This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
1 | <?php |
||||
2 | |||||
3 | use Xmf\Request; |
||||
4 | |||||
5 | ob_start(); |
||||
6 | @set_time_limit(5); |
||||
7 | @ini_set('memory_limit', '64M'); |
||||
8 | @ini_set('display_errors', 'Off'); |
||||
9 | error_reporting(0); |
||||
10 | |||||
11 | function print_error_page() |
||||
12 | { |
||||
13 | $status_reason = [ |
||||
14 | 100 => 'Continue', |
||||
15 | 101 => 'Switching Protocols', |
||||
16 | 102 => 'Processing', |
||||
17 | 200 => 'OK', |
||||
18 | 201 => 'Created', |
||||
19 | 202 => 'Accepted', |
||||
20 | 203 => 'Non-Authoritative Information', |
||||
21 | 204 => 'No Content', |
||||
22 | 205 => 'Reset Content', |
||||
23 | 206 => 'Partial Content', |
||||
24 | 207 => 'Multi-Status', |
||||
25 | 226 => 'IM Used', |
||||
26 | 300 => 'Multiple Choices', |
||||
27 | 301 => 'Moved Permanently', |
||||
28 | 302 => 'Found', |
||||
29 | 303 => 'See Other', |
||||
30 | 304 => 'Not Modified', |
||||
31 | 305 => 'Use Proxy', |
||||
32 | 306 => 'Reserved', |
||||
33 | 307 => 'Temporary Redirect', |
||||
34 | 400 => 'Bad Request', |
||||
35 | 401 => 'Unauthorized', |
||||
36 | 402 => 'Payment Required', |
||||
37 | 403 => 'Forbidden', |
||||
38 | 404 => 'Not Found', |
||||
39 | 405 => 'Method Not Allowed', |
||||
40 | 406 => 'Not Acceptable', |
||||
41 | 407 => 'Proxy Authentication Required', |
||||
42 | 408 => 'Request Timeout', |
||||
43 | 409 => 'Conflict', |
||||
44 | 410 => 'Gone', |
||||
45 | 411 => 'Length Required', |
||||
46 | 412 => 'Precondition Failed', |
||||
47 | 413 => 'Request Entity Too Large', |
||||
48 | 414 => 'Request-URI Too Long', |
||||
49 | 415 => 'Unsupported Media Type', |
||||
50 | 416 => 'Requested Range Not Satisfiable', |
||||
51 | 417 => 'Expectation Failed', |
||||
52 | 422 => 'Unprocessable Entity', |
||||
53 | 423 => 'Locked', |
||||
54 | 424 => 'Failed Dependency', |
||||
55 | 426 => 'Upgrade Required', |
||||
56 | 500 => 'Internal Server Error', |
||||
57 | 501 => 'Not Implemented', |
||||
58 | 502 => 'Bad Gateway', |
||||
59 | 503 => 'Service Unavailable', |
||||
60 | 504 => 'Gateway Timeout', |
||||
61 | 505 => 'HTTP Version Not Supported', |
||||
62 | 506 => 'Variant Also Negotiates', |
||||
63 | 507 => 'Insufficient Storage', |
||||
64 | 510 => 'Not Extended', |
||||
65 | ]; |
||||
66 | |||||
67 | $status_msg = [ |
||||
68 | 400 => 'Your browser sent a request that this server could not understand.', |
||||
69 | 401 => 'This server could not verify that you are authorized to access the document requested.', |
||||
70 | 402 => 'The server encountered an internal error or misconfiguration and was unable to complete your request.', |
||||
71 | 403 => "You don't have permission to access %U% on this server.", |
||||
72 | 404 => "We couldn't find <acronym title='%U%'>that uri</acronym> on our server, though it's most certainly not your fault.", |
||||
73 | 405 => 'The requested method is not allowed for the URL %U%.', |
||||
74 | 406 => 'An appropriate representation of the requested resource %U% could not be found on this server.', |
||||
75 | 407 => 'An appropriate representation of the requested resource %U% could not be found on this server.', |
||||
76 | 408 => 'Server timeout waiting for the HTTP request from the client.', |
||||
77 | 409 => 'The server encountered an internal error or misconfiguration and was unable to complete your request.', |
||||
78 | 410 => 'The requested resource %U% is no longer available on this server and there is no forwarding address. Please remove all references to this resource.', |
||||
79 | 411 => 'A request of the requested method GET requires a valid Content-length.', |
||||
80 | 412 => 'The precondition on the request for the URL %U% evaluated to false.', |
||||
81 | 413 => 'The requested resource %U% does not allow request data with GET requests, or the amount of data provided in the request exceeds the capacity limit.', |
||||
82 | 414 => "The requested URL's length exceeds the capacity limit for this server.", |
||||
83 | 415 => 'The supplied request data is not in a format acceptable for processing by this resource.', |
||||
84 | 416 => 'Requested Range Not Satisfiable', |
||||
85 | 417 => 'The expectation given in the Expect request-header field could not be met by this server. The client sent <code>Expect:</code>', |
||||
86 | 422 => 'The server understands the media type of the request entity, but was unable to process the contained instructions.', |
||||
87 | 423 => 'The requested resource is currently locked. The lock must be released or proper identification given before the method can be applied.', |
||||
88 | 424 => 'The method could not be performed on the resource because the requested action depended on another action and that other action failed.', |
||||
89 | 425 => 'The server encountered an internal error or misconfiguration and was unable to complete your request.', |
||||
90 | 426 => 'The requested resource can only be retrieved using SSL. Either upgrade your client, or try requesting the page using https://', |
||||
91 | 500 => 'The server encountered an internal error or misconfiguration and was unable to complete your request.', |
||||
92 | 501 => 'This type of request method to %U% is not supported.', |
||||
93 | 502 => 'The proxy server received an invalid response from an upstream server.', |
||||
94 | 503 => 'The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.', |
||||
95 | 504 => 'The proxy server did not receive a timely response from the upstream server.', |
||||
96 | 505 => 'The server encountered an internal error or misconfiguration and was unable to complete your request.', |
||||
97 | 506 => 'A variant for the requested resource <code>%U%</code> is itself a negotiable resource. This indicates a configuration error.', |
||||
98 | 507 => 'The method could not be performed. There is insufficient free space left in your storage allocation.', |
||||
99 | 510 => 'A mandatory extension policy in the request is not accepted by the server for this resource.', |
||||
100 | ]; |
||||
101 | |||||
102 | // Get the Status Code |
||||
103 | if (Request::hasVar('REDIRECT_STATUS', 'SERVER') && (200 != $_SERVER['REDIRECT_STATUS'])) { |
||||
104 | $sc = $_SERVER['REDIRECT_STATUS']; |
||||
105 | } elseif (Request::hasVar('REDIRECT_REDIRECT_STATUS', 'SERVER') && (200 != $_SERVER['REDIRECT_REDIRECT_STATUS'])) { |
||||
106 | $sc = $_SERVER['REDIRECT_REDIRECT_STATUS']; |
||||
107 | } |
||||
108 | $sc = ($_GET['error'] ?? 404); |
||||
109 | |||||
110 | $sc = abs($sc); |
||||
111 | |||||
112 | // Redirect to server home if called directly or if status is under 400 |
||||
113 | if (((isset($_SERVER['REDIRECT_STATUS']) && 200 == $_SERVER['REDIRECT_STATUS']) && (3 == floor($sc / 100))) |
||||
114 | || (!isset($_GET['error']) && 200 == $_SERVER['REDIRECT_STATUS'])) { |
||||
115 | @header("Location: http://{$_SERVER['SERVER_NAME']}", 1, 302); |
||||
0 ignored issues
–
show
|
|||||
116 | exit(); |
||||
117 | } |
||||
118 | |||||
119 | // Check range of code or issue 500 |
||||
120 | if (($sc < 200) || ($sc > 599)) { |
||||
121 | $sc = 500; |
||||
122 | } |
||||
123 | |||||
124 | // Check for valid protocols or else issue 505 |
||||
125 | if (!in_array($_SERVER['SERVER_PROTOCOL'], ['HTTP/1.0', 'HTTP/1.1', 'HTTP/0.9'])) { |
||||
126 | $sc = 505; |
||||
127 | } |
||||
128 | |||||
129 | // Get the status reason |
||||
130 | $reason = ($status_reason[$sc] ?? ''); |
||||
131 | |||||
132 | // Get the status message |
||||
133 | $msg = (isset($status_msg[$sc]) ? str_replace('%U%', htmlspecialchars(strip_tags(stripslashes($_SERVER['REQUEST_URI'])), ENT_QUOTES | ENT_HTML5), $status_msg[$sc]) : 'Error'); |
||||
134 | |||||
135 | // issue optimized headers (optimized for your server) |
||||
136 | @header("{$_SERVER['SERVER_PROTOCOL']} {$sc} {$reason}", 1, $sc); |
||||
0 ignored issues
–
show
It seems like
$sc can also be of type double ; however, parameter $response_code of header() does only seem to accept integer , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
Are you sure the usage of
header($_SERVER['SERVER_...sc.' '.$reason, 1, $sc) is correct as it seems to always return null .
This check looks for function or method calls that always return null and whose return value is used. class A
{
function getObject()
{
return null;
}
}
$a = new A();
if ($a->getObject()) {
The method The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.
Loading history...
|
|||||
137 | if ('cgi-fcgi' !== @php_sapi_name()) { |
||||
138 | @header("Status: {$sc} {$reason}", 1, $sc); |
||||
0 ignored issues
–
show
Are you sure the usage of
header('Status: '.$sc.' '.$reason, 1, $sc) is correct as it seems to always return null .
This check looks for function or method calls that always return null and whose return value is used. class A
{
function getObject()
{
return null;
}
}
$a = new A();
if ($a->getObject()) {
The method The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.
Loading history...
|
|||||
139 | } |
||||
140 | |||||
141 | // A very small footprint for certain types of 4xx class errors and all 5xx class errors |
||||
142 | if (in_array($sc, [400, 403, 405]) || (5 == floor($sc / 100))) { |
||||
143 | @header('Connection: close', 1); |
||||
0 ignored issues
–
show
Are you sure the usage of
header('Connection: close', 1) is correct as it seems to always return null .
This check looks for function or method calls that always return null and whose return value is used. class A
{
function getObject()
{
return null;
}
}
$a = new A();
if ($a->getObject()) {
The method The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.
Loading history...
|
|||||
144 | if (405 == $sc) { |
||||
145 | @header('Allow: GET,HEAD,POST,OPTIONS', 1, 405); |
||||
0 ignored issues
–
show
Are you sure the usage of
header('Allow: GET,HEAD,POST,OPTIONS', 1, 405) is correct as it seems to always return null .
This check looks for function or method calls that always return null and whose return value is used. class A
{
function getObject()
{
return null;
}
}
$a = new A();
if ($a->getObject()) {
The method The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.
Loading history...
|
|||||
146 | } |
||||
147 | } |
||||
148 | |||||
149 | echo "<!DOCTYPE HTML>\n<html>"; |
||||
150 | echo "<head>\n<title>{$sc} {$reason}</title>\n<h1>{$reason}</h1>\n<p>{$msg}<br>\n</p>\n"; |
||||
151 | } |
||||
152 | |||||
153 | function askapache_global_debug() |
||||
154 | { |
||||
155 | # http://www.php.net/manual/en/function.array-walk.php#100681 |
||||
156 | global $_GET, $_POST, $_ENV, $_SERVER; |
||||
157 | $g = ['_ENV', '_SERVER', '_GET', '_POST']; |
||||
158 | array_walk_recursive( |
||||
159 | $g, |
||||
160 | create_function( |
||||
0 ignored issues
–
show
It seems like
create_function('$n', 'g...))."<"."/"."pr"."e>";') can also be of type true ; however, parameter $callback of array_walk_recursive() does only seem to accept callable , maybe add an additional type check?
(
Ignorable by Annotation
)
If this is a false-positive, you can also ignore this issue in your code via the
Loading history...
|
|||||
161 | '$n', |
||||
162 | 'global $$n;if( !!$$n&&ob_start()&&(print "[ $"."$n ]\n")&&array_walk($$n, |
||||
163 | create_function(\'$v,$k\', \'echo "[$k] => $v\n";\'))) echo "<"."p"."r"."e>".htmlspecialchars(ob_get_clean())."<"."/"."pr"."e>";' |
||||
164 | ) |
||||
165 | ); |
||||
166 | } |
||||
167 | |||||
168 | print_error_page(); |
||||
169 | //if($_SERVER['REMOTE_ADDR']=='youripaddress')askapache_global_debug(); |
||||
170 | echo "</body>\n</html>"; |
||||
171 | echo ob_get_clean(); |
||||
172 | exit; |
||||
173 | |||||
174 | /* |
||||
175 | ### |
||||
176 | # ErrorDocument: In the event of a problem or error, what the server will return to the client. URLs |
||||
177 | # can begin with a / for local web-paths (relative to DocumentRoot), or be a full URL which the client |
||||
178 | # can resolve. Alternatively, a message can be displayed. If a malformed request is detected, normal |
||||
179 | # request processing will be immediately halted and the internal error message returned. |
||||
180 | # |
||||
181 | # Prior to version 2.0, messages were indicated by prefixing them with a |
||||
182 | # single unmatched double quote character. |
||||
183 | # |
||||
184 | # The special value default can be used to specify Apache's simple hardcoded message and |
||||
185 | # will restore Apache's simple hardcoded message. |
||||
186 | # |
||||
187 | ErrorDocument 400 /error.php?error=400 |
||||
188 | ErrorDocument 401 /error.php?error=401 |
||||
189 | ErrorDocument 402 /error.php?error=402 |
||||
190 | ErrorDocument 403 /error.php?error=403 |
||||
191 | ErrorDocument 404 /error.php?error=404 |
||||
192 | ErrorDocument 405 /error.php?error=405 |
||||
193 | ErrorDocument 406 /error.php?error=406 |
||||
194 | ErrorDocument 407 /error.php?error=407 |
||||
195 | ErrorDocument 408 /error.php?error=408 |
||||
196 | ErrorDocument 409 /error.php?error=409 |
||||
197 | ErrorDocument 410 /error.php?error=410 |
||||
198 | ErrorDocument 411 /error.php?error=411 |
||||
199 | ErrorDocument 412 /error.php?error=412 |
||||
200 | ErrorDocument 413 /error.php?error=413 |
||||
201 | ErrorDocument 414 /error.php?error=414 |
||||
202 | ErrorDocument 415 /error.php?error=415 |
||||
203 | ErrorDocument 416 /error.php?error=416 |
||||
204 | ErrorDocument 417 /error.php?error=417 |
||||
205 | ErrorDocument 422 /error.php?error=422 |
||||
206 | ErrorDocument 423 /error.php?error=423 |
||||
207 | ErrorDocument 424 /error.php?error=424 |
||||
208 | ErrorDocument 426 /error.php?error=426 |
||||
209 | ErrorDocument 500 /error.php?error=500 |
||||
210 | ErrorDocument 501 /error.php?error=501 |
||||
211 | ErrorDocument 502 /error.php?error=502 |
||||
212 | ErrorDocument 503 /error.php?error=503 |
||||
213 | ErrorDocument 504 /error.php?error=504 |
||||
214 | ErrorDocument 505 /error.php?error=505 |
||||
215 | ErrorDocument 506 /error.php?error=506 |
||||
216 | ErrorDocument 507 /error.php?error=507 |
||||
217 | ErrorDocument 510 /error.php?error=510 |
||||
218 | */ |
||||
219 |
This check looks for function or method calls that always return null and whose return value is used.
The method
getObject()
can return nothing but null, so it makes no sense to use the return value.The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes.