Issues in helpers.php (master) - Issues in master - Laravel-Backpack/Base - Measure and Improve Code Quality continuously with Scrutinizer

Issues (207)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/helpers.php (5 issues)

Labels

Unused Code 5

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

if (!function_exists('backpack_url')) {
    /**
     * Appends the configured backpack prefix and returns
     * the URL using the standard Laravel helpers.
     *
     * @param $path
     *
     * @return string
     */
    function backpack_url($path = null, $parameters = [], $secure = null)

    {
        $path = !$path || (substr($path, 0, 1) == '/') ? $path : '/'.$path;

        return url(config('backpack.base.route_prefix', 'admin').$path, $parameters = [], $secure = null);
    }
}

if (!function_exists('backpack_authentication_column')) {
    /**
     * Return the username column name.
     * The Laravel default (and Backpack default) is 'email'.
     *
     * @return string
     */
    function backpack_authentication_column()
    {
        return config('backpack.base.authentication_column', 'email');
    }
}

if (!function_exists('backpack_users_have_email')) {
    /**
     * Check if the email column is present on the user table.
     *
     * @return string
     */
    function backpack_users_have_email()
    {
        $user_model_fqn = config('backpack.base.user_model_fqn');
        $user = new $user_model_fqn();

        return \Schema::hasColumn($user->getTable(), 'email');
    }
}

if (!function_exists('backpack_avatar_url')) {
    /**
     * Returns the avatar URL of a user.
     *
     * @param $user
     *
     * @return string
     */
    function backpack_avatar_url($user)
    {
        $firstLetter = $user->getAttribute('name') ? $user->name[0] : 'A';
        $placeholder = 'https://placehold.it/160x160/00a65a/ffffff/&text='.$firstLetter;

        switch (config('backpack.base.avatar_type')) {
            case 'gravatar':
                if (backpack_users_have_email()) {
                    return Gravatar::fallback('https://placehold.it/160x160/00a65a/ffffff/&text='.$firstLetter)->get($user->email);
                } else {
                    return $placeholder;
                }
                break;
function fx() {
    try {
        doSomething();
        return true;
    }
    catch (\Exception $e) {
        return false;
    }

    return false;
}

            case 'placehold':
                return $placeholder;
                break;
switch ($x) {
    case 1:
        return 'foo';
        break; // This break is not necessary and can be left off.
}

            default:
                return method_exists($user, config('backpack.base.avatar_type')) ? $user->{config('backpack.base.avatar_type')}() : $user->{config('backpack.base.avatar_type')};
                break;
switch ($x) {
    case 1:
        return 'foo';
        break; // This break is not necessary and can be left off.
}
        }
    }
}

if (!function_exists('backpack_middleware')) {
    /**
     * Return the key of the middleware used across Backpack.
     * That middleware checks if the visitor is an admin.
     *
     * @param $path
     *
     * @return string
     */
    function backpack_middleware()
    {
        return config('backpack.base.middleware_key', 'admin');
    }
}

if (!function_exists('backpack_guard_name')) {
    /*
     * Returns the name of the guard defined
     * by the application config
     */
    function backpack_guard_name()
    {
        return config('backpack.base.guard', config('auth.defaults.guard'));
    }
}

if (!function_exists('backpack_auth')) {
    /*
     * Returns the user instance if it exists
     * of the currently authenticated admin
     * based off the defined guard.
     */
    function backpack_auth()
    {
        return \Auth::guard(backpack_guard_name());
    }
}

if (!function_exists('backpack_user')) {
    /*
     * Returns back a user instance without
     * the admin guard, however allows you
     * to pass in a custom guard if you like.
     */
    function backpack_user()
    {
        return backpack_auth()->user();
    }
}

if (!function_exists('mb_ucfirst')) {
    /**
     * Capitalize the first letter of a string,
     * even if that string is multi-byte (non-latin alphabet).
     *
     * @param string   $string   String to have its first letter capitalized.
     * @param encoding $encoding Character encoding
     *
     * @return string String with first letter capitalized.
     */
    function mb_ucfirst($string, $encoding = false)
    {
        $encoding = $encoding ? $encoding : mb_internal_encoding();

        $strlen = mb_strlen($string, $encoding);
        $firstChar = mb_substr($string, 0, 1, $encoding);
        $then = mb_substr($string, 1, $strlen - 1, $encoding);

        return mb_strtoupper($firstChar, $encoding).$then;
    }
}


1			<?php
2
3			if (!function_exists('backpack_url')) {
4			/**
5			* Appends the configured backpack prefix and returns
6			* the URL using the standard Laravel helpers.
7			*
8			* @param $path
9			*
10			* @return string
11			*/
12			function backpack_url($path = null, $parameters = [], $secure = null)
			0 ignored issues – show Unused Code introduced 2018-10-30 14:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$parameters` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Unused Code introduced 2018-10-30 14:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$secure` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
13			{
14			$path = !$path \|\| (substr($path, 0, 1) == '/') ? $path : '/'.$path;
15
16			return url(config('backpack.base.route_prefix', 'admin').$path, $parameters = [], $secure = null);
17			}
18			}
19
20			if (!function_exists('backpack_authentication_column')) {
21			/**
22			* Return the username column name.
23			* The Laravel default (and Backpack default) is 'email'.
24			*
25			* @return string
26			*/
27			function backpack_authentication_column()
28			{
29			return config('backpack.base.authentication_column', 'email');
30			}
31			}
32
33			if (!function_exists('backpack_users_have_email')) {
34			/**
35			* Check if the email column is present on the user table.
36			*
37			* @return string
38			*/
39			function backpack_users_have_email()
40			{
41			$user_model_fqn = config('backpack.base.user_model_fqn');
42			$user = new $user_model_fqn();
43
44			return \Schema::hasColumn($user->getTable(), 'email');
45			}
46			}
47
48			if (!function_exists('backpack_avatar_url')) {
49			/**
50			* Returns the avatar URL of a user.
51			*
52			* @param $user
53			*
54			* @return string
55			*/
56			function backpack_avatar_url($user)
57			{
58			$firstLetter = $user->getAttribute('name') ? $user->name[0] : 'A';
59			$placeholder = 'https://placehold.it/160x160/00a65a/ffffff/&text='.$firstLetter;
60
61			switch (config('backpack.base.avatar_type')) {
62			case 'gravatar':
63			if (backpack_users_have_email()) {
64			return Gravatar::fallback('https://placehold.it/160x160/00a65a/ffffff/&text='.$firstLetter)->get($user->email);
65			} else {
66			return $placeholder;
67			}
68			break;
			0 ignored issues – show Unused Code introduced 2018-03-07 07:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break;` does not seem to be reachable. This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed. Unreachable code is most often the result of `return`, `die` or `exit` statements that have been added for debug purposes. function fx() { try { doSomething(); return true; } catch (\Exception $e) { return false; } return false; } In the above example, the last `return false` will never be executed, because a return statement has already been met in every possible execution path. Loading history...
69
70			case 'placehold':
71			return $placeholder;
72			break;
			0 ignored issues – show Unused Code introduced 2018-03-07 07:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break` is not strictly necessary here and could be removed. The `break` statement is not necessary if it is preceded for example by a `return` statement: switch ($x) { case 1: return 'foo'; break; // This break is not necessary and can be left off. } If you would like to keep this construct to be consistent with other `case` statements, you can safely mark this issue as a false-positive. Loading history...
73
74			default:
75			return method_exists($user, config('backpack.base.avatar_type')) ? $user->{config('backpack.base.avatar_type')}() : $user->{config('backpack.base.avatar_type')};
76			break;
			0 ignored issues – show Unused Code introduced 2018-05-02 04:48 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break` is not strictly necessary here and could be removed. The `break` statement is not necessary if it is preceded for example by a `return` statement: switch ($x) { case 1: return 'foo'; break; // This break is not necessary and can be left off. } If you would like to keep this construct to be consistent with other `case` statements, you can safely mark this issue as a false-positive. Loading history...
77			}
78			}
79			}
80
81			if (!function_exists('backpack_middleware')) {
82			/**
83			* Return the key of the middleware used across Backpack.
84			* That middleware checks if the visitor is an admin.
85			*
86			* @param $path
87			*
88			* @return string
89			*/
90			function backpack_middleware()
91			{
92			return config('backpack.base.middleware_key', 'admin');
93			}
94			}
95
96			if (!function_exists('backpack_guard_name')) {
97			/*
98			* Returns the name of the guard defined
99			* by the application config
100			*/
101			function backpack_guard_name()
102			{
103			return config('backpack.base.guard', config('auth.defaults.guard'));
104			}
105			}
106
107			if (!function_exists('backpack_auth')) {
108			/*
109			* Returns the user instance if it exists
110			* of the currently authenticated admin
111			* based off the defined guard.
112			*/
113			function backpack_auth()
114			{
115			return \Auth::guard(backpack_guard_name());
116			}
117			}
118
119			if (!function_exists('backpack_user')) {
120			/*
121			* Returns back a user instance without
122			* the admin guard, however allows you
123			* to pass in a custom guard if you like.
124			*/
125			function backpack_user()
126			{
127			return backpack_auth()->user();
128			}
129			}
130
131			if (!function_exists('mb_ucfirst')) {
132			/**
133			* Capitalize the first letter of a string,
134			* even if that string is multi-byte (non-latin alphabet).
135			*
136			* @param string $string String to have its first letter capitalized.
137			* @param encoding $encoding Character encoding
138			*
139			* @return string String with first letter capitalized.
140			*/
141			function mb_ucfirst($string, $encoding = false)
142			{
143			$encoding = $encoding ? $encoding : mb_internal_encoding();
144
145			$strlen = mb_strlen($string, $encoding);
146			$firstChar = mb_substr($string, 0, 1, $encoding);
147			$then = mb_substr($string, 1, $strlen - 1, $encoding);
148
149			return mb_strtoupper($firstChar, $encoding).$then;
150			}
151			}
152

Laravel-Backpack / Base

Issues (207)

Security Analysis not enabled

src/helpers.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like