Issues in Subs-Sound.php (release-2.1) - Issues in release-2.1 - SimpleMachines/SMF2.1 - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1014)

Sources/Subs-Sound.php (2 issues)

Labels

Severity

James Robson 2

<?php

/**
 * Handles sound processing. In order to make sure the visual
 * verification is still accessible for all users, a sound clip is being addded
 * that reads the letters that are being shown.
 *
 * Simple Machines Forum (SMF)
 *
 * @package SMF
 * @author Simple Machines https://www.simplemachines.org
 * @copyright 2022 Simple Machines and individual contributors
 * @license https://www.simplemachines.org/about/smf/license.php BSD
 *
 * @version 2.1.2
 */

if (!defined('SMF'))
	die('No direct access...');

/**
 * Creates a wave file that spells the letters of $word.
 * Tries the user's language first, and defaults to english.
 * Used by VerificationCode() (Register.php).
 *
 * @param string $word
 * @return boolean false on failure
 */

function createWaveFile($word)
{
	global $settings, $user_info;

	// Allow max 2 requests per 20 seconds.
	if (($ip = cache_get_data('wave_file/' . $user_info['ip'], 20)) > 2 || ($ip2 = cache_get_data('wave_file/' . $user_info['ip2'], 20)) > 2)
		die(send_http_status(400));
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
	cache_put_data('wave_file/' . $user_info['ip'], $ip ? $ip + 1 : 1, 20);
	cache_put_data('wave_file/' . $user_info['ip2'], $ip2 ? $ip2 + 1 : 1, 20);

	// Fixate randomization for this word.
	$tmp = unpack('n', md5($word . session_id()));
	mt_srand(end($tmp));

	// Try to see if there's a sound font in the user's language.
	if (file_exists($settings['default_theme_dir'] . '/fonts/sound/a.' . $user_info['language'] . '.wav'))
		$sound_language = $user_info['language'];

	// English should be there.
	elseif (file_exists($settings['default_theme_dir'] . '/fonts/sound/a.english.wav'))
		$sound_language = 'english';

	// Guess not...
	else
		return false;

	// File names are in lower case so lets make sure that we are only using a lower case string
	$word = strtolower($word);

	// Loop through all letters of the word $word.
	$sound_word = '';
	for ($i = 0; $i < strlen($word); $i++)
	{
		$sound_letter = implode('', file($settings['default_theme_dir'] . '/fonts/sound/' . $word[$i] . '.' . $sound_language . '.wav'));
		if (strpos($sound_letter, 'data') === false)
			return false;

		$sound_letter = substr($sound_letter, strpos($sound_letter, 'data') + 8);
		switch ($word[$i] === 's' ? 0 : mt_rand(0, 2))
		{
			case 0 :
				for ($j = 0, $n = strlen($sound_letter); $j < $n; $j++)
					for ($k = 0, $m = round(mt_rand(15, 25) / 10); $k < $m; $k++)
						$sound_word .= $word[$i] === 's' ? $sound_letter[$j] : chr(mt_rand(max(ord($sound_letter[$j]) - 1, 0x00), min(ord($sound_letter[$j]) + 1, 0xFF)));
				break;

			case 1:
				for ($j = 0, $n = strlen($sound_letter) - 1; $j < $n; $j += 2)
					$sound_word .= (mt_rand(0, 3) == 0 ? '' : $sound_letter[$j]) . (mt_rand(0, 3) === 0 ? $sound_letter[$j + 1] : $sound_letter[$j]) . (mt_rand(0, 3) === 0 ? $sound_letter[$j] : $sound_letter[$j + 1]) . $sound_letter[$j + 1] . (mt_rand(0, 3) == 0 ? $sound_letter[$j + 1] : '');
				$sound_word .= str_repeat($sound_letter[$n], 2);
				break;

			case 2:
				$shift = 0;
				for ($j = 0, $n = strlen($sound_letter); $j < $n; $j++)
				{
					if (mt_rand(0, 10) === 0)
						$shift += mt_rand(-3, 3);
					for ($k = 0, $m = round(mt_rand(15, 25) / 10); $k < $m; $k++)
						$sound_word .= chr(min(max(ord($sound_letter[$j]) + $shift, 0x00), 0xFF));
				}
				break;
		}

		$sound_word .= str_repeat(chr(0x80), mt_rand(10000, 10500));
	}

	$data_size = strlen($sound_word);
	$file_size = $data_size + 0x24;
	$content_length = $file_size + 0x08;
	$sample_rate = 16000;

	// Disable compression.
	ob_end_clean();
	header_remove('content-encoding');
	header('content-encoding: none');
	header('accept-ranges: bytes');
	header('connection: close');
	header('cache-control: no-cache');

	// Output the wav.
	header('content-type: audio/x-wav');
	header('expires: ' . gmdate('D, d M Y H:i:s', time() + 525600 * 60) . ' GMT');

	if (isset($_SERVER['HTTP_RANGE']))
	{
		list($a, $range) = explode("=", $_SERVER['HTTP_RANGE'], 2);
		list($range) = explode(",", $range, 2);
		list($range, $range_end) = explode("-", $range);
		$range = intval($range);
		$range_end = !$range_end ? $content_length - 1 : intval($range_end);
		$new_length = $range_end - $range + 1;

		send_http_status(206);
		header("content-length: $new_length");
		header("content-range: bytes $range-$range_end/$content_length");
	}
	else
		header("content-length: " . $content_length);

	echo pack('nnVnnnnnnnnVVnnnnV', 0x5249, 0x4646, $file_size, 0x5741, 0x5645, 0x666D, 0x7420, 0x1000, 0x0000, 0x0100, 0x0100, $sample_rate, $sample_rate, 0x0100, 0x0800, 0x6461, 0x7461, $data_size), $sound_word;

	// Noting more to add.
	die();
}

?>

1			<?php
2
3			/**
4			* Handles sound processing. In order to make sure the visual
5			* verification is still accessible for all users, a sound clip is being addded
6			* that reads the letters that are being shown.
7			*
8			* Simple Machines Forum (SMF)
9			*
10			* @package SMF
11			* @author Simple Machines https://www.simplemachines.org
12			* @copyright 2022 Simple Machines and individual contributors
13			* @license https://www.simplemachines.org/about/smf/license.php BSD
14			*
15			* @version 2.1.2
16			*/
17
18			if (!defined('SMF'))
19			die('No direct access...');
20
21			/**
22			* Creates a wave file that spells the letters of $word.
23			* Tries the user's language first, and defaults to english.
24			* Used by VerificationCode() (Register.php).
25			*
26			* @param string $word
27			* @return boolean false on failure
28			*/
29
30			function createWaveFile($word)
31			{
32			global $settings, $user_info;
33
34			// Allow max 2 requests per 20 seconds.
35			if (($ip = cache_get_data('wave_file/' . $user_info['ip'], 20)) > 2 \|\| ($ip2 = cache_get_data('wave_file/' . $user_info['ip2'], 20)) > 2)
36			die(send_http_status(400));
			0 ignored issues – show Best Practice introduced 2018-10-21 22:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this Using `exit` here is not recommended. In general, usage of exit should be done with care and only when running in a scripting context like a CLI script. Loading history... Bug introduced 2018-10-21 22:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the usage of `send_http_status(400)` is correct as it seems to always return `null`. This check looks for function or method calls that always return null and whose return value is used. class A { function getObject() { return null; } } $a = new A(); if ($a->getObject()) { The method `getObject()` can return nothing but null, so it makes no sense to use the return value. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
37			cache_put_data('wave_file/' . $user_info['ip'], $ip ? $ip + 1 : 1, 20);
38			cache_put_data('wave_file/' . $user_info['ip2'], $ip2 ? $ip2 + 1 : 1, 20);
39
40			// Fixate randomization for this word.
41			$tmp = unpack('n', md5($word . session_id()));
42			mt_srand(end($tmp));
43
44			// Try to see if there's a sound font in the user's language.
45			if (file_exists($settings['default_theme_dir'] . '/fonts/sound/a.' . $user_info['language'] . '.wav'))
46			$sound_language = $user_info['language'];
47
48			// English should be there.
49			elseif (file_exists($settings['default_theme_dir'] . '/fonts/sound/a.english.wav'))
50			$sound_language = 'english';
51
52			// Guess not...
53			else
54			return false;
55
56			// File names are in lower case so lets make sure that we are only using a lower case string
57			$word = strtolower($word);
58
59			// Loop through all letters of the word $word.
60			$sound_word = '';
61			for ($i = 0; $i < strlen($word); $i++)
62			{
63			$sound_letter = implode('', file($settings['default_theme_dir'] . '/fonts/sound/' . $word[$i] . '.' . $sound_language . '.wav'));
64			if (strpos($sound_letter, 'data') === false)
65			return false;
66
67			$sound_letter = substr($sound_letter, strpos($sound_letter, 'data') + 8);
68			switch ($word[$i] === 's' ? 0 : mt_rand(0, 2))
69			{
70			case 0 :
71			for ($j = 0, $n = strlen($sound_letter); $j < $n; $j++)
72			for ($k = 0, $m = round(mt_rand(15, 25) / 10); $k < $m; $k++)
73			$sound_word .= $word[$i] === 's' ? $sound_letter[$j] : chr(mt_rand(max(ord($sound_letter[$j]) - 1, 0x00), min(ord($sound_letter[$j]) + 1, 0xFF)));
74			break;
75
76			case 1:
77			for ($j = 0, $n = strlen($sound_letter) - 1; $j < $n; $j += 2)
78			$sound_word .= (mt_rand(0, 3) == 0 ? '' : $sound_letter[$j]) . (mt_rand(0, 3) === 0 ? $sound_letter[$j + 1] : $sound_letter[$j]) . (mt_rand(0, 3) === 0 ? $sound_letter[$j] : $sound_letter[$j + 1]) . $sound_letter[$j + 1] . (mt_rand(0, 3) == 0 ? $sound_letter[$j + 1] : '');
79			$sound_word .= str_repeat($sound_letter[$n], 2);
80			break;
81
82			case 2:
83			$shift = 0;
84			for ($j = 0, $n = strlen($sound_letter); $j < $n; $j++)
85			{
86			if (mt_rand(0, 10) === 0)
87			$shift += mt_rand(-3, 3);
88			for ($k = 0, $m = round(mt_rand(15, 25) / 10); $k < $m; $k++)
89			$sound_word .= chr(min(max(ord($sound_letter[$j]) + $shift, 0x00), 0xFF));
90			}
91			break;
92			}
93
94			$sound_word .= str_repeat(chr(0x80), mt_rand(10000, 10500));
95			}
96
97			$data_size = strlen($sound_word);
98			$file_size = $data_size + 0x24;
99			$content_length = $file_size + 0x08;
100			$sample_rate = 16000;
101
102			// Disable compression.
103			ob_end_clean();
104			header_remove('content-encoding');
105			header('content-encoding: none');
106			header('accept-ranges: bytes');
107			header('connection: close');
108			header('cache-control: no-cache');
109
110			// Output the wav.
111			header('content-type: audio/x-wav');
112			header('expires: ' . gmdate('D, d M Y H:i:s', time() + 525600 * 60) . ' GMT');
113
114			if (isset($_SERVER['HTTP_RANGE']))
115			{
116			list($a, $range) = explode("=", $_SERVER['HTTP_RANGE'], 2);
117			list($range) = explode(",", $range, 2);
118			list($range, $range_end) = explode("-", $range);
119			$range = intval($range);
120			$range_end = !$range_end ? $content_length - 1 : intval($range_end);
121			$new_length = $range_end - $range + 1;
122
123			send_http_status(206);
124			header("content-length: $new_length");
125			header("content-range: bytes $range-$range_end/$content_length");
126			}
127			else
128			header("content-length: " . $content_length);
129
130			echo pack('nnVnnnnnnnnVVnnnnV', 0x5249, 0x4646, $file_size, 0x5741, 0x5645, 0x666D, 0x7420, 0x1000, 0x0000, 0x0100, 0x0100, $sample_rate, $sample_rate, 0x0100, 0x0800, 0x6461, 0x7461, $data_size), $sound_word;
131
132			// Noting more to add.
133			die();
134			}
135
136			?>

SimpleMachines / SMF2.1

Issues (1014)

Sources/Subs-Sound.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like