This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||||
2 | |||||
3 | use Xmf\Request; |
||||
4 | |||||
5 | ob_start(); |
||||
6 | @set_time_limit(5); |
||||
7 | @ini_set('memory_limit', '64M'); |
||||
8 | @ini_set('display_errors', 'Off'); |
||||
9 | error_reporting(0); |
||||
10 | |||||
11 | function print_error_page() |
||||
12 | { |
||||
13 | $status_reason = [ |
||||
14 | 100 => 'Continue', |
||||
15 | 101 => 'Switching Protocols', |
||||
16 | 102 => 'Processing', |
||||
17 | 200 => 'OK', |
||||
18 | 201 => 'Created', |
||||
19 | 202 => 'Accepted', |
||||
20 | 203 => 'Non-Authoritative Information', |
||||
21 | 204 => 'No Content', |
||||
22 | 205 => 'Reset Content', |
||||
23 | 206 => 'Partial Content', |
||||
24 | 207 => 'Multi-Status', |
||||
25 | 226 => 'IM Used', |
||||
26 | 300 => 'Multiple Choices', |
||||
27 | 301 => 'Moved Permanently', |
||||
28 | 302 => 'Found', |
||||
29 | 303 => 'See Other', |
||||
30 | 304 => 'Not Modified', |
||||
31 | 305 => 'Use Proxy', |
||||
32 | 306 => 'Reserved', |
||||
33 | 307 => 'Temporary Redirect', |
||||
34 | 400 => 'Bad Request', |
||||
35 | 401 => 'Unauthorized', |
||||
36 | 402 => 'Payment Required', |
||||
37 | 403 => 'Forbidden', |
||||
38 | 404 => 'Not Found', |
||||
39 | 405 => 'Method Not Allowed', |
||||
40 | 406 => 'Not Acceptable', |
||||
41 | 407 => 'Proxy Authentication Required', |
||||
42 | 408 => 'Request Timeout', |
||||
43 | 409 => 'Conflict', |
||||
44 | 410 => 'Gone', |
||||
45 | 411 => 'Length Required', |
||||
46 | 412 => 'Precondition Failed', |
||||
47 | 413 => 'Request Entity Too Large', |
||||
48 | 414 => 'Request-URI Too Long', |
||||
49 | 415 => 'Unsupported Media Type', |
||||
50 | 416 => 'Requested Range Not Satisfiable', |
||||
51 | 417 => 'Expectation Failed', |
||||
52 | 422 => 'Unprocessable Entity', |
||||
53 | 423 => 'Locked', |
||||
54 | 424 => 'Failed Dependency', |
||||
55 | 426 => 'Upgrade Required', |
||||
56 | 500 => 'Internal Server Error', |
||||
57 | 501 => 'Not Implemented', |
||||
58 | 502 => 'Bad Gateway', |
||||
59 | 503 => 'Service Unavailable', |
||||
60 | 504 => 'Gateway Timeout', |
||||
61 | 505 => 'HTTP Version Not Supported', |
||||
62 | 506 => 'Variant Also Negotiates', |
||||
63 | 507 => 'Insufficient Storage', |
||||
64 | 510 => 'Not Extended', |
||||
65 | ]; |
||||
66 | |||||
67 | $status_msg = [ |
||||
68 | 400 => 'Your browser sent a request that this server could not understand.', |
||||
69 | 401 => 'This server could not verify that you are authorized to access the document requested.', |
||||
70 | 402 => 'The server encountered an internal error or misconfiguration and was unable to complete your request.', |
||||
71 | 403 => "You don't have permission to access %U% on this server.", |
||||
72 | 404 => "We couldn't find <acronym title='%U%'>that uri</acronym> on our server, though it's most certainly not your fault.", |
||||
73 | 405 => 'The requested method is not allowed for the URL %U%.', |
||||
74 | 406 => 'An appropriate representation of the requested resource %U% could not be found on this server.', |
||||
75 | 407 => 'An appropriate representation of the requested resource %U% could not be found on this server.', |
||||
76 | 408 => 'Server timeout waiting for the HTTP request from the client.', |
||||
77 | 409 => 'The server encountered an internal error or misconfiguration and was unable to complete your request.', |
||||
78 | 410 => 'The requested resource %U% is no longer available on this server and there is no forwarding address. Please remove all references to this resource.', |
||||
79 | 411 => 'A request of the requested method GET requires a valid Content-length.', |
||||
80 | 412 => 'The precondition on the request for the URL %U% evaluated to false.', |
||||
81 | 413 => 'The requested resource %U% does not allow request data with GET requests, or the amount of data provided in the request exceeds the capacity limit.', |
||||
82 | 414 => "The requested URL's length exceeds the capacity limit for this server.", |
||||
83 | 415 => 'The supplied request data is not in a format acceptable for processing by this resource.', |
||||
84 | 416 => 'Requested Range Not Satisfiable', |
||||
85 | 417 => 'The expectation given in the Expect request-header field could not be met by this server. The client sent <code>Expect:</code>', |
||||
86 | 422 => 'The server understands the media type of the request entity, but was unable to process the contained instructions.', |
||||
87 | 423 => 'The requested resource is currently locked. The lock must be released or proper identification given before the method can be applied.', |
||||
88 | 424 => 'The method could not be performed on the resource because the requested action depended on another action and that other action failed.', |
||||
89 | 425 => 'The server encountered an internal error or misconfiguration and was unable to complete your request.', |
||||
90 | 426 => 'The requested resource can only be retrieved using SSL. Either upgrade your client, or try requesting the page using https://', |
||||
91 | 500 => 'The server encountered an internal error or misconfiguration and was unable to complete your request.', |
||||
92 | 501 => 'This type of request method to %U% is not supported.', |
||||
93 | 502 => 'The proxy server received an invalid response from an upstream server.', |
||||
94 | 503 => 'The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.', |
||||
95 | 504 => 'The proxy server did not receive a timely response from the upstream server.', |
||||
96 | 505 => 'The server encountered an internal error or misconfiguration and was unable to complete your request.', |
||||
97 | 506 => 'A variant for the requested resource <code>%U%</code> is itself a negotiable resource. This indicates a configuration error.', |
||||
98 | 507 => 'The method could not be performed. There is insufficient free space left in your storage allocation.', |
||||
99 | 510 => 'A mandatory extension policy in the request is not accepted by the server for this resource.', |
||||
100 | ]; |
||||
101 | |||||
102 | // Get the Status Code |
||||
103 | if (Request::hasVar('REDIRECT_STATUS', 'SERVER') && (200 != $_SERVER['REDIRECT_STATUS'])) { |
||||
104 | $sc = $_SERVER['REDIRECT_STATUS']; |
||||
0 ignored issues
–
show
Unused Code
introduced
by
Loading history...
|
|||||
105 | } elseif (Request::hasVar('REDIRECT_REDIRECT_STATUS', 'SERVER') && (200 != $_SERVER['REDIRECT_REDIRECT_STATUS'])) { |
||||
106 | $sc = $_SERVER['REDIRECT_REDIRECT_STATUS']; |
||||
107 | } |
||||
108 | $sc = ($_GET['error'] ?? 404); |
||||
109 | |||||
110 | $sc = abs($sc); |
||||
111 | |||||
112 | // Redirect to server home if called directly or if status is under 400 |
||||
113 | if (((isset($_SERVER['REDIRECT_STATUS']) && 200 == $_SERVER['REDIRECT_STATUS']) && (3 == floor($sc / 100))) |
||||
114 | || (!isset($_GET['error']) && 200 == $_SERVER['REDIRECT_STATUS'])) { |
||||
115 | @header("Location: http://{$_SERVER['SERVER_NAME']}", 1, 302); |
||||
0 ignored issues
–
show
Are you sure the usage of
header('Location: http:/...'SERVER_NAME'], 1, 302) is correct as it seems to always return null .
This check looks for function or method calls that always return null and whose return value is used. class A
{
function getObject()
{
return null;
}
}
$a = new A();
if ($a->getObject()) {
The method The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.
Loading history...
|
|||||
116 | exit(); |
||||
117 | } |
||||
118 | |||||
119 | // Check range of code or issue 500 |
||||
120 | if (($sc < 200) || ($sc > 599)) { |
||||
121 | $sc = 500; |
||||
122 | } |
||||
123 | |||||
124 | // Check for valid protocols or else issue 505 |
||||
125 | if (!in_array($_SERVER['SERVER_PROTOCOL'], ['HTTP/1.0', 'HTTP/1.1', 'HTTP/0.9'])) { |
||||
126 | $sc = 505; |
||||
127 | } |
||||
128 | |||||
129 | // Get the status reason |
||||
130 | $reason = ($status_reason[$sc] ?? ''); |
||||
131 | |||||
132 | // Get the status message |
||||
133 | $msg = (isset($status_msg[$sc]) ? str_replace('%U%', htmlspecialchars(strip_tags(stripslashes($_SERVER['REQUEST_URI'])), ENT_QUOTES | ENT_HTML5), $status_msg[$sc]) : 'Error'); |
||||
134 | |||||
135 | // issue optimized headers (optimized for your server) |
||||
136 | @header("{$_SERVER['SERVER_PROTOCOL']} {$sc} {$reason}", 1, $sc); |
||||
0 ignored issues
–
show
It seems like
$sc can also be of type double ; however, parameter $response_code of header() does only seem to accept integer , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
Are you sure the usage of
header($_SERVER['SERVER_...sc.' '.$reason, 1, $sc) is correct as it seems to always return null .
This check looks for function or method calls that always return null and whose return value is used. class A
{
function getObject()
{
return null;
}
}
$a = new A();
if ($a->getObject()) {
The method The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.
Loading history...
|
|||||
137 | if ('cgi-fcgi' !== @php_sapi_name()) { |
||||
138 | @header("Status: {$sc} {$reason}", 1, $sc); |
||||
0 ignored issues
–
show
Are you sure the usage of
header('Status: '.$sc.' '.$reason, 1, $sc) is correct as it seems to always return null .
This check looks for function or method calls that always return null and whose return value is used. class A
{
function getObject()
{
return null;
}
}
$a = new A();
if ($a->getObject()) {
The method The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.
Loading history...
|
|||||
139 | } |
||||
140 | |||||
141 | // A very small footprint for certain types of 4xx class errors and all 5xx class errors |
||||
142 | if (in_array($sc, [400, 403, 405]) || (5 == floor($sc / 100))) { |
||||
143 | @header('Connection: close', 1); |
||||
0 ignored issues
–
show
Are you sure the usage of
header('Connection: close', 1) is correct as it seems to always return null .
This check looks for function or method calls that always return null and whose return value is used. class A
{
function getObject()
{
return null;
}
}
$a = new A();
if ($a->getObject()) {
The method The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.
Loading history...
|
|||||
144 | if (405 == $sc) { |
||||
145 | @header('Allow: GET,HEAD,POST,OPTIONS', 1, 405); |
||||
0 ignored issues
–
show
Are you sure the usage of
header('Allow: GET,HEAD,POST,OPTIONS', 1, 405) is correct as it seems to always return null .
This check looks for function or method calls that always return null and whose return value is used. class A
{
function getObject()
{
return null;
}
}
$a = new A();
if ($a->getObject()) {
The method The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.
Loading history...
|
|||||
146 | } |
||||
147 | } |
||||
148 | |||||
149 | echo "<!DOCTYPE HTML>\n<html>"; |
||||
150 | echo "<head>\n<title>{$sc} {$reason}</title>\n<h1>{$reason}</h1>\n<p>{$msg}<br>\n</p>\n"; |
||||
151 | } |
||||
152 | |||||
153 | function askapache_global_debug() |
||||
154 | { |
||||
155 | # http://www.php.net/manual/en/function.array-walk.php#100681 |
||||
156 | global $_GET, $_POST, $_ENV, $_SERVER; |
||||
157 | $g = ['_ENV', '_SERVER', '_GET', '_POST']; |
||||
158 | array_walk_recursive( |
||||
159 | $g, |
||||
160 | create_function( |
||||
0 ignored issues
–
show
It seems like
create_function('$n', 'g...))."<"."/"."pr"."e>";') can also be of type true ; however, parameter $callback of array_walk_recursive() does only seem to accept callable , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
161 | '$n', |
||||
162 | 'global $$n;if( !!$$n&&ob_start()&&(print "[ $"."$n ]\n")&&array_walk($$n, |
||||
163 | create_function(\'$v,$k\', \'echo "[$k] => $v\n";\'))) echo "<"."p"."r"."e>".htmlspecialchars(ob_get_clean())."<"."/"."pr"."e>";' |
||||
164 | ) |
||||
165 | ); |
||||
166 | } |
||||
167 | |||||
168 | print_error_page(); |
||||
169 | //if($_SERVER['REMOTE_ADDR']=='youripaddress')askapache_global_debug(); |
||||
170 | echo "</body>\n</html>"; |
||||
171 | echo ob_get_clean(); |
||||
172 | exit; |
||||
173 | |||||
174 | /* |
||||
175 | ### |
||||
176 | # ErrorDocument: In the event of a problem or error, what the server will return to the client. URLs |
||||
177 | # can begin with a / for local web-paths (relative to DocumentRoot), or be a full URL which the client |
||||
178 | # can resolve. Alternatively, a message can be displayed. If a malformed request is detected, normal |
||||
179 | # request processing will be immediately halted and the internal error message returned. |
||||
180 | # |
||||
181 | # Prior to version 2.0, messages were indicated by prefixing them with a |
||||
182 | # single unmatched double quote character. |
||||
183 | # |
||||
184 | # The special value default can be used to specify Apache's simple hardcoded message and |
||||
185 | # will restore Apache's simple hardcoded message. |
||||
186 | # |
||||
187 | ErrorDocument 400 /error.php?error=400 |
||||
188 | ErrorDocument 401 /error.php?error=401 |
||||
189 | ErrorDocument 402 /error.php?error=402 |
||||
190 | ErrorDocument 403 /error.php?error=403 |
||||
191 | ErrorDocument 404 /error.php?error=404 |
||||
192 | ErrorDocument 405 /error.php?error=405 |
||||
193 | ErrorDocument 406 /error.php?error=406 |
||||
194 | ErrorDocument 407 /error.php?error=407 |
||||
195 | ErrorDocument 408 /error.php?error=408 |
||||
196 | ErrorDocument 409 /error.php?error=409 |
||||
197 | ErrorDocument 410 /error.php?error=410 |
||||
198 | ErrorDocument 411 /error.php?error=411 |
||||
199 | ErrorDocument 412 /error.php?error=412 |
||||
200 | ErrorDocument 413 /error.php?error=413 |
||||
201 | ErrorDocument 414 /error.php?error=414 |
||||
202 | ErrorDocument 415 /error.php?error=415 |
||||
203 | ErrorDocument 416 /error.php?error=416 |
||||
204 | ErrorDocument 417 /error.php?error=417 |
||||
205 | ErrorDocument 422 /error.php?error=422 |
||||
206 | ErrorDocument 423 /error.php?error=423 |
||||
207 | ErrorDocument 424 /error.php?error=424 |
||||
208 | ErrorDocument 426 /error.php?error=426 |
||||
209 | ErrorDocument 500 /error.php?error=500 |
||||
210 | ErrorDocument 501 /error.php?error=501 |
||||
211 | ErrorDocument 502 /error.php?error=502 |
||||
212 | ErrorDocument 503 /error.php?error=503 |
||||
213 | ErrorDocument 504 /error.php?error=504 |
||||
214 | ErrorDocument 505 /error.php?error=505 |
||||
215 | ErrorDocument 506 /error.php?error=506 |
||||
216 | ErrorDocument 507 /error.php?error=507 |
||||
217 | ErrorDocument 510 /error.php?error=510 |
||||
218 | */ |
||||
219 |