These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /*************************************************************************** |
||
3 | * for license information see doc/license.txt |
||
4 | ***************************************************************************/ |
||
5 | |||
6 | $opt['rootpath'] = __DIR__ . '/../../'; |
||
7 | require_once __DIR__ . '/../../lib2/web.inc.php'; |
||
8 | require_once __DIR__ . '/../../lib2/logic/cache.class.php'; |
||
9 | |||
10 | header('Content-type: text/html; charset=utf-8'); |
||
11 | |||
12 | $cache = null; |
||
13 | if (isset($_REQUEST['cacheid'])) { |
||
14 | $cacheId = (int) $_REQUEST['cacheid']; |
||
15 | $cache = new cache($cacheId); |
||
16 | } else { |
||
17 | if (isset($_REQUEST['uuid'])) { |
||
18 | $uuid = $_REQUEST['uuid']; |
||
19 | $cache = cache::fromUUID($uuid); |
||
20 | } else { |
||
21 | if (isset($_REQUEST['wp'])) { |
||
22 | $wp = $_REQUEST['wp']; |
||
23 | $cache = cache::fromWP($wp); |
||
24 | } |
||
25 | } |
||
26 | } |
||
27 | |||
28 | if ($cache === null) { |
||
29 | echo '0'; |
||
30 | } else { |
||
31 | if (!$cache->isPublic()) { |
||
32 | echo '0'; |
||
33 | } else { |
||
34 | echo $cache->getCacheId(); |
||
35 | echo ';'; |
||
36 | echo '"' . mb_ereg_replace('"', '\"', $cache->getName()) . '"'; |
||
0 ignored issues
–
show
|
|||
37 | echo ';'; |
||
38 | echo '"' . mb_ereg_replace('"', '\"', $cache->getUsername()) . '"'; |
||
39 | echo ';'; |
||
40 | echo '"' . mb_ereg_replace('"', '\"', $cache->getWPOC()) . '"'; |
||
0 ignored issues
–
show
Security
Cross-Site Scripting
introduced
by
'"' . mb_ereg_replace('"...cache->getWPOC()) . '"' can contain request data and is used in output context(s) leading to a potential security vulnerability.
16 paths for user data to reach this point
1. Path:
Read from
$_REQUEST, and $_REQUEST['newlist_name'] is passed through trim(), and $newListName is assigned
in htdocs/addtolist.php on line 26
2. Path:
Read from
$_REQUEST, and $_REQUEST['statpic_style'] is passed to statpic::setStyle()
in htdocs/change_statpic.php on line 33
3. Path:
Read from
$_REQUEST, and $_REQUEST['statpic_text'] is passed to statpic::setText()
in htdocs/change_statpic.php on line 26
7. Path:
Read from
$_REQUEST, and $_REQUEST['firstName'] is passed through trim(), and trim($_REQUEST['firstName']) is passed to user::setFirstName()
in htdocs/myprofile.php on line 60
9. Path:
Read from
$_REQUEST, and $_REQUEST['lastName'] is passed through trim(), and trim($_REQUEST['lastName']) is passed to user::setLastName()
in htdocs/myprofile.php on line 68
12. Path:
Read from
$_REQUEST, and $_REQUEST['username'] is passed through trim(), and trim($_REQUEST['username']) is passed to user::setUsername()
in htdocs/myprofile.php on line 52
14. Path:
Read from
$_FILES, and $_FILES['file']['name'] is passed to picture::setFilenames()
in htdocs/picture.php on line 124
15. Path:
Read from
$_FILES, and $_FILES['file']['name'] is escaped by pathinfo() for file context(s), and $fname is assigned
in htdocs/picture.php on line 117
16. Path:
Read from
$_REQUEST, and $_REQUEST['list_name'] is passed through trim(), and $list_name is assigned
in htdocs/mylists.php on line 18
Preventing Cross-Site-Scripting AttacksCross-Site-Scripting allows an attacker to inject malicious code into your website - in particular Javascript code, and have that code executed with the privileges of a visiting user. This can be used to obtain data, or perform actions on behalf of that visiting user. In order to prevent this, make sure to escape all user-provided data:
// for HTML
$sanitized = htmlentities($tainted, ENT_QUOTES);
// for URLs
$sanitized = urlencode($tainted);
General Strategies to prevent injectionIn general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
throw new \InvalidArgumentException('This input is not allowed.');
}
For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted;
Loading history...
|
|||
41 | echo ';'; |
||
42 | echo '"' . mb_ereg_replace('"', '\"', $cache->getWPGC()) . '"'; |
||
0 ignored issues
–
show
Security
Cross-Site Scripting
introduced
by
'"' . mb_ereg_replace('"...cache->getWPGC()) . '"' can contain request data and is used in output context(s) leading to a potential security vulnerability.
16 paths for user data to reach this point
1. Path:
Read from
$_REQUEST, and $_REQUEST['newlist_name'] is passed through trim(), and $newListName is assigned
in htdocs/addtolist.php on line 26
2. Path:
Read from
$_REQUEST, and $_REQUEST['statpic_style'] is passed to statpic::setStyle()
in htdocs/change_statpic.php on line 33
3. Path:
Read from
$_REQUEST, and $_REQUEST['statpic_text'] is passed to statpic::setText()
in htdocs/change_statpic.php on line 26
7. Path:
Read from
$_REQUEST, and $_REQUEST['firstName'] is passed through trim(), and trim($_REQUEST['firstName']) is passed to user::setFirstName()
in htdocs/myprofile.php on line 60
9. Path:
Read from
$_REQUEST, and $_REQUEST['lastName'] is passed through trim(), and trim($_REQUEST['lastName']) is passed to user::setLastName()
in htdocs/myprofile.php on line 68
12. Path:
Read from
$_REQUEST, and $_REQUEST['username'] is passed through trim(), and trim($_REQUEST['username']) is passed to user::setUsername()
in htdocs/myprofile.php on line 52
14. Path:
Read from
$_FILES, and $_FILES['file']['name'] is passed to picture::setFilenames()
in htdocs/picture.php on line 124
15. Path:
Read from
$_FILES, and $_FILES['file']['name'] is escaped by pathinfo() for file context(s), and $fname is assigned
in htdocs/picture.php on line 117
16. Path:
Read from
$_REQUEST, and $_REQUEST['list_name'] is passed through trim(), and $list_name is assigned
in htdocs/mylists.php on line 18
Preventing Cross-Site-Scripting AttacksCross-Site-Scripting allows an attacker to inject malicious code into your website - in particular Javascript code, and have that code executed with the privileges of a visiting user. This can be used to obtain data, or perform actions on behalf of that visiting user. In order to prevent this, make sure to escape all user-provided data:
// for HTML
$sanitized = htmlentities($tainted, ENT_QUOTES);
// for URLs
$sanitized = urlencode($tainted);
General Strategies to prevent injectionIn general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
throw new \InvalidArgumentException('This input is not allowed.');
}
For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted;
Loading history...
|
|||
43 | echo ';'; |
||
44 | echo '""'; // obsolete Navicache WP |
||
45 | } |
||
46 | } |
||
47 |
'"' . mb_ereg_replace('"...cache->getName()) . '"'
can contain request data and is used in output context(s) leading to a potential security vulnerability.16 paths for user data to reach this point
$_REQUEST,
and$_REQUEST['newlist_name']
is passed through trim(), and$newListName
is assigned in htdocs/addtolist.php on line 26$_REQUEST,
and$_REQUEST['newlist_name']
is passed through trim(), and$newListName
is assignedin htdocs/addtolist.php on line 26
$newListName
is passed to cachelist::setNameAndVisibility()in htdocs/addtolist.php on line 38
$name
is passed through trim(), and$name
is assignedin htdocs/lib2/logic/cachelist.class.php on line 97
$name
is passed through trim(), andtrim($name)
is passed to rowEditor::setValue()in htdocs/lib2/logic/cachelist.class.php on line 117
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/cache.class.php on line 153
$cache->getName()
is passed through mb_ereg_replace()in htdocs/xml/csv/cache.php on line 36
$_REQUEST,
and$_REQUEST['statpic_style']
is passed to statpic::setStyle() in htdocs/change_statpic.php on line 33$_REQUEST,
and$_REQUEST['statpic_style']
is passed to statpic::setStyle()in htdocs/change_statpic.php on line 33
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/statpic.class.php on line 31
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/cache.class.php on line 153
$cache->getName()
is passed through mb_ereg_replace()in htdocs/xml/csv/cache.php on line 36
$_REQUEST,
and$_REQUEST['statpic_text']
is passed to statpic::setText() in htdocs/change_statpic.php on line 26$_REQUEST,
and$_REQUEST['statpic_text']
is passed to statpic::setText()in htdocs/change_statpic.php on line 26
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/statpic.class.php on line 47
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/cache.class.php on line 153
$cache->getName()
is passed through mb_ereg_replace()in htdocs/xml/csv/cache.php on line 36
$_REQUEST,
and$list_password
is assigned in htdocs/mylists.php on line 20$_REQUEST,
and$list_password
is assignedin htdocs/mylists.php on line 20
$list_password
is passed to cachelist::setPassword()in htdocs/mylists.php on line 58
$pw
is passed to rowEditor::setValue()in htdocs/lib2/logic/cachelist.class.php on line 151
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/cache.class.php on line 153
$cache->getName()
is passed through mb_ereg_replace()in htdocs/xml/csv/cache.php on line 36
$_REQUEST,
and$title
is assigned in htdocs/picture.php on line 82$_REQUEST,
and$title
is assignedin htdocs/picture.php on line 82
$title
is passed to picture::setTitle()in htdocs/picture.php on line 87
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/picture.class.php on line 236
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/cache.class.php on line 153
$cache->getName()
is passed through mb_ereg_replace()in htdocs/xml/csv/cache.php on line 36
$_REQUEST,
and$title
is assigned in htdocs/picture.php on line 169$_REQUEST,
and$title
is assignedin htdocs/picture.php on line 169
$title
is passed to picture::setTitle()in htdocs/picture.php on line 173
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/picture.class.php on line 236
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/cache.class.php on line 153
$cache->getName()
is passed through mb_ereg_replace()in htdocs/xml/csv/cache.php on line 36
$_REQUEST,
and$_REQUEST['firstName']
is passed through trim(), andtrim($_REQUEST['firstName'])
is passed to user::setFirstName() in htdocs/myprofile.php on line 60$_REQUEST,
and$_REQUEST['firstName']
is passed through trim(), andtrim($_REQUEST['firstName'])
is passed to user::setFirstName()in htdocs/myprofile.php on line 60
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 230
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/cache.class.php on line 153
$cache->getName()
is passed through mb_ereg_replace()in htdocs/xml/csv/cache.php on line 36
$_POST,
and$first_name
is assigned in htdocs/register.php on line 17$_POST,
and$first_name
is assignedin htdocs/register.php on line 17
$first_name
is passed to user::setFirstName()in htdocs/register.php on line 40
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 230
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/cache.class.php on line 153
$cache->getName()
is passed through mb_ereg_replace()in htdocs/xml/csv/cache.php on line 36
$_REQUEST,
and$_REQUEST['lastName']
is passed through trim(), andtrim($_REQUEST['lastName'])
is passed to user::setLastName() in htdocs/myprofile.php on line 68$_REQUEST,
and$_REQUEST['lastName']
is passed through trim(), andtrim($_REQUEST['lastName'])
is passed to user::setLastName()in htdocs/myprofile.php on line 68
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 250
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/cache.class.php on line 153
$cache->getName()
is passed through mb_ereg_replace()in htdocs/xml/csv/cache.php on line 36
$_POST,
and$last_name
is assigned in htdocs/register.php on line 16$_POST,
and$last_name
is assignedin htdocs/register.php on line 16
$last_name
is passed to user::setLastName()in htdocs/register.php on line 44
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 250
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/cache.class.php on line 153
$cache->getName()
is passed through mb_ereg_replace()in htdocs/xml/csv/cache.php on line 36
$_POST,
and$email
is assigned in htdocs/register.php on line 20$_POST,
and$email
is assignedin htdocs/register.php on line 20
$email
is passed to user::setEMail()in htdocs/register.php on line 30
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 180
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/cache.class.php on line 153
$cache->getName()
is passed through mb_ereg_replace()in htdocs/xml/csv/cache.php on line 36
$_REQUEST,
and$_REQUEST['username']
is passed through trim(), andtrim($_REQUEST['username'])
is passed to user::setUsername() in htdocs/myprofile.php on line 52$_REQUEST,
and$_REQUEST['username']
is passed through trim(), andtrim($_REQUEST['username'])
is passed to user::setUsername()in htdocs/myprofile.php on line 52
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 161
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/cache.class.php on line 153
$cache->getName()
is passed through mb_ereg_replace()in htdocs/xml/csv/cache.php on line 36
$_POST,
and$username
is assigned in htdocs/register.php on line 15$_POST,
and$username
is assignedin htdocs/register.php on line 15
$username
is passed to user::setUsername()in htdocs/register.php on line 35
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/user.class.php on line 161
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/cache.class.php on line 153
$cache->getName()
is passed through mb_ereg_replace()in htdocs/xml/csv/cache.php on line 36
$_FILES,
and$_FILES['file']['name']
is passed to picture::setFilenames() in htdocs/picture.php on line 124$_FILES,
and$_FILES['file']['name']
is passed to picture::setFilenames()in htdocs/picture.php on line 124
$sFilename
is passed through substr(), andsubstr($sFilename, strrpos($sFilename, '.') + 1)
is passed through mb_strtolower(), and$sExtension
is assignedin htdocs/lib2/logic/picture.class.php on line 123
$opt['logic']['pictures']['url'] . $sUUID . '.' . $sExtension
is passed to picture::setUrl()in htdocs/lib2/logic/picture.class.php on line 128
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/picture.class.php on line 201
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/cache.class.php on line 153
$cache->getName()
is passed through mb_ereg_replace()in htdocs/xml/csv/cache.php on line 36
$_FILES,
and$_FILES['file']['name']
is escaped by pathinfo() for file context(s), and$fname
is assigned in htdocs/picture.php on line 117$_FILES,
and$_FILES['file']['name']
is escaped by pathinfo() for file context(s), and$fname
is assignedin htdocs/picture.php on line 117
$fname
is passed through mb_strtolower(), andmb_strtolower($fname) . '.jpg'
is passed to picture::setFilenames()in htdocs/picture.php on line 130
$sFilename
is passed through substr(), andsubstr($sFilename, strrpos($sFilename, '.') + 1)
is passed through mb_strtolower(), and$sExtension
is assignedin htdocs/lib2/logic/picture.class.php on line 123
$opt['logic']['pictures']['url'] . $sUUID . '.' . $sExtension
is passed to picture::setUrl()in htdocs/lib2/logic/picture.class.php on line 128
$value
is passed to rowEditor::setValue()in htdocs/lib2/logic/picture.class.php on line 201
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/cache.class.php on line 153
$cache->getName()
is passed through mb_ereg_replace()in htdocs/xml/csv/cache.php on line 36
$_REQUEST,
and$_REQUEST['list_name']
is passed through trim(), and$list_name
is assigned in htdocs/mylists.php on line 18$_REQUEST,
and$_REQUEST['list_name']
is passed through trim(), and$list_name
is assignedin htdocs/mylists.php on line 18
$list_name
is passed to cachelist::setNameAndVisibility()in htdocs/mylists.php on line 53
$name
is passed through trim(), and$name
is assignedin htdocs/lib2/logic/cachelist.class.php on line 97
$name
is passed through trim(), andtrim($name)
is passed to rowEditor::setValue()in htdocs/lib2/logic/cachelist.class.php on line 117
$sFormatedValue
is assignedin htdocs/lib2/rowEditor.class.php on line 521
in htdocs/lib2/rowEditor.class.php on line 531
in htdocs/lib2/rowEditor.class.php on line 475
in htdocs/lib2/logic/cache.class.php on line 153
$cache->getName()
is passed through mb_ereg_replace()in htdocs/xml/csv/cache.php on line 36
Preventing Cross-Site-Scripting Attacks
Cross-Site-Scripting allows an attacker to inject malicious code into your website - in particular Javascript code, and have that code executed with the privileges of a visiting user. This can be used to obtain data, or perform actions on behalf of that visiting user.
In order to prevent this, make sure to escape all user-provided data:
General Strategies to prevent injection
In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values:
For numeric data, we recommend to explicitly cast the data: