Issues in DomainConfiguration.php (master) - Issues in master - Kunstmaan/KunstmaanBundlesCMS - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3099)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

MultiDomainBundle/Helper/DomainConfiguration.php (1 issue)

Labels

Severity

Sander Goossens 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Kunstmaan\MultiDomainBundle\Helper;

use Doctrine\ORM\EntityManagerInterface;
use Kunstmaan\AdminBundle\Helper\AdminRouteHelper;
use Kunstmaan\AdminBundle\Helper\DomainConfiguration as BaseDomainConfiguration;
use Kunstmaan\NodeBundle\Entity\Node;
use Symfony\Component\DependencyInjection\ContainerInterface;

class DomainConfiguration extends BaseDomainConfiguration
{
    const OVERRIDE_HOST = '_override_host';
    const SWITCH_HOST = '_switch_host';

    /**
     * @var Node
     *
     * @deprecated since KunstmaanMultiDomainBundle 5.7 and will be removed in KunstmaanMultiDomainBundle 6.0. Use the `$rootNodeCache` property instead.
     */
    protected $rootNode;

    /**
     * @var array
     */
    protected $hosts;

    /**
     * @var array
     */
    protected $aliases = array();

    /**
     * @var AdminRouteHelper
     */
    protected $adminRouteHelper;

    /** @var array */
    private $rootNodeCache = [];

    /** @var EntityManagerInterface */
    private $em;

    /**
     * @param ContainerInterface|string $multilanguage
     */
    public function __construct(/*ContainerInterface|RequestStack*/ $requestStack, $multilanguage = null, $defaultLocale = null, $requiredLocales = null, AdminRouteHelper $adminRouteHelper = null, EntityManagerInterface $em = null, array $hosts = null)
    {
        parent::__construct($requestStack, $multilanguage, $defaultLocale, $requiredLocales);

        if ($requestStack instanceof ContainerInterface) {
            @trigger_error('Container injection and the usage of the container is deprecated in KunstmaanNodeBundle 5.1 and will be removed in KunstmaanNodeBundle 6.0.', E_USER_DEPRECATED);

            $this->container = $requestStack;
            $this->adminRouteHelper = $this->container->get('kunstmaan_admin.adminroute.helper');
            $this->hosts = $this->container->getParameter('kunstmaan_multi_domain.hosts');
            $this->em = $this->container->get('doctrine.orm.entity_manager');
        } else {
            $this->adminRouteHelper = $adminRouteHelper;
            $this->hosts = $hosts;
            $this->em = $em;
        }

        foreach ($this->hosts as $host => $hostInfo) {
            if (isset($hostInfo['aliases'])) {
                foreach ($hostInfo['aliases'] as $alias) {
                    $this->aliases[$alias] = $host;
                }
            }
        }
    }

    /**
     * @return string
     */
    public function getHost()
    {
        if ($this->hasHostOverride()) {
            return $this->getHostOverride();
        }

        $host = parent::getHost();
        if (isset($this->aliases[$host])) {
            $host = $this->aliases[$host];
        }

        return $host;
    }

    /**
     * @return array
     */
    public function getHosts()
    {
        return array_keys($this->hosts);
    }

    /**
     * @return string
     */
    public function getDefaultLocale()
    {
        $host = $this->getHost();
        if (isset($this->hosts[$host]['default_locale'])) {
            return $this->hosts[$host]['default_locale'];
        }

        return parent::getDefaultLocale();
    }

    /**
     * @param string|null $host
     *
     * @return bool
     */
    public function isMultiLanguage($host = null)
    {
        $host = $this->getRealHost($host);

        if (isset($this->hosts[$host])) {
            $hostInfo = $this->hosts[$host];

            return 'multi_lang' === $hostInfo['type'];
        }

        return parent::isMultiLanguage();
    }

    /**
     * @param string|null $host
     *
     * @return array
     */
    public function getFrontendLocales($host = null)
    {
        $host = $this->getRealHost($host);

        if (isset($this->hosts[$host]['locales'])) {
            return array_keys($this->hosts[$host]['locales']);
        }

        return parent::getBackendLocales();
    }

    /**
     * @param string|null $host
     *
     * @return array
     */
    public function getBackendLocales($host = null)
    {
        $host = $this->getRealHost($host);

        if (isset($this->hosts[$host]['locales'])) {
            return array_values($this->hosts[$host]['locales']);
        }

        return parent::getBackendLocales();
    }

    /**
     * @return bool
     */
    public function isMultiDomainHost()
    {
        $host = $this->getHost();

        return isset($this->hosts[$host]);
    }

    /**
     * Fetch the root node for the current host
     *
     * @param string|null $host
     *
     * @return Node|null
     */
    public function getRootNode($host = null)
    {
        if (!$this->isMultiDomainHost()) {
            return parent::getRootNode();
        }

        $host = $this->getRealHost($host);
        if (null === $host) {
            return null;
        }

        if (!array_key_exists($host, $this->rootNodeCache)) {
            $internalName = $this->hosts[$host]['root'];
            $nodeRepo = $this->em->getRepository(Node::class);
            $this->rootNodeCache[$host] = $nodeRepo->getNodeByInternalName($internalName);

            // Keep BC by setting the first node found.
            if (null === $this->rootNode) {
                $this->rootNode = $this->rootNodeCache[$host];
            }
        }

        return $this->rootNodeCache[$host];
    }

    /**
     * Return (optional) extra config settings for the current host
     */
    public function getExtraData()
    {
        $host = $this->getHost();

        if (!isset($this->hosts[$host]['extra'])) {
            return parent::getExtraData();
        }

        return $this->hosts[$host]['extra'];
    }

    /**
     * Return (optional) extra config settings for the locales for the current host
     */
    public function getLocalesExtraData()
    {
        $host = $this->getHost();

        if (!isset($this->hosts[$host]['locales_extra'])) {
            return parent::getLocalesExtraData();
        }

        return $this->hosts[$host]['locales_extra'];
    }

    /**
     * @return bool
     */
    protected function hasHostOverride()
    {
        $request = $this->getMasterRequest();

        return !\is_null($request) &&
        $this->adminRouteHelper->isAdminRoute($request->getRequestUri()) &&
        $request->hasPreviousSession() &&
        $request->getSession()->has(self::OVERRIDE_HOST);
    }

    /**
     * @return bool
     */
    public function hasHostSwitched()
    {
        $request = $this->getMasterRequest();

        return !\is_null($request) &&
        $this->adminRouteHelper->isAdminRoute($request->getRequestUri()) &&
        $request->hasPreviousSession() &&
        $request->getSession()->has(self::SWITCH_HOST);
    }

    /**
     * @return string|null
     */
    protected function getHostOverride()
    {
        if (null !== ($request = $this->getMasterRequest()) && $request->hasPreviousSession()) {
            return $request->getSession()->get(self::OVERRIDE_HOST);
        }

        return null;
    }

    /**
     * @return array
     */
    public function getHostSwitched()
    {
        $request = $this->getMasterRequest();

        $host = $this->getHost();

        if ($this->hasHostSwitched()) {
            $host = $request->getSession()->get(self::SWITCH_HOST);
        }

        return $this->hosts[$host];
    }

    /**
     * @return array
     */
    public function getFullHostConfig()
    {
        return $this->hosts;
    }

    /**
     * @param string|null $host
     *
     * @return array
     */
    public function getFullHost($host = null)
    {
        $host = $this->getRealHost($host);

        if ($host && isset($this->hosts[$host])) {
            return $this->hosts[$host];
        }

        return null;
    }

    /**
     * @param string|int $id
     *
     * @return array
     */
    public function getFullHostById($id)
    {
        foreach ($this->hosts as $host => $parameters) {
            if (!isset($parameters['id']) || $parameters['id'] !== $id) {
                continue;
            }

            return $parameters;
        }

        return null;
    }

    /**
     * @param string|null $host
     *
     * @return string
     */
    public function getHostBaseUrl($host = null)
    {
        $config = $this->getFullHost($host);

        return sprintf('%s://%s', $config['protocol'], $config['host']);
    }

    /**
     * @param string|null $host
     *
     * @return string|null
     */
    private function getRealHost($host = null)
    {
        if (!$host) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
            $host = $this->getHost();
        }

        return $host;
    }
}


1			<?php
2
3			namespace Kunstmaan\MultiDomainBundle\Helper;
4
5			use Doctrine\ORM\EntityManagerInterface;
6			use Kunstmaan\AdminBundle\Helper\AdminRouteHelper;
7			use Kunstmaan\AdminBundle\Helper\DomainConfiguration as BaseDomainConfiguration;
8			use Kunstmaan\NodeBundle\Entity\Node;
9			use Symfony\Component\DependencyInjection\ContainerInterface;
10
11			class DomainConfiguration extends BaseDomainConfiguration
12			{
13			const OVERRIDE_HOST = '_override_host';
14			const SWITCH_HOST = '_switch_host';
15
16			/**
17			* @var Node
18			*
19			* @deprecated since KunstmaanMultiDomainBundle 5.7 and will be removed in KunstmaanMultiDomainBundle 6.0. Use the `$rootNodeCache` property instead.
20			*/
21			protected $rootNode;
22
23			/**
24			* @var array
25			*/
26			protected $hosts;
27
28			/**
29			* @var array
30			*/
31			protected $aliases = array();
32
33			/**
34			* @var AdminRouteHelper
35			*/
36			protected $adminRouteHelper;
37
38			/** @var array */
39			private $rootNodeCache = [];
40
41			/** @var EntityManagerInterface */
42			private $em;
43
44			/**
45			* @param ContainerInterface\|string $multilanguage
46			*/
47	32		public function __construct(/ContainerInterface\|RequestStack/ $requestStack, $multilanguage = null, $defaultLocale = null, $requiredLocales = null, AdminRouteHelper $adminRouteHelper = null, EntityManagerInterface $em = null, array $hosts = null)
48			{
49	32		parent::__construct($requestStack, $multilanguage, $defaultLocale, $requiredLocales);
50
51	32		if ($requestStack instanceof ContainerInterface) {
52			@trigger_error('Container injection and the usage of the container is deprecated in KunstmaanNodeBundle 5.1 and will be removed in KunstmaanNodeBundle 6.0.', E_USER_DEPRECATED);
53
54			$this->container = $requestStack;
55			$this->adminRouteHelper = $this->container->get('kunstmaan_admin.adminroute.helper');
56			$this->hosts = $this->container->getParameter('kunstmaan_multi_domain.hosts');
57			$this->em = $this->container->get('doctrine.orm.entity_manager');
58			} else {
59	32		$this->adminRouteHelper = $adminRouteHelper;
60	32		$this->hosts = $hosts;
61	32		$this->em = $em;
62			}
63
64	32		foreach ($this->hosts as $host => $hostInfo) {
65	32		if (isset($hostInfo['aliases'])) {
66	32		foreach ($hostInfo['aliases'] as $alias) {
67	32		$this->aliases[$alias] = $host;
68			}
69			}
70			}
71	32		}
72
73			/**
74			* @return string
75			*/
76	25		public function getHost()
77			{
78	25		if ($this->hasHostOverride()) {
79	2		return $this->getHostOverride();
80			}
81
82	23		$host = parent::getHost();
83	23		if (isset($this->aliases[$host])) {
84	1		$host = $this->aliases[$host];
85			}
86
87	23		return $host;
88			}
89
90			/**
91			* @return array
92			*/
93	1		public function getHosts()
94			{
95	1		return array_keys($this->hosts);
96			}
97
98			/**
99			* @return string
100			*/
101	2	View Code Duplication	public function getDefaultLocale()
102			{
103	2		$host = $this->getHost();
104	2		if (isset($this->hosts[$host]['default_locale'])) {
105	1		return $this->hosts[$host]['default_locale'];
106			}
107
108	1		return parent::getDefaultLocale();
109			}
110
111			/**
112			* @param string\|null $host
113			*
114			* @return bool
115			*/
116	3	View Code Duplication	public function isMultiLanguage($host = null)
117			{
118	3		$host = $this->getRealHost($host);
119
120	3		if (isset($this->hosts[$host])) {
121	2		$hostInfo = $this->hosts[$host];
122
123	2		return 'multi_lang' === $hostInfo['type'];
124			}
125
126	1		return parent::isMultiLanguage();
127			}
128
129			/**
130			* @param string\|null $host
131			*
132			* @return array
133			*/
134	3	View Code Duplication	public function getFrontendLocales($host = null)
135			{
136	3		$host = $this->getRealHost($host);
137
138	3		if (isset($this->hosts[$host]['locales'])) {
139	2		return array_keys($this->hosts[$host]['locales']);
140			}
141
142	1		return parent::getBackendLocales();
143			}
144
145			/**
146			* @param string\|null $host
147			*
148			* @return array
149			*/
150	3	View Code Duplication	public function getBackendLocales($host = null)
151			{
152	3		$host = $this->getRealHost($host);
153
154	3		if (isset($this->hosts[$host]['locales'])) {
155	2		return array_values($this->hosts[$host]['locales']);
156			}
157
158	1		return parent::getBackendLocales();
159			}
160
161			/**
162			* @return bool
163			*/
164	5		public function isMultiDomainHost()
165			{
166	5		$host = $this->getHost();
167
168	5		return isset($this->hosts[$host]);
169			}
170
171			/**
172			* Fetch the root node for the current host
173			*
174			* @param string\|null $host
175			*
176			* @return Node\|null
177			*/
178	2		public function getRootNode($host = null)
179			{
180	2		if (!$this->isMultiDomainHost()) {
181	1		return parent::getRootNode();
182			}
183
184	1		$host = $this->getRealHost($host);
185	1		if (null === $host) {
186			return null;
187			}
188
189	1		if (!array_key_exists($host, $this->rootNodeCache)) {
190	1		$internalName = $this->hosts[$host]['root'];
191	1		$nodeRepo = $this->em->getRepository(Node::class);
192	1		$this->rootNodeCache[$host] = $nodeRepo->getNodeByInternalName($internalName);
193
194			// Keep BC by setting the first node found.
195	1		if (null === $this->rootNode) {
196	1		$this->rootNode = $this->rootNodeCache[$host];
197			}
198			}
199
200	1		return $this->rootNodeCache[$host];
201			}
202
203			/**
204			* Return (optional) extra config settings for the current host
205			*/
206	2	View Code Duplication	public function getExtraData()
207			{
208	2		$host = $this->getHost();
209
210	2		if (!isset($this->hosts[$host]['extra'])) {
211	1		return parent::getExtraData();
212			}
213
214	1		return $this->hosts[$host]['extra'];
215			}
216
217			/**
218			* Return (optional) extra config settings for the locales for the current host
219			*/
220	1	View Code Duplication	public function getLocalesExtraData()
221			{
222	1		$host = $this->getHost();
223
224	1		if (!isset($this->hosts[$host]['locales_extra'])) {
225	1		return parent::getLocalesExtraData();
226			}
227
228	1		return $this->hosts[$host]['locales_extra'];
229			}
230
231			/**
232			* @return bool
233			*/
234	25	View Code Duplication	protected function hasHostOverride()
235			{
236	25		$request = $this->getMasterRequest();
237
238	25		return !\is_null($request) &&
239	25		$this->adminRouteHelper->isAdminRoute($request->getRequestUri()) &&
240	25		$request->hasPreviousSession() &&
241	25		$request->getSession()->has(self::OVERRIDE_HOST);
242			}
243
244			/**
245			* @return bool
246			*/
247	2	View Code Duplication	public function hasHostSwitched()
248			{
249	2		$request = $this->getMasterRequest();
250
251	2		return !\is_null($request) &&
252	2		$this->adminRouteHelper->isAdminRoute($request->getRequestUri()) &&
253	2		$request->hasPreviousSession() &&
254	2		$request->getSession()->has(self::SWITCH_HOST);
255			}
256
257			/**
258			* @return string\|null
259			*/
260	3		protected function getHostOverride()
261			{
262	3		if (null !== ($request = $this->getMasterRequest()) && $request->hasPreviousSession()) {
263	2		return $request->getSession()->get(self::OVERRIDE_HOST);
264			}
265
266	1		return null;
267			}
268
269			/**
270			* @return array
271			*/
272	1		public function getHostSwitched()
273			{
274	1		$request = $this->getMasterRequest();
275
276	1		$host = $this->getHost();
277
278	1		if ($this->hasHostSwitched()) {
279	1		$host = $request->getSession()->get(self::SWITCH_HOST);
280			}
281
282	1		return $this->hosts[$host];
283			}
284
285			/**
286			* @return array
287			*/
288	1		public function getFullHostConfig()
289			{
290	1		return $this->hosts;
291			}
292
293			/**
294			* @param string\|null $host
295			*
296			* @return array
297			*/
298	2		public function getFullHost($host = null)
299			{
300	2		$host = $this->getRealHost($host);
301
302	2		if ($host && isset($this->hosts[$host])) {
303	1		return $this->hosts[$host];
304			}
305
306	1		return null;
307			}
308
309			/**
310			* @param string\|int $id
311			*
312			* @return array
313			*/
314	1		public function getFullHostById($id)
315			{
316	1		foreach ($this->hosts as $host => $parameters) {
317	1		if (!isset($parameters['id']) \|\| $parameters['id'] !== $id) {
318	1		continue;
319			}
320
321	1		return $parameters;
322			}
323
324	1		return null;
325			}
326
327			/**
328			* @param string\|null $host
329			*
330			* @return string
331			*/
332	1		public function getHostBaseUrl($host = null)
333			{
334	1		$config = $this->getFullHost($host);
335
336	1		return sprintf('%s://%s', $config['protocol'], $config['host']);
337			}
338
339			/**
340			* @param string\|null $host
341			*
342			* @return string\|null
343			*/
344	12		private function getRealHost($host = null)
345			{
346	12		if (!$host) {
			0 ignored issues – show Bug Best Practice introduced 2017-11-21 06:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$host` of type `string\|null` is loosely compared to `false`; this is ambiguous if the string can be empty. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
347	10		$host = $this->getHost();
348			}
349
350	12		return $host;
351			}
352			}
353

Kunstmaan / KunstmaanBundlesCMS

Issues (3099)

Security Analysis not enabled

MultiDomainBundle/Helper/DomainConfiguration.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like