Inspection of "security enhancements" - HaaseIT/HCSF - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( dd17f1...b7ea8c )

by Marcus

created 2017-06-21 17:00 UTC

Status

Unused Use Statements -1 removed lines patch added patch discarded remove patch

@@ -25,7 +25,6 @@
 block discarded – undo
 use HaaseIT\HCSF\HelperConfig;
 use HaaseIT\Toolbox\Tools;
 use Zend\ServiceManager\ServiceManager;
-use Zend\Diactoros\ServerRequest;
 
 /**
  * Class Itemgroupadmin

Please login to merge, or discard this patch.

src/Controller/Base.php 1 patch

Spacing +3 added lines, -3 removed lines patch added patch discarded remove patch

@@ -117,7 +117,7 @@  discard block
 block discarded – undo
             $user = filter_input(INPUT_SERVER, 'PHP_AUTH_USER');
             $pass = filter_input(INPUT_SERVER, 'PHP_AUTH_PW');
             if (filter_input(INPUT_SERVER, 'REDIRECT_HTTP_AUTHORIZATION') !== null) { // fix for php cgi mode
-                list($user, $pass) = explode(':' , base64_decode(substr(filter_input(INPUT_SERVER, 'REDIRECT_HTTP_AUTHORIZATION'), 6)));
+                list($user, $pass) = explode(':', base64_decode(substr(filter_input(INPUT_SERVER, 'REDIRECT_HTTP_AUTHORIZATION'), 6)));
             }
 
             if (!empty($user) && !empty($pass)) {
@@ -130,12 +130,12 @@  discard block
 block discarded – undo
             }
 
             if (!$validated) {
-                header('WWW-Authenticate: Basic realm="' . HelperConfig::$secrets['admin_authrealm'] . '"');
+                header('WWW-Authenticate: Basic realm="'.HelperConfig::$secrets['admin_authrealm'].'"');
                 header('HTTP/1.0 401 Unauthorized');
                 \HaaseIT\HCSF\Helper::terminateScript('Not authorized');
             }
         } else {
-            header('WWW-Authenticate: Basic realm="' . HelperConfig::$secrets['admin_authrealm'] . '"');
+            header('WWW-Authenticate: Basic realm="'.HelperConfig::$secrets['admin_authrealm'].'"');
             header('HTTP/1.0 401 Unauthorized');
             \HaaseIT\HCSF\Helper::terminateScript('Not authorized');
         }

Please login to merge, or discard this patch.

src/Controller/Customer/Forgotpassword.php 1 patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch

@@ -118,7 +118,7 @@
 block discarded – undo
                     $sTargetAddress = $aResult['cust_email'];
                     $sSubject = $this->textcats->T('forgotpw_mail_subject');
                     $sMessage = $this->textcats->T('forgotpw_mail_text1');
-                    $sMessage .= '<br><br>' .'<a href="http'.($serverhttps === 'on' ? 's' : '').'://';
+                    $sMessage .= '<br><br>'.'<a href="http'.($serverhttps === 'on' ? 's' : '').'://';
                     $sMessage .= $serverservername.'/_misc/rp.html?key='.$sResetCode.'&amp;email='.$sTargetAddress.'">';
                     $sMessage .= 'http'.($serverhttps === 'on' ? 's' : '').'://';
                     $sMessage .= $serverservername.'/_misc/rp.html?key='.$sResetCode.'&amp;email='.$sTargetAddress.'</a>';

Please login to merge, or discard this patch.

		@@ -117,7 +117,7 @@ discard block
		block discarded – undo
117	117	$user = filter_input(INPUT_SERVER, 'PHP_AUTH_USER');
118	118	$pass = filter_input(INPUT_SERVER, 'PHP_AUTH_PW');
119	119	if (filter_input(INPUT_SERVER, 'REDIRECT_HTTP_AUTHORIZATION') !== null) { // fix for php cgi mode
120		- list($user, $pass) = explode(':' , base64_decode(substr(filter_input(INPUT_SERVER, 'REDIRECT_HTTP_AUTHORIZATION'), 6)));
	120	+ list($user, $pass) = explode(':', base64_decode(substr(filter_input(INPUT_SERVER, 'REDIRECT_HTTP_AUTHORIZATION'), 6)));
121	121	}
122	122
123	123	if (!empty($user) && !empty($pass)) {
		@@ -130,12 +130,12 @@ discard block
		block discarded – undo
130	130	}
131	131
132	132	if (!$validated) {
133		- header('WWW-Authenticate: Basic realm="' . HelperConfig::$secrets['admin_authrealm'] . '"');
	133	+ header('WWW-Authenticate: Basic realm="'.HelperConfig::$secrets['admin_authrealm'].'"');
134	134	header('HTTP/1.0 401 Unauthorized');
135	135	\HaaseIT\HCSF\Helper::terminateScript('Not authorized');
136	136	}
137	137	} else {
138		- header('WWW-Authenticate: Basic realm="' . HelperConfig::$secrets['admin_authrealm'] . '"');
	138	+ header('WWW-Authenticate: Basic realm="'.HelperConfig::$secrets['admin_authrealm'].'"');
139	139	header('HTTP/1.0 401 Unauthorized');
140	140	\HaaseIT\HCSF\Helper::terminateScript('Not authorized');
141	141	}

		@@ -118,7 +118,7 @@
		block discarded – undo
118	118	$sTargetAddress = $aResult['cust_email'];
119	119	$sSubject = $this->textcats->T('forgotpw_mail_subject');
120	120	$sMessage = $this->textcats->T('forgotpw_mail_text1');
121		- $sMessage .= '<br><br>' .'<a href="http'.($serverhttps === 'on' ? 's' : '').'://';
	121	+ $sMessage .= '<br><br>'.'<a href="http'.($serverhttps === 'on' ? 's' : '').'://';
122	122	$sMessage .= $serverservername.'/_misc/rp.html?key='.$sResetCode.'&email='.$sTargetAddress.'">';
123	123	$sMessage .= 'http'.($serverhttps === 'on' ? 's' : '').'://';
124	124	$sMessage .= $serverservername.'/_misc/rp.html?key='.$sResetCode.'&email='.$sTargetAddress.'</a>';

		@@ -25,7 +25,6 @@
		block discarded – undo
25	25	use HaaseIT\HCSF\HelperConfig;
26	26	use HaaseIT\Toolbox\Tools;
27	27	use Zend\ServiceManager\ServiceManager;
28		-use Zend\Diactoros\ServerRequest;
29	28
30	29	/**
31	30	* Class Itemgroupadmin

HaaseIT / HCSF

Push — master ( dd17f1...b7ea8c )

Status

Category

Unused Use Statements -1 removed lines patch added patch discarded remove patch

Spacing +3 added lines, -3 removed lines patch added patch discarded remove patch

Spacing +1 added lines, -1 removed lines patch added patch discarded remove patch