Issues in Settings.php - New Issues - Inspection of "Merge pull request #4564 from albertlast/headerLow" - SimpleMachines/SMF2.1 - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — release-2.1 ( e55abf...f15ab1 )

unknown

created 2018-02-27 01:53 UTC

other/Settings.php (1 issue)

Labels

Security 1

Severity

Critical 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * The settings file contains all of the basic settings that need to be present when a database/cache is not available.
 *
 * Simple Machines Forum (SMF)
 *
 * @package SMF
 * @author Simple Machines http://www.simplemachines.org
 * @copyright 2018 Simple Machines and individual contributors
 * @license http://www.simplemachines.org/about/smf/license.php BSD
 *
 * @version 2.1 Beta 4
 */

########## Maintenance ##########
/**
 * The maintenance "mode"
 * Set to 1 to enable Maintenance Mode, 2 to make the forum untouchable. (you'll have to make it 0 again manually!)
 * 0 is default and disables maintenance mode.
 * @var int 0, 1, 2
 * @global int $maintenance
 */
$maintenance = 0;
/**
 * Title for the Maintenance Mode message.
 * @var string
 * @global int $mtitle
 */
$mtitle = 'Maintenance Mode';
/**
 * Description of why the forum is in maintenance mode.
 * @var string
 * @global string $mmessage
 */
$mmessage = 'Okay faithful users...we\'re attempting to restore an older backup of the database...news will be posted once we\'re back!';

########## Forum Info ##########
/**
 * The name of your forum.
 * @var string
 */
$mbname = 'My Community';
/**
 * The default language file set for the forum.
 * @var string
 */
$language = 'english';
/**
 * URL to your forum's folder. (without the trailing /!)
 * @var string
 */
$boardurl = 'http://127.0.0.1/smf';
/**
 * Email address to send emails from. (like [email protected].)
 * @var string
 */
$webmaster_email = '[email protected]';
/**
 * Name of the cookie to set for authentication.
 * @var string
 */
$cookiename = 'SMFCookie11';

########## Database Info ##########
/**
 * The database type
 * Default options: mysql, postgresql
 * @var string
 */
$db_type = 'mysql';
/**
 * The server to connect to (or a Unix socket)
 * @var string
 */
$db_server = 'localhost';
/**
 * The database name
 * @var string
 */
$db_name = 'smf';
/**
 * Database username
 * @var string
 */
$db_user = 'root';
/**
 * Database password
 * @var string
 */
$db_passwd = '';
/**
 * Database user for when connecting with SSI
 * @var string
 */
$ssi_db_user = '';
/**
 * Database password for when connecting with SSI
 * @var string
 */
$ssi_db_passwd = '';
/**
 * A prefix to put in front of your table names.
 * This helps to prevent conflicts
 * @var string
 */
$db_prefix = 'smf_';
/**
 * Use a persistent database connection
 * @var int|bool
 */
$db_persist = 0;
/**
 *
 * @var int|bool
 */
$db_error_send = 0;

########## Cache Info ##########
/**
 * Select a cache system. You want to leave this up to the cache area of the admin panel for
 * proper detection of apc, memcached, output_cache, smf, or xcache
 * (you can add more with a mod).
 * @var string
 */
$cache_accelerator = '';
/**
 * The level at which you would like to cache. Between 0 (off) through 3 (cache a lot).
 * @var int
 */
$cache_enable = 0;
/**
 * This is only used for memcache / memcached. Should be a string of 'server:port,server:port'
 * @var array
 */
$cache_memcached = '';
/**
 * This is only for the 'smf' file cache system. It is the path to the cache directory.
 * It is also recommended that you place this in /tmp/ if you are going to use this.
 * @var string
 */
$cachedir = dirname(__FILE__) . '/cache';

########## Image Proxy ##########
# This is done entirely in Settings.php to avoid loading the DB while serving the images
/**
 * Whether the proxy is enabled or not
 * @var bool
 */
$image_proxy_enabled = true;

/**
 * Secret key to be used by the proxy
 * @var string
 */
$image_proxy_secret = 'smfisawesome';

/**
 * Maximum file size (in KB) for indiviudal files
 * @var int
 */
$image_proxy_maxsize = 5192;

########## Directories/Files ##########
# Note: These directories do not have to be changed unless you move things.
/**
 * The absolute path to the forum's folder. (not just '.'!)
 * @var string
 */
$boarddir = dirname(__FILE__);
/**
 * Path to the Sources directory.
 * @var string
 */
$sourcedir = dirname(__FILE__) . '/Sources';
/**
 * Path to the Packages directory.
 * @var string
 */
$packagesdir = dirname(__FILE__) . '/Packages';
/**
 * Path to the tasks directory.
 * @var string
 */
$tasksdir = $sourcedir . '/tasks';

# Make sure the paths are correct... at least try to fix them.
if (!file_exists($boarddir) && file_exists(dirname(__FILE__) . '/agreement.txt'))
	$boarddir = dirname(__FILE__);
if (!file_exists($sourcedir) && file_exists($boarddir . '/Sources'))
	$sourcedir = $boarddir . '/Sources';
if (!file_exists($cachedir) && file_exists($boarddir . '/cache'))
	$cachedir = $boarddir . '/cache';

########## Error-Catching ##########
# Note: You shouldn't touch these settings.
if (file_exists((isset($cachedir) ? $cachedir : dirname(__FILE__)) . '/db_last_error.php'))
	include((isset($cachedir) ? $cachedir : dirname(__FILE__)) . '/db_last_error.php');

if (!isset($db_last_error))
{
	// File does not exist so lets try to create it
	file_put_contents((isset($cachedir) ? $cachedir : dirname(__FILE__)) . '/db_last_error.php', '<' . '?' . "php\n" . '$db_last_error = 0;' . "\n" . '?' . '>');
	$db_last_error = 0;
}

if (file_exists(dirname(__FILE__) . '/install.php'))
{
	$secure = false;
	if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
		$secure = true;
	elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' || !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on')
		$secure = true;

	header('location: http' . ($secure ? 's' : '') . '://' . (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] . (empty($_SERVER['SERVER_PORT']) || $_SERVER['SERVER_PORT'] == '80' ? '' : ':' . $_SERVER['SERVER_PORT']) : $_SERVER['HTTP_HOST']) . (strtr(dirname($_SERVER['PHP_SELF']), '\\', '/') == '/' ? '' : strtr(dirname($_SERVER['PHP_SELF']), '\\', '/')) . '/install.php'); exit;
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
}

?>

Push — release-2.1 ( e55abf...f15ab1 )

other/Settings.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1 path for user data to reach this point

Response Splitting Attacks

General Strategies to prevent injection

1		<?php
2
3		/**
4		* The settings file contains all of the basic settings that need to be present when a database/cache is not available.
5		*
6		* Simple Machines Forum (SMF)
7		*
8		* @package SMF
9		* @author Simple Machines http://www.simplemachines.org
10		* @copyright 2018 Simple Machines and individual contributors
11		* @license http://www.simplemachines.org/about/smf/license.php BSD
12		*
13		* @version 2.1 Beta 4
14		*/
15
16		########## Maintenance ##########
17		/**
18		* The maintenance "mode"
19		* Set to 1 to enable Maintenance Mode, 2 to make the forum untouchable. (you'll have to make it 0 again manually!)
20		* 0 is default and disables maintenance mode.
21		* @var int 0, 1, 2
22		* @global int $maintenance
23		*/
24		$maintenance = 0;
25		/**
26		* Title for the Maintenance Mode message.
27		* @var string
28		* @global int $mtitle
29		*/
30		$mtitle = 'Maintenance Mode';
31		/**
32		* Description of why the forum is in maintenance mode.
33		* @var string
34		* @global string $mmessage
35		*/
36		$mmessage = 'Okay faithful users...we\'re attempting to restore an older backup of the database...news will be posted once we\'re back!';
37
38		########## Forum Info ##########
39		/**
40		* The name of your forum.
41		* @var string
42		*/
43		$mbname = 'My Community';
44		/**
45		* The default language file set for the forum.
46		* @var string
47		*/
48		$language = 'english';
49		/**
50		* URL to your forum's folder. (without the trailing /!)
51		* @var string
52		*/
53		$boardurl = 'http://127.0.0.1/smf';
54		/**
55		* Email address to send emails from. (like [email protected].)
56		* @var string
57		*/
58		$webmaster_email = '[email protected]';
59		/**
60		* Name of the cookie to set for authentication.
61		* @var string
62		*/
63		$cookiename = 'SMFCookie11';
64
65		########## Database Info ##########
66		/**
67		* The database type
68		* Default options: mysql, postgresql
69		* @var string
70		*/
71		$db_type = 'mysql';
72		/**
73		* The server to connect to (or a Unix socket)
74		* @var string
75		*/
76		$db_server = 'localhost';
77		/**
78		* The database name
79		* @var string
80		*/
81		$db_name = 'smf';
82		/**
83		* Database username
84		* @var string
85		*/
86		$db_user = 'root';
87		/**
88		* Database password
89		* @var string
90		*/
91		$db_passwd = '';
92		/**
93		* Database user for when connecting with SSI
94		* @var string
95		*/
96		$ssi_db_user = '';
97		/**
98		* Database password for when connecting with SSI
99		* @var string
100		*/
101		$ssi_db_passwd = '';
102		/**
103		* A prefix to put in front of your table names.
104		* This helps to prevent conflicts
105		* @var string
106		*/
107		$db_prefix = 'smf_';
108		/**
109		* Use a persistent database connection
110		* @var int\|bool
111		*/
112		$db_persist = 0;
113		/**
114		*
115		* @var int\|bool
116		*/
117		$db_error_send = 0;
118
119		########## Cache Info ##########
120		/**
121		* Select a cache system. You want to leave this up to the cache area of the admin panel for
122		* proper detection of apc, memcached, output_cache, smf, or xcache
123		* (you can add more with a mod).
124		* @var string
125		*/
126		$cache_accelerator = '';
127		/**
128		* The level at which you would like to cache. Between 0 (off) through 3 (cache a lot).
129		* @var int
130		*/
131		$cache_enable = 0;
132		/**
133		* This is only used for memcache / memcached. Should be a string of 'server:port,server:port'
134		* @var array
135		*/
136		$cache_memcached = '';
137		/**
138		* This is only for the 'smf' file cache system. It is the path to the cache directory.
139		* It is also recommended that you place this in /tmp/ if you are going to use this.
140		* @var string
141		*/
142		$cachedir = dirname(__FILE__) . '/cache';
143
144		########## Image Proxy ##########
145		# This is done entirely in Settings.php to avoid loading the DB while serving the images
146		/**
147		* Whether the proxy is enabled or not
148		* @var bool
149		*/
150		$image_proxy_enabled = true;
151
152		/**
153		* Secret key to be used by the proxy
154		* @var string
155		*/
156		$image_proxy_secret = 'smfisawesome';
157
158		/**
159		* Maximum file size (in KB) for indiviudal files
160		* @var int
161		*/
162		$image_proxy_maxsize = 5192;
163
164		########## Directories/Files ##########
165		# Note: These directories do not have to be changed unless you move things.
166		/**
167		* The absolute path to the forum's folder. (not just '.'!)
168		* @var string
169		*/
170		$boarddir = dirname(__FILE__);
171		/**
172		* Path to the Sources directory.
173		* @var string
174		*/
175		$sourcedir = dirname(__FILE__) . '/Sources';
176		/**
177		* Path to the Packages directory.
178		* @var string
179		*/
180		$packagesdir = dirname(__FILE__) . '/Packages';
181		/**
182		* Path to the tasks directory.
183		* @var string
184		*/
185		$tasksdir = $sourcedir . '/tasks';
186
187		# Make sure the paths are correct... at least try to fix them.
188		if (!file_exists($boarddir) && file_exists(dirname(__FILE__) . '/agreement.txt'))
189		$boarddir = dirname(__FILE__);
190		if (!file_exists($sourcedir) && file_exists($boarddir . '/Sources'))
191		$sourcedir = $boarddir . '/Sources';
192	View Code Duplication	if (!file_exists($cachedir) && file_exists($boarddir . '/cache'))
193		$cachedir = $boarddir . '/cache';
194
195		########## Error-Catching ##########
196		# Note: You shouldn't touch these settings.
197		if (file_exists((isset($cachedir) ? $cachedir : dirname(__FILE__)) . '/db_last_error.php'))
198		include((isset($cachedir) ? $cachedir : dirname(__FILE__)) . '/db_last_error.php');
199
200		if (!isset($db_last_error))
201		{
202		// File does not exist so lets try to create it
203		file_put_contents((isset($cachedir) ? $cachedir : dirname(__FILE__)) . '/db_last_error.php', '<' . '?' . "php\n" . '$db_last_error = 0;' . "\n" . '?' . '>');
204		$db_last_error = 0;
205		}
206
207		if (file_exists(dirname(__FILE__) . '/install.php'))
208		{
209		$secure = false;
210	View Code Duplication	if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] == 'on')
211		$secure = true;
212		elseif (!empty($_SERVER['HTTP_X_FORWARDED_PROTO']) && $_SERVER['HTTP_X_FORWARDED_PROTO'] == 'https' \|\| !empty($_SERVER['HTTP_X_FORWARDED_SSL']) && $_SERVER['HTTP_X_FORWARDED_SSL'] == 'on')
213		$secure = true;
214
215		header('location: http' . ($secure ? 's' : '') . '://' . (empty($_SERVER['HTTP_HOST']) ? $_SERVER['SERVER_NAME'] . (empty($_SERVER['SERVER_PORT']) \|\| $_SERVER['SERVER_PORT'] == '80' ? '' : ':' . $_SERVER['SERVER_PORT']) : $_SERVER['HTTP_HOST']) . (strtr(dirname($_SERVER['PHP_SELF']), '\\', '/') == '/' ? '' : strtr(dirname($_SERVER['PHP_SELF']), '\\', '/')) . '/install.php'); exit;
		0 ignored issues – show Security Response Splitting introduced 2018-02-24 08:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this `'location: http' . ($sec... '/')) . '/install.php'` can contain request data and is used in response header context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Fetching key `HTTP_HOST` from `$_SERVER` in other/Settings.php on line 215 Response Splitting Attacks Allowing an attacker to set a response header, opens your application to response splitting attacks; effectively allowing an attacker to send any response, he would like. General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
216		}
217
218		?>

SimpleMachines / SMF2.1

Push — release-2.1 ( e55abf...f15ab1 )

other/Settings.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1 path for user data to reach this point

Response Splitting Attacks

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like