Issues in LogHandler.php (master) - Issues in master - XoopsModules25x/xoopspoll - Measure and Improve Code Quality continuously with Scrutinizer

Issues (371)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/LogHandler.php (1 issue)

Labels

Severity

Minor 1

<?php declare(strict_types=1);

namespace XoopsModules\Xoopspoll;

/*
               XOOPS - PHP Content Management System
                   Copyright (c) 2000-2020 XOOPS.org
                      <https://xoops.org>
 This program is free software; you can redistribute it and/or modify
 it under the terms of the GNU General Public License as published by
 the Free Software Foundation; either version 2 of the License, or
 (at your option) any later version.

 You may not change or alter any portion of this comment or credits
 of supporting developers from this source code or any supporting
 source code which is considered copyrighted (c) material of the
 original comment or credit authors.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 GNU General Public License for more details.

 You should have received a copy of the GNU General Public License
 along with this program; if not, write to the Free Software
 Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307 USA
*/

/**
 * Log class for the XoopsPoll Module
 *
 * @copyright ::  {@link https://xoops.org/ XOOPS Project}
 * @license   ::  {@link https://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2.0 or later}
 * @subpackage::  class
 * @since     ::  1.40
 * @author    ::  {@link https://www.myweb.ne.jp/ Kazumi Ono (AKA onokazu)}
 **/

use XoopsModules\Xoopspoll\{
    Helper,
    Utility
};

/**
 * Class LogHandler
 */
class LogHandler extends \XoopsPersistableObjectHandler
{
    /**
     * LogHandler::__construct()
     *
     * @param null|\XoopsDatabase $db
     * @param null $helper

     */
    public function __construct(\XoopsDatabase $db = null, $helper = null)
    {
        parent::__construct($db, 'xoopspoll_log', Log::class, 'log_id');
    }

    /**
     * Delete all log entries by Option ID
     * @param int $option_id
     * @return bool $success
     */
    public function deleteByOptionId(int $option_id): bool
    {
        $criteria = new \Criteria('option_id', $option_id, '=');
        $success  = $this->deleteAll($criteria);

        return $success;
    }

    /**
     * Delete all log entries by Poll ID
     * @param int $pid
     * @return bool $success
     * @uses CriteriaCompo
     */
    public function deleteByPollId(int $pid): bool
    {
        $criteria = new \Criteria('poll_id', (int)$pid, '=');
        $success  = $this->deleteAll($criteria);

        return $success;
    }

    /**
     * Gets all log entries by Poll ID
     * @param int $pid
     * @param string $sortby  sort all results by this field
     * @param string $orderby sort order (ASC, DESC)
     * @return array $success
     * @uses CriteriaCompo
     */
    public function getAllByPollId(int $pid, string $sortby = 'time', string $orderby = 'ASC'): array
    {
        $ret      = [];
        $criteria = new \CriteriaCompo();
        $criteria->add(new \Criteria('poll_id', (int)$pid, '='));
        $criteria->setSort($sortby);
        $criteria->setOrder($orderby);
        $ret = &$this->getAll($criteria);

        return $ret;
    }

    /**
     * Get the total number of votes by the Poll ID
     * @param int $pid
     * @return int
     * @uses CriteriaCompo
     */
    public function getTotalVotesByPollId(int $pid): int
    {
        $criteria = new \Criteria('poll_id', (int)$pid, '=');
        $numVotes = $this->getCount($criteria);

        return $numVotes;
    }

    /**
     * Get the total number of voters for a specific Poll
     * @param int $pid
     * @return int
     * @uses CriteriaCompo
     */
    public function getTotalVotersByPollId(int $pid): int
    {
        $criteria = new \CriteriaCompo();
        $criteria->add(new \Criteria('poll_id', (int)$pid, '='));
        $criteria->setGroupBy('ip');
        $voterGrps = $this->getCount($criteria);
        //TODO Parameter '$voterGrps' type is not compatible with declaration
        $numVoters = \count($voterGrps);

        return $numVoters;
    }

    /**
     * Get the total number of votes for an option
     * @param int $option_id
     * @return int
     * @uses CriteriaCompo
     */
    public function getTotalVotesByOptionId(int $option_id): int
    {
        $criteria = new \Criteria('option_id', (int)$option_id, '=');
        $votes    = $this->getCount($criteria);

        return $votes;
    }

    /**
     * hasVoted indicates if user (logged in or not) has voted in a poll
     * @param int|null    $pid of the poll the check
     * @param string $ip  the ip address for this voter
     * @param int    $uid the XOOPS user id of this voter (0 for anon)
     * @return bool
     * @uses $_COOKIE
     */
    public function hasVoted(?int $pid, string $ip, int $uid = 0): bool
    {
        $uid        = (int)$uid;
        $pid        = (int)$pid;
        $voted      = true;
        $votedPolls = Utility::getVoteCookie();
        //        $votedPolls = [];  //TESTING HACK TO BYPASS COOKIES
        $pollHandler = Helper::getInstance()->getHandler('Poll');
        $pollObj     = $pollHandler->get($pid);
        if ($pollObj) {
            $pollStarttime = $pollObj->getVar('start_time');
            $criteria      = new \CriteriaCompo();
            $criteria->add(new \Criteria('poll_id', $pid, '='));
            if ($uid > 0) {
                /**
                 *  {@internal check to see if vote was from before poll was started
                 *  and if so allow voting. This allows voting if poll is restarted
                 *  with new start date or if module is uninstalled and re-installed.}
                 */
                $criteria->add(new \Criteria('user_id', $uid, '='));
                $criteria->add(new \Criteria('time', (int)$pollStarttime, '>='));
                $vCount = $this->getCount($criteria);
                $voted  = $vCount > 0;
            } elseif (!empty($ip) && \filter_var($ip, \FILTER_VALIDATE_IP)) {
                $criteria->add(new \Criteria('ip', $ip, '='));
                $criteria->add(new \Criteria('time', (int)$pollStarttime, '>='));
                $criteria->add(new \Criteria('user_id', 0, '='));
                $vCount = $this->getCount($criteria);
                $voted  = $vCount > 0;
            } else {
                /* Check cookie to see if someone from this system has voted before */
                if (\array_key_exists($pid, $votedPolls) && ((int)$votedPolls[$pid] >= $pollStarttime)) {
                    $criteria = new \CriteriaCompo();
                    $criteria->add(new \Criteria('poll_id', $pid, '='));
                    $criteria->add(new \Criteria('time', (int)$pollStarttime, '>='));
                    $vCount = $this->getCount($criteria);
                    $voted  = $vCount > 0;
                } else {
                    $voted = false;
                }
            }
        }

        return $voted;
    }
}


1			<?php declare(strict_types=1);
2
3			namespace XoopsModules\Xoopspoll;
4
5			/*
6			XOOPS - PHP Content Management System
7			Copyright (c) 2000-2020 XOOPS.org
8			<https://xoops.org>
9			This program is free software; you can redistribute it and/or modify
10			it under the terms of the GNU General Public License as published by
11			the Free Software Foundation; either version 2 of the License, or
12			(at your option) any later version.
13
14			You may not change or alter any portion of this comment or credits
15			of supporting developers from this source code or any supporting
16			source code which is considered copyrighted (c) material of the
17			original comment or credit authors.
18
19			This program is distributed in the hope that it will be useful,
20			but WITHOUT ANY WARRANTY; without even the implied warranty of
21			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
22			GNU General Public License for more details.
23
24			You should have received a copy of the GNU General Public License
25			along with this program; if not, write to the Free Software
26			Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
27			*/
28
29			/**
30			* Log class for the XoopsPoll Module
31			*
32			* @copyright :: {@link https://xoops.org/ XOOPS Project}
33			* @license :: {@link https://www.gnu.org/licenses/gpl-2.0.html GNU GPL 2.0 or later}
34			* @subpackage:: class
35			* @since :: 1.40
36			* @author :: {@link https://www.myweb.ne.jp/ Kazumi Ono (AKA onokazu)}
37			**/
38
39			use XoopsModules\Xoopspoll\{
40			Helper,
41			Utility
42			};
43
44			/**
45			* Class LogHandler
46			*/
47			class LogHandler extends \XoopsPersistableObjectHandler
48			{
49			/**
50			* LogHandler::__construct()
51			*
52			* @param null\|\XoopsDatabase $db
53			* @param null $helper
			0 ignored issues – show Documentation Bug introduced 2020-07-25 05:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the doc-type for parameter `$helper` is correct as it would always require `null` to be passed? Loading history...
54			*/
55			public function __construct(\XoopsDatabase $db = null, $helper = null)
56			{
57			parent::__construct($db, 'xoopspoll_log', Log::class, 'log_id');
58			}
59
60			/**
61			* Delete all log entries by Option ID
62			* @param int $option_id
63			* @return bool $success
64			*/
65			public function deleteByOptionId(int $option_id): bool
66			{
67			$criteria = new \Criteria('option_id', $option_id, '=');
68			$success = $this->deleteAll($criteria);
69
70			return $success;
71			}
72
73			/**
74			* Delete all log entries by Poll ID
75			* @param int $pid
76			* @return bool $success
77			* @uses CriteriaCompo
78			*/
79			public function deleteByPollId(int $pid): bool
80			{
81			$criteria = new \Criteria('poll_id', (int)$pid, '=');
82			$success = $this->deleteAll($criteria);
83
84			return $success;
85			}
86
87			/**
88			* Gets all log entries by Poll ID
89			* @param int $pid
90			* @param string $sortby sort all results by this field
91			* @param string $orderby sort order (ASC, DESC)
92			* @return array $success
93			* @uses CriteriaCompo
94			*/
95			public function getAllByPollId(int $pid, string $sortby = 'time', string $orderby = 'ASC'): array
96			{
97			$ret = [];
98			$criteria = new \CriteriaCompo();
99			$criteria->add(new \Criteria('poll_id', (int)$pid, '='));
100			$criteria->setSort($sortby);
101			$criteria->setOrder($orderby);
102			$ret = &$this->getAll($criteria);
103
104			return $ret;
105			}
106
107			/**
108			* Get the total number of votes by the Poll ID
109			* @param int $pid
110			* @return int
111			* @uses CriteriaCompo
112			*/
113			public function getTotalVotesByPollId(int $pid): int
114			{
115			$criteria = new \Criteria('poll_id', (int)$pid, '=');
116			$numVotes = $this->getCount($criteria);
117
118			return $numVotes;
119			}
120
121			/**
122			* Get the total number of voters for a specific Poll
123			* @param int $pid
124			* @return int
125			* @uses CriteriaCompo
126			*/
127			public function getTotalVotersByPollId(int $pid): int
128			{
129			$criteria = new \CriteriaCompo();
130			$criteria->add(new \Criteria('poll_id', (int)$pid, '='));
131			$criteria->setGroupBy('ip');
132			$voterGrps = $this->getCount($criteria);
133			//TODO Parameter '$voterGrps' type is not compatible with declaration
134			$numVoters = \count($voterGrps);
135
136			return $numVoters;
137			}
138
139			/**
140			* Get the total number of votes for an option
141			* @param int $option_id
142			* @return int
143			* @uses CriteriaCompo
144			*/
145			public function getTotalVotesByOptionId(int $option_id): int
146			{
147			$criteria = new \Criteria('option_id', (int)$option_id, '=');
148			$votes = $this->getCount($criteria);
149
150			return $votes;
151			}
152
153			/**
154			* hasVoted indicates if user (logged in or not) has voted in a poll
155			* @param int\|null $pid of the poll the check
156			* @param string $ip the ip address for this voter
157			* @param int $uid the XOOPS user id of this voter (0 for anon)
158			* @return bool
159			* @uses $_COOKIE
160			*/
161			public function hasVoted(?int $pid, string $ip, int $uid = 0): bool
162			{
163			$uid = (int)$uid;
164			$pid = (int)$pid;
165			$voted = true;
166			$votedPolls = Utility::getVoteCookie();
167			// $votedPolls = []; //TESTING HACK TO BYPASS COOKIES
168			$pollHandler = Helper::getInstance()->getHandler('Poll');
169			$pollObj = $pollHandler->get($pid);
170			if ($pollObj) {
171			$pollStarttime = $pollObj->getVar('start_time');
172			$criteria = new \CriteriaCompo();
173			$criteria->add(new \Criteria('poll_id', $pid, '='));
174			if ($uid > 0) {
175			/**
176			* {@internal check to see if vote was from before poll was started
177			* and if so allow voting. This allows voting if poll is restarted
178			* with new start date or if module is uninstalled and re-installed.}
179			*/
180			$criteria->add(new \Criteria('user_id', $uid, '='));
181			$criteria->add(new \Criteria('time', (int)$pollStarttime, '>='));
182			$vCount = $this->getCount($criteria);
183			$voted = $vCount > 0;
184			} elseif (!empty($ip) && \filter_var($ip, \FILTER_VALIDATE_IP)) {
185			$criteria->add(new \Criteria('ip', $ip, '='));
186			$criteria->add(new \Criteria('time', (int)$pollStarttime, '>='));
187			$criteria->add(new \Criteria('user_id', 0, '='));
188			$vCount = $this->getCount($criteria);
189			$voted = $vCount > 0;
190			} else {
191			/* Check cookie to see if someone from this system has voted before */
192			if (\array_key_exists($pid, $votedPolls) && ((int)$votedPolls[$pid] >= $pollStarttime)) {
193			$criteria = new \CriteriaCompo();
194			$criteria->add(new \Criteria('poll_id', $pid, '='));
195			$criteria->add(new \Criteria('time', (int)$pollStarttime, '>='));
196			$vCount = $this->getCount($criteria);
197			$voted = $vCount > 0;
198			} else {
199			$voted = false;
200			}
201			}
202			}
203
204			return $voted;
205			}
206			}
207

XoopsModules25x / xoopspoll

Issues (371)

Security Analysis not enabled

class/LogHandler.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like