Issues in Session.php (master) - Issues in master - Logi-CE/fmup - Measure and Improve Code Quality continuously with Scrutinizer

Issues (183)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Session.php (10 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace FMUP;

/**
 * Class Session
 * @package FMUP
 */
class Session
{
    use Sapi\OptionalTrait;

    private $sessionState;
    private $name;
    private $id;
    private static $instance;

    private function __construct()
    {
    }

    /**
     * @codeCoverageIgnore
     */
    private function __clone()
    {
    }

    /**
     * @param bool $deleteOldSession
     * @return bool
     */
    public function regenerate($deleteOldSession = false)
    {
        $success = false;
        if ($this->isStarted()) {
            $success = $this->sessionRegenerateId((bool)$deleteOldSession);
        }
        return $success;
    }

    /**
     * @param bool|false $deleteOldSession
     * @return bool
     * @codeCoverageIgnore
     */
    protected function sessionRegenerateId($deleteOldSession = false)
    {
        return session_regenerate_id((bool)$deleteOldSession);
    }

    /**
     * Retrieve session system - start session if not started
     * @return Session
     */
    final public static function getInstance()
    {
        if (!isset(self::$instance)) {
            $class = get_called_class();
            self::$instance = new $class;
        }
        return self::$instance;
    }

    /**
     * Define session name
     * @param string $name
     * @throws \FMUP\Exception if session name defined contain only numbers
     * @return $this
     */
    public function setName($name)
    {
        if (!$this->isStarted()) {
            if (is_numeric($name)) {
                throw new Exception('Session name could not contain only numbers');
            }
            $this->name = (string)$name;
        }
        return $this;
    }

    /**
     * Retrieve session name
     * @return string|null
     */
    public function getName()
    {
        if ($this->isStarted() && is_null($this->name)) {
            $this->name = $this->sessionName();
        }
        return $this->name;
    }

    /**
     * @param string $name
     * @return string
     * @codeCoverageIgnore
     */
    protected function sessionName($name = null)
    {
        return session_name($name);
    }

    /**
     * Define session id
     * @param string $id
     * @return $this
     * @throws Exception
     */
    public function setId($id)
    {
        if (!$this->isStarted()) {
            if (!preg_match('/^[-,a-zA-Z0-9]{1,128}$/', $id)) {
                throw new Exception('Session name is not valid');
            }
            $this->id = (string)$id;
        }
        return $this;
    }

    /**
     * @param string|null $sessionId
     * @return string
     * @codeCoverageIgnore
     */
    protected function sessionId($sessionId = null)
    {
        return session_id($sessionId);
    }

    /**
     * Retrieve session name
     * @return string|null
     */
    public function getId()
    {
        if ($this->isStarted() && is_null($this->id)) {
            $this->id = $this->sessionId();
        }
        return $this->id;
    }

    /**
     * Check whether session is started
     * @return bool
     */
    public function isStarted()
    {
        if (is_null($this->sessionState)) {
            $this->sessionState = version_compare($this->phpVersion(), '5.4.0', '>=')
                ? $this->sessionStatus() === PHP_SESSION_ACTIVE
                : $this->sessionId() !== '';
        }
        return $this->sessionState;
    }

    /**
     * @return string
     * @codeCoverageIgnore
     */
    protected function phpVersion()
    {
        return phpversion();
    }

    /**
     * @return int
     * @codeCoverageIgnore
     */
    protected function sessionStatus()
    {
        return session_status();
    }

    /**
     * Start session if not started and return if session is started
     * @return bool
     */
    public function start()
    {
        if (!$this->isStarted() && $this->getSapi()->get() != Sapi::CLI) {
            if ($this->getId()) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
                $this->sessionId($this->getId());
            }
            if ($this->getName()) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
                $this->sessionName($this->getName());
            }
            $this->sessionState = $this->sessionStart();
        }

        return (bool)$this->sessionState;
    }

    /**
     * @return bool
     * @codeCoverageIgnore
     */
    protected function sessionStart()
    {
        return session_start();
    }

    /**
     * Retrieve all session values defined
     * @return array
     */
    public function getAll()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        return $this->start() ? $_SESSION : array();
    }

    /**
     * Define all session values
     * @param array $values
     * @return $this
     */
    public function setAll(array $values = array())
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        if ($this->start()) {
            $_SESSION = $values;
        }
        return $this;
    }

    /**
     * Retrieve a session value
     * @param string $name
     * @return mixed
     * @codeCoverageIgnore
     */
    public function get($name)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $name = (string) $name;
        return $this->has($name) ? $_SESSION[$name] : null;
    }

    /**
     * Check whether a specific information exists in session
     * @param string $name
     * @return bool
     * @codeCoverageIgnore
     */
    public function has($name)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $name = (string) $name;
        return $this->start() && array_key_exists($name, $_SESSION);
    }

    /**
     * Define a specific value in session
     * @param string $name
     * @param mixed $value
     * @return $this
     * @codeCoverageIgnore
     */
    public function set($name, $value)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        if ($this->start()) {
            $name = (string) $name;
            $_SESSION[$name] = $value;
        }
        return $this;
    }

    /**
     * Forget all values in session without destructing it
     * @return $this
     * @codeCoverageIgnore
     */
    public function clear()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        if ($this->start()) {
            $_SESSION = array();
        }
        return $this;
    }

    /**
     * Delete a specific information from session
     * @param string $name
     * @return $this
     * @codeCoverageIgnore
     */
    public function remove($name)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        if ($this->has($name)) {
            unset($_SESSION[$name]);
        }
        return $this;
    }

    /**
     * Destroy current session
     * @return bool success or failure on session destruction
     * @codeCoverageIgnore
     */
    public function destroy()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        if ($this->start()) {
            $this->sessionState = !session_destroy();
            unset($_SESSION);

            return !$this->sessionState;
        }

        return false;
    }
}


1		<?php
2		namespace FMUP;
3
4		/**
5		* Class Session
6		* @package FMUP
7		*/
8		class Session
9		{
10		use Sapi\OptionalTrait;
11
12		private $sessionState;
13		private $name;
14		private $id;
15		private static $instance;
16
17	1	private function __construct()
18		{
19	1	}
20
21		/**
22		* @codeCoverageIgnore
23		*/
24		private function __clone()
25		{
26		}
27
28		/**
29		* @param bool $deleteOldSession
30		* @return bool
31		*/
32	2	public function regenerate($deleteOldSession = false)
33		{
34	2	$success = false;
35	2	if ($this->isStarted()) {
36	1	$success = $this->sessionRegenerateId((bool)$deleteOldSession);
37		}
38	2	return $success;
39		}
40
41		/**
42		* @param bool\|false $deleteOldSession
43		* @return bool
44		* @codeCoverageIgnore
45		*/
46		protected function sessionRegenerateId($deleteOldSession = false)
47		{
48		return session_regenerate_id((bool)$deleteOldSession);
49		}
50
51		/**
52		* Retrieve session system - start session if not started
53		* @return Session
54		*/
55	6	final public static function getInstance()
56		{
57	6	if (!isset(self::$instance)) {
58	1	$class = get_called_class();
59	1	self::$instance = new $class;
60		}
61	6	return self::$instance;
62		}
63
64		/**
65		* Define session name
66		* @param string $name
67		* @throws \FMUP\Exception if session name defined contain only numbers
68		* @return $this
69		*/
70	4	public function setName($name)
71		{
72	4	if (!$this->isStarted()) {
73	3	if (is_numeric($name)) {
74	1	throw new Exception('Session name could not contain only numbers');
75		}
76	2	$this->name = (string)$name;
77		}
78	3	return $this;
79		}
80
81		/**
82		* Retrieve session name
83		* @return string\|null
84		*/
85	5	public function getName()
86		{
87	5	if ($this->isStarted() && is_null($this->name)) {
88	1	$this->name = $this->sessionName();
89		}
90	5	return $this->name;
91		}
92
93		/**
94		* @param string $name
95		* @return string
96		* @codeCoverageIgnore
97		*/
98		protected function sessionName($name = null)
99		{
100		return session_name($name);
101		}
102
103		/**
104		* Define session id
105		* @param string $id
106		* @return $this
107		* @throws Exception
108		*/
109	4	public function setId($id)
110		{
111	4	if (!$this->isStarted()) {
112	3	if (!preg_match('/^[-,a-zA-Z0-9]{1,128}$/', $id)) {
113	1	throw new Exception('Session name is not valid');
114		}
115	2	$this->id = (string)$id;
116		}
117	3	return $this;
118		}
119
120		/**
121		* @param string\|null $sessionId
122		* @return string
123		* @codeCoverageIgnore
124		*/
125		protected function sessionId($sessionId = null)
126		{
127		return session_id($sessionId);
128		}
129
130		/**
131		* Retrieve session name
132		* @return string\|null
133		*/
134	5	public function getId()
135		{
136	5	if ($this->isStarted() && is_null($this->id)) {
137	1	$this->id = $this->sessionId();
138		}
139	5	return $this->id;
140		}
141
142		/**
143		* Check whether session is started
144		* @return bool
145		*/
146	8	public function isStarted()
147		{
148	8	if (is_null($this->sessionState)) {
149	8	$this->sessionState = version_compare($this->phpVersion(), '5.4.0', '>=')
150	6	? $this->sessionStatus() === PHP_SESSION_ACTIVE
151	2	: $this->sessionId() !== '';
152		}
153	8	return $this->sessionState;
154		}
155
156		/**
157		* @return string
158		* @codeCoverageIgnore
159		*/
160		protected function phpVersion()
161		{
162		return phpversion();
163		}
164
165		/**
166		* @return int
167		* @codeCoverageIgnore
168		*/
169		protected function sessionStatus()
170		{
171		return session_status();
172		}
173
174		/**
175		* Start session if not started and return if session is started
176		* @return bool
177		*/
178	4	public function start()
179		{
180	4	if (!$this->isStarted() && $this->getSapi()->get() != Sapi::CLI) {
181	3	if ($this->getId()) {
		0 ignored issues – show Bug Best Practice introduced 2017-04-18 14:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$this->getId()` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
182	1	$this->sessionId($this->getId());
183		}
184	3	if ($this->getName()) {
		0 ignored issues – show Bug Best Practice introduced 2017-04-18 14:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$this->getName()` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
185	1	$this->sessionName($this->getName());
186		}
187	3	$this->sessionState = $this->sessionStart();
188		}
189
190	4	return (bool)$this->sessionState;
191		}
192
193		/**
194		* @return bool
195		* @codeCoverageIgnore
196		*/
197		protected function sessionStart()
198		{
199		return session_start();
200		}
201
202		/**
203		* Retrieve all session values defined
204		* @return array
205		*/
206	2	public function getAll()
		0 ignored issues – show Coding Style introduced 2017-08-25 13:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this `getAll` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
207		{
208	2	return $this->start() ? $_SESSION : array();
209		}
210
211		/**
212		* Define all session values
213		* @param array $values
214		* @return $this
215		*/
216	2	public function setAll(array $values = array())
		0 ignored issues – show Coding Style introduced 2017-08-25 13:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this `setAll` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
217		{
218	2	if ($this->start()) {
219	1	$_SESSION = $values;
220		}
221	2	return $this;
222		}
223
224		/**
225		* Retrieve a session value
226		* @param string $name
227		* @return mixed
228		* @codeCoverageIgnore
229		*/
230		public function get($name)
		0 ignored issues – show Coding Style introduced 2017-08-25 13:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this `get` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
231		{
232		$name = (string) $name;
233		return $this->has($name) ? $_SESSION[$name] : null;
234		}
235
236		/**
237		* Check whether a specific information exists in session
238		* @param string $name
239		* @return bool
240		* @codeCoverageIgnore
241		*/
242		public function has($name)
		0 ignored issues – show Coding Style introduced 2017-08-25 13:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this `has` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
243		{
244		$name = (string) $name;
245		return $this->start() && array_key_exists($name, $_SESSION);
246		}
247
248		/**
249		* Define a specific value in session
250		* @param string $name
251		* @param mixed $value
252		* @return $this
253		* @codeCoverageIgnore
254		*/
255		public function set($name, $value)
		0 ignored issues – show Coding Style introduced 2017-08-25 13:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this `set` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
256		{
257		if ($this->start()) {
258		$name = (string) $name;
259		$_SESSION[$name] = $value;
260		}
261		return $this;
262		}
263
264		/**
265		* Forget all values in session without destructing it
266		* @return $this
267		* @codeCoverageIgnore
268		*/
269		public function clear()
		0 ignored issues – show Coding Style introduced 2017-08-25 13:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this `clear` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
270		{
271		if ($this->start()) {
272		$_SESSION = array();
273		}
274		return $this;
275		}
276
277		/**
278		* Delete a specific information from session
279		* @param string $name
280		* @return $this
281		* @codeCoverageIgnore
282		*/
283		public function remove($name)
		0 ignored issues – show Coding Style introduced 2017-08-25 13:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this `remove` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
284		{
285		if ($this->has($name)) {
286		unset($_SESSION[$name]);
287		}
288		return $this;
289		}
290
291		/**
292		* Destroy current session
293		* @return bool success or failure on session destruction
294		* @codeCoverageIgnore
295		*/
296		public function destroy()
		0 ignored issues – show Coding Style introduced 2017-08-25 13:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this `destroy` uses the super-global variable `$_SESSION` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
297		{
298		if ($this->start()) {
299		$this->sessionState = !session_destroy();
300		unset($_SESSION);
301
302		return !$this->sessionState;
303		}
304
305		return false;
306		}
307		}
308

Logi-CE / fmup

Issues (183)

Security Analysis not enabled

src/Session.php (10 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like