column', $columns));
    }

    /**
     * Get grid
     */
    public function getGrid()
    {
        $data = array(
            'columns' => 4,
            'count' => 12
            );
        
        $this->setTitle('Grid');
        $this->addView('examples/grid', $data);
    }

    /* Footer Pages */

    /**
     * Get Config
     */
    public function getConfig()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $contextConfig = \Erdiko::getConfig();
        $this->setTitle('Config Data');
        $data = array(
            'context' => getenv('ERDIKO_CONTEXT'),
            'test' => $_ENV['ERDIKO_CONTEXT'],
            'test_r' => print_r($_ENV, true),
            'config file data' => $contextConfig
            );

        // Set page using a layout
        $columns = array(
            'body' => $this->getView('examples/json', $data),
            );
        $this->setContent($this->getLayout('1column', $columns));
    }

    /**
     * Get Exception
     */
    public function getException()
    {
        $this->setContent($this->getLayout('doesNotExist', null));
    }

    /**
     * Get About
     */
    public function getAbout()
    {
        $this->setTitle("About");
        $data = \Erdiko::getConfig("application", getenv('ERDIKO_CONTEXT'));
        
        $this->addView('examples/about', $data);
    }
}


1		<?php
2		/**
3		* Examples Controller
4		* Multiple examples of how you can use erdiko. It includes some simple use cases.
5		*
6		* @category app
7		* @package controllers
8		* @copyright Copyright (c) 2016, Arroyo Labs, www.arroyolabs.com
9		* @author John Arroyo, [email protected]
10		*/
11		namespace app\controllers;
12
13
14		/**
15		* Example Controller Class
16		*/
17		class Example extends \erdiko\core\Controller
18		{
19		/**
20		* Before action hook
21		* Anything here gets called immediately BEFORE the Action method runs.
22		* Typically used for theming, ACL and other controller wide set up code
23		*/
24		public function _before()
25		{
26		/**
27		* Important notes about theming:
28		* Changing your default site wide theme should be done in the default/application.json file
29		*
30		* If you want to switch themes in your controller uncomment out this line.
31		* $this->setThemeName('my_theme_name');
32		*
33		* You can also switch themes on a per action basis.
34		* This would be done by putting this code at the top of your action method
35		* $this->setTheme('my_theme_name');
36		*/
37		// $this->setThemeName('my_theme_name');
		0 ignored issues – show Unused Code Comprehensibility introduced 2017-01-26 19:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this `75%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
38
39		// Run the parent beore filter to prep the theme
40		parent::_before();
41		}
42
43		/** Get Hello */
44		public function getHello()
45		{
46		$this->setTitle('Hello World');
47		$this->setContent("Hello World");
48		}
49
50		/**
51		* Homepage Action (index)
52		*/
53		public function getIndex()
54		{
55		// Add page data
56		$this->setTitle('Welcome to Erdiko');
57		$this->addView('examples/home');
58		$this->addMeta("description", "index page meta description");
59		}
60
61		/**
62		* Advanced Action
63		*/
64		public function getAdvanced()
65		{
66		// Add page data
67		$this->setTitle('Advanced use cases');
68		$this->addMeta("description", "Advanced use cases and examples");
69
70		// Add additional js and css files
71		$this->addCss('my-css','/css/my-css-file.css');
72		$this->addJs('my-js','/js/my-js-file.js');
73
74		// Add additional fields to the theme
75		$this->getResponse()->getTheme()->custom_var = "Booyah";
76		echo $this->getResponse()->getTheme()->custom_var;
77
78		// Add additional fields to the view
79		$this->getResponse()->getTheme()->custom_var = "Booyah";
80		echo $this->getResponse()->getTheme()->custom_var;
81
82		// Get a view object
83		$view = $this->getView('examples/advanced');
84
85		// Add a field to the view that can be used directly in the view
86		$view->title = $this->getTitle();
87
88		// Add the view to the content
89		$this->setContent($view);
90		}
91
92		/**
93		* Examples Action
94		*/
95		public function getExamples()
96		{
97		// Add page data
98		$this->setTitle('Erdiko page examples');
99		$this->addView('examples/list');
100		}
101
102		/**
103		* Get baseline, the simplest page around town
104		*/
105		public function getBaseline()
106		{
107		// Entering raw text on the page
108		$this->setContent("
109		<div class=\"container\"><p>
110		This is the simplest page possible.</p>
111		</div>");
112		}
113
114		/**
115		* Get full page
116		*/
117		public function getFullpage()
118		{
119		$this->setThemeTemplate('fullpage');
120		$this->setContent("This is a fullpage layout (sans header/footer)");
121		}
122
123		/**
124		* Get set view
125		*/
126		public function getSetview()
127		{
128		$this->setTitle('Page with a single view');
129		$this->addView('examples/setview');
130		}
131
132		/**
133		* Get multiple views
134		*/
135		public function getSetmultipleviews()
136		{
137		$this->setTitle('Page with multiple views');
138
139		// Include multiple views directly
140		$content = $this->getView('examples/one');
141		$content .= $this->getView('examples/two');
142		$content .= $this->getView('examples/three');
143
144		$this->setContent($content);
145		}
146
147		/**
148		* Get multiple views at
149		*/
150		public function getSetmultipleviewsAlt()
151		{
152		$this->setTitle('Page with multiple views (alt)');
153
154		// Add multiple views using api (better approach)
155		$this->addView('examples/one');
156		$this->addView('examples/two');
157		$this->addView('examples/three');
158		}
159
160		/**
161		* Get view2
162		* Another way to inject views into a layout
163		*/
164		public function getSetview2()
165		{
166		// Include multiple views indirectly
167		$page = array(
168		'content' => array(
169		'view1' => $this->getView('examples/one'),
170		'view2' => $this->getView('examples/two'),
171		'view3' => $this->getView('examples/three')
172		)
173		);
174
175		$this->setTitle('Example: Multiple views take 2');
176		$this->addView('examples/setview2', $page);
177		}
178
179		/**
180		* Slideshow Action
181		*/
182		public function getCarousel()
183		{
184		// Add page data
185		$this->setTitle('Example: Carousel');
186		$this->addView('examples/carousel');
187
188		// Inject the carousel js code
189		$this->getResponse()
190		->getTheme();
191		}
192
193		/**
194		* Flash Messages Action
195		*/
196		public function getFlashmessages()
197		{
198		\erdiko\core\helpers\FlashMessages::set("This is a success message", "success");
199		\erdiko\core\helpers\FlashMessages::set("This is an info message", "info");
200		\erdiko\core\helpers\FlashMessages::set("This is a warning message", "warning");
201		\erdiko\core\helpers\FlashMessages::set("This is a danger/error message", "danger");
202		}
203
204		/**
205		* Get php info
206		*/
207		public function getPhpinfo()
208		{
209		phpinfo();
210		exit;
		0 ignored issues – show Coding Style Compatibility introduced 2017-01-26 19:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getPhpinfo()` contains an exit expression. An exit expression should only be used in rare cases. For example, if you write a short command line script. In most cases however, using an `exit` expression makes the code untestable and often causes incompatibilities with other libraries. Thus, unless you are absolutely sure it is required here, we recommend to refactor your code to avoid its usage. Loading history...
211		}
212
213		/**
214		* Get Mark Up
215		*
216		* @usage This is an alternate way to add page content data
217		* You can load a view directly into the content.
218		* This is not the preferred way to add content.
219		* Use the addView() method or a Layout when possible.
220		*/
221		public function getMarkup()
222		{
223		$this->setTitle('Example Mark-Up');
224
225		$this->addView('examples/markup');
226		$this->addView('examples/tables');
227		$this->addView('examples/forms');
228		}
229
230		/**
231		* Get one column layout example
232		*/
233		public function getOnecolumn()
234		{
235		// Set page using a layout
236		$columns = array(
237		'body' => $this->getView('examples/one'),
238		);
239
240		$this->setTitle('1 Column Layout');
241		$this->setContent($this->getLayout('1column', $columns));
242		}
243
244		/**
245		* Get two column layout example
246		*/
247	View Code Duplication	public function getTwocolumn()
		0 ignored issues – show Duplication introduced 2017-01-26 19:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
248		{
249		// Set columns directly using a layout
250		$columns = array(
251		'one' => $this->getView('examples/one'),
252		'two' => $this->getView('examples/nested_view')
253		);
254
255		$this->setTitle('2 Column Layout');
256		$this->setContent($this->getLayout('2column', $columns));
257		}
258
259		/**
260		* Get three column layout example
261		*/
262	View Code Duplication	public function getThreecolumn()
		0 ignored issues – show Duplication introduced 2017-01-26 19:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
263		{
264		// Set each column using a layout
265		$columns = array(
266		'one' => $this->getView('examples/one'),
267		'two' => $this->getView('examples/two'),
268		'three' => $this->getView('examples/three')
269		);
270
271		$this->setTitle('3 Column Layout');
272		$this->setContent($this->getLayout('3column', $columns));
273		}
274
275		/**
276		* Get grid
277		*/
278		public function getGrid()
279		{
280		$data = array(
281		'columns' => 4,
282		'count' => 12
283		);
284
285		$this->setTitle('Grid');
286		$this->addView('examples/grid', $data);
287		}
288
289		/* Footer Pages */
290
291		/**
292		* Get Config
293		*/
294		public function getConfig()
		0 ignored issues – show Coding Style introduced 2017-01-26 19:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this `getConfig` uses the super-global variable `$_ENV` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
295		{
296		$contextConfig = \Erdiko::getConfig();
297		$this->setTitle('Config Data');
298		$data = array(
299		'context' => getenv('ERDIKO_CONTEXT'),
300		'test' => $_ENV['ERDIKO_CONTEXT'],
301		'test_r' => print_r($_ENV, true),
302		'config file data' => $contextConfig
303		);
304
305		// Set page using a layout
306		$columns = array(
307		'body' => $this->getView('examples/json', $data),
308		);
309		$this->setContent($this->getLayout('1column', $columns));
310		}
311
312		/**
313		* Get Exception
314		*/
315		public function getException()
316		{
317		$this->setContent($this->getLayout('doesNotExist', null));
318		}
319
320		/**
321		* Get About
322		*/
323		public function getAbout()
324		{
325		$this->setTitle("About");
326		$data = \Erdiko::getConfig("application", getenv('ERDIKO_CONTEXT'));
327
328		$this->addView('examples/about', $data);
329		}
330		}
331

Erdiko / erdiko

Issues (20)

Security Analysis not enabled

app/controllers/Example.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like