Issues in control.php (develop) - Issues in develop - Pyrometric/UIX - Measure and Improve Code Quality continuously with Scrutinizer

Issues (36)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

classes/uix/ui/control.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * UIX Controls
 *
 * @package   controls
 * @author    David Cramer
 * @license   GPL-2.0+
 * @link
 * @copyright 2016 David Cramer
 */
namespace uix\ui;

/**
 * Base UIX Control class.
 *
 * @since       1.0.0
 */
class control extends \uix\data\data {

	/**
	 * The type of object
	 *
	 * @since       1.0.0
	 * @access public
	 * @var         string
	 */
	public $type = 'control';

	/**
	 * Register the UIX objects
	 *
	 * @since 1.0.0
	 * @access public
	 *
	 * @param string $slug Object slug
	 * @param array $object object structure array
	 *
	 * @return object|\uix object instance
	 */
	public static function register( $slug, $object, $parent = null ) {

		$caller = get_called_class();
		// get the current instance
		if ( empty( $object['type'] ) || ! uix()->is_callable( 'control\\' . $object['type'] ) ) {
			$object['type'] = 'text';
		}

		$caller = $caller . '\\' . $object['type'];

		return new $caller( $slug, $object, $parent );

	}

	/**
	 * Sets the controls data
	 *
	 * @since 1.0.0
	 * @see \uix\uix
	 * @access public
	 */
	public function setup() {

		// run parents to setup sanitization filters
		parent::setup();
		$value = array( $this->slug, '' );
		$data = uix()->request_vars( 'post' );
		if ( ! empty( $this->struct['value'] ) ) {
			$value[ $this->slug ] = $this->struct['value'];
		}
		if ( isset( $data[ $this->id() ] ) ) {
			$value[ $this->slug ] = $data[ $this->id() ];
		}
		$this->set_data( $value );
		// base attributes defined
		$this->attributes['name'] = $this->name();
		$this->attributes['id']   = $this->id() . '-control';
	}

	/**
	 * Create and Return the control's input name
	 *
	 * @since 1.0.0
	 * @access public
	 * @return string The control name
	 */
	public function name() {
		return $this->id();
	}

	/**
	 * Sets the attributes for the control.
	 *
	 * @since  1.0.0
	 * @access public
	 */
	public function set_attributes() {

		if ( ! empty( $this->struct['config'] ) ) {
			$this->set_config();
		}

		$this->attributes['class'] = implode( ' ', $this->classes() );

		parent::set_attributes();

	}

	/**
	 * Handy method for setting data-* attributes using the setup parameter
	 * @since  1.0.0
	 * @access public
	 */
	public function set_config() {

		foreach ( $this->struct['config'] as $key => $setting ) {
			$this->attributes[ 'data-' . $key ] = $setting;
		}

	}

	/**
	 * Gets the classes for the control input
	 *
	 * @since  1.0.0
	 * @access public
	 * @return array
	 */
	public function classes() {

		return array(
			'widefat',
		);

	}

	/**
	 * Define core page styles
	 *
	 * @since 1.0.0
	 * @access public
	 */
	public function set_assets() {
		$this->assets['style']['controls'] = $this->url . 'assets/css/control' . UIX_ASSET_DEBUG . '.css';
		parent::set_assets();
	}

	/**
	 * Render the Control
	 *
	 * @since 1.0.0
	 * @see \uix\ui\uix
	 * @access public
	 * @return string HTML of rendered control
	 */
	public function render() {

		$output = '<div id="' . esc_attr( $this->id() ) . '" class="uix-control uix-control-' . esc_attr( $this->type ) . ' ' . esc_attr( $this->id() ) . '">';

		$output .= $this->label();
		$output .= '<div class="uix-control-input">';
		$output .= $this->input();
		$output .= '</div>';
		$output .= $this->description();

		$output .= '</div>';

		return $output;
	}

	/**
	 * Returns the label for the control
	 *
	 * @since 1.0.0
	 * @access public
	 * @return string label of control
	 */
	public function label() {

		$output = null;
		if ( isset( $this->struct['label'] ) ) {
			$output .= '<label for="' . esc_attr( $this->id() ) . '-control"><span class="uix-control-label">' . esc_html( $this->struct['label'] ) . '</span></label>';
		}

		return $output;
	}

	/**
	 * Returns the main input field for rendering
	 *
	 * @since 1.0.0
	 * @see \uix\ui\uix
	 * @access public
	 * @return string Input field HTML striung
	 */
	public function input() {

		return '<input type="' . esc_attr( $this->type ) . '" value="' . esc_attr( $this->get_value() ) . '" ' . $this->build_attributes() . '>';
	}

	/**
	 * get this controls value
	 *
	 * @since 1.0.0
	 * @access public
	 * @return mixed the controls value
	 */
	public function get_value() {
		$value = null;
		$data  = $this->get_data();

		if ( null !== $data ) {
			$value = $data[ $this->slug ];
		}

		return $value;
	}

	/**
	 * Returns the description for the control
	 *
	 * @since 1.0.0
	 * @access public
	 * @return string description string
	 */
	public function description() {

		$output = null;
		if ( isset( $this->struct['description'] ) ) {
			$output .= '<span class="uix-control-description">' . esc_html( $this->struct['description'] ) . '</span>';
		}

		return $output;
	}

	/**
	 * checks if the current control is active
	 *
	 * @since 1.0.0
	 * @access public
	 */
	public function is_active() {
		if ( ! empty( $this->parent ) ) {
			return $this->parent->is_active();
		}

		return parent::is_active();
	}

}


1			<?php
2			/**
3			* UIX Controls
4			*
5			* @package controls
6			* @author David Cramer
7			* @license GPL-2.0+
8			* @link
9			* @copyright 2016 David Cramer
10			*/
11			namespace uix\ui;
12
13			/**
14			* Base UIX Control class.
15			*
16			* @since 1.0.0
17			*/
18			class control extends \uix\data\data {
19
20			/**
21			* The type of object
22			*
23			* @since 1.0.0
24			* @access public
25			* @var string
26			*/
27			public $type = 'control';
28
29			/**
30			* Register the UIX objects
31			*
32			* @since 1.0.0
33			* @access public
34			*
35			* @param string $slug Object slug
36			* @param array $object object structure array
37			*
38			* @return object\|\uix object instance
39			*/
40	9		public static function register( $slug, $object, $parent = null ) {
41
42	9		$caller = get_called_class();
43			// get the current instance
44	9		if ( empty( $object['type'] ) \|\| ! uix()->is_callable( 'control\\' . $object['type'] ) ) {
45	1		$object['type'] = 'text';
46			}
47
48	9		$caller = $caller . '\\' . $object['type'];
49
50	9		return new $caller( $slug, $object, $parent );
51
52			}
53
54			/**
55			* Sets the controls data
56			*
57			* @since 1.0.0
58			* @see \uix\uix
59			* @access public
60			*/
61	9		public function setup() {
62
63			// run parents to setup sanitization filters
64	9		parent::setup();
65	9		$value = array( $this->slug, '' );
66	9		$data = uix()->request_vars( 'post' );
67	9		if ( ! empty( $this->struct['value'] ) ) {
68	5		$value[ $this->slug ] = $this->struct['value'];
69			}
70	9		if ( isset( $data[ $this->id() ] ) ) {
71			$value[ $this->slug ] = $data[ $this->id() ];
72			}
73	9		$this->set_data( $value );
74			// base attributes defined
75	9		$this->attributes['name'] = $this->name();
76	9		$this->attributes['id'] = $this->id() . '-control';
77	9		}
78
79			/**
80			* Create and Return the control's input name
81			*
82			* @since 1.0.0
83			* @access public
84			* @return string The control name
85			*/
86	9		public function name() {
87	9		return $this->id();
88			}
89
90			/**
91			* Sets the attributes for the control.
92			*
93			* @since 1.0.0
94			* @access public
95			*/
96	5		public function set_attributes() {
97
98	5		if ( ! empty( $this->struct['config'] ) ) {
99			$this->set_config();
100			}
101
102	5		$this->attributes['class'] = implode( ' ', $this->classes() );
103
104	5		parent::set_attributes();
105
106	5		}
107
108			/**
109			* Handy method for setting data-* attributes using the setup parameter
110			* @since 1.0.0
111			* @access public
112			*/
113			public function set_config() {
114
115			foreach ( $this->struct['config'] as $key => $setting ) {
116			$this->attributes[ 'data-' . $key ] = $setting;
117			}
118
119			}
120
121			/**
122			* Gets the classes for the control input
123			*
124			* @since 1.0.0
125			* @access public
126			* @return array
127			*/
128	3		public function classes() {
129
130			return array(
131	3		'widefat',
132			);
133
134			}
135
136			/**
137			* Define core page styles
138			*
139			* @since 1.0.0
140			* @access public
141			*/
142	9		public function set_assets() {
143	9		$this->assets['style']['controls'] = $this->url . 'assets/css/control' . UIX_ASSET_DEBUG . '.css';
144	9		parent::set_assets();
145	9		}
146
147			/**
148			* Render the Control
149			*
150			* @since 1.0.0
151			* @see \uix\ui\uix
152			* @access public
153			* @return string HTML of rendered control
154			*/
155	5		public function render() {
156
157	5		$output = '<div id="' . esc_attr( $this->id() ) . '" class="uix-control uix-control-' . esc_attr( $this->type ) . ' ' . esc_attr( $this->id() ) . '">';
158
159	5		$output .= $this->label();
160	5		$output .= '<div class="uix-control-input">';
161	5		$output .= $this->input();
162	5		$output .= '</div>';
163	5		$output .= $this->description();
164
165	5		$output .= '</div>';
166
167	5		return $output;
168			}
169
170			/**
171			* Returns the label for the control
172			*
173			* @since 1.0.0
174			* @access public
175			* @return string label of control
176			*/
177	5	View Code Duplication	public function label() {
			0 ignored issues – show Duplication introduced 2017-12-06 10:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
178	5		$output = null;
179	5		if ( isset( $this->struct['label'] ) ) {
180	2		$output .= '<label for="' . esc_attr( $this->id() ) . '-control"><span class="uix-control-label">' . esc_html( $this->struct['label'] ) . '</span></label>';
181			}
182
183	5		return $output;
184			}
185
186			/**
187			* Returns the main input field for rendering
188			*
189			* @since 1.0.0
190			* @see \uix\ui\uix
191			* @access public
192			* @return string Input field HTML striung
193			*/
194	4		public function input() {
195
196	4		return '<input type="' . esc_attr( $this->type ) . '" value="' . esc_attr( $this->get_value() ) . '" ' . $this->build_attributes() . '>';
197			}
198
199			/**
200			* get this controls value
201			*
202			* @since 1.0.0
203			* @access public
204			* @return mixed the controls value
205			*/
206	5		public function get_value() {
207	5		$value = null;
208	5		$data = $this->get_data();
209
210	5		if ( null !== $data ) {
211	5		$value = $data[ $this->slug ];
212			}
213
214	5		return $value;
215			}
216
217			/**
218			* Returns the description for the control
219			*
220			* @since 1.0.0
221			* @access public
222			* @return string description string
223			*/
224	5	View Code Duplication	public function description() {
			0 ignored issues – show Duplication introduced 2017-12-06 10:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
225	5		$output = null;
226	5		if ( isset( $this->struct['description'] ) ) {
227	1		$output .= '<span class="uix-control-description">' . esc_html( $this->struct['description'] ) . '</span>';
228			}
229
230	5		return $output;
231			}
232
233			/**
234			* checks if the current control is active
235			*
236			* @since 1.0.0
237			* @access public
238			*/
239	3		public function is_active() {
240	3		if ( ! empty( $this->parent ) ) {
241	1		return $this->parent->is_active();
242			}
243
244	3		return parent::is_active();
245			}
246
247			}
248

Pyrometric / UIX

Issues (36)

Security Analysis no request data

classes/uix/ui/control.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like