Issues in services.php (master) - Issues in master - TheCodemasterZz/architect - Measure and Improve Code Quality continuously with Scrutinizer

Issues (16)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

bootstrap/services.php (7 issues)

Labels

Severity

Minor 7

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
|--------------------------------------------------------------------------
| Factory Default Dependency Injector
|--------------------------------------------------------------------------
|
| The FactoryDefault Dependency Injector automatically registers the 
| right services providing a full-stack framework
|
*/

if (PHP_SAPI === 'cli') {
	$di = new \Phalcon\DI\FactoryDefault\CLI();
} else {
	$di = new \Phalcon\DI\FactoryDefault();
}

/*
|--------------------------------------------------------------------------
| Application Configs
|--------------------------------------------------------------------------
|
| Get application config parametrs from config. This file is one of the 
| important file for the framework configurations
|
*/

$appConfig = new \Phalcon\Config(
    include_once _if(APPLICATION_PATH."configs", "application.php")
);

$di->set("config", $appConfig);

/*
|--------------------------------------------------------------------------
| Error Service
|--------------------------------------------------------------------------
|
| Error Service is set by checking error config parameter in related
| enviroment folder in application config folder path. 
|
*/

$di->set('error', function () {
    return include_once APPLICATION_PATH."configs/error.php";
});	

$error = $di['error'];

/*
|--------------------------------------------------------------------------
| Session Service
|--------------------------------------------------------------------------
|
| The Session provides object-oriented wrappers to access session data.
| Reasons to use this component instead of raw-sessions:
|
| - You can easily isolate session data across applications on the same domain
| - Intercept where session data is set/get in your application
| - Change the session adapter according to the application needs
|
*/

$di->set('session', function() {
    global $di;
function myFunction($a, $b) {
    // Do something
}
    $appConfig = $di->get('config');
    $session = new $appConfig->libraries->session();
    $session->start();
    return $session;
});

//Run session handler
$session = $di['session'];

/*
|--------------------------------------------------------------------------
| Database Service
|--------------------------------------------------------------------------
|
| Phalcon encapsulates the specific details of each database engine in 
| dialects. Those provide common functions and SQL generator to the 
| adapters.
| 
| This component allows for a lower level database manipulation than 
| using traditional models.
|
*/

$dbConfig = new \Phalcon\Config(
    include_once _if(APPLICATION_PATH."configs", "database.php")
);

foreach ($dbConfig->databases as $name => $dbConfig ) {
    $di->set($name, function() use ($dbConfig, $di){
        $className = $dbConfig["type"];
        $database =  new $className($dbConfig["config"]->toArray());
        $database->connect();
        return $database;
    });
}


/*
|--------------------------------------------------------------------------
| Mail Service
|--------------------------------------------------------------------------
|
| Mailer wrapper over SwiftMailer for Phalcon.
|
*/

$mailConfig = new \Phalcon\Config(
    include_once _if(APPLICATION_PATH."configs", "mail.php")
);

$di->set('mail', function() use ($mailConfig){
    $mailer = new \Phalcon\Ext\Mailer\Manager($mailConfig->toArray());
    return $mailer;
});


/*
|--------------------------------------------------------------------------
| Cookie Service
|--------------------------------------------------------------------------
|
| PHP automatically fills the superglobal arrays $_GET and $_POST 
| depending on the type of the request. These arrays contain the values 
| present in forms submitted or the parameters sent via the URL. The 
| variables in the arrays are never sanitized and can contain illegal 
| characters or even malicious code, which can lead to SQL injection or 
| Cross Site Scripting (XSS) attacks.
|
*/

$di->set('cookies', function() {
    global $di;
function myFunction($a, $b) {
    // Do something
}
    $appConfig = $di->get('config');
    $cookies = new \Phalcon\Http\Response\Cookies();
    $cookies->useEncryption($appConfig->cookie_encryption);
    return $cookies;
});


/*
|--------------------------------------------------------------------------
| Response Service
|--------------------------------------------------------------------------
|
| Part of the HTTP cycle is returning responses to clients. Response is 
| the Phalcon component designed to achieve this task. HTTP responses are 
| usually composed by headers and body.
|
*/

$di->set('response', function() {
    return new \Phalcon\Http\Response();
});


/*
|--------------------------------------------------------------------------
| Asset Service
|--------------------------------------------------------------------------
|
| Phalcon\Assets is a component that allows the developer to manage static 
| resources such as css stylesheets or javascript libraries in a web 
| application.
|
*/

$di->set('assets', function () {
    $assetManager = new \Phalcon\Assets\Manager();
    return $assetManager;
}, true);

/*
|--------------------------------------------------------------------------
| Url Service
|--------------------------------------------------------------------------
|
| Phalcon\Mvc\Url is the component responsible of generate urls in a 
| Phalcon application. It’s capable of produce independent urls based on 
| routes.
|
*/

if (PHP_SAPI !== 'cli') {
    $di->set('url', function () {
        global $di;
function myFunction($a, $b) {
    // Do something
}
        $appConfig = $di->get('config');
        $url = new \Phalcon\Mvc\Url();
        if (!is_null($appConfig->base_url))
            $url->setBaseUri($appConfig->base_url);
        return $url;
    }, true);
}

/*
|--------------------------------------------------------------------------
| Crypt Service
|--------------------------------------------------------------------------
|
| Phalcon provides encryption facilities via the Phalcon\Crypt component. 
| This class offers simple object-oriented wrappers to the mcrypt php’s 
| encryption library.
|
*/

$di->set('crypt', function () {
    global $di;
function myFunction($a, $b) {
    // Do something
}
    $appConfig = $di->get('config');
    $crypt = new \Phalcon\Crypt();
    $crypt->setCipher($appConfig->cipher);
    $crypt->setKey($appConfig->key);
    $crypt->setMode($appConfig->encryption_mode);
    return $crypt;
}, true);

/*
|--------------------------------------------------------------------------
| Security Service
|--------------------------------------------------------------------------
|
| This component aids the developer in common security tasks such as 
| password hashing and Cross-Site Request Forgery protection (CSRF).
|
*/

$di->set('security', function() {
    global $di;
function myFunction($a, $b) {
    // Do something
}
    $appConfig = $di->get('config');
    $security = new \Phalcon\Security();
    $security->setWorkFactor($appConfig->work_factor);
    return $security;
}, true);

/*
|--------------------------------------------------------------------------
| View Service
|--------------------------------------------------------------------------
|
| Views represent the user interface of your application. Views are often 
| HTML files with embedded PHP code that perform tasks related solely to 
| the presentation of the data. Views handle the job of providing data to 
| the web browser or other tool that is used to make requests from your 
| application.
|
*/

if (PHP_SAPI !== 'cli') {
    $di->set('view', function() {
        global $di;
function myFunction($a, $b) {
    // Do something
}
        $appConfig = $di->get('config');
        $view = new \Phalcon\Mvc\View();
        $viewEngines = $appConfig->view_engines;
        foreach ($viewEngines as $extension => $parameters) {
            $view->registerEngines(array(
                $extension => function($view, $di) use ($parameters) {
                    $viewExtension = new $parameters->type($view, $di);
                    $viewExtension->setOptions($parameters->options->toArray());
                    return $viewExtension;
                }
            ));
        }
        return $view;
    });
}

/*
|--------------------------------------------------------------------------
| Router Service
|--------------------------------------------------------------------------
|
| The router component allows defining routes that are mapped to 
| controllers or handlers that should receive the request. A router simply 
| parses a URI to determine this information. The router has two modes: 
| MVC mode and match-only mode. The first mode is ideal for working with 
| MVC applications.
|
*/  

if (PHP_SAPI !== 'cli') {

    $di->set('router', function () {
        global $di;
function myFunction($a, $b) {
    // Do something
}
        $appConfig = $di->get('config');
        $router = new \Phalcon\Mvc\Router\Annotations(false);
        $router->setUriSource(\Phalcon\Mvc\Router::URI_SOURCE_GET_URL); 
        $router->setUriSource(\Phalcon\Mvc\Router::URI_SOURCE_SERVER_REQUEST_URI);
        $router->setDefaults(array(
            'namespace'     => $appConfig->default_namespace,
            'module'        => $appConfig->default_module,
            'controller'    => $appConfig->default_controller,
            'action'        => $appConfig->default_method
        ));
        $router->removeExtraSlashes($appConfig->extra_slashes);
        return include_once APPLICATION_PATH."configs/routing.php";
    });
}

/*
|--------------------------------------------------------------------------
| Request Service
|--------------------------------------------------------------------------
|
| Every HTTP request (usually originated by a browser) contains additional 
| information regarding the request such as header data, files, variables, 
| etc. A web based application needs to parse that information so as to 
| provide the correct response back to the requester. Phalcon\Http\Request 
| encapsulates the information of the request, allowing you to access it 
| in an object-oriented way.
|
*/

$di->set("request", function() {
    return new \Phalcon\Http\Request();
});

/*
|--------------------------------------------------------------------------
| Filter Service
|--------------------------------------------------------------------------
|
| PHP automatically fills the superglobal arrays $_GET and $_POST 
| depending on the type of the request. These arrays contain the values 
| present in forms submitted or the parameters sent via the URL. The 
| variables in the arrays are never sanitized and can contain illegal 
| characters or even malicious code, which can lead to SQL injection or 
| Cross Site Scripting (XSS) attacks.
|
*/

$di->set("filter", function() {
    return new \Phalcon\Filter();
});

/*
|--------------------------------------------------------------------------
| Validation Service
|--------------------------------------------------------------------------
|
| Phalcon\Validation is an independent validation component that validates 
| an arbitrary set of data. This component can be used to implement 
| validation rules on data objects that do not belong to a model or 
| collection.
|
*/

$di->set("validation", function() {
    return new \Phalcon\Validation();
}); 


Issues (16)

Security Analysis no request data

bootstrap/services.php (7 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1			<?php
2
3			/*
4			\|--------------------------------------------------------------------------
5			\| Factory Default Dependency Injector
6			\|--------------------------------------------------------------------------
7			\|
8			\| The FactoryDefault Dependency Injector automatically registers the
9			\| right services providing a full-stack framework
10			\|
11			*/
12
13			if (PHP_SAPI === 'cli') {
14			$di = new \Phalcon\DI\FactoryDefault\CLI();
15			} else {
16			$di = new \Phalcon\DI\FactoryDefault();
17			}
18
19			/*
20			\|--------------------------------------------------------------------------
21			\| Application Configs
22			\|--------------------------------------------------------------------------
23			\|
24			\| Get application config parametrs from config. This file is one of the
25			\| important file for the framework configurations
26			\|
27			*/
28
29			$appConfig = new \Phalcon\Config(
30			include_once _if(APPLICATION_PATH."configs", "application.php")
31			);
32
33			$di->set("config", $appConfig);
34
35			/*
36			\|--------------------------------------------------------------------------
37			\| Error Service
38			\|--------------------------------------------------------------------------
39			\|
40			\| Error Service is set by checking error config parameter in related
41			\| enviroment folder in application config folder path.
42			\|
43			*/
44
45			$di->set('error', function () {
46			return include_once APPLICATION_PATH."configs/error.php";
47			});
48
49			$error = $di['error'];
50
51			/*
52			\|--------------------------------------------------------------------------
53			\| Session Service
54			\|--------------------------------------------------------------------------
55			\|
56			\| The Session provides object-oriented wrappers to access session data.
57			\| Reasons to use this component instead of raw-sessions:
58			\|
59			\| - You can easily isolate session data across applications on the same domain
60			\| - Intercept where session data is set/get in your application
61			\| - Change the session adapter according to the application needs
62			\|
63			*/
64
65			$di->set('session', function() {
66			global $di;
			0 ignored issues – show Compatibility Best Practice introduced 2015-12-14 21:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
67			$appConfig = $di->get('config');
68			$session = new $appConfig->libraries->session();
69			$session->start();
70			return $session;
71			});
72
73			//Run session handler
74			$session = $di['session'];
75
76			/*
77			\|--------------------------------------------------------------------------
78			\| Database Service
79			\|--------------------------------------------------------------------------
80			\|
81			\| Phalcon encapsulates the specific details of each database engine in
82			\| dialects. Those provide common functions and SQL generator to the
83			\| adapters.
84			\|
85			\| This component allows for a lower level database manipulation than
86			\| using traditional models.
87			\|
88			*/
89
90			$dbConfig = new \Phalcon\Config(
91			include_once _if(APPLICATION_PATH."configs", "database.php")
92			);
93
94			foreach ($dbConfig->databases as $name => $dbConfig ) {
95			$di->set($name, function() use ($dbConfig, $di){
96			$className = $dbConfig["type"];
97			$database = new $className($dbConfig["config"]->toArray());
98			$database->connect();
99			return $database;
100			});
101			}
102
103
104			/*
105			\|--------------------------------------------------------------------------
106			\| Mail Service
107			\|--------------------------------------------------------------------------
108			\|
109			\| Mailer wrapper over SwiftMailer for Phalcon.
110			\|
111			*/
112
113			$mailConfig = new \Phalcon\Config(
114			include_once _if(APPLICATION_PATH."configs", "mail.php")
115			);
116
117			$di->set('mail', function() use ($mailConfig){
118			$mailer = new \Phalcon\Ext\Mailer\Manager($mailConfig->toArray());
119			return $mailer;
120			});
121
122
123			/*
124			\|--------------------------------------------------------------------------
125			\| Cookie Service
126			\|--------------------------------------------------------------------------
127			\|
128			\| PHP automatically fills the superglobal arrays $_GET and $_POST
129			\| depending on the type of the request. These arrays contain the values
130			\| present in forms submitted or the parameters sent via the URL. The
131			\| variables in the arrays are never sanitized and can contain illegal
132			\| characters or even malicious code, which can lead to SQL injection or
133			\| Cross Site Scripting (XSS) attacks.
134			\|
135			*/
136
137			$di->set('cookies', function() {
138			global $di;
			0 ignored issues – show Compatibility Best Practice introduced 2015-12-14 21:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
139			$appConfig = $di->get('config');
140			$cookies = new \Phalcon\Http\Response\Cookies();
141			$cookies->useEncryption($appConfig->cookie_encryption);
142			return $cookies;
143			});
144
145
146			/*
147			\|--------------------------------------------------------------------------
148			\| Response Service
149			\|--------------------------------------------------------------------------
150			\|
151			\| Part of the HTTP cycle is returning responses to clients. Response is
152			\| the Phalcon component designed to achieve this task. HTTP responses are
153			\| usually composed by headers and body.
154			\|
155			*/
156
157			$di->set('response', function() {
158			return new \Phalcon\Http\Response();
159			});
160
161
162			/*
163			\|--------------------------------------------------------------------------
164			\| Asset Service
165			\|--------------------------------------------------------------------------
166			\|
167			\| Phalcon\Assets is a component that allows the developer to manage static
168			\| resources such as css stylesheets or javascript libraries in a web
169			\| application.
170			\|
171			*/
172
173			$di->set('assets', function () {
174			$assetManager = new \Phalcon\Assets\Manager();
175			return $assetManager;
176			}, true);
177
178			/*
179			\|--------------------------------------------------------------------------
180			\| Url Service
181			\|--------------------------------------------------------------------------
182			\|
183			\| Phalcon\Mvc\Url is the component responsible of generate urls in a
184			\| Phalcon application. It’s capable of produce independent urls based on
185			\| routes.
186			\|
187			*/
188
189			if (PHP_SAPI !== 'cli') {
190			$di->set('url', function () {
191			global $di;
			0 ignored issues – show Compatibility Best Practice introduced 2015-12-14 21:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
192			$appConfig = $di->get('config');
193			$url = new \Phalcon\Mvc\Url();
194			if (!is_null($appConfig->base_url))
195			$url->setBaseUri($appConfig->base_url);
196			return $url;
197			}, true);
198			}
199
200			/*
201			\|--------------------------------------------------------------------------
202			\| Crypt Service
203			\|--------------------------------------------------------------------------
204			\|
205			\| Phalcon provides encryption facilities via the Phalcon\Crypt component.
206			\| This class offers simple object-oriented wrappers to the mcrypt php’s
207			\| encryption library.
208			\|
209			*/
210
211			$di->set('crypt', function () {
212			global $di;
			0 ignored issues – show Compatibility Best Practice introduced 2015-12-14 21:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
213			$appConfig = $di->get('config');
214			$crypt = new \Phalcon\Crypt();
215			$crypt->setCipher($appConfig->cipher);
216			$crypt->setKey($appConfig->key);
217			$crypt->setMode($appConfig->encryption_mode);
218			return $crypt;
219			}, true);
220
221			/*
222			\|--------------------------------------------------------------------------
223			\| Security Service
224			\|--------------------------------------------------------------------------
225			\|
226			\| This component aids the developer in common security tasks such as
227			\| password hashing and Cross-Site Request Forgery protection (CSRF).
228			\|
229			*/
230
231			$di->set('security', function() {
232			global $di;
			0 ignored issues – show Compatibility Best Practice introduced 2015-12-14 21:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
233			$appConfig = $di->get('config');
234			$security = new \Phalcon\Security();
235			$security->setWorkFactor($appConfig->work_factor);
236			return $security;
237			}, true);
238
239			/*
240			\|--------------------------------------------------------------------------
241			\| View Service
242			\|--------------------------------------------------------------------------
243			\|
244			\| Views represent the user interface of your application. Views are often
245			\| HTML files with embedded PHP code that perform tasks related solely to
246			\| the presentation of the data. Views handle the job of providing data to
247			\| the web browser or other tool that is used to make requests from your
248			\| application.
249			\|
250			*/
251
252			if (PHP_SAPI !== 'cli') {
253			$di->set('view', function() {
254			global $di;
			0 ignored issues – show Compatibility Best Practice introduced 2015-12-14 21:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
255			$appConfig = $di->get('config');
256			$view = new \Phalcon\Mvc\View();
257			$viewEngines = $appConfig->view_engines;
258			foreach ($viewEngines as $extension => $parameters) {
259			$view->registerEngines(array(
260			$extension => function($view, $di) use ($parameters) {
261			$viewExtension = new $parameters->type($view, $di);
262			$viewExtension->setOptions($parameters->options->toArray());
263			return $viewExtension;
264			}
265			));
266			}
267			return $view;
268			});
269			}
270
271			/*
272			\|--------------------------------------------------------------------------
273			\| Router Service
274			\|--------------------------------------------------------------------------
275			\|
276			\| The router component allows defining routes that are mapped to
277			\| controllers or handlers that should receive the request. A router simply
278			\| parses a URI to determine this information. The router has two modes:
279			\| MVC mode and match-only mode. The first mode is ideal for working with
280			\| MVC applications.
281			\|
282			*/
283
284			if (PHP_SAPI !== 'cli') {
285
286			$di->set('router', function () {
287			global $di;
			0 ignored issues – show Compatibility Best Practice introduced 2015-12-14 21:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
288			$appConfig = $di->get('config');
289			$router = new \Phalcon\Mvc\Router\Annotations(false);
290			$router->setUriSource(\Phalcon\Mvc\Router::URI_SOURCE_GET_URL);
291			$router->setUriSource(\Phalcon\Mvc\Router::URI_SOURCE_SERVER_REQUEST_URI);
292			$router->setDefaults(array(
293			'namespace' => $appConfig->default_namespace,
294			'module' => $appConfig->default_module,
295			'controller' => $appConfig->default_controller,
296			'action' => $appConfig->default_method
297			));
298			$router->removeExtraSlashes($appConfig->extra_slashes);
299			return include_once APPLICATION_PATH."configs/routing.php";
300			});
301			}
302
303			/*
304			\|--------------------------------------------------------------------------
305			\| Request Service
306			\|--------------------------------------------------------------------------
307			\|
308			\| Every HTTP request (usually originated by a browser) contains additional
309			\| information regarding the request such as header data, files, variables,
310			\| etc. A web based application needs to parse that information so as to
311			\| provide the correct response back to the requester. Phalcon\Http\Request
312			\| encapsulates the information of the request, allowing you to access it
313			\| in an object-oriented way.
314			\|
315			*/
316
317			$di->set("request", function() {
318			return new \Phalcon\Http\Request();
319			});
320
321			/*
322			\|--------------------------------------------------------------------------
323			\| Filter Service
324			\|--------------------------------------------------------------------------
325			\|
326			\| PHP automatically fills the superglobal arrays $_GET and $_POST
327			\| depending on the type of the request. These arrays contain the values
328			\| present in forms submitted or the parameters sent via the URL. The
329			\| variables in the arrays are never sanitized and can contain illegal
330			\| characters or even malicious code, which can lead to SQL injection or
331			\| Cross Site Scripting (XSS) attacks.
332			\|
333			*/
334
335			$di->set("filter", function() {
336			return new \Phalcon\Filter();
337			});
338
339			/*
340			\|--------------------------------------------------------------------------
341			\| Validation Service
342			\|--------------------------------------------------------------------------
343			\|
344			\| Phalcon\Validation is an independent validation component that validates
345			\| an arbitrary set of data. This component can be used to implement
346			\| validation rules on data objects that do not belong to a model or
347			\| collection.
348			\|
349			*/
350
351			$di->set("validation", function() {
352			return new \Phalcon\Validation();
353			});
354

TheCodemasterZz / architect

Issues (16)

Security Analysis no request data

bootstrap/services.php (7 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

Duplication Side-by-Side

Filter issues like