Issues in varset.inc.php - All Issues - Inspection of "Merge pull request #705 from nlubisch/feature/move..." - OpencachingDeutschland/oc-server3 - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — development ( f93eb8...ffa1a0 )

by Thomas

created 2017-11-26 19:47 UTC

htdocs/lang/de/ocstyle/varset.inc.php (1 issue)

Labels

Security 1

Severity

Critical 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/****************************************************************************
 * ./lang/de/ocstyle/varset.inc.php
 * -------------------
 * begin                : Mon June 14 2004
 *
 * For license information see LICENSE.md
 ****************************************************************************/

/****************************************************************************
 *
 *
 * template specific variables setup
 ****************************************************************************/

//set all main template replacement to default values

tpl_set_var('htmlheaders', '');
tpl_set_var('lang', $lang);
tpl_set_var('style', $style);
tpl_set_var('loginbox', '&nbsp;');
tpl_set_var(
    'functionsbox',
    '<a href="index.php?page=suche">' . t('Search') . '</a> | <a href="index.php?page=sitemap">' . t('Sitemap') . '</a>'
);
tpl_set_var('runtime', '');

//set up main template specific string
$sLoggedOut =
    '<form action="' . ($opt['page']['https']['force_login'] ? $opt['page']['absolute_https_url'] : '') . 'login.php" method="post" enctype="application/x-www-form-urlencoded" name="login" dir="ltr" style="display: inline;"><b>'
    . t('User:')
    . '</b>&nbsp;&nbsp;<input name="email" size="10" type="text" class="textboxes" value="" />&nbsp;&nbsp;&nbsp;<b>'
    . t('Password:')
    . '</b>&nbsp;&nbsp;<input name="password" size="10" type="password" class="textboxes" value="" />&nbsp;<input type="hidden" name="action" value="login" /><input type="hidden" name="target" value="{target}" /><input type="hidden" name="source" value="titlebar" />&nbsp;<input type="submit" name="LogMeIn" value="'
    . t('Login')
    . '" class="formbutton" style="width: 74px;" onclick="submitbutton(\'LogMeIn\')" /></form>';
$sLoggedIn =
    "<b>"
    . t('Logged in as')
    . ' <a href="myhome.php" class="testing-top-left-corner-username">{username}</a></b> - <a href="login.php?action=logout">'
    . t('Logout')
    . '</a></b>';

// target in Loginbox setzen
$target = basename($_SERVER['PHP_SELF']) . '?';

// REQUEST-Variablen durchlaufen und an target anhaengen
$allowed = ['cacheid', 'userid', 'logid', 'desclang', 'descid'];
reset($_REQUEST);
while (list($varname, $varvalue) = each($_REQUEST)) {
    if (in_array($varname, $allowed)) {
        $target .= $varname . '=' . $varvalue . '&';
    }
}
if (mb_substr($target, - 1) == '?' || mb_substr($target, - 1) == '&') {
    $target = mb_substr($target, 0, - 1);
}
$sLoggedOut = mb_ereg_replace('{target}', $target, $sLoggedOut);
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}

$functionsbox_start_tag = '';
$functionsbox_middle_tag = ' | ';
$functionsbox_end_tag = '';

$tpl_subtitle = '';

//other vars
$login_required = t('Please login to continue:');

$dberrormsg = t('A database command could not be performed.');

$error_prefix = '<span class="errormsg">';
$error_suffix = '</span>';

$htmlnotice =
    '<tr><td class="spacer" colspan="2"></td></tr>
    <tr>
        <td class="help" colspan="2">
            <img src="lang/de/ocstyle/images/misc/hint.gif" border="0" width="15" height="11" alt="' . t('Notice') . '" title="' . t('Notice') . '" />
            ' . t('Your HTML code will be changed again by a special filter. This is necessary to avoid dangerous HTML-tags,
                 such as &lt;script&gt;. A list of allowed HTML tags, you can find
                 <a href="articles.php?page=htmltags">here</a>') . '
        </td>
    </tr>
    ';


Push — development ( f93eb8...ffa1a0 )

htdocs/lang/de/ocstyle/varset.inc.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

2 paths for user data to reach this point

General Strategies to prevent injection

1		<?php
2		/****************************************************************************
3		* ./lang/de/ocstyle/varset.inc.php
4		* -------------------
5		* begin : Mon June 14 2004
6		*
7		* For license information see LICENSE.md
8		****************************************************************************/
9
10		/****************************************************************************
11		*
12		*
13		* template specific variables setup
14		****************************************************************************/
15
16		//set all main template replacement to default values
17
18		tpl_set_var('htmlheaders', '');
19		tpl_set_var('lang', $lang);
20		tpl_set_var('style', $style);
21		tpl_set_var('loginbox', ' ');
22		tpl_set_var(
23		'functionsbox',
24		'<a href="index.php?page=suche">' . t('Search') . '</a> \| <a href="index.php?page=sitemap">' . t('Sitemap') . '</a>'
25		);
26		tpl_set_var('runtime', '');
27
28		//set up main template specific string
29		$sLoggedOut =
30		'<form action="' . ($opt['page']['https']['force_login'] ? $opt['page']['absolute_https_url'] : '') . 'login.php" method="post" enctype="application/x-www-form-urlencoded" name="login" dir="ltr" style="display: inline;"><b>'
31		. t('User:')
32		. '</b>  <input name="email" size="10" type="text" class="textboxes" value="" />   <b>'
33		. t('Password:')
34		. '</b>  <input name="password" size="10" type="password" class="textboxes" value="" /> <input type="hidden" name="action" value="login" /><input type="hidden" name="target" value="{target}" /><input type="hidden" name="source" value="titlebar" /> <input type="submit" name="LogMeIn" value="'
35		. t('Login')
36		. '" class="formbutton" style="width: 74px;" onclick="submitbutton(\'LogMeIn\')" /></form>';
37		$sLoggedIn =
38		"<b>"
39		. t('Logged in as')
40		. ' <a href="myhome.php" class="testing-top-left-corner-username">{username}</a></b> - <a href="login.php?action=logout">'
41		. t('Logout')
42		. '</a></b>';
43
44		// target in Loginbox setzen
45		$target = basename($_SERVER['PHP_SELF']) . '?';
46
47		// REQUEST-Variablen durchlaufen und an target anhaengen
48		$allowed = ['cacheid', 'userid', 'logid', 'desclang', 'descid'];
49		reset($_REQUEST);
50		while (list($varname, $varvalue) = each($_REQUEST)) {
51		if (in_array($varname, $allowed)) {
52		$target .= $varname . '=' . $varvalue . '&';
53		}
54		}
55	View Code Duplication	if (mb_substr($target, - 1) == '?' \|\| mb_substr($target, - 1) == '&') {
56		$target = mb_substr($target, 0, - 1);
57		}
58		$sLoggedOut = mb_ereg_replace('{target}', $target, $sLoggedOut);
		0 ignored issues – show Security Code Execution introduced 2016-07-05 21:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$target` can contain request data and is used in code execution context(s) leading to a potential security vulnerability. 2 paths for user data to reach this point 1. Path: Fetching key `PHP_SELF` from `$_SERVER,` and `$_SERVER['PHP_SELF']` is escaped by basename() for file context(s), and `$target` is assigned in htdocs/lang/de/ocstyle/varset.inc.php on line 45 Fetching key `PHP_SELF` from `$_SERVER,` and `$_SERVER['PHP_SELF']` is escaped by basename() for file context(s), and `$target` is assigned in htdocs/lang/de/ocstyle/varset.inc.php on line 45 2. Path: Read from `$_REQUEST,` and `$_REQUEST` is passed through each(), and `$varname` is assigned in htdocs/lang/de/ocstyle/varset.inc.php on line 50 Read from `$_REQUEST,` and `$_REQUEST` is passed through each(), and `$varname` is assigned in htdocs/lang/de/ocstyle/varset.inc.php on line 50 `$target` is assigned in htdocs/lang/de/ocstyle/varset.inc.php on line 52 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
59
60		$functionsbox_start_tag = '';
61		$functionsbox_middle_tag = ' \| ';
62		$functionsbox_end_tag = '';
63
64		$tpl_subtitle = '';
65
66		//other vars
67		$login_required = t('Please login to continue:');
68
69		$dberrormsg = t('A database command could not be performed.');
70
71		$error_prefix = '<span class="errormsg">';
72		$error_suffix = '</span>';
73
74		$htmlnotice =
75		'<tr><td class="spacer" colspan="2"></td></tr>
76		<tr>
77		<td class="help" colspan="2">
78		<img src="lang/de/ocstyle/images/misc/hint.gif" border="0" width="15" height="11" alt="' . t('Notice') . '" title="' . t('Notice') . '" />
79		' . t('Your HTML code will be changed again by a special filter. This is necessary to avoid dangerous HTML-tags,
80		such as <script>. A list of allowed HTML tags, you can find
81		<a href="articles.php?page=htmltags">here</a>') . '
82		</td>
83		</tr>
84		';
85

OpencachingDeutschland / oc-server3

Push — development ( f93eb8...ffa1a0 )

htdocs/lang/de/ocstyle/varset.inc.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

2 paths for user data to reach this point

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like