common.inc.php ➔ gettext() - Code Metrics - Inspection of "misc - fix util/watchlist" - OpencachingDeutschland/oc-server3 - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — next ( 17539e...0bdfe0 )

by Thomas

created 2017-02-06 19:51 UTC

common.inc.php ➔ gettext() A

↳ Parent: Project

Complexity

Conditions	1
Paths	1

Size

Total Lines	4
Code Lines	1

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	1
eloc	1
nc	1
nop	1
dl	0
loc	4
rs	10
c	0
b	0
f	0

<?php
/***************************************************************************
 *  For license information see doc/license.txt
 *
 *
 *  This module contains the main initialisation routine and often used
 *  functions. It is included by web.inc.php and cli.inc.php.
 *
 *  TODO: accept-language des Browser auswerten
 ***************************************************************************/

require_once __DIR__ . '/../vendor/autoload.php';

$opt['rootpath'] = __DIR__ .'/../';

function __autoload($class_name)
{
    global $opt;

    if (!preg_match('/^[\w]{1,}$/', $class_name)) {
        return;
    }

    $file1 = __DIR__ . '/' . $class_name . '.class.php';
    $file2 = __DIR__ . '/logic/' . $class_name . '.class.php';
    if (file_exists($file1)) {
        require_once $file1;
    } elseif (file_exists($file2)) {
        require_once $file2;
    }
}

if (!function_exists('bindtextdomain')) {
    function bindtextdomain($domain, $directory)

    {
        // dummy function for travis
    }
}

if (!function_exists('textdomain')) {
    function textdomain($domain)

    {
        // dummy function for travis
    }
}

if (!function_exists('gettext')) {
    function gettext($message)

    {
        // dummy function for travis
    }
}


// check for broken browsers
$useragent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "";
$useragent_msie = preg_match('/MSIE ([1-9]+).[0-9]+/', $useragent, $ua_matches) && !strpos($useragent, "Opera");
$useragent_msie_version = null;
if (count($ua_matches) > 1) {
    $useragent_msie_version = $ua_matches[1];
}

// yepp, we will use UTF-8
mb_internal_encoding('UTF-8');
mb_regex_encoding('UTF-8');

// set options
require_once __DIR__ . '/../config2/settings-dist.inc.php';
require_once __DIR__ . '/../config2/settings.inc.php';
require_once __DIR__ . '/../config2/verify-settings.inc.php';

foreach ($opt['page']['banned_user_agents'] as $ua) {
    if (strpos($useragent, $ua) !== false) {
        die();
    }
}

set_domain_config();

if (!(isset($_REQUEST['sqldebug']) && $_REQUEST['sqldebug'] == '1')) {
    $opt['debug'] = $opt['debug'] & ~DEBUG_SQLDEBUGGER;
}

if (($opt['debug'] & DEBUG_FORCE_TRANSLATE) != DEBUG_FORCE_TRANSLATE) {
    if (($opt['debug'] & DEBUG_TRANSLATE) == DEBUG_TRANSLATE
        && isset($_REQUEST['trans']) && $_REQUEST['trans'] == '1'
    ) {
        $opt['debug'] = $opt['debug'] | DEBUG_TEMPLATES;
    } else {
        $opt['debug'] = $opt['debug'] & ~DEBUG_TRANSLATE;
    }
}

require_once __DIR__ . '/errorhandler.inc.php';
configure_php();

if ($opt['session']['mode'] == SAVE_SESSION) {
    // Do not use, not completely implemented yet
    $cookie = new Oc\Session\SessionDataNative();
} else {
    $cookie = new Oc\Session\SessionDataCookie();
}

normalize_settings();
set_language();
set_usercountry();
set_timezone();
// set stylepath and langpath
if (isset($opt['template']['style'])) {
    if (strpos($opt['template']['style'], '.') !== false ||
        strpos($opt['template']['style'], '/') !== false
    ) {
        $opt['template']['style'] = $opt['template']['default']['style'];
    }

    if (!is_dir(__DIR__ . '/../templates2/' . $opt['template']['style'])) {
        $opt['template']['style'] = $opt['template']['default']['style'];
    }
} else {
    $opt['template']['style'] = $opt['template']['default']['style'];
}
$opt['stylepath'] = __DIR__ . '/../templates2/' . $opt['template']['style'] . '/';

check_useragent();

/* setup smarty
 *
 */
require __DIR__ . '/OcSmarty.class.php';
$tpl = new OcSmarty();

// include all we need
require_once __DIR__ . '/logic/const.inc.php';
require_once __DIR__ . '/error.inc.php';
require_once __DIR__ . '/util.inc.php';
require_once __DIR__ . '/db.inc.php';
require_once __DIR__ . '/login.class.php';
require_once __DIR__ . '/menu.class.php';
require_once __DIR__ . '/logic/labels.inc.php';

// apply post configuration
if (function_exists('post_config')) {
    post_config();
}

// check for email address problems
// use direct database access instead of user class for performance reasons - need not
// to include user.class.php in any script
if (!isset($disable_verifyemail) &&
    $login->userid > 0 &&
    sql_value("SELECT `email_problems` FROM `user` WHERE `user_id`='&1'", 0, $login->userid) != 0
) {
    header("Location: verifyemail.php?page=" . basename($_SERVER['REQUEST_URI']));
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
    exit;
}

// normalize paths and urls
function normalize_settings()
{
    global $opt;

    $opt['charset']['iconv'] = strtoupper($opt['charset']['iconv']);

    if (substr($opt['logic']['pictures']['url'], - 1, 1) != '/') {
        $opt['logic']['pictures']['url'] .= '/';
    }
    if (substr($opt['logic']['pictures']['dir'], - 1, 1) != '/') {
        $opt['logic']['pictures']['dir'] .= '/';
    }
    if (substr($opt['logic']['pictures']['thumb_url'], - 1, 1) != '/') {
        $opt['logic']['pictures']['thumb_url'] .= '/';
    }
    if (substr($opt['logic']['pictures']['thumb_dir'], - 1, 1) != '/') {
        $opt['logic']['pictures']['thumb_dir'] .= '/';
    }

    if (isset($opt['logic']['cachemaps']['wmsurl']) && strstr($opt['logic']['cachemaps']['wmsurl'], '://')) {
        $opt['logic']['cachemaps']['wmsurl'] =
            $opt['page']['protocol'] . strstr($opt['logic']['cachemaps']['wmsurl'], '://');
    }
}

function configure_php()
{
    global $opt;

    if ($opt['php']['debug'] == PHP_DEBUG_ON) {
        ini_set('display_errors', true);
        ini_set('error_reporting', E_ALL);
        ini_set('mysql.trace_mode', true);
        // SQL_CALC_FOUND_ROWS will not work with trace_mode on!
        // Use the next two functions below as workaround.
        register_errorhandlers();
    } else {
        ini_set('display_errors', false);
        ini_set('error_reporting', E_ALL & ~E_NOTICE);
        ini_set('mysql.trace_mode', false);
        register_errorhandlers();
    }
}

function sql_enable_foundrows()
{
    ini_set('mysql.trace_mode', false);
}

function sql_foundrows_done()
{
    global $opt;

    if ($opt['php']['debug'] == PHP_DEBUG_ON) {
        ini_set('mysql.trace_mode', true);
    }
}

function set_domain_config()
{
    global $opt;

    $domain = $opt['page']['domain'];

    if (isset($opt['domain'][$domain]['style'])) {
        $opt['template']['default']['style'] = $opt['domain'][$domain]['style'];
    }
    if (isset($opt['domain'][$domain]['cookiedomain'])) {
        $opt['session']['domain'] = $opt['domain'][$domain]['cookiedomain'];
    }

    set_common_domain_config($opt);
}

function set_language()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
{
    global $opt, $cookie;

    $savelocale = true;
    if (isset($_REQUEST['locale'])) {
        $opt['template']['locale'] = strtoupper($_REQUEST['locale']);
    } elseif (isset($_REQUEST['templocale'])) {
        $opt['template']['locale'] = strtoupper($_REQUEST['templocale']);
        $savelocale = false;
    } else {
        $opt['template']['locale'] = strtoupper($cookie->get('locale', $opt['template']['default']['locale']));
    }

    if (isset($opt['template']['locale']) && $opt['template']['locale'] != '') {
        if (strpos($opt['template']['locale'], '.') !== false ||
            strpos($opt['template']['locale'], '/') !== false
        ) {
            $opt['template']['locale'] = $opt['template']['default']['locale'];
        }

        if (!isset($opt['locale'][$opt['template']['locale']])) {
            $opt['template']['locale'] = $opt['template']['default']['locale'];
        }
    } else {
        $opt['template']['locale'] = $opt['template']['default']['locale'];
    }

    if ($savelocale) {
        $cookie->set('locale', $opt['template']['locale'], $opt['template']['default']['locale']);
    }

    bindtextdomain('messages', __DIR__ . '/../cache2/translate');
    set_php_locale();
    textdomain('messages');
}

function set_usercountry()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
{
    global $cookie;

    if (isset($_REQUEST['usercountry'])) {
        $cookie->set('usercountry', $_REQUEST['usercountry']);
    }
}

function set_timezone()
{
    global $opt;

    date_default_timezone_set($opt['php']['timezone']);
}

function check_useragent()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
{
    global $ocpropping;

    // are we Ocprop?
    $ocpropping = isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], "Ocprop/") !== false;
}

// Exchange the protocol (http or https) in an URL to *this* website to the
// protocol of the current request. Do not change external links.
// This prevents i.e. Internet Explorer nag screens when embedding images
// into a https-requested page.

function use_current_protocol($url)
{
    global $opt;

    if (strtolower(substr($url, 0, strlen($opt['page']['absolute_http_url']))) == $opt['page']['absolute_http_url']
        && $opt['page']['https']['active']
    ) {
        return 'https' . strstr($url, '://');
    } elseif (strtolower(substr($url, 0, strlen($opt['page']['absolute_https_url'])))
                    == $opt['page']['absolute_https_url']
              && !$opt['page']['https']['active']
    ) {
        return 'http' . strstr($url, '://');
    } else {
        return $url;
    }
}


function use_current_protocol_in_html($url)
{
    global $opt;

    if ($opt['page']['https']['active']) {
        return str_replace($opt['page']['absolute_http_url'], $opt['page']['absolute_https_url'], $url);
    } else {
        return $url;
    }
}


Push — next ( 17539e...0bdfe0 )

common.inc.php ➔ gettext() A

Complexity

Size

Duplication

Importance

1 path for user data to reach this point

Response Splitting Attacks

General Strategies to prevent injection

1		<?php
2		/***************************************************************************
3		* For license information see doc/license.txt
4		*
5		*
6		* This module contains the main initialisation routine and often used
7		* functions. It is included by web.inc.php and cli.inc.php.
8		*
9		* TODO: accept-language des Browser auswerten
10		***************************************************************************/
11
12		require_once __DIR__ . '/../vendor/autoload.php';
13
14		$opt['rootpath'] = __DIR__ .'/../';
15
16		function __autoload($class_name)
17		{
18		global $opt;
19
20		if (!preg_match('/^[\w]{1,}$/', $class_name)) {
21		return;
22		}
23
24		$file1 = __DIR__ . '/' . $class_name . '.class.php';
25		$file2 = __DIR__ . '/logic/' . $class_name . '.class.php';
26		if (file_exists($file1)) {
27		require_once $file1;
28		} elseif (file_exists($file2)) {
29		require_once $file2;
30		}
31		}
32
33		if (!function_exists('bindtextdomain')) {
34		function bindtextdomain($domain, $directory)
		0 ignored issues – show Unused Code introduced 2017-02-01 19:35 UTC by Report Bug Copy Issue Report The parameter `$domain` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Unused Code introduced 2017-02-01 19:35 UTC by Report Bug Copy Issue Report The parameter `$directory` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
35		{
36		// dummy function for travis
37		}
38		}
39
40		if (!function_exists('textdomain')) {
41		function textdomain($domain)
		0 ignored issues – show Unused Code introduced 2017-02-01 20:14 UTC by Report Bug Copy Issue Report The parameter `$domain` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
42		{
43		// dummy function for travis
44		}
45		}
46
47		if (!function_exists('gettext')) {
48		function gettext($message)
		0 ignored issues – show Unused Code introduced 2017-02-01 20:27 UTC by Report Bug Copy Issue Report The parameter `$message` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
49		{
50		// dummy function for travis
51		}
52		}
53
54
55		// check for broken browsers
56		$useragent = isset($_SERVER['HTTP_USER_AGENT']) ? $_SERVER['HTTP_USER_AGENT'] : "";
57		$useragent_msie = preg_match('/MSIE ([1-9]+).[0-9]+/', $useragent, $ua_matches) && !strpos($useragent, "Opera");
58		$useragent_msie_version = null;
59		if (count($ua_matches) > 1) {
60		$useragent_msie_version = $ua_matches[1];
61		}
62
63		// yepp, we will use UTF-8
64		mb_internal_encoding('UTF-8');
65		mb_regex_encoding('UTF-8');
66
67		// set options
68		require_once __DIR__ . '/../config2/settings-dist.inc.php';
69		require_once __DIR__ . '/../config2/settings.inc.php';
70		require_once __DIR__ . '/../config2/verify-settings.inc.php';
71
72	View Code Duplication	foreach ($opt['page']['banned_user_agents'] as $ua) {
73		if (strpos($useragent, $ua) !== false) {
74		die();
75		}
76		}
77
78		set_domain_config();
79
80		if (!(isset($_REQUEST['sqldebug']) && $_REQUEST['sqldebug'] == '1')) {
81		$opt['debug'] = $opt['debug'] & ~DEBUG_SQLDEBUGGER;
82		}
83
84		if (($opt['debug'] & DEBUG_FORCE_TRANSLATE) != DEBUG_FORCE_TRANSLATE) {
85		if (($opt['debug'] & DEBUG_TRANSLATE) == DEBUG_TRANSLATE
86		&& isset($_REQUEST['trans']) && $_REQUEST['trans'] == '1'
87		) {
88		$opt['debug'] = $opt['debug'] \| DEBUG_TEMPLATES;
89		} else {
90		$opt['debug'] = $opt['debug'] & ~DEBUG_TRANSLATE;
91		}
92		}
93
94		require_once __DIR__ . '/errorhandler.inc.php';
95		configure_php();
96
97		if ($opt['session']['mode'] == SAVE_SESSION) {
98		// Do not use, not completely implemented yet
99		$cookie = new Oc\Session\SessionDataNative();
100		} else {
101		$cookie = new Oc\Session\SessionDataCookie();
102		}
103
104		normalize_settings();
105		set_language();
106		set_usercountry();
107		set_timezone();
108		// set stylepath and langpath
109		if (isset($opt['template']['style'])) {
110	View Code Duplication	if (strpos($opt['template']['style'], '.') !== false \|\|
111		strpos($opt['template']['style'], '/') !== false
112		) {
113		$opt['template']['style'] = $opt['template']['default']['style'];
114		}
115
116		if (!is_dir(__DIR__ . '/../templates2/' . $opt['template']['style'])) {
117		$opt['template']['style'] = $opt['template']['default']['style'];
118		}
119		} else {
120		$opt['template']['style'] = $opt['template']['default']['style'];
121		}
122		$opt['stylepath'] = __DIR__ . '/../templates2/' . $opt['template']['style'] . '/';
123
124		check_useragent();
125
126		/* setup smarty
127		*
128		*/
129		require __DIR__ . '/OcSmarty.class.php';
130		$tpl = new OcSmarty();
131
132		// include all we need
133		require_once __DIR__ . '/logic/const.inc.php';
134		require_once __DIR__ . '/error.inc.php';
135		require_once __DIR__ . '/util.inc.php';
136		require_once __DIR__ . '/db.inc.php';
137		require_once __DIR__ . '/login.class.php';
138		require_once __DIR__ . '/menu.class.php';
139		require_once __DIR__ . '/logic/labels.inc.php';
140
141		// apply post configuration
142		if (function_exists('post_config')) {
143		post_config();
144		}
145
146		// check for email address problems
147		// use direct database access instead of user class for performance reasons - need not
148		// to include user.class.php in any script
149		if (!isset($disable_verifyemail) &&
150		$login->userid > 0 &&
151		sql_value("SELECT `email_problems` FROM `user` WHERE `user_id`='&1'", 0, $login->userid) != 0
152		) {
153		header("Location: verifyemail.php?page=" . basename($_SERVER['REQUEST_URI']));
		0 ignored issues – show Security Response Splitting introduced 2016-07-05 21:12 UTC by Report Bug Copy Issue Report `'Location: verifyemail.p..._SERVER['REQUEST_URI'])` can contain request data and is used in response header context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Fetching key `REQUEST_URI` from `$_SERVER,` and `$_SERVER['REQUEST_URI']` is escaped by basename() for file context(s) in htdocs/lib2/common.inc.php on line 153 Response Splitting Attacks Allowing an attacker to set a response header, opens your application to response splitting attacks; effectively allowing an attacker to send any response, he would like. General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
154		exit;
155		}
156
157		// normalize paths and urls
158		function normalize_settings()
159		{
160		global $opt;
161
162		$opt['charset']['iconv'] = strtoupper($opt['charset']['iconv']);
163
164		if (substr($opt['logic']['pictures']['url'], - 1, 1) != '/') {
165		$opt['logic']['pictures']['url'] .= '/';
166		}
167		if (substr($opt['logic']['pictures']['dir'], - 1, 1) != '/') {
168		$opt['logic']['pictures']['dir'] .= '/';
169		}
170		if (substr($opt['logic']['pictures']['thumb_url'], - 1, 1) != '/') {
171		$opt['logic']['pictures']['thumb_url'] .= '/';
172		}
173	View Code Duplication	if (substr($opt['logic']['pictures']['thumb_dir'], - 1, 1) != '/') {
174		$opt['logic']['pictures']['thumb_dir'] .= '/';
175		}
176
177		if (isset($opt['logic']['cachemaps']['wmsurl']) && strstr($opt['logic']['cachemaps']['wmsurl'], '://')) {
178		$opt['logic']['cachemaps']['wmsurl'] =
179		$opt['page']['protocol'] . strstr($opt['logic']['cachemaps']['wmsurl'], '://');
180		}
181		}
182
183		function configure_php()
184		{
185		global $opt;
186
187		if ($opt['php']['debug'] == PHP_DEBUG_ON) {
188		ini_set('display_errors', true);
189		ini_set('error_reporting', E_ALL);
190		ini_set('mysql.trace_mode', true);
191		// SQL_CALC_FOUND_ROWS will not work with trace_mode on!
192		// Use the next two functions below as workaround.
193		register_errorhandlers();
194		} else {
195		ini_set('display_errors', false);
196		ini_set('error_reporting', E_ALL & ~E_NOTICE);
197		ini_set('mysql.trace_mode', false);
198		register_errorhandlers();
199		}
200		}
201
202		function sql_enable_foundrows()
203		{
204		ini_set('mysql.trace_mode', false);
205		}
206
207		function sql_foundrows_done()
208		{
209		global $opt;
210
211		if ($opt['php']['debug'] == PHP_DEBUG_ON) {
212		ini_set('mysql.trace_mode', true);
213		}
214		}
215
216		function set_domain_config()
217		{
218		global $opt;
219
220		$domain = $opt['page']['domain'];
221
222	View Code Duplication	if (isset($opt['domain'][$domain]['style'])) {
223		$opt['template']['default']['style'] = $opt['domain'][$domain]['style'];
224		}
225	View Code Duplication	if (isset($opt['domain'][$domain]['cookiedomain'])) {
226		$opt['session']['domain'] = $opt['domain'][$domain]['cookiedomain'];
227		}
228
229		set_common_domain_config($opt);
230		}
231
232		function set_language()
		0 ignored issues – show Coding Style introduced 2016-05-26 19:39 UTC by Report Bug Copy Issue Report `set_language` uses the super-global variable `$_REQUEST` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
233		{
234		global $opt, $cookie;
235
236		$savelocale = true;
237		if (isset($_REQUEST['locale'])) {
238		$opt['template']['locale'] = strtoupper($_REQUEST['locale']);
239		} elseif (isset($_REQUEST['templocale'])) {
240		$opt['template']['locale'] = strtoupper($_REQUEST['templocale']);
241		$savelocale = false;
242	View Code Duplication	} else {
243		$opt['template']['locale'] = strtoupper($cookie->get('locale', $opt['template']['default']['locale']));
244		}
245
246		if (isset($opt['template']['locale']) && $opt['template']['locale'] != '') {
247	View Code Duplication	if (strpos($opt['template']['locale'], '.') !== false \|\|
248		strpos($opt['template']['locale'], '/') !== false
249		) {
250		$opt['template']['locale'] = $opt['template']['default']['locale'];
251		}
252
253	View Code Duplication	if (!isset($opt['locale'][$opt['template']['locale']])) {
254		$opt['template']['locale'] = $opt['template']['default']['locale'];
255		}
256		} else {
257		$opt['template']['locale'] = $opt['template']['default']['locale'];
258		}
259
260	View Code Duplication	if ($savelocale) {
261		$cookie->set('locale', $opt['template']['locale'], $opt['template']['default']['locale']);
262		}
263
264		bindtextdomain('messages', __DIR__ . '/../cache2/translate');
265		set_php_locale();
266		textdomain('messages');
267		}
268
269		function set_usercountry()
		0 ignored issues – show Coding Style introduced 2016-05-26 19:39 UTC by Report Bug Copy Issue Report `set_usercountry` uses the super-global variable `$_REQUEST` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
270		{
271		global $cookie;
272
273		if (isset($_REQUEST['usercountry'])) {
274		$cookie->set('usercountry', $_REQUEST['usercountry']);
275		}
276		}
277
278		function set_timezone()
279		{
280		global $opt;
281
282		date_default_timezone_set($opt['php']['timezone']);
283		}
284
285		function check_useragent()
		0 ignored issues – show Coding Style introduced 2016-05-26 19:39 UTC by Report Bug Copy Issue Report `check_useragent` uses the super-global variable `$_SERVER` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
286		{
287		global $ocpropping;
288
289		// are we Ocprop?
290		$ocpropping = isset($_SERVER['HTTP_USER_AGENT']) && strpos($_SERVER['HTTP_USER_AGENT'], "Ocprop/") !== false;
291		}
292
293		// Exchange the protocol (http or https) in an URL to this website to the
294		// protocol of the current request. Do not change external links.
295		// This prevents i.e. Internet Explorer nag screens when embedding images
296		// into a https-requested page.
297
298		function use_current_protocol($url)
299		{
300		global $opt;
301
302		if (strtolower(substr($url, 0, strlen($opt['page']['absolute_http_url']))) == $opt['page']['absolute_http_url']
303		&& $opt['page']['https']['active']
304		) {
305		return 'https' . strstr($url, '://');
306		} elseif (strtolower(substr($url, 0, strlen($opt['page']['absolute_https_url'])))
307		== $opt['page']['absolute_https_url']
308		&& !$opt['page']['https']['active']
309		) {
310		return 'http' . strstr($url, '://');
311		} else {
312		return $url;
313		}
314		}
315
316
317		function use_current_protocol_in_html($url)
318		{
319		global $opt;
320
321		if ($opt['page']['https']['active']) {
322		return str_replace($opt['page']['absolute_http_url'], $opt['page']['absolute_https_url'], $url);
323		} else {
324		return $url;
325		}
326		}
327

OpencachingDeutschland / oc-server3

Push — next ( 17539e...0bdfe0 )

common.inc.php ➔ gettext() A

Complexity

Size

Duplication

Importance

1 path for user data to reach this point

Response Splitting Attacks

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like