Issues in upload.php - All Issues - Inspection of "Handle identical texts in translation, complete Ge..." - UB-Mannheim/PalMA - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#137)

by Philipp

created 2018-01-23 15:52 UTC

upload.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

// Copyright (C) 2014-2015 Universitätsbibliothek Mannheim
// See file LICENSE for license details.

// Connect to database and get configuration constants.
require_once('DBConnector.class.php');

if (empty($_FILES)) {
    $error = 99;
    $filename = 'unknown';
} else {
    $error = $_FILES['file']['error'];
    $filename = $_FILES['file']['name'];
}

if (!is_dir(CONFIG_UPLOAD_DIR)) {
    /* Target directory is missing, so create it now. */
    mkdir(CONFIG_UPLOAD_DIR, 0755);
}

if ($error == UPLOAD_ERR_OK || "downloaded_from_url") {
    # All uploaded files are collected in the upload directory.
    # If necessary, an index is added to get a unique filename.
    $tempFile = $_FILES['file']['tmp_name'];
    $targetFile = CONFIG_UPLOAD_DIR . "/$filename";
    $index = 0;
    $fparts = pathinfo($filename);
    $fname = $fparts['filename'];
    $ftype = null;
    if (isset($fparts['extension'])) {
        $ftype = $fparts['extension'];
    }
    while (file_exists($targetFile)) {
        $index++;
        if ($ftype) {
            $targetFile = CONFIG_UPLOAD_DIR . "/$fname-$index.$ftype";
        } else {
            $targetFile = CONFIG_UPLOAD_DIR . "/$fname-$index";
        }
    }
    trace("upload '$tempFile' to '$targetFile'");
    if (is_uploaded_file($tempFile)) {
        move_uploaded_file($tempFile, $targetFile);
    } elseif ($error == "downloaded_from_url") {
        rename($tempFile, $targetFile);
    } else {
        trace("upload failed!");
    }

} else {
    // Support localisation.
    require_once('i12n.php');

    $targetFile = CONFIG_UPLOAD_DIR . "/error.html";
    $f = fopen($targetFile, 'w');
    if ($f) {
        switch ($error) {
            case UPLOAD_ERR_INI_SIZE:
                $message = __("This file is too large.");
                break;
            case UPLOAD_ERR_FORM_SIZE:
                $message = __("Large files are not supported.");
                break;
            case UPLOAD_ERR_PARTIAL:
                $message = __("File was only partially uploaded.");
                break;
            default:
                $message = sprintf(__("Error code %s."), $error);
                break;
        }
        fprintf($f, "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"");
        fprintf($f, "\"http://www.w3.org/TR/html4/strict.dtd\">");
        fprintf($f, "<html>\n");
        fprintf($f, "<head>\n");
        fprintf($f, "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n");
        fprintf($f, "<title>Error</title>\n");
        fprintf($f, "</head>\n");
        fprintf($f, "<body>\n");
        fprintf($f, "<p>\n");
        fprintf($f, __("File '%s' cannot be shown.") . "<br>\n%s\n",
                $filename, $message);
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
        fprintf($f, "</p>\n");
        fprintf($f, "</body>\n");
        fprintf($f, "</html>\n");
        fclose($f);
    }
    $targetFile = "file:///$targetFile";
}

  // Get information of application for uploaded file.
  require_once ('FileHandler.class.php');
  list ($returnedHandler, $returnedTargetFile) = FileHandler::getFileHandler($targetFile);
  $handler = $returnedHandler;
  $targetFile = $returnedTargetFile;
  trace("file is now $targetFile, its handler is $handler");

  // create window object and send to nuc

  $dt = new DateTime();
  $date = $dt->format('Y-m-d H:i:s');

    $window = array(
        "id" => "",
        "win_id" => "",
        "name" => "",
        "state" => "",
        "file" => $targetFile,
        "handler" => $handler,
        "userid" => "",
        "date" => $date
    );

    //echo "<body onLoad=\"sendToNuc('newWindow=".serialize($window)."')\" /></body>";


    $serializedWindow = serialize($window);

    $sw = urlencode($serializedWindow);
    // Get cURL resource
    $curl = curl_init();
    // Set some options - we are passing in a useragent too here
    curl_setopt_array($curl, array(
        CURLOPT_RETURNTRANSFER => 1,
        CURLOPT_URL => CONFIG_CONTROL_FILE . '?newWindow=' . $sw,
        CURLOPT_USERAGENT => 'PalMA cURL Request'
    ));
    // Send the request & save response to $resp
    $resp = curl_exec($curl);
    // Close request to clear up some resources
    curl_close($curl);

    trace("upload closed, result='$resp'");


Pull Request — master (#137)

upload.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1 path for user data to reach this point

General Strategies to prevent injection

1 path for user data to reach this point

General Strategies to prevent injection

1			<?php
2
3			// Copyright (C) 2014-2015 Universitätsbibliothek Mannheim
4			// See file LICENSE for license details.
5
6			// Connect to database and get configuration constants.
7			require_once('DBConnector.class.php');
8
9			if (empty($_FILES)) {
10			$error = 99;
11			$filename = 'unknown';
12			} else {
13			$error = $_FILES['file']['error'];
14			$filename = $_FILES['file']['name'];
15			}
16
17			if (!is_dir(CONFIG_UPLOAD_DIR)) {
18			/* Target directory is missing, so create it now. */
19			mkdir(CONFIG_UPLOAD_DIR, 0755);
20			}
21
22			if ($error == UPLOAD_ERR_OK \|\| "downloaded_from_url") {
23			# All uploaded files are collected in the upload directory.
24			# If necessary, an index is added to get a unique filename.
25			$tempFile = $_FILES['file']['tmp_name'];
26			$targetFile = CONFIG_UPLOAD_DIR . "/$filename";
27			$index = 0;
28			$fparts = pathinfo($filename);
29			$fname = $fparts['filename'];
30			$ftype = null;
31			if (isset($fparts['extension'])) {
32			$ftype = $fparts['extension'];
33			}
34			while (file_exists($targetFile)) {
35			$index++;
36			if ($ftype) {
37			$targetFile = CONFIG_UPLOAD_DIR . "/$fname-$index.$ftype";
38			} else {
39			$targetFile = CONFIG_UPLOAD_DIR . "/$fname-$index";
40			}
41			}
42			trace("upload '$tempFile' to '$targetFile'");
43			if (is_uploaded_file($tempFile)) {
44			move_uploaded_file($tempFile, $targetFile);
45			} elseif ($error == "downloaded_from_url") {
46			rename($tempFile, $targetFile);
47			} else {
48			trace("upload failed!");
49			}
50
51			} else {
52			// Support localisation.
53			require_once('i12n.php');
54
55			$targetFile = CONFIG_UPLOAD_DIR . "/error.html";
56			$f = fopen($targetFile, 'w');
57			if ($f) {
58			switch ($error) {
59			case UPLOAD_ERR_INI_SIZE:
60			$message = __("This file is too large.");
61			break;
62			case UPLOAD_ERR_FORM_SIZE:
63			$message = __("Large files are not supported.");
64			break;
65			case UPLOAD_ERR_PARTIAL:
66			$message = __("File was only partially uploaded.");
67			break;
68			default:
69			$message = sprintf(__("Error code %s."), $error);
70			break;
71			}
72			fprintf($f, "<!DOCTYPE HTML PUBLIC \"-//W3C//DTD HTML 4.01//EN\"");
73			fprintf($f, "\"http://www.w3.org/TR/html4/strict.dtd\">");
74			fprintf($f, "<html>\n");
75			fprintf($f, "<head>\n");
76			fprintf($f, "<meta http-equiv=\"Content-Type\" content=\"text/html; charset=utf-8\">\n");
77			fprintf($f, "<title>Error</title>\n");
78			fprintf($f, "</head>\n");
79			fprintf($f, "<body>\n");
80			fprintf($f, "<p>\n");
81			fprintf($f, __("File '%s' cannot be shown.") . "<br>\n%s\n",
82			$filename, $message);
			0 ignored issues – show Security File Manipulation introduced 2016-07-29 11:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$filename` can contain request data and is used in file manipulation context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Read from `$_FILES,` and `$filename` is assigned in upload.php on line 14 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history... Security File Manipulation introduced 2016-07-29 11:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$message` can contain request data and is used in file manipulation context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Read from `$_FILES,` and `$error` is assigned in upload.php on line 13 `$error` is passed through sprintf(), and `$message` is assigned in upload.php on line 69 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
83			fprintf($f, "</p>\n");
84			fprintf($f, "</body>\n");
85			fprintf($f, "</html>\n");
86			fclose($f);
87			}
88			$targetFile = "file:///$targetFile";
89			}
90
91			// Get information of application for uploaded file.
92			require_once ('FileHandler.class.php');
93			list ($returnedHandler, $returnedTargetFile) = FileHandler::getFileHandler($targetFile);
94			$handler = $returnedHandler;
95			$targetFile = $returnedTargetFile;
96			trace("file is now $targetFile, its handler is $handler");
97
98			// create window object and send to nuc
99
100			$dt = new DateTime();
101			$date = $dt->format('Y-m-d H:i:s');
102
103			$window = array(
104			"id" => "",
105			"win_id" => "",
106			"name" => "",
107			"state" => "",
108			"file" => $targetFile,
109			"handler" => $handler,
110			"userid" => "",
111			"date" => $date
112			);
113
114			//echo "<body onLoad=\"sendToNuc('newWindow=".serialize($window)."')\" /></body>";
			0 ignored issues – show Unused Code Comprehensibility introduced 2016-07-29 11:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this `70%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
115
116			$serializedWindow = serialize($window);
117
118			$sw = urlencode($serializedWindow);
119			// Get cURL resource
120			$curl = curl_init();
121			// Set some options - we are passing in a useragent too here
122			curl_setopt_array($curl, array(
123			CURLOPT_RETURNTRANSFER => 1,
124			CURLOPT_URL => CONFIG_CONTROL_FILE . '?newWindow=' . $sw,
125			CURLOPT_USERAGENT => 'PalMA cURL Request'
126			));
127			// Send the request & save response to $resp
128			$resp = curl_exec($curl);
129			// Close request to clear up some resources
130			curl_close($curl);
131
132			trace("upload closed, result='$resp'");
133

UB-Mannheim / PalMA

Pull Request — master (#137)

upload.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1 path for user data to reach this point

General Strategies to prevent injection

1 path for user data to reach this point

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like