Issues in MailBoxPOP3.php (master) - Issues in master - XoopsModules25x/xhelp - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1844)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/MailBoxPOP3.php (2 issues)

Labels

Bug 2

Severity

Major 2

<?php declare(strict_types=1);

namespace XoopsModules\Xhelp;

/*
 * You may not change or alter any portion of this comment or credits
 * of supporting developers from this source code or any supporting source code
 * which is considered copyrighted (c) material of the original comment or credit authors.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * @copyright    {@link https://xoops.org/ XOOPS Project}
 * @license      {@link https://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
 * @author       Nazar Aziz <[email protected]>
 * @author       XOOPS Development Team
 */

if (!\defined('XHELP_CLASS_PATH')) {
    exit();
}

// require_once XHELP_CLASS_PATH . '/mailbox.php';
require_once \XHELP_PEAR_PATH . '/Net/POP3.php';

/**
 * MailBoxPop3 class
 *
 * Part of the email submission subsystem. Implements access to a POP3 Mailbox
 *
 */
class MailBoxPOP3 extends MailBox
{
    /**
     * Instances of PEAR::POP3 class
     */
    public $_pop3;

    /**
     * Class Constructor
     */
    public function __construct()
    {
        $this->_pop3 = new Net_POP3();

    }

    /**
     * Connect to mailbox
     * @param string $server
     * @param int    $port
     * @return bool
     */
    public function connect(string $server, int $port = 110): bool
    {
        if ($this->_pop3->connect($server, $port)) {
            return true;
        }

        return false;
    }

    /**
     * Send Authentication Credentials to mail server
     * @param string $username
     * @param string $password
     * @return bool
     */
    public function login(string $username, string $password): bool
    {
        if (!PEAR::isError($this->_pop3->login($username, $password, false))) {

            return true;
        }

        return false;
    }

    /**
     * Number of messages on server
     * @return int Number of messages
     */
    public function messageCount(): int
    {
        return $this->_pop3->numMsg();
    }

    /**
     * Get Headers for message
     * @param int $i
     * @return bool|string|void
     * @internal param Message $msg_id number
     *                 Either raw headers or false on error
     */
    public function getHeaders(int $i)
    {
        return $this->_pop3->getRawHeaders($i);
    }

    /**
     * Get Message Body
     * @param int $i
     * @return mixed Either message body or false on error
     * @internal param Message $msg_id number
     */
    public function getBody(int $i)
    {
        return $this->_pop3->getBody($i);
    }

    /**
     * Returns the entire message with given message number.
     *
     * @param int $i
     * @return mixed Either entire message or false on error
     * @internal param Message $msg_id number
     */
    public function getMsg(int $i)
    {
        return $this->_pop3->getMsg($i);
    }

    /**
     * Marks a message for deletion. Only will be deleted if the
     * disconnect() method is called.
     *
     * @param int $i
     * @return bool Success/Failure
     * @internal param Message $msg_id to delete
     */
    public function deleteMessage(int $i): bool
    {
        return $this->_pop3->deleteMsg($i);
    }

    /**
     * Disconnect function. Sends the QUIT command
     * and closes the socket.
     *
     * @return bool Success/Failure
     */
    public function disconnect(): bool
    {
        return $this->_pop3->disconnect();
    }
}


1			<?php declare(strict_types=1);
2
3			namespace XoopsModules\Xhelp;
4
5			/*
6			* You may not change or alter any portion of this comment or credits
7			* of supporting developers from this source code or any supporting source code
8			* which is considered copyrighted (c) material of the original comment or credit authors.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13			*/
14
15			/**
16			* @copyright {@link https://xoops.org/ XOOPS Project}
17			* @license {@link https://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2 or later}
18			* @author Nazar Aziz <[email protected]>
19			* @author XOOPS Development Team
20			*/
21
22			if (!\defined('XHELP_CLASS_PATH')) {
23			exit();
24			}
25
26			// require_once XHELP_CLASS_PATH . '/mailbox.php';
27			require_once \XHELP_PEAR_PATH . '/Net/POP3.php';
28
29			/**
30			* MailBoxPop3 class
31			*
32			* Part of the email submission subsystem. Implements access to a POP3 Mailbox
33			*
34			*/
35			class MailBoxPOP3 extends MailBox
36			{
37			/**
38			* Instances of PEAR::POP3 class
39			*/
40			public $_pop3;
41
42			/**
43			* Class Constructor
44			*/
45			public function __construct()
46			{
47			$this->_pop3 = new Net_POP3();
			0 ignored issues – show Bug introduced 2022-01-13 23:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `XoopsModules\Xhelp\Net_POP3` was not found. Did you mean `Net_POP3`? If so, make sure to prefix the type with `\`. Loading history...
48			}
49
50			/**
51			* Connect to mailbox
52			* @param string $server
53			* @param int $port
54			* @return bool
55			*/
56			public function connect(string $server, int $port = 110): bool
57			{
58			if ($this->_pop3->connect($server, $port)) {
59			return true;
60			}
61
62			return false;
63			}
64
65			/**
66			* Send Authentication Credentials to mail server
67			* @param string $username
68			* @param string $password
69			* @return bool
70			*/
71			public function login(string $username, string $password): bool
72			{
73			if (!PEAR::isError($this->_pop3->login($username, $password, false))) {
			0 ignored issues – show Bug introduced 2022-01-13 23:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `XoopsModules\Xhelp\PEAR` was not found. Did you mean `PEAR`? If so, make sure to prefix the type with `\`. Loading history...
74			return true;
75			}
76
77			return false;
78			}
79
80			/**
81			* Number of messages on server
82			* @return int Number of messages
83			*/
84			public function messageCount(): int
85			{
86			return $this->_pop3->numMsg();
87			}
88
89			/**
90			* Get Headers for message
91			* @param int $i
92			* @return bool\|string\|void
93			* @internal param Message $msg_id number
94			* Either raw headers or false on error
95			*/
96			public function getHeaders(int $i)
97			{
98			return $this->_pop3->getRawHeaders($i);
99			}
100
101			/**
102			* Get Message Body
103			* @param int $i
104			* @return mixed Either message body or false on error
105			* @internal param Message $msg_id number
106			*/
107			public function getBody(int $i)
108			{
109			return $this->_pop3->getBody($i);
110			}
111
112			/**
113			* Returns the entire message with given message number.
114			*
115			* @param int $i
116			* @return mixed Either entire message or false on error
117			* @internal param Message $msg_id number
118			*/
119			public function getMsg(int $i)
120			{
121			return $this->_pop3->getMsg($i);
122			}
123
124			/**
125			* Marks a message for deletion. Only will be deleted if the
126			* disconnect() method is called.
127			*
128			* @param int $i
129			* @return bool Success/Failure
130			* @internal param Message $msg_id to delete
131			*/
132			public function deleteMessage(int $i): bool
133			{
134			return $this->_pop3->deleteMsg($i);
135			}
136
137			/**
138			* Disconnect function. Sends the QUIT command
139			* and closes the socket.
140			*
141			* @return bool Success/Failure
142			*/
143			public function disconnect(): bool
144			{
145			return $this->_pop3->disconnect();
146			}
147			}
148

XoopsModules25x / xhelp

Issues (1844)

Security Analysis not enabled

class/MailBoxPOP3.php (2 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like