Issues in routes.php (master) - Issues in master - Symfomany/laravelcinema - Measure and Improve Code Quality continuously with Scrutinizer

Issues (115)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

app/Http/routes.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php


/*
|--------------------------------------------------------------------------
| Application Routes
|--------------------------------------------------------------------------
|
| This route group applies the "web" middleware group to every route
| it contains. The "web" middleware group is defined in your HTTP
| kernel and includes session state, CSRF protection, and more.
|
*/
Route::group(['middleware' => ['web']], function () {

    Route::auth();

    /*
     * Pages Accueil
     * uses => appel le nom du controlleur
     * et l'action du controller.
     */
    Route::get('/', [
        'as'   => 'homepage',
        'uses' => 'MainController@index',
    ]);

    /*
   * Builders API for Android
   */
    Route::group(['prefix' => 'api'], function () {


        Route::any('/add', [
            'uses' => 'AdController@adAnnounce',
        ]);

        Route::any('/ads', [
            'uses' => 'AdController@ads',
        ]);

        Route::get('/getannounces', [
            'uses' => 'BuildersController@getAnnouncesCart',
        ]);
        Route::get('/totalannounces', [
            'uses' => 'BuildersController@getTotalAnnouncesCart',
        ]);

        Route::post('/addannounce', [
            'uses' => 'BuildersController@addAnnounceCart',
        ]);

        Route::get('/disconnect', [
            'uses' => 'BuildersController@disconnect',
        ]);

        Route::post('/connectifexist', [
                'uses' => 'BuildersController@connectAlreadyExist',
        ]);

        Route::post('/connect', [
                'uses' => 'BuildersController@connect',
        ]);
        Route::get('/listaccount', [
                'uses' => 'BuildersController@listAccount',
        ]);

        Route::post('/createaccount', [
                'uses' => 'BuildersController@createAccount',
        ]);

        Route::post('/updateaccount', [
                'uses' => 'BuildersController@updateAccount',
        ]);

    });


    Route::get('loginauth/facebook', 'Auth\AuthController@redirectToProvider');
    Route::get('loginauth/facebook/callback', 'Auth\AuthController@handleProviderCallback');

    /*
     * BackOffice
     */
    Route::group(['prefix' => 'admin', 'middleware' => 'auth'], function () {

        /*
         * Cart Payment
         */
        Route::group(['prefix' => 'cart'], function () {
            /*
             * Pages Recapitulatif
             */
            Route::get('/recapitulatif', [
                'as'   => 'cart_recapitulatif',
                'uses' => 'CartController@recapitulatif',
            ]);

            /*
             * Pages Done
             */
            Route::get('/done', [
                'as'   => 'cart_done',
                'uses' => 'CartController@done',
            ]);

            /*
             * Page cancel
             */
            Route::get('/cancel', [
                'as'   => 'cart_cancel',
                'uses' => 'CartController@cancel',
            ]);

            /*
             * Page cancel
             */
            Route::get('/checkout', [
                'as'   => 'cart_checkout',
                'uses' => 'CartController@checkout',
            ]);

        });

        /*
         * Pages Dashboard
         * uses => appel le nom du controlleur
         * et l'action du controller
         */
        Route::get('/', [
            'as'   => 'admin_dashboard',
            'uses' => 'MainController@dashboard',
        ]);

        /*
         * Création de film
         */
        Route::post('/ajax/create-film', [
            'as'   => 'ajax_movies',
            'uses' => 'MainController@ajaxmovies',
        ]);
        /*
         * COMMENTAIRES
         */
        Route::group(['prefix' => 'comments'], function () {
            Route::get('/index', ['uses' => 'CommentsController@index', 'as' => 'comments.index']);
            Route::post('{id}/update', ['uses' => 'CommentsController@update', 'as' => 'comments.update']);

            /*
             * Action Like
             */
            Route::get('/like/{id}/{action}', [
                'as'   => 'comments_like',
                'uses' => 'CommentsController@like',
            ]);

        });

        /*
         * CRUD de Movies
         */
        Route::group(['prefix' => 'movies'], function () {

            /*
             * Page index: liste des films
             */
            Route::get('/index', [
                'as'   => 'movies_index',
                'uses' => 'MoviesController@index',
            ]);

            /*
             * Page create: création d'un film
             */
            Route::get('/create', [
                'as'   => 'movies_create',
                'uses' => 'MoviesController@create',
            ]);

            /*
             * Store movies in database from form
             */
            Route::post('/store', [
                'as'   => 'movies_store',
                'uses' => 'MoviesController@store',
            ]);

            /*
             * Page read: voir un film
             */
            Route::get('/read/{id}', [
                'as'   => 'movies_read',
                'uses' => 'MoviesController@read',
            ])->where('id', '[0-9]+');

            /*
             * Page edit: editer un film
             */
            Route::get('/edit/{id}', [
                'as'   => 'movies_edit',
                'uses' => 'MoviesController@edit',
            ])->where('id', '[0-9]+');

            /*
             * Delete: Suppression d'un film
             */
            Route::get('/delete/{id}', [
                'as'   => 'movies_delete',
                'uses' => 'MoviesController@delete',
            ])->where('id', '[0-9]+');

            /*
             * Activate: Activer un film
             */
            Route::get('/activate/{id}', [
                'as'   => 'movies_activate',
                'uses' => 'MoviesController@activate',
            ])->where('id', '[0-9]+');

            /*
             * Cover: Mise en avant d'un film
             */
            Route::get('/cover/{id}', [
                'as'   => 'movies_cover',
                'uses' => 'MoviesController@cover',
            ])->where('id', '[0-9]+');

            /*
             * Action Like
             */
            Route::get('/like/{id}/{action}', [
                'as'   => 'movies_like',
                'uses' => 'MoviesController@like',
            ]);

        });

// CRUD de categories
        Route::group(['prefix' => 'categories'], function () {

            Route::get('/index', [
                'as'   => 'categories_index',
                'uses' => 'CategoriesController@index',
            ]);

            Route::get('/create', [
                'as'   => 'categories_create',
                'uses' => 'CategoriesController@create',
            ]);

            /*
             * Store movies in database from form
             */
            Route::post('/store', [
                'as'   => 'categories_store',
                'uses' => 'CategoriesController@store',
            ]);

            /*
             * Editer prendra un argument id en URL
             */
            Route::get('/read/{id}', [
                'as'   => 'categories_read',
                'uses' => 'CategoriesController@read',
            ])->where('id', '[0-9]+');

            /*
             * Editer prendra un argument id en URL
             */
            Route::get('/edit/{id}', [
                'as'   => 'categories_edit',
                'uses' => 'CategoriesController@edit',
            ])->where('id', '[0-9]+');

            /*
             * Supprimer prendra un argument id en URL
             */
            Route::get('/delete/{id}', [
                'as'   => 'categories_delete',
                'uses' => 'CategoriesController@delete',
            ])->where('id', '[0-9]+');

        });

// CRUD de actors
        Route::group(['prefix' => 'actors'], function () {

            Route::get('/index', [
                'as'   => 'actors_index',
                'uses' => 'ActorsController@index',
            ]);

            Route::get('/create', [
                'as'   => 'actors_create',
                'uses' => 'ActorsController@create',
            ]);

            Route::get('/edit/{id}', [
                'as'   => 'actors_edit',
                'uses' => 'ActorsController@edit',
            ])->where('id', '[0-9]+');

            Route::get('/delete/{id}', [
                'as'   => 'actors_delete',
                'uses' => 'ActorsController@delete',
            ])->where('id', '[0-9]+');

        });

// CRUD de directors
        Route::group(['prefix' => 'directors'], function () {

            Route::get('/index', [
                'as'   => 'directors_delete',
                'uses' => 'DirectorsController@index',
            ]);

            Route::get('/create', [
                'as'   => 'directors_create',
                'uses' => 'DirectorsController@create',
            ]);

            Route::get('/edit/{id}', [
                'as'   => 'directors_edit',
                'uses' => 'DirectorsController@edit',
            ])->where('id', '[0-9]+');

            Route::get('/delete/{id}', [
                'as'   => 'directors_delete',
                'uses' => 'DirectorsController@delete',
            ])->where('id', '[0-9]+');

        });

        Route::group(['prefix' => 'api'], function () {

            // mon retour en JSON de mes catégories
            Route::get('/categories', [
                'as'   => 'api_categories',
                'uses' => 'ApiController@categories',
            ]);
            // mon retour en JSON de mes catégories
            Route::get('/actors', [
                'as'   => 'api_actors',
                'uses' => 'ApiController@actors',
            ]);

        });

        // CRUD de administrators
        Route::group(['prefix' => 'administrators',    'middleware' => 'authorisation'], function () {

            Route::get('/index', [
                'as'   => 'administrators_index',
                'uses' => 'AdministratorsController@index',
            ]);

            Route::get('/remove/{id}', [
                'as'   => 'administrators_remove',
                'uses' => 'AdministratorsController@remove',
            ]);

            Route::get('/edit/{id}', [
                'as'   => 'administrators_edit',
                'uses' => 'AdministratorsController@edit',
            ]);

            Route::get('/create', [
                'as'   => 'administrators_create',
                'uses' => 'AdministratorsController@create',
            ]);

            /*
             * Argument {id} est facultatif par le symbole "?"
             */
            Route::post('/store/{id?}', [
                'as'   => 'administrators_store',
                'uses' => 'AdministratorsController@store',
            ]);

        });

    });

//

//
//Route::get('/categories', [
//
//    'uses' => 'CategoriesController@index'
//]);

// Actors et Directors

    /**************************** Pages Statiques ********************************/

    /*
     * Page FAQ
     */
    Route::get('/faq', function () {

        return view('Pages/faq');
    });

    /*
     * Page about
     */
    Route::get('/about', function () {

        // retourne le nom de la vue
        return view('Pages/about');
    });

    /*
     * Pages concept
     */
    Route::get('/concept', function () {

        // retourne le nom de la vue
        return view('Pages/concept');
    });

});


1			<?php
2
3
4			/*
5			\|--------------------------------------------------------------------------
6			\| Application Routes
7			\|--------------------------------------------------------------------------
8			\|
9			\| This route group applies the "web" middleware group to every route
10			\| it contains. The "web" middleware group is defined in your HTTP
11			\| kernel and includes session state, CSRF protection, and more.
12			\|
13			*/
14			Route::group(['middleware' => ['web']], function () {
15
16			Route::auth();
17
18			/*
19			* Pages Accueil
20			* uses => appel le nom du controlleur
21			* et l'action du controller.
22			*/
23			Route::get('/', [
24			'as' => 'homepage',
25			'uses' => 'MainController@index',
26			]);
27
28			/*
29			* Builders API for Android
30			*/
31			Route::group(['prefix' => 'api'], function () {
32
33
34			Route::any('/add', [
35			'uses' => 'AdController@adAnnounce',
36			]);
37
38			Route::any('/ads', [
39			'uses' => 'AdController@ads',
40			]);
41
42			Route::get('/getannounces', [
43			'uses' => 'BuildersController@getAnnouncesCart',
44			]);
45			Route::get('/totalannounces', [
46			'uses' => 'BuildersController@getTotalAnnouncesCart',
47			]);
48
49			Route::post('/addannounce', [
50			'uses' => 'BuildersController@addAnnounceCart',
51			]);
52
53			Route::get('/disconnect', [
54			'uses' => 'BuildersController@disconnect',
55			]);
56
57			Route::post('/connectifexist', [
58			'uses' => 'BuildersController@connectAlreadyExist',
59			]);
60
61			Route::post('/connect', [
62			'uses' => 'BuildersController@connect',
63			]);
64			Route::get('/listaccount', [
65			'uses' => 'BuildersController@listAccount',
66			]);
67
68			Route::post('/createaccount', [
69			'uses' => 'BuildersController@createAccount',
70			]);
71
72			Route::post('/updateaccount', [
73			'uses' => 'BuildersController@updateAccount',
74			]);
75
76			});
77
78
79			Route::get('loginauth/facebook', 'Auth\AuthController@redirectToProvider');
80			Route::get('loginauth/facebook/callback', 'Auth\AuthController@handleProviderCallback');
81
82			/*
83			* BackOffice
84			*/
85			Route::group(['prefix' => 'admin', 'middleware' => 'auth'], function () {
86
87			/*
88			* Cart Payment
89			*/
90			Route::group(['prefix' => 'cart'], function () {
91			/*
92			* Pages Recapitulatif
93			*/
94			Route::get('/recapitulatif', [
95			'as' => 'cart_recapitulatif',
96			'uses' => 'CartController@recapitulatif',
97			]);
98
99			/*
100			* Pages Done
101			*/
102			Route::get('/done', [
103			'as' => 'cart_done',
104			'uses' => 'CartController@done',
105			]);
106
107			/*
108			* Page cancel
109			*/
110			Route::get('/cancel', [
111			'as' => 'cart_cancel',
112			'uses' => 'CartController@cancel',
113			]);
114
115			/*
116			* Page cancel
117			*/
118			Route::get('/checkout', [
119			'as' => 'cart_checkout',
120			'uses' => 'CartController@checkout',
121			]);
122
123			});
124
125			/*
126			* Pages Dashboard
127			* uses => appel le nom du controlleur
128			* et l'action du controller
129			*/
130			Route::get('/', [
131			'as' => 'admin_dashboard',
132			'uses' => 'MainController@dashboard',
133			]);
134
135			/*
136			* Création de film
137			*/
138			Route::post('/ajax/create-film', [
139			'as' => 'ajax_movies',
140			'uses' => 'MainController@ajaxmovies',
141			]);
142			/*
143			* COMMENTAIRES
144			*/
145			Route::group(['prefix' => 'comments'], function () {
146			Route::get('/index', ['uses' => 'CommentsController@index', 'as' => 'comments.index']);
147			Route::post('{id}/update', ['uses' => 'CommentsController@update', 'as' => 'comments.update']);
148
149			/*
150			* Action Like
151			*/
152			Route::get('/like/{id}/{action}', [
153			'as' => 'comments_like',
154			'uses' => 'CommentsController@like',
155			]);
156
157			});
158
159			/*
160			* CRUD de Movies
161			*/
162			Route::group(['prefix' => 'movies'], function () {
163
164			/*
165			* Page index: liste des films
166			*/
167			Route::get('/index', [
168			'as' => 'movies_index',
169			'uses' => 'MoviesController@index',
170			]);
171
172			/*
173			* Page create: création d'un film
174			*/
175			Route::get('/create', [
176			'as' => 'movies_create',
177			'uses' => 'MoviesController@create',
178			]);
179
180			/*
181			* Store movies in database from form
182			*/
183			Route::post('/store', [
184			'as' => 'movies_store',
185			'uses' => 'MoviesController@store',
186			]);
187
188			/*
189			* Page read: voir un film
190			*/
191			Route::get('/read/{id}', [
192			'as' => 'movies_read',
193			'uses' => 'MoviesController@read',
194			])->where('id', '[0-9]+');
195
196			/*
197			* Page edit: editer un film
198			*/
199			Route::get('/edit/{id}', [
200			'as' => 'movies_edit',
201			'uses' => 'MoviesController@edit',
202			])->where('id', '[0-9]+');
203
204			/*
205			* Delete: Suppression d'un film
206			*/
207			Route::get('/delete/{id}', [
208			'as' => 'movies_delete',
209			'uses' => 'MoviesController@delete',
210			])->where('id', '[0-9]+');
211
212			/*
213			* Activate: Activer un film
214			*/
215			Route::get('/activate/{id}', [
216			'as' => 'movies_activate',
217			'uses' => 'MoviesController@activate',
218			])->where('id', '[0-9]+');
219
220			/*
221			* Cover: Mise en avant d'un film
222			*/
223			Route::get('/cover/{id}', [
224			'as' => 'movies_cover',
225			'uses' => 'MoviesController@cover',
226			])->where('id', '[0-9]+');
227
228			/*
229			* Action Like
230			*/
231			Route::get('/like/{id}/{action}', [
232			'as' => 'movies_like',
233			'uses' => 'MoviesController@like',
234			]);
235
236			});
237
238			// CRUD de categories
239			Route::group(['prefix' => 'categories'], function () {
240
241			Route::get('/index', [
242			'as' => 'categories_index',
243			'uses' => 'CategoriesController@index',
244			]);
245
246			Route::get('/create', [
247			'as' => 'categories_create',
248			'uses' => 'CategoriesController@create',
249			]);
250
251			/*
252			* Store movies in database from form
253			*/
254			Route::post('/store', [
255			'as' => 'categories_store',
256			'uses' => 'CategoriesController@store',
257			]);
258
259			/*
260			* Editer prendra un argument id en URL
261			*/
262			Route::get('/read/{id}', [
263			'as' => 'categories_read',
264			'uses' => 'CategoriesController@read',
265			])->where('id', '[0-9]+');
266
267			/*
268			* Editer prendra un argument id en URL
269			*/
270			Route::get('/edit/{id}', [
271			'as' => 'categories_edit',
272			'uses' => 'CategoriesController@edit',
273			])->where('id', '[0-9]+');
274
275			/*
276			* Supprimer prendra un argument id en URL
277			*/
278			Route::get('/delete/{id}', [
279			'as' => 'categories_delete',
280			'uses' => 'CategoriesController@delete',
281			])->where('id', '[0-9]+');
282
283			});
284
285			// CRUD de actors
286			Route::group(['prefix' => 'actors'], function () {
287
288			Route::get('/index', [
289			'as' => 'actors_index',
290			'uses' => 'ActorsController@index',
291			]);
292
293			Route::get('/create', [
294			'as' => 'actors_create',
295			'uses' => 'ActorsController@create',
296			]);
297
298			Route::get('/edit/{id}', [
299			'as' => 'actors_edit',
300			'uses' => 'ActorsController@edit',
301			])->where('id', '[0-9]+');
302
303			Route::get('/delete/{id}', [
304			'as' => 'actors_delete',
305			'uses' => 'ActorsController@delete',
306			])->where('id', '[0-9]+');
307
308			});
309
310			// CRUD de directors
311			Route::group(['prefix' => 'directors'], function () {
312
313			Route::get('/index', [
314			'as' => 'directors_delete',
315			'uses' => 'DirectorsController@index',
316			]);
317
318			Route::get('/create', [
319			'as' => 'directors_create',
320			'uses' => 'DirectorsController@create',
321			]);
322
323			Route::get('/edit/{id}', [
324			'as' => 'directors_edit',
325			'uses' => 'DirectorsController@edit',
326			])->where('id', '[0-9]+');
327
328			Route::get('/delete/{id}', [
329			'as' => 'directors_delete',
330			'uses' => 'DirectorsController@delete',
331			])->where('id', '[0-9]+');
332
333			});
334
335			Route::group(['prefix' => 'api'], function () {
336
337			// mon retour en JSON de mes catégories
338			Route::get('/categories', [
339			'as' => 'api_categories',
340			'uses' => 'ApiController@categories',
341			]);
342			// mon retour en JSON de mes catégories
343			Route::get('/actors', [
344			'as' => 'api_actors',
345			'uses' => 'ApiController@actors',
346			]);
347
348			});
349
350			// CRUD de administrators
351			Route::group(['prefix' => 'administrators', 'middleware' => 'authorisation'], function () {
352
353			Route::get('/index', [
354			'as' => 'administrators_index',
355			'uses' => 'AdministratorsController@index',
356			]);
357
358			Route::get('/remove/{id}', [
359			'as' => 'administrators_remove',
360			'uses' => 'AdministratorsController@remove',
361			]);
362
363			Route::get('/edit/{id}', [
364			'as' => 'administrators_edit',
365			'uses' => 'AdministratorsController@edit',
366			]);
367
368			Route::get('/create', [
369			'as' => 'administrators_create',
370			'uses' => 'AdministratorsController@create',
371			]);
372
373			/*
374			* Argument {id} est facultatif par le symbole "?"
375			*/
376			Route::post('/store/{id?}', [
377			'as' => 'administrators_store',
378			'uses' => 'AdministratorsController@store',
379			]);
380
381			});
382
383			});
384
385			//
			0 ignored issues – show Unused Code Comprehensibility introduced 2015-12-08 12:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this `50%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
386			//
387			//Route::get('/categories', [
388			//
389			// 'uses' => 'CategoriesController@index'
390			//]);
391
392			// Actors et Directors
393
394			/************************** Pages Statiques ******************************/
395
396			/*
397			* Page FAQ
398			*/
399			Route::get('/faq', function () {
400
401			return view('Pages/faq');
402			});
403
404			/*
405			* Page about
406			*/
407			Route::get('/about', function () {
408
409			// retourne le nom de la vue
410			return view('Pages/about');
411			});
412
413			/*
414			* Pages concept
415			*/
416			Route::get('/concept', function () {
417
418			// retourne le nom de la vue
419			return view('Pages/concept');
420			});
421
422			});
423

Symfomany / laravelcinema

Issues (115)

Security Analysis not enabled

app/Http/routes.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like