header.php ➔ defaultPagePrelude() - Code Metrics - Inspection of "restructure to reduce complexity and improve reada..." - GEANT/CAT - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( f19613...bc8e7d )

by Stefan

created 2016-08-26 13:41 UTC

header.php ➔ defaultPagePrelude() B

↳ Parent: Project

Complexity

Conditions	5
Paths	8

Size

Total Lines	35
Code Lines	24

Duplication

Lines	5
Ratio	14.29 %

Importance

Changes	2
Bugs	0	Features	0

Metric	Value
cc	5
eloc	24
c	2
b	0
f	0
nc	8
nop	2
dl	5
loc	35
rs	8.439

<?php
/* * *********************************************************************************
 * (c) 2011-15 GÉANT on behalf of the GN3, GN3plus and GN4 consortia
 * License: see the LICENSE file in the root directory
 * ********************************************************************************* */
?>
<?php
require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/config/_config.php");

require_once("Helper.php");
require_once("CAT.php");
require_once(dirname(dirname(dirname(__FILE__))) . "/admin/inc/input_validation.inc.php");

/**
 * This starts HTML in a default way. Most pages would call this.
 * Exception: if you need to add extra code in <head> or modify the <body> tag
 * (e.g. onload) then you should call defaultPagePrelude, close head, open body,
 * and then call productheader.
 * 
 * @param type $pagetitle
 * @param type $area
 * @param type $authRequired
 */
function pageheader($pagetitle, $area, $authRequired = TRUE) {
    $cat = defaultPagePrelude($pagetitle, $authRequired);

    echo "</head></body>";
    productheader($area, CAT::get_lang());
    return $cat;
}

function defaultPagePrelude($pagetitle, $auth_required = TRUE) {
    if ($auth_required == TRUE) {

        require_once(dirname(dirname(dirname(__FILE__))) . "/admin/inc/auth.inc.php");
        authenticate();
    }
    $cat = new CAT();
    $cat->set_locale("web_admin");
    $ourlocale = CAT::get_lang();
    header("Content-Type:text/html;charset=utf-8");
    echo "<!DOCTYPE html>
          <html xmlns='http://www.w3.org/1999/xhtml' lang='<?php echo $ourlocale;?>'>
          <head lang='<?php echo $ourlocale;?>'>
          <meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>";

    $cssUrl = valid_host($_SERVER['HTTP_HOST']);
    if ($cssUrl === FALSE) {
        throw new Exception("We don't know our own hostname?!");
    }
    // we need to construct the right path to the consortium logo; we are either
    // in the admin area or on the main index.php ...
    if (strpos($_SERVER['PHP_SELF'], "admin/") !== FALSE) {
        $cssUrl .= substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], "/admin/")) . "/resources/css/cat.css.php";
    } else if (strpos($_SERVER['PHP_SELF'], "diag/") !== FALSE) {

        $cssUrl .= substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], "/diag/")) . "/resources/css/cat.css.php";
    } else {
        $cssUrl .= substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], "/")) . "/resources/css/cat.css.php";
    }

    $cssUrl = "//" . $cssUrl; // omitting http or https means "on same protocol
    
    echo "<link rel='stylesheet' type='text/css' href='$cssUrl' />";
    echo "<title>" . htmlspecialchars($pagetitle) . "</title>";

    return $cat;
}

function headerDiv($cap1) {
    $place = parse_url($_SERVER['REQUEST_URI']);
    ?>
    <div class='header'>
        <div id='header_toprow'>
            <div id='header_captions' style='display:inline-block; float:left; min-width:400px;'>
                <h1><?php echo $cap1; ?></h1>
            </div><!--header_captions-->
            <div id='langselection' style='padding-top:20px; padding-left:10px;'>
                <form action='<?php echo $place['path']; ?>' method='GET' accept-charset='UTF-8'><?php echo _("View this page in"); ?>&nbsp;
// for HTML
$sanitized = htmlentities($tainted, ENT_QUOTES);

// for URLs
$sanitized = urlencode($tainted);
                    <select id='lang' name='lang' onchange='this.form.submit()'>
                        <?php
                        foreach (Config::$LANGUAGES as $lang => $value) {
                            echo "<option value='$lang' " . (strtoupper($language) == strtoupper($lang) ? "selected" : "" ) . " >" . $value['display'] . "</option> ";

                        }
                        ?>
                    </select>
                    <?php
                    foreach ($_GET as $var => $value) {
                        if ($var != "lang" && $value != "") {
                            echo "<input type='hidden' name='" . htmlspecialchars($var) . "' value='" . htmlspecialchars($value) . "'>";
                        }
                    }
                    ?>
                </form>
            </div><!--langselection-->
            <?php
            $logoUrl = valid_host($_SERVER['HTTP_HOST']);
            if ($logoUrl === FALSE) {
                throw new Exception("We don't know our own hostname?!");
            }
            // we need to construct the right path to the consortium logo; we are either
            // in the admin area or on the main index.php ...
            if (strpos($_SERVER['PHP_SELF'], "admin/") === FALSE) {

                $logoUrl .= substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], "/")) . "/resources/images/consortium_logo.png";
            }
            else {
                $logoUrl .= substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], "/admin/")) . "/resources/images/consortium_logo.png";
            }
            $logoUrl = "//" . $logoUrl;
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
            ?>
            <div class='consortium_logo'>
                <img id='test_locate' src='$logoUrl' alt='Consortium Logo'>
            </div> <!-- consortium_logo -->

        </div><!--header_toprow-->
    </div> <!-- header -->
    <?php
}

function productheader($area, $language) {

    // this <div is closing in footer, keep it in PHP for Netbeans syntax
    // highlighting to work
    echo "<div class='maincontent'>";

        switch ($area) {
            case "ADMIN-IDP":

                $cap1 = Config::$APPEARANCE['productname_long'];
                $cap2 = _("Administrator Interface - Identity Provider");
                $advanced_controls = TRUE;
                break;
            case "ADMIN":

                $cap1 = Config::$APPEARANCE['productname_long'];
                $cap2 = _("Administrator Interface");
                $advanced_controls = TRUE;
                break;
            case "USERMGMT":

                $cap1 = Config::$APPEARANCE['productname_long'];
                $cap2 = _("Management of User Details");
                $advanced_controls = TRUE;
                break;
            case "FEDERATION":

                $cap1 = Config::$APPEARANCE['productname_long'];
                $cap2 = _("Administrator Interface - Federation Management");
                $advanced_controls = TRUE;
                break;
            case "USER":

                $cap1 = sprintf(_("Welcome to %s"), Config::$APPEARANCE['productname']);
                $cap2 = Config::$APPEARANCE['productname_long'];
                $advanced_controls = FALSE;
                break;
            case "SUPERADMIN":

                $cap1 = Config::$APPEARANCE['productname_long'];
                $cap2 = _("CIC");
                $advanced_controls = TRUE;
                break;
            default:
                $cap1 = Config::$APPEARANCE['productname_long'];
                $cap2 = "It is an error if you ever see this string.";
        }


    echo headerDiv($cap1);
    // content from here on will SCROLL instead of being fixed at the top
    echo "<div class='pagecontent'>"; // closes in footer again
    echo "<div class='trick'>"; // closes in footer again
    ?>
    <div id='secondrow' style='border-bottom:5px solid <?php echo Config::$APPEARANCE['colour1']; ?>; min-height:100px;'>
        <div id='secondarycaptions' style='display:inline-block; float:left'>
            <h2><?php echo $cap2; ?></h2>
        </div><!--secondarycaptions-->";
        <?php
        if (isset(Config::$APPEARANCE['MOTD']) && Config::$APPEARANCE['MOTD'] != "") {
            echo "<div id='header_MOTD' style='display:inline-block; padding-left:20px;vertical-align:top;'>
              <p class='MOTD'>" . Config::$APPEARANCE['MOTD'] . "</p>
              </div><!--header_MOTD-->";
        }
        ?>
        <div class='sidebar'><p>
                <?php
                if ($advanced_controls) {
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
                    echo "<strong>" . _("You are:") . "</strong> "
                    . (isset($_SESSION['name']) ? $_SESSION['name'] : _("Unnamed User")) . "
              <br/>
              <br/>
              <a href='overview_user.php'>" . _("Go to your Profile page") . "</a> 
              <a href='inc/logout.php'>" . _("Logout") . "</a> ";
                }
                if (strpos($_SERVER['PHP_SELF'], "admin/") === FALSE)
                    echo "<a href='" . dirname($_SERVER['SCRIPT_NAME']) . "/'>" . _("Start page") . "</a>";
                else
                    echo "<a href='../'>" . _("Start page") . "</a>";
                ?>
            </p>
        </div> <!-- sidebar -->
    </div><!--secondrow-->
    <?php
}

Push — master ( f19613...bc8e7d )

header.php ➔ defaultPagePrelude() B

Complexity

Size

Duplication

Importance

1 path for user data to reach this point

Preventing Cross-Site-Scripting Attacks

General Strategies to prevent injection

Available Fixes

1		<?php
2		/* * *********************************************************************************
3		* (c) 2011-15 GÉANT on behalf of the GN3, GN3plus and GN4 consortia
4		* License: see the LICENSE file in the root directory
5		* ********************************************************************************* */
6		?>
7		<?php
8		require_once(dirname(dirname(dirname(dirname(__FILE__)))) . "/config/_config.php");
9
10		require_once("Helper.php");
11		require_once("CAT.php");
12		require_once(dirname(dirname(dirname(__FILE__))) . "/admin/inc/input_validation.inc.php");
13
14		/**
15		* This starts HTML in a default way. Most pages would call this.
16		* Exception: if you need to add extra code in <head> or modify the <body> tag
17		* (e.g. onload) then you should call defaultPagePrelude, close head, open body,
18		* and then call productheader.
19		*
20		* @param type $pagetitle
21		* @param type $area
22		* @param type $authRequired
23		*/
24		function pageheader($pagetitle, $area, $authRequired = TRUE) {
25		$cat = defaultPagePrelude($pagetitle, $authRequired);
		0 ignored issues – show Bug introduced 2016-08-26 13:48 UTC by Report Bug Copy Issue Report It seems like `$authRequired` defined by parameter `$authRequired` on line 24 can also be of type `object<Type>`; however, `defaultPagePrelude()` does only seem to accept `boolean`, maybe add an additional type check? This check looks at variables that have been passed in as parameters and are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
26		echo "</head></body>";
27		productheader($area, CAT::get_lang());
28		return $cat;
29		}
30
31		function defaultPagePrelude($pagetitle, $auth_required = TRUE) {
32		if ($auth_required == TRUE) {
		0 ignored issues – show Coding Style Best Practice introduced 2016-08-23 14:00 UTC by Report Bug Copy Issue Report It seems like you are loosely comparing two booleans. Considering using the strict comparison `===` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
33		require_once(dirname(dirname(dirname(__FILE__))) . "/admin/inc/auth.inc.php");
34		authenticate();
35		}
36		$cat = new CAT();
37		$cat->set_locale("web_admin");
38		$ourlocale = CAT::get_lang();
39		header("Content-Type:text/html;charset=utf-8");
40		echo "<!DOCTYPE html>
41		<html xmlns='http://www.w3.org/1999/xhtml' lang='<?php echo $ourlocale;?>'>
42		<head lang='<?php echo $ourlocale;?>'>
43		<meta http-equiv='Content-Type' content='text/html; charset=UTF-8'>";
44
45		$cssUrl = valid_host($_SERVER['HTTP_HOST']);
46		if ($cssUrl === FALSE) {
47		throw new Exception("We don't know our own hostname?!");
48		}
49		// we need to construct the right path to the consortium logo; we are either
50		// in the admin area or on the main index.php ...
51		if (strpos($_SERVER['PHP_SELF'], "admin/") !== FALSE) {
52		$cssUrl .= substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], "/admin/")) . "/resources/css/cat.css.php";
53	View Code Duplication	} else if (strpos($_SERVER['PHP_SELF'], "diag/") !== FALSE) {
		0 ignored issues – show Duplication introduced 2016-08-23 14:00 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
54		$cssUrl .= substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], "/diag/")) . "/resources/css/cat.css.php";
55		} else {
56		$cssUrl .= substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], "/")) . "/resources/css/cat.css.php";
57		}
58
59		$cssUrl = "//" . $cssUrl; // omitting http or https means "on same protocol
60
61		echo "<link rel='stylesheet' type='text/css' href='$cssUrl' />";
62		echo "<title>" . htmlspecialchars($pagetitle) . "</title>";
63
64		return $cat;
65		}
66
67		function headerDiv($cap1) {
68		$place = parse_url($_SERVER['REQUEST_URI']);
69		?>
70		<div class='header'>
71		<div id='header_toprow'>
72		<div id='header_captions' style='display:inline-block; float:left; min-width:400px;'>
73		<h1><?php echo $cap1; ?></h1>
74		</div><!--header_captions-->
75		<div id='langselection' style='padding-top:20px; padding-left:10px;'>
76		<form action='<?php echo $place['path']; ?>' method='GET' accept-charset='UTF-8'><?php echo _("View this page in"); ?>
		0 ignored issues – show Security Cross-Site Scripting introduced 2016-08-26 13:48 UTC by Report Bug Copy Issue Report `$place['path']` can contain request data and is used in html attribute with single-quotes context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Fetching key `REQUEST_URI` from `$_SERVER,` and `$_SERVER['REQUEST_URI']` is passed through parse_url(), and `$place` is assigned in web/resources/inc/header.php on line 68 Preventing Cross-Site-Scripting Attacks Cross-Site-Scripting allows an attacker to inject malicious code into your website - in particular Javascript code, and have that code executed with the privileges of a visiting user. This can be used to obtain data, or perform actions on behalf of that visiting user. In order to prevent this, make sure to escape all user-provided data: // for HTML $sanitized = htmlentities($tainted, ENT_QUOTES); // for URLs $sanitized = urlencode($tainted); General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
77		<select id='lang' name='lang' onchange='this.form.submit()'>
78		<?php
79		foreach (Config::$LANGUAGES as $lang => $value) {
80		echo "<option value='$lang' " . (strtoupper($language) == strtoupper($lang) ? "selected" : "" ) . " >" . $value['display'] . "</option> ";
		0 ignored issues – show Bug introduced 2016-08-26 13:48 UTC by Report Bug Copy Issue Report The variable `$language` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history...
81		}
82		?>
83		</select>
84		<?php
85		foreach ($_GET as $var => $value) {
86		if ($var != "lang" && $value != "") {
87		echo "<input type='hidden' name='" . htmlspecialchars($var) . "' value='" . htmlspecialchars($value) . "'>";
88		}
89		}
90		?>
91		</form>
92		</div><!--langselection-->
93		<?php
94		$logoUrl = valid_host($_SERVER['HTTP_HOST']);
95		if ($logoUrl === FALSE) {
96		throw new Exception("We don't know our own hostname?!");
97		}
98		// we need to construct the right path to the consortium logo; we are either
99		// in the admin area or on the main index.php ...
100	View Code Duplication	if (strpos($_SERVER['PHP_SELF'], "admin/") === FALSE) {
		0 ignored issues – show Duplication introduced 2016-08-23 14:00 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
101		$logoUrl .= substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], "/")) . "/resources/images/consortium_logo.png";
102		}
103		else {
104		$logoUrl .= substr($_SERVER['PHP_SELF'], 0, strrpos($_SERVER['PHP_SELF'], "/admin/")) . "/resources/images/consortium_logo.png";
105		}
106		$logoUrl = "//" . $logoUrl;
		0 ignored issues – show Unused Code introduced 2016-08-26 13:48 UTC by Report Bug Copy Issue Report `$logoUrl` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
107		?>
108		<div class='consortium_logo'>
109		<img id='test_locate' src='$logoUrl' alt='Consortium Logo'>
110		</div> <!-- consortium_logo -->
111
112		</div><!--header_toprow-->
113		</div> <!-- header -->
114		<?php
115		}
116
117		function productheader($area, $language) {
		0 ignored issues – show Unused Code introduced 2016-08-26 13:48 UTC by Report Bug Copy Issue Report The parameter `$language` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
118		// this <div is closing in footer, keep it in PHP for Netbeans syntax
119		// highlighting to work
120		echo "<div class='maincontent'>";
121
122		switch ($area) {
123	View Code Duplication	case "ADMIN-IDP":
		0 ignored issues – show Duplication introduced 2016-08-23 14:00 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
124		$cap1 = Config::$APPEARANCE['productname_long'];
125		$cap2 = _("Administrator Interface - Identity Provider");
126		$advanced_controls = TRUE;
127		break;
128	View Code Duplication	case "ADMIN":
		0 ignored issues – show Duplication introduced 2016-08-23 14:00 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
129		$cap1 = Config::$APPEARANCE['productname_long'];
130		$cap2 = _("Administrator Interface");
131		$advanced_controls = TRUE;
132		break;
133	View Code Duplication	case "USERMGMT":
		0 ignored issues – show Duplication introduced 2016-08-23 14:00 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
134		$cap1 = Config::$APPEARANCE['productname_long'];
135		$cap2 = _("Management of User Details");
136		$advanced_controls = TRUE;
137		break;
138	View Code Duplication	case "FEDERATION":
		0 ignored issues – show Duplication introduced 2016-08-23 14:00 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
139		$cap1 = Config::$APPEARANCE['productname_long'];
140		$cap2 = _("Administrator Interface - Federation Management");
141		$advanced_controls = TRUE;
142		break;
143	View Code Duplication	case "USER":
		0 ignored issues – show Duplication introduced 2016-08-23 14:00 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
144		$cap1 = sprintf(_("Welcome to %s"), Config::$APPEARANCE['productname']);
145		$cap2 = Config::$APPEARANCE['productname_long'];
146		$advanced_controls = FALSE;
147		break;
148	View Code Duplication	case "SUPERADMIN":
		0 ignored issues – show Duplication introduced 2016-08-23 14:00 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
149		$cap1 = Config::$APPEARANCE['productname_long'];
150		$cap2 = _("CIC");
151		$advanced_controls = TRUE;
152		break;
153		default:
154		$cap1 = Config::$APPEARANCE['productname_long'];
155		$cap2 = "It is an error if you ever see this string.";
156		}
157
158
159		echo headerDiv($cap1);
160		// content from here on will SCROLL instead of being fixed at the top
161		echo "<div class='pagecontent'>"; // closes in footer again
162		echo "<div class='trick'>"; // closes in footer again
163		?>
164		<div id='secondrow' style='border-bottom:5px solid <?php echo Config::$APPEARANCE['colour1']; ?>; min-height:100px;'>
165		<div id='secondarycaptions' style='display:inline-block; float:left'>
166		<h2><?php echo $cap2; ?></h2>
167		</div><!--secondarycaptions-->";
168		<?php
169		if (isset(Config::$APPEARANCE['MOTD']) && Config::$APPEARANCE['MOTD'] != "") {
170		echo "<div id='header_MOTD' style='display:inline-block; padding-left:20px;vertical-align:top;'>
171		<p class='MOTD'>" . Config::$APPEARANCE['MOTD'] . "</p>
172		</div><!--header_MOTD-->";
173		}
174		?>
175		<div class='sidebar'><p>
176		<?php
177		if ($advanced_controls) {
		0 ignored issues – show Bug introduced 2016-08-26 13:48 UTC by Report Bug Copy Issue Report The variable `$advanced_controls` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
178		echo "<strong>" . _("You are:") . "</strong> "
179		. (isset($_SESSION['name']) ? $_SESSION['name'] : _("Unnamed User")) . "
180		<br/>
181		<br/>
182		<a href='overview_user.php'>" . _("Go to your Profile page") . "</a>
183		<a href='inc/logout.php'>" . _("Logout") . "</a> ";
184		}
185		if (strpos($_SERVER['PHP_SELF'], "admin/") === FALSE)
186		echo "<a href='" . dirname($_SERVER['SCRIPT_NAME']) . "/'>" . _("Start page") . "</a>";
187		else
188		echo "<a href='../'>" . _("Start page") . "</a>";
189		?>
190		</p>
191		</div> <!-- sidebar -->
192		</div><!--secondrow-->
193		<?php
194		}

GEANT / CAT

Push — master ( f19613...bc8e7d )

header.php ➔ defaultPagePrelude() B

Complexity

Size

Duplication

Importance

1 path for user data to reach this point

Preventing Cross-Site-Scripting Attacks

General Strategies to prevent injection

Available Fixes

Duplication Side-by-Side

Filter issues like