Issues in gtickets.php (master) - Issues in master - XoopsModules25x/smartpartner - Measure and Improve Code Quality continuously with Scrutinizer

Issues (733)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

include/gtickets.php (2 issues)

Labels

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
// GIJOE's Ticket Class (based on Marijuana's Oreteki XOOPS)
// nobunobu's suggestions are applied

if (!class_exists('XoopsGTicket')) {
    /**
     * Class XoopsGTicket
     */
    class XoopsGTicket
    {
        public $_errors       = array();
        public $_latest_token = '';

        // render form as plain html
        /**
         * @param  string $salt
         * @param  int    $timeout
         * @param  string $area
         * @return string
         */
        public function getTicketHtml($salt = '', $timeout = 1800, $area = '')
        {
            return '<input type="hidden" name="XOOPS_G_TICKET" value="' . $this->issue($salt, $timeout, $area) . '" />';
        }

        // returns an object of XoopsFormHidden including theh ticket
        /**
         * @param  string $salt
         * @param  int    $timeout
         * @param  string $area
         * @return XoopsFormHidden
         */
        public function getTicketXoopsForm($salt = '', $timeout = 1800, $area = '')
        {
            return new XoopsFormHidden('XOOPS_G_TICKET', $this->issue($salt, $timeout, $area));
        }

        // add a ticket as Hidden Element into XoopsForm
        /**
         * @param        $form
         * @param string $salt
         * @param int    $timeout
         * @param string $area
         */
        public function addTicketXoopsFormElement(&$form, $salt = '', $timeout = 1800, $area = '')
        {
            $form->addElement(new XoopsFormHidden('XOOPS_G_TICKET', $this->issue($salt, $timeout, $area)));
        }

        // returns an array for xoops_confirm() ;
        /**
         * @param  string $salt
         * @param  int    $timeout
         * @param  string $area
         * @return array
         */
        public function getTicketArray($salt = '', $timeout = 1800, $area = '')
        {
            return array('XOOPS_G_TICKET' => $this->issue($salt, $timeout, $area));
        }

        // return GET parameter string.
        /**
         * @param  string $salt
         * @param  bool   $noamp
         * @param  int    $timeout
         * @param  string $area
         * @return string
         */
        public function getTicketParamString($salt = '', $noamp = false, $timeout = 1800, $area = '')
        {
            return ($noamp ? '' : '&amp;') . 'XOOPS_G_TICKET=' . $this->issue($salt, $timeout, $area);
        }

        // issue a ticket
        /**
         * @param  string $salt
         * @param  int    $timeout
         * @param  string $area
         * @return string
         */
        public function issue($salt = '', $timeout = 1800, $area = '')
        {
            global $xoopsModule;
function myFunction($a, $b) {
    // Do something
}
            if ('' === $salt) {
                $salt = '$2y$07$' . strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
            }
            // create a token
            list($usec, $sec) = explode(' ', microtime());
            $appendix_salt       = empty($_SERVER['PATH']) ? XOOPS_DB_NAME : $_SERVER['PATH'];
            $token               = crypt($salt . $usec . $appendix_salt . $sec, $salt);
            $this->_latest_token = $token;

            if (empty($_SESSION['XOOPS_G_STUBS'])) {
                $_SESSION['XOOPS_G_STUBS'] = array();
            }

            // limit max stubs 10
            if (count($_SESSION['XOOPS_G_STUBS']) > 10) {
                $_SESSION['XOOPS_G_STUBS'] = array_slice($_SESSION['XOOPS_G_STUBS'], -10);
            }

            // record referer if browser send it
            $referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['REQUEST_URI'];

            // area as module's dirname
            if (!$area && is_object(@$xoopsModule)) {
                $area = $xoopsModule->getVar('dirname');
            }

            // store stub
            $_SESSION['XOOPS_G_STUBS'][] = array(
                'expire'  => time() + $timeout,
                'referer' => $referer,
                'area'    => $area,
                'token'   => $token
            );

            // paid md5ed token as a ticket
            return md5($token . XOOPS_DB_PREFIX);
        }

        // check a ticket
        /**
         * @param  bool   $post
         * @param  string $area
         * @return bool
         */
        public function check($post = true, $area = '')
        {
            global $xoopsModule;
function myFunction($a, $b) {
    // Do something
}

            $this->_errors = array();

            // CHECK: stubs are not stored in session
            if (empty($_SESSION['XOOPS_G_STUBS']) || !is_array($_SESSION['XOOPS_G_STUBS'])) {
                $this->clear();
                $this->_errors[] = 'Invalid Session';

                return false;
            }

            // get key&val of the ticket from a user's query
            if ($post) {
                $ticket = empty($_POST['XOOPS_G_TICKET']) ? '' : $_POST['XOOPS_G_TICKET'];
            } else {
                $ticket = empty($_GET['XOOPS_G_TICKET']) ? '' : $_GET['XOOPS_G_TICKET'];
            }

            // CHECK: no tickets found
            if (empty($ticket)) {
                $this->clear();
                $this->_errors[] = 'Irregular post found';

                return false;
            }

            // gargage collection & find a right stub
            $stubs_tmp                 = $_SESSION['XOOPS_G_STUBS'];
            $_SESSION['XOOPS_G_STUBS'] = array();
            foreach ($stubs_tmp as $stub) {
                // default lifetime 30min
                if ($stub['expire'] >= time()) {
                    if (md5($stub['token'] . XOOPS_DB_PREFIX) === $ticket) {
                        $found_stub = $stub;
                    } else {
                        // store the other valid stubs into session
                        $_SESSION['XOOPS_G_STUBS'][] = $stub;
                    }
                } else {
                    if (md5($stub['token'] . XOOPS_DB_PREFIX) === $ticket) {
                        // not CSRF but Time-Out
                        $timeout_flag = true;
                    }
                }
            }

            // CHECK: the right stub found or not
            if (empty($found_stub)) {
                $this->clear();
                if (empty($timeout_flag)) {
                    $this->_errors[] = 'Invalid Session';
                } else {
                    $this->_errors[] = 'Time out';
                }

                return false;
            }

            // set area if necessary
            // area as module's dirname
            if (!$area && is_object(@$xoopsModule)) {
                $area = $xoopsModule->getVar('dirname');
            }

            // check area or referer
            if (@$found_stub['area'] == $area) {
                $area_check = true;
            }
            if (!empty($found_stub['referer']) && false !== strpos(@$_SERVER['HTTP_REFERER'], $found_stub['referer'])) {
                $referer_check = true;
            }

            // if ( empty( $area_check ) || empty( $referer_check ) ) { // restrict
            if (empty($area_check) && empty($referer_check)) { // loose
                $this->clear();
                $this->_errors[] = 'Invalid area or referer';

                return false;
            }

            // all green
            return true;
        }

        // clear all stubs
        public function clear()
        {
            $_SESSION['XOOPS_G_STUBS'] = array();
        }

        // Ticket Using
        /**
         * @return bool
         */
        public function using()
        {
            if (!empty($_SESSION['XOOPS_G_STUBS'])) {
                return true;
            } else {
                return false;
            }
        }

        // return errors
        /**
         * @param  bool $ashtml
         * @return array|string
         */
        public function getErrors($ashtml = true)
        {
            if ($ashtml) {
                $ret = '';
                foreach ($this->_errors as $msg) {
                    $ret .= "$msg<br>\n";
                }
            } else {
                $ret = $this->_errors;
            }

            return $ret;
        }

        // end of class
    }

    // create a instance in global scope
    $GLOBALS['xoopsGTicket'] = new XoopsGTicket();
}

if (!function_exists('admin_refcheck')) {

    //Admin Referer Check By Marijuana(Rev.011)
    /**
     * @param  string $chkref
     * @return bool
     */
    function admin_refcheck($chkref = '')
    {
        if (empty($_SERVER['HTTP_REFERER'])) {
            return true;
        } else {
            $ref = $_SERVER['HTTP_REFERER'];
        }
        $cr = XOOPS_URL;
        if ($chkref != '') {
            $cr .= $chkref;
        }
        if (strpos($ref, $cr) !== 0) {
            return false;
        }

        return true;
    }
}


Issues (733)

Security Analysis not enabled

include/gtickets.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

1			<?php
2			// GIJOE's Ticket Class (based on Marijuana's Oreteki XOOPS)
3			// nobunobu's suggestions are applied
4
5			if (!class_exists('XoopsGTicket')) {
6			/**
7			* Class XoopsGTicket
8			*/
9			class XoopsGTicket
10			{
11			public $_errors = array();
12			public $_latest_token = '';
13
14			// render form as plain html
15			/**
16			* @param string $salt
17			* @param int $timeout
18			* @param string $area
19			* @return string
20			*/
21			public function getTicketHtml($salt = '', $timeout = 1800, $area = '')
22			{
23			return '<input type="hidden" name="XOOPS_G_TICKET" value="' . $this->issue($salt, $timeout, $area) . '" />';
24			}
25
26			// returns an object of XoopsFormHidden including theh ticket
27			/**
28			* @param string $salt
29			* @param int $timeout
30			* @param string $area
31			* @return XoopsFormHidden
32			*/
33			public function getTicketXoopsForm($salt = '', $timeout = 1800, $area = '')
34			{
35			return new XoopsFormHidden('XOOPS_G_TICKET', $this->issue($salt, $timeout, $area));
36			}
37
38			// add a ticket as Hidden Element into XoopsForm
39			/**
40			* @param $form
41			* @param string $salt
42			* @param int $timeout
43			* @param string $area
44			*/
45			public function addTicketXoopsFormElement(&$form, $salt = '', $timeout = 1800, $area = '')
46			{
47			$form->addElement(new XoopsFormHidden('XOOPS_G_TICKET', $this->issue($salt, $timeout, $area)));
48			}
49
50			// returns an array for xoops_confirm() ;
51			/**
52			* @param string $salt
53			* @param int $timeout
54			* @param string $area
55			* @return array
56			*/
57			public function getTicketArray($salt = '', $timeout = 1800, $area = '')
58			{
59			return array('XOOPS_G_TICKET' => $this->issue($salt, $timeout, $area));
60			}
61
62			// return GET parameter string.
63			/**
64			* @param string $salt
65			* @param bool $noamp
66			* @param int $timeout
67			* @param string $area
68			* @return string
69			*/
70			public function getTicketParamString($salt = '', $noamp = false, $timeout = 1800, $area = '')
71			{
72			return ($noamp ? '' : '&') . 'XOOPS_G_TICKET=' . $this->issue($salt, $timeout, $area);
73			}
74
75			// issue a ticket
76			/**
77			* @param string $salt
78			* @param int $timeout
79			* @param string $area
80			* @return string
81			*/
82			public function issue($salt = '', $timeout = 1800, $area = '')
83			{
84			global $xoopsModule;
			0 ignored issues – show Compatibility Best Practice introduced 2016-05-31 10:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
85			if ('' === $salt) {
86			$salt = '$2y$07$' . strtr(base64_encode(mcrypt_create_iv(16, MCRYPT_DEV_URANDOM)), '+', '.');
87			}
88			// create a token
89			list($usec, $sec) = explode(' ', microtime());
90			$appendix_salt = empty($_SERVER['PATH']) ? XOOPS_DB_NAME : $_SERVER['PATH'];
91			$token = crypt($salt . $usec . $appendix_salt . $sec, $salt);
92			$this->_latest_token = $token;
93
94			if (empty($_SESSION['XOOPS_G_STUBS'])) {
95			$_SESSION['XOOPS_G_STUBS'] = array();
96			}
97
98			// limit max stubs 10
99			if (count($_SESSION['XOOPS_G_STUBS']) > 10) {
100			$_SESSION['XOOPS_G_STUBS'] = array_slice($_SESSION['XOOPS_G_STUBS'], -10);
101			}
102
103			// record referer if browser send it
104			$referer = empty($_SERVER['HTTP_REFERER']) ? '' : $_SERVER['REQUEST_URI'];
105
106			// area as module's dirname
107			if (!$area && is_object(@$xoopsModule)) {
108			$area = $xoopsModule->getVar('dirname');
109			}
110
111			// store stub
112			$_SESSION['XOOPS_G_STUBS'][] = array(
113			'expire' => time() + $timeout,
114			'referer' => $referer,
115			'area' => $area,
116			'token' => $token
117			);
118
119			// paid md5ed token as a ticket
120			return md5($token . XOOPS_DB_PREFIX);
121			}
122
123			// check a ticket
124			/**
125			* @param bool $post
126			* @param string $area
127			* @return bool
128			*/
129			public function check($post = true, $area = '')
130			{
131			global $xoopsModule;
			0 ignored issues – show Compatibility Best Practice introduced 2016-05-31 10:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
132
133			$this->_errors = array();
134
135			// CHECK: stubs are not stored in session
136			if (empty($_SESSION['XOOPS_G_STUBS']) \|\| !is_array($_SESSION['XOOPS_G_STUBS'])) {
137			$this->clear();
138			$this->_errors[] = 'Invalid Session';
139
140			return false;
141			}
142
143			// get key&val of the ticket from a user's query
144			if ($post) {
145			$ticket = empty($_POST['XOOPS_G_TICKET']) ? '' : $_POST['XOOPS_G_TICKET'];
146			} else {
147			$ticket = empty($_GET['XOOPS_G_TICKET']) ? '' : $_GET['XOOPS_G_TICKET'];
148			}
149
150			// CHECK: no tickets found
151			if (empty($ticket)) {
152			$this->clear();
153			$this->_errors[] = 'Irregular post found';
154
155			return false;
156			}
157
158			// gargage collection & find a right stub
159			$stubs_tmp = $_SESSION['XOOPS_G_STUBS'];
160			$_SESSION['XOOPS_G_STUBS'] = array();
161			foreach ($stubs_tmp as $stub) {
162			// default lifetime 30min
163			if ($stub['expire'] >= time()) {
164			if (md5($stub['token'] . XOOPS_DB_PREFIX) === $ticket) {
165			$found_stub = $stub;
166			} else {
167			// store the other valid stubs into session
168			$_SESSION['XOOPS_G_STUBS'][] = $stub;
169			}
170			} else {
171			if (md5($stub['token'] . XOOPS_DB_PREFIX) === $ticket) {
172			// not CSRF but Time-Out
173			$timeout_flag = true;
174			}
175			}
176			}
177
178			// CHECK: the right stub found or not
179			if (empty($found_stub)) {
180			$this->clear();
181			if (empty($timeout_flag)) {
182			$this->_errors[] = 'Invalid Session';
183			} else {
184			$this->_errors[] = 'Time out';
185			}
186
187			return false;
188			}
189
190			// set area if necessary
191			// area as module's dirname
192			if (!$area && is_object(@$xoopsModule)) {
193			$area = $xoopsModule->getVar('dirname');
194			}
195
196			// check area or referer
197			if (@$found_stub['area'] == $area) {
198			$area_check = true;
199			}
200			if (!empty($found_stub['referer']) && false !== strpos(@$_SERVER['HTTP_REFERER'], $found_stub['referer'])) {
201			$referer_check = true;
202			}
203
204			// if ( empty( $area_check ) \|\| empty( $referer_check ) ) { // restrict
205			if (empty($area_check) && empty($referer_check)) { // loose
206			$this->clear();
207			$this->_errors[] = 'Invalid area or referer';
208
209			return false;
210			}
211
212			// all green
213			return true;
214			}
215
216			// clear all stubs
217			public function clear()
218			{
219			$_SESSION['XOOPS_G_STUBS'] = array();
220			}
221
222			// Ticket Using
223			/**
224			* @return bool
225			*/
226			public function using()
227			{
228			if (!empty($_SESSION['XOOPS_G_STUBS'])) {
229			return true;
230			} else {
231			return false;
232			}
233			}
234
235			// return errors
236			/**
237			* @param bool $ashtml
238			* @return array\|string
239			*/
240			public function getErrors($ashtml = true)
241			{
242			if ($ashtml) {
243			$ret = '';
244			foreach ($this->_errors as $msg) {
245			$ret .= "$msg<br>\n";
246			}
247			} else {
248			$ret = $this->_errors;
249			}
250
251			return $ret;
252			}
253
254			// end of class
255			}
256
257			// create a instance in global scope
258			$GLOBALS['xoopsGTicket'] = new XoopsGTicket();
259			}
260
261			if (!function_exists('admin_refcheck')) {
262
263			//Admin Referer Check By Marijuana(Rev.011)
264			/**
265			* @param string $chkref
266			* @return bool
267			*/
268			function admin_refcheck($chkref = '')
269			{
270			if (empty($_SERVER['HTTP_REFERER'])) {
271			return true;
272			} else {
273			$ref = $_SERVER['HTTP_REFERER'];
274			}
275			$cr = XOOPS_URL;
276			if ($chkref != '') {
277			$cr .= $chkref;
278			}
279			if (strpos($ref, $cr) !== 0) {
280			return false;
281			}
282
283			return true;
284			}
285			}
286

XoopsModules25x / smartpartner

Issues (733)

Security Analysis not enabled

include/gtickets.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

1. Pass all data via parameters

2. Create a class that maintains your state

Duplication Side-by-Side

Filter issues like