Issues in Subs-Compat.php - Failed Issues - Inspection of "Merge pull request #4209 from Sesquipedalian/build..." - Yoshi2889/SMF2.1 - Measure and Improve Code Quality continuously with Scrutinizer

Failed Conditions

Branch — release-2.1 (4e22cf)

by Rick

created 2017-07-31 18:58 UTC

Sources/Subs-Compat.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * This file provides compatibility functions and code for older versions of
 * PHP, such as the sha1() function, missing extensions, or 64-bit vs 32-bit
 * systems. It is only included for those older versions or when the respective
 * extension or function cannot be found.
 *
 * Simple Machines Forum (SMF)
 *
 * @package SMF
 * @author Simple Machines http://www.simplemachines.org
 * @copyright 2017 Simple Machines and individual contributors
 * @license http://www.simplemachines.org/about/smf/license.php BSD
 *
 * @version 2.1 Beta 4
 */

if (!defined('SMF'))
	die('No direct access...');


/**
 * Define the old SMF sha1 function. Uses mhash if available
 * @param string $str The string
 * @return string The sha1 hashed version of $str
 */
function sha1_smf($str)
{
	// If we have mhash loaded in, use it instead!
	if (function_exists('mhash') && defined('MHASH_SHA1'))
		return bin2hex(mhash(MHASH_SHA1, $str));

	$nblk = (strlen($str) + 8 >> 6) + 1;
	$blks = array_pad(array(), $nblk * 16, 0);

	for ($i = 0; $i < strlen($str); $i++)
		$blks[$i >> 2] |= ord($str{$i}) << (24 - ($i % 4) * 8);

	$blks[$i >> 2] |= 0x80 << (24 - ($i % 4) * 8);

	return sha1_core($blks, strlen($str) * 8);
}

/**
 * This is the core SHA-1 calculation routine, used by sha1().
 * @param string $x
 * @param int $len
 * @return string
 */
function sha1_core($x, $len)
{
	@$x[$len >> 5] |= 0x80 << (24 - $len % 32);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
	$x[(($len + 64 >> 9) << 4) + 15] = $len;

	$w = array();
	$a = 1732584193;
	$b = -271733879;
	$c = -1732584194;
	$d = 271733878;
	$e = -1009589776;

	for ($i = 0, $n = count($x); $i < $n; $i += 16)
	{
		$olda = $a;
		$oldb = $b;
		$oldc = $c;
		$oldd = $d;
		$olde = $e;

		for ($j = 0; $j < 80; $j++)
		{
			if ($j < 16)
				$w[$j] = isset($x[$i + $j]) ? $x[$i + $j] : 0;
			else
				$w[$j] = sha1_rol($w[$j - 3] ^ $w[$j - 8] ^ $w[$j - 14] ^ $w[$j - 16], 1);

			$t = sha1_rol($a, 5) + sha1_ft($j, $b, $c, $d) + $e + $w[$j] + sha1_kt($j);
			$e = $d;
			$d = $c;
			$c = sha1_rol($b, 30);
			$b = $a;
			$a = $t;
		}

		$a += $olda;
		$b += $oldb;
		$c += $oldc;
		$d += $oldd;
		$e += $olde;
	}

	return sprintf('%08x%08x%08x%08x%08x', $a, $b, $c, $d, $e);
}

/**
 * Helper function for the core SHA-1 calculation
 * @param int $t
 * @param int $b
 * @param int $c
 * @param int $d
 * @return int
 */
function sha1_ft($t, $b, $c, $d)
{
	if ($t < 20)
		return ($b & $c) | ((~$b) & $d);
	if ($t < 40)
		return $b ^ $c ^ $d;
	if ($t < 60)
		return ($b & $c) | ($b & $d) | ($c & $d);

	return $b ^ $c ^ $d;
}

/**
 * Helper function for the core SHA-1 calculation
 * @param int $t
 * @return int 1518500249, 1859775393, -1894007588 or -899497514 depending on the value of $t
 */
function sha1_kt($t)
{
	return $t < 20 ? 1518500249 : ($t < 40 ? 1859775393 : ($t < 60 ? -1894007588 : -899497514));
}

/**
 * Helper function for the core SHA-1 calculation
 * @param int $num
 * @param int $cnt
 * @return int
 */
function sha1_rol($num, $cnt)
{
	// Unfortunately, PHP uses unsigned 32-bit longs only.  So we have to kludge it a bit.
	if ($num & 0x80000000)
		$a = ($num >> 1 & 0x7fffffff) >> (31 - $cnt);
	else
		$a = $num >> (32 - $cnt);

	return ($num << $cnt) | $a;
}

/**
 * Available since: (PHP 5)
 * If the optional raw_output is set to TRUE, then the sha1 digest is instead returned in raw binary format with a length of 20,
 * otherwise the returned value is a 40-character hexadecimal number.
 * @param string $text The text to hash
 * @return string The sha1 hash of $text
 */
function sha1_raw($text)
{
	return sha1($text, true);
}

/**
 * Compatibility function.
 * crc32 doesn't work as expected on 64-bit functions - make our own.
 * https://php.net/crc32#79567
 * @param string $number
 * @return string The crc32 polynomial of $number
 */
if (!function_exists('smf_crc32'))
{
	function smf_crc32($number)
	{
		$crc = crc32($number);

		if ($crc & 0x80000000)
		{
			$crc ^= 0xffffffff;
			$crc += 1;
			$crc = -$crc;
		}

		return $crc;
	}
}

?>

1		<?php
2
3		/**
4		* This file provides compatibility functions and code for older versions of
5		* PHP, such as the sha1() function, missing extensions, or 64-bit vs 32-bit
6		* systems. It is only included for those older versions or when the respective
7		* extension or function cannot be found.
8		*
9		* Simple Machines Forum (SMF)
10		*
11		* @package SMF
12		* @author Simple Machines http://www.simplemachines.org
13		* @copyright 2017 Simple Machines and individual contributors
14		* @license http://www.simplemachines.org/about/smf/license.php BSD
15		*
16		* @version 2.1 Beta 4
17		*/
18
19		if (!defined('SMF'))
20		die('No direct access...');
21
22
23		/**
24		* Define the old SMF sha1 function. Uses mhash if available
25		* @param string $str The string
26		* @return string The sha1 hashed version of $str
27		*/
28		function sha1_smf($str)
29		{
30		// If we have mhash loaded in, use it instead!
31		if (function_exists('mhash') && defined('MHASH_SHA1'))
32		return bin2hex(mhash(MHASH_SHA1, $str));
33
34		$nblk = (strlen($str) + 8 >> 6) + 1;
35		$blks = array_pad(array(), $nblk * 16, 0);
36
37		for ($i = 0; $i < strlen($str); $i++)
38		$blks[$i >> 2] \|= ord($str{$i}) << (24 - ($i % 4) * 8);
39
40		$blks[$i >> 2] \|= 0x80 << (24 - ($i % 4) * 8);
41
42		return sha1_core($blks, strlen($str) * 8);
43		}
44
45		/**
46		* This is the core SHA-1 calculation routine, used by sha1().
47		* @param string $x
48		* @param int $len
49		* @return string
50		*/
51		function sha1_core($x, $len)
52		{
53		@$x[$len >> 5] \|= 0x80 << (24 - $len % 32);
		0 ignored issues – show Security Best Practice introduced 2016-04-23 18:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
54		$x[(($len + 64 >> 9) << 4) + 15] = $len;
55
56		$w = array();
57		$a = 1732584193;
58		$b = -271733879;
59		$c = -1732584194;
60		$d = 271733878;
61		$e = -1009589776;
62
63		for ($i = 0, $n = count($x); $i < $n; $i += 16)
64		{
65		$olda = $a;
66		$oldb = $b;
67		$oldc = $c;
68		$oldd = $d;
69		$olde = $e;
70
71		for ($j = 0; $j < 80; $j++)
72		{
73		if ($j < 16)
74		$w[$j] = isset($x[$i + $j]) ? $x[$i + $j] : 0;
75		else
76		$w[$j] = sha1_rol($w[$j - 3] ^ $w[$j - 8] ^ $w[$j - 14] ^ $w[$j - 16], 1);
77
78		$t = sha1_rol($a, 5) + sha1_ft($j, $b, $c, $d) + $e + $w[$j] + sha1_kt($j);
79		$e = $d;
80		$d = $c;
81		$c = sha1_rol($b, 30);
82		$b = $a;
83		$a = $t;
84		}
85
86		$a += $olda;
87		$b += $oldb;
88		$c += $oldc;
89		$d += $oldd;
90		$e += $olde;
91		}
92
93		return sprintf('%08x%08x%08x%08x%08x', $a, $b, $c, $d, $e);
94		}
95
96		/**
97		* Helper function for the core SHA-1 calculation
98		* @param int $t
99		* @param int $b
100		* @param int $c
101		* @param int $d
102		* @return int
103		*/
104		function sha1_ft($t, $b, $c, $d)
105		{
106		if ($t < 20)
107		return ($b & $c) \| ((~$b) & $d);
108		if ($t < 40)
109		return $b ^ $c ^ $d;
110		if ($t < 60)
111		return ($b & $c) \| ($b & $d) \| ($c & $d);
112
113		return $b ^ $c ^ $d;
114		}
115
116		/**
117		* Helper function for the core SHA-1 calculation
118		* @param int $t
119		* @return int 1518500249, 1859775393, -1894007588 or -899497514 depending on the value of $t
120		*/
121		function sha1_kt($t)
122		{
123		return $t < 20 ? 1518500249 : ($t < 40 ? 1859775393 : ($t < 60 ? -1894007588 : -899497514));
124		}
125
126		/**
127		* Helper function for the core SHA-1 calculation
128		* @param int $num
129		* @param int $cnt
130		* @return int
131		*/
132		function sha1_rol($num, $cnt)
133		{
134		// Unfortunately, PHP uses unsigned 32-bit longs only. So we have to kludge it a bit.
135		if ($num & 0x80000000)
136		$a = ($num >> 1 & 0x7fffffff) >> (31 - $cnt);
137		else
138		$a = $num >> (32 - $cnt);
139
140		return ($num << $cnt) \| $a;
141		}
142
143		/**
144		* Available since: (PHP 5)
145		* If the optional raw_output is set to TRUE, then the sha1 digest is instead returned in raw binary format with a length of 20,
146		* otherwise the returned value is a 40-character hexadecimal number.
147		* @param string $text The text to hash
148		* @return string The sha1 hash of $text
149		*/
150		function sha1_raw($text)
151		{
152		return sha1($text, true);
153		}
154
155		/**
156		* Compatibility function.
157		* crc32 doesn't work as expected on 64-bit functions - make our own.
158		* https://php.net/crc32#79567
159		* @param string $number
160		* @return string The crc32 polynomial of $number
161		*/
162	View Code Duplication	if (!function_exists('smf_crc32'))
163		{
164		function smf_crc32($number)
165		{
166		$crc = crc32($number);
167
168		if ($crc & 0x80000000)
169		{
170		$crc ^= 0xffffffff;
171		$crc += 1;
172		$crc = -$crc;
173		}
174
175		return $crc;
176		}
177		}
178
179		?>

Yoshi2889 / SMF2.1

Branch — release-2.1 (4e22cf)

Sources/Subs-Compat.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like