Issues in Gateways.php (master) - Issues in master - XoopsModules25x/oledrion - Measure and Improve Code Quality continuously with Scrutinizer

Issues (608)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/Gateways.php (2 issues)

Labels

Severity

Minor 2

<?php

namespace XoopsModules\Oledrion;

/*
 You may not change or alter any portion of this comment or credits
 of supporting developers from this source code or any supporting source code
 which is considered copyrighted (c) material of the original comment or credit authors.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
*/

/**
 * oledrion
 *
 * @copyright   {@link https://xoops.org/ XOOPS Project}
 * @license     {@link http://www.fsf.org/copyleft/gpl.html GNU public license}
 * @author      Hervé Thouzard (http://www.herve-thouzard.com/)
 */

use XoopsModules\Oledrion;

/**
 * Classe chargée de la manipulation des passerelles de paiement
 *
 * Normalement la classe est utilisable de manière statique
 */
// defined('XOOPS_ROOT_PATH') || die('Restricted access');

require_once XOOPS_ROOT_PATH . '/class/xoopslists.php';

/**
 * Class Gateways
 */
class Gateways
{
    /**
     * Retourne la passerelle de paiement en cours d'utilisation
     *
     * @param  null $gateway

     * @return string The name of the payment gateway (en fait le nom de son répertoire)
     */
    public static function getCurrentGateway($gateway = null)
    {
        if ($gateway) {
            $return = $gateway;
        } else {
            $return = xoops_trim(Oledrion\Utility::getModuleOption('used_gateway'));
        }

        if (null === $return) {
            $return = 'Paypal'; // Valeur par défaut
        }

        return $return;
    }

    /**
     * Returns the payment gateway in use
     *
     * @return string The name of the payment gateway (actually the name of its directory)
     */
    public static function getDefaultGateway()
    {
        $return = xoops_trim(Oledrion\Utility::getModuleOption('used_gateway'));
        if (null === $return) {
            $return = 'Paypal'; // Valeur par défaut
        }

        return $return;
    }

    /**
     * Cleans the name of the payment gateway
     *
     * @param  string $gatewayName The name of the payment gateway
     * @return string
     */
    public static function purifyGatewayName($gatewayName)
    {
        return str_replace('..', '', $gatewayName);
    }

    /**
     * Returns the list of installed payment gateways
     *
     * @return array
     */
    public static function getInstalledGatewaysList()
    {
        return \XoopsLists::getDirListAsArray(OLEDRION_GATEWAY_PATH);
    }

    /**
     * Returns the path to a payment gateway
     *
     * @param  string $gatewayName The name of the payment gateway (its directory)
     * @return string
     */
    public static function getGatewayPath($gatewayName)
    {
        return OLEDRION_CLASS_PATH . 'Gateways' . '/' . $gatewayName; // Par exemple c:/inetpub/wwwroot/xoops/modules/oledrion/class/Gateways/Paypal
    }

    /**
     * Returns the full path to the gateway language file
     *
     * @param  mixed $gatewayName
     * @return mixed
     */
    public static function getGatewayLanguageFilename($gatewayName)
    {
        global $xoopsConfig;
        $gatewayPath = self::getGatewayPath($gatewayName);

        return $gatewayPath . '/language/' . $xoopsConfig['language'] . '/main.php';
    }

    /**
     * Load the translation file of a payment gateway
     *
     * @param  string $gatewayName      The name of the payment gateway (its directory)
     * @param  string $languageFilename Used to return the name of the included language file
     * @param  bool   $includeIt
     * @return bool   True if the loading was successful otherwise False
     */
    public static function loadGatewaysLanguageDefines($gatewayName, &$languageFilename = null, $includeIt = true)
    {
        $gatewayPath          = self::getGatewayPath($gatewayName);
        $languageFileIncluded = false;
        $languageFile         = self::getGatewayLanguageFilename($gatewayName);
        $defaultLanguageFile  = $gatewayPath . '/language/english/main.php';
        if (file_exists($languageFile)) {
            if ($includeIt) {
                require_once $languageFile;
            }
            $languageFileIncluded = true;
            $languageFilename     = $languageFile;
        } elseif (file_exists($defaultLanguageFile)) {
            $languageFileIncluded = true;
            if ($includeIt) {
                require_once $defaultLanguageFile;
            }
            $languageFilename = $defaultLanguageFile;
        }

        return $languageFileIncluded;
    }

    /**
     * Returns the list of installed payment gateways
     *
     * @param  string $gatewayName The name of the payment gateway (its directory)
     * @return string
     */
    public static function getGatewayFullClassPath($gatewayName)
    {
        $gatewayPath = self::getGatewayPath($gatewayName);

        return $gatewayPath . '/' . $gatewayName . 'Gateway.php';
    }

    /**
     * Indicates whether the file containing the class of a payment gateway exists
     *
     * @param  string $gatewayName The name of the payment gateway (its directory)
     * @return bool True if the class file exists otherwise False
     */
    public static function gatewayClassFileExists($gatewayName)
    {
        $gatewayClassPath = self::getGatewayFullClassPath($gatewayName);
        if (file_exists($gatewayClassPath)) {
            return true;
        }

        return false;
    }

    /**
     * Loading (inclusion) of the payment gateway class file
     *
     * @param string $gatewayName
     */
    public static function includeGatewayClass($gatewayName)
    {
        $gatewayClassPath = self::getGatewayFullClassPath($gatewayName);
        require_once $gatewayClassPath;
    }

    /**
     * Returns the name of the expected class for a payment gateway
     *
     * @param  string $gatewayName The name of the payment gateway (its directory)
     * @return string
     */
    public static function gatewayClassName($gatewayName)
    {
        //        return 'oledrion_' . $gatewayName;
        return $gatewayName;
    }

    /**
     * Indicates whether the payment gateway class exists
     *
     * @param  string $gatewayName The name of the payment gateway (its directory)
     * @return bool
     */
    public static function gatewayClassExists($gatewayName)
    {
        $gatewayClassName = self::gatewayClassName($gatewayName);
        if (class_exists($gatewayClassName)) {
            return true;
        }

        return false;
    }

    /**
     * Indicates whether a gateway object extends the abstract class
     *
     * @param  Gateways $gateway The object to check
     * @return bool
     */
    public static function asGoodAncestor($gateway)
    {
        return $gateway instanceof \XoopsModules\Oledrion\Gateways\Gateway;
    }

    /**
     * Indicates whether the name of the payment gateway is on the site
     *
     * @param  string $gatewayName The name of the payment gateway
     * @return bool
     */
    public static function isInstalledGatewayName($gatewayName)
    {
        $installedGateways = self::getInstalledGatewaysList();
        if (!in_array($gatewayName, $installedGateways)) {
            return false;
        }

        return true;
    }

    /**
     * Shortcuts to retrieve the current gateway object
     *
     * @param  null $gateway

     * @return mixed Either gateway object or null
     */
    public static function getGatewayObject($gateway = null)
    {
        $gateway = self::getCurrentGateway($gateway);
        if (self::isInstalledGatewayName($gateway)) {
            if (self::gatewayClassFileExists($gateway)) {
                if (self::loadGatewaysLanguageDefines($gateway)) {
                    self::includeGatewayClass($gateway);
                    if (self::gatewayClassExists($gateway)) {
                        $gatewayClassName = self::gatewayClassName($gateway);
                        $temporaryGateway = new $gatewayClassName();
                        if (self::asGoodAncestor($temporaryGateway)) {
                            return $temporaryGateway;
                        }
                    }
                }
            }
        }

        return null;
    }
}


1			<?php
2
3			namespace XoopsModules\Oledrion;
4
5			/*
6			You may not change or alter any portion of this comment or credits
7			of supporting developers from this source code or any supporting source code
8			which is considered copyrighted (c) material of the original comment or credit authors.
9
10			This program is distributed in the hope that it will be useful,
11			but WITHOUT ANY WARRANTY; without even the implied warranty of
12			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13			*/
14
15			/**
16			* oledrion
17			*
18			* @copyright {@link https://xoops.org/ XOOPS Project}
19			* @license {@link http://www.fsf.org/copyleft/gpl.html GNU public license}
20			* @author Hervé Thouzard (http://www.herve-thouzard.com/)
21			*/
22
23			use XoopsModules\Oledrion;
24
25			/**
26			* Classe chargée de la manipulation des passerelles de paiement
27			*
28			* Normalement la classe est utilisable de manière statique
29			*/
30			// defined('XOOPS_ROOT_PATH') \|\| die('Restricted access');
31
32			require_once XOOPS_ROOT_PATH . '/class/xoopslists.php';
33
34			/**
35			* Class Gateways
36			*/
37			class Gateways
38			{
39			/**
40			* Retourne la passerelle de paiement en cours d'utilisation
41			*
42			* @param null $gateway
			0 ignored issues – show Documentation Bug introduced 2018-07-11 05:04 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the doc-type for parameter `$gateway` is correct as it would always require `null` to be passed? Loading history...
43			* @return string The name of the payment gateway (en fait le nom de son répertoire)
44			*/
45			public static function getCurrentGateway($gateway = null)
46			{
47			if ($gateway) {
48			$return = $gateway;
49			} else {
50			$return = xoops_trim(Oledrion\Utility::getModuleOption('used_gateway'));
51			}
52
53			if (null === $return) {
54			$return = 'Paypal'; // Valeur par défaut
55			}
56
57			return $return;
58			}
59
60			/**
61			* Returns the payment gateway in use
62			*
63			* @return string The name of the payment gateway (actually the name of its directory)
64			*/
65			public static function getDefaultGateway()
66			{
67			$return = xoops_trim(Oledrion\Utility::getModuleOption('used_gateway'));
68			if (null === $return) {
69			$return = 'Paypal'; // Valeur par défaut
70			}
71
72			return $return;
73			}
74
75			/**
76			* Cleans the name of the payment gateway
77			*
78			* @param string $gatewayName The name of the payment gateway
79			* @return string
80			*/
81			public static function purifyGatewayName($gatewayName)
82			{
83			return str_replace('..', '', $gatewayName);
84			}
85
86			/**
87			* Returns the list of installed payment gateways
88			*
89			* @return array
90			*/
91			public static function getInstalledGatewaysList()
92			{
93			return \XoopsLists::getDirListAsArray(OLEDRION_GATEWAY_PATH);
94			}
95
96			/**
97			* Returns the path to a payment gateway
98			*
99			* @param string $gatewayName The name of the payment gateway (its directory)
100			* @return string
101			*/
102			public static function getGatewayPath($gatewayName)
103			{
104			return OLEDRION_CLASS_PATH . 'Gateways' . '/' . $gatewayName; // Par exemple c:/inetpub/wwwroot/xoops/modules/oledrion/class/Gateways/Paypal
105			}
106
107			/**
108			* Returns the full path to the gateway language file
109			*
110			* @param mixed $gatewayName
111			* @return mixed
112			*/
113			public static function getGatewayLanguageFilename($gatewayName)
114			{
115			global $xoopsConfig;
116			$gatewayPath = self::getGatewayPath($gatewayName);
117
118			return $gatewayPath . '/language/' . $xoopsConfig['language'] . '/main.php';
119			}
120
121			/**
122			* Load the translation file of a payment gateway
123			*
124			* @param string $gatewayName The name of the payment gateway (its directory)
125			* @param string $languageFilename Used to return the name of the included language file
126			* @param bool $includeIt
127			* @return bool True if the loading was successful otherwise False
128			*/
129			public static function loadGatewaysLanguageDefines($gatewayName, &$languageFilename = null, $includeIt = true)
130			{
131			$gatewayPath = self::getGatewayPath($gatewayName);
132			$languageFileIncluded = false;
133			$languageFile = self::getGatewayLanguageFilename($gatewayName);
134			$defaultLanguageFile = $gatewayPath . '/language/english/main.php';
135			if (file_exists($languageFile)) {
136			if ($includeIt) {
137			require_once $languageFile;
138			}
139			$languageFileIncluded = true;
140			$languageFilename = $languageFile;
141			} elseif (file_exists($defaultLanguageFile)) {
142			$languageFileIncluded = true;
143			if ($includeIt) {
144			require_once $defaultLanguageFile;
145			}
146			$languageFilename = $defaultLanguageFile;
147			}
148
149			return $languageFileIncluded;
150			}
151
152			/**
153			* Returns the list of installed payment gateways
154			*
155			* @param string $gatewayName The name of the payment gateway (its directory)
156			* @return string
157			*/
158			public static function getGatewayFullClassPath($gatewayName)
159			{
160			$gatewayPath = self::getGatewayPath($gatewayName);
161
162			return $gatewayPath . '/' . $gatewayName . 'Gateway.php';
163			}
164
165			/**
166			* Indicates whether the file containing the class of a payment gateway exists
167			*
168			* @param string $gatewayName The name of the payment gateway (its directory)
169			* @return bool True if the class file exists otherwise False
170			*/
171			public static function gatewayClassFileExists($gatewayName)
172			{
173			$gatewayClassPath = self::getGatewayFullClassPath($gatewayName);
174			if (file_exists($gatewayClassPath)) {
175			return true;
176			}
177
178			return false;
179			}
180
181			/**
182			* Loading (inclusion) of the payment gateway class file
183			*
184			* @param string $gatewayName
185			*/
186			public static function includeGatewayClass($gatewayName)
187			{
188			$gatewayClassPath = self::getGatewayFullClassPath($gatewayName);
189			require_once $gatewayClassPath;
190			}
191
192			/**
193			* Returns the name of the expected class for a payment gateway
194			*
195			* @param string $gatewayName The name of the payment gateway (its directory)
196			* @return string
197			*/
198			public static function gatewayClassName($gatewayName)
199			{
200			// return 'oledrion_' . $gatewayName;
201			return $gatewayName;
202			}
203
204			/**
205			* Indicates whether the payment gateway class exists
206			*
207			* @param string $gatewayName The name of the payment gateway (its directory)
208			* @return bool
209			*/
210			public static function gatewayClassExists($gatewayName)
211			{
212			$gatewayClassName = self::gatewayClassName($gatewayName);
213			if (class_exists($gatewayClassName)) {
214			return true;
215			}
216
217			return false;
218			}
219
220			/**
221			* Indicates whether a gateway object extends the abstract class
222			*
223			* @param Gateways $gateway The object to check
224			* @return bool
225			*/
226			public static function asGoodAncestor($gateway)
227			{
228			return $gateway instanceof \XoopsModules\Oledrion\Gateways\Gateway;
229			}
230
231			/**
232			* Indicates whether the name of the payment gateway is on the site
233			*
234			* @param string $gatewayName The name of the payment gateway
235			* @return bool
236			*/
237			public static function isInstalledGatewayName($gatewayName)
238			{
239			$installedGateways = self::getInstalledGatewaysList();
240			if (!in_array($gatewayName, $installedGateways)) {
241			return false;
242			}
243
244			return true;
245			}
246
247			/**
248			* Shortcuts to retrieve the current gateway object
249			*
250			* @param null $gateway
			0 ignored issues – show Documentation Bug introduced 2018-07-11 05:04 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the doc-type for parameter `$gateway` is correct as it would always require `null` to be passed? Loading history...
251			* @return mixed Either gateway object or null
252			*/
253			public static function getGatewayObject($gateway = null)
254			{
255			$gateway = self::getCurrentGateway($gateway);
256			if (self::isInstalledGatewayName($gateway)) {
257			if (self::gatewayClassFileExists($gateway)) {
258			if (self::loadGatewaysLanguageDefines($gateway)) {
259			self::includeGatewayClass($gateway);
260			if (self::gatewayClassExists($gateway)) {
261			$gatewayClassName = self::gatewayClassName($gateway);
262			$temporaryGateway = new $gatewayClassName();
263			if (self::asGoodAncestor($temporaryGateway)) {
264			return $temporaryGateway;
265			}
266			}
267			}
268			}
269			}
270
271			return null;
272			}
273			}
274

XoopsModules25x / oledrion

Issues (608)

Security Analysis not enabled

class/Gateways.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like