Issues in cssmin.php (scrutinizer-code-quality) - Issues in scrutinizer-code-quality - adamjakab/SuiteCRM - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4069)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

include/SugarTheme/cssmin.php (2 issues)

Labels

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');

/**
 * cssmin.php - A simple CSS minifier.
 * --
 * 
 * <code>
 * include("cssmin.php");
 * file_put_contents("path/to/target.css", cssmin::minify(file_get_contents("path/to/source.css")));
 * </code>
 * --
 * 
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING 
 * BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND 
 * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, 
 * DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 * --
 *
 * @package 	cssmin
 * @author 		Joe Scylla <[email protected]>
 * @copyright 	2008 Joe Scylla <[email protected]>
 * @license 	http://opensource.org/licenses/mit-license.php MIT License
 * @version 	1.0.1.b3 (2008-10-02)
 */
class cssmin
	{
	/**
	 * Minifies stylesheet definitions
	 *
	 * <code>
	 * $css_minified = cssmin::minify(file_get_contents("path/to/target/file.css"));
	 * </code>
	 * 
	 * @param	string			$css		Stylesheet definitions as string
	 * @param	array|string	$options	Array or comma speperated list of options:
	 * 										
	 * 										- remove-last-semicolon: Removes the last semicolon in 
	 * 										the style definition of an element (activated by default).
	 * 										
	 * 										- preserve-urls: Preserves every url defined in an url()-
	 * 										expression. This option is only required if you have 
	 * 										defined really uncommon urls with multiple spaces or 
	 * 										combination of colon, semi-colon, braces with leading or 
	 * 										following spaces.
	 * @return	string			Minified stylesheet definitions
	 */
	public static function minify($css, $options = "remove-last-semicolon")
		{
		$options = ($options == "") ? array() : (is_array($options) ? $options : explode(",", $options));
		if (in_array("preserve-urls", $options))
			{
			// Encode url() to base64
			$css = preg_replace_callback("/url\s*\((.*)\)/siU", "cssmin_encode_url", $css);
			}
		// Remove comments
		$css = preg_replace("/\/\*[\d\D]*?\*\/|\t+/", " ", $css);
		// Replace CR, LF and TAB to spaces
		$css = str_replace(array("\n", "\r", "\t"), " ", $css);
		// Replace multiple to single space
		$css = preg_replace("/\s\s+/", " ", $css);
		// Remove unneeded spaces
		$css = preg_replace("/\s*({|}|\[|=|~|\+|>|\||;|:|,)\s*/", "$1", $css);
		if (in_array("remove-last-semicolon", $options))
			{
			// Removes the last semicolon of every style definition
			$css = str_replace(";}", "}", $css);
			}
		$css = trim($css);
		if (in_array("preserve-urls", $options))
			{
			// Decode url()
			$css = preg_replace_callback("/url\s*\((.*)\)/siU", "cssmin_encode_url", $css);
			}
		return $css;
		}
	/**
	 * Return a array structure of a stylesheet definitions.
	 *
	 * <code>
	 * $css_structure = cssmin::toArray(file_get_contents("path/to/target/file.css"));
	 * </code>
	 * 
	 * @param	string		$css			Stylesheet definitions as string
	 * @param	string		$options		Options for {@link cssmin::minify()}
	 * @return	array						Structure of the stylesheet definitions as array
	 */
	public static function toArray($css, $options = "")
		{
		$r = array();
		$css = cssmin::minify($css, $options);
		$items = array();
		preg_match_all("/(.+){(.+:.+);}/U", $css, $items);
		if (count($items[0]) > 0)
			{
			for ($i = 0; $i < count($items[0]); $i++)
for ($i=0; $i<count($array); $i++) { // calls count() on each iteration
}

// Better
for ($i=0, $c=count($array); $i<$c; $i++) { // calls count() just once
}
				{
				$keys		= explode(",", $items[1][$i]);
				$styles_tmp	= explode(";", $items[2][$i]);
				$styles = array();
				foreach ($styles_tmp as $style)
					{
					$style_tmp = explode(":", $style);
					$styles[$style_tmp[0]] = $style_tmp[1];
					}
				$r[] = array
					(
					"keys"		=> cssmin_array_clean($keys),
					"styles"	=> cssmin_array_clean($styles)
					);
				}
			}
		return $r;
		}
	/**
	 * Return a array structure created by {@link cssmin::toArray()} to a string.
	 *
	 * <code>
	 * $css_string = cssmin::toString($css_structure);
	 * </code>
	 * 
	 * @param	array		$css
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
	 * @return	array
	 */
	public static function toString(array $array)
		{
		$r = "";
		foreach ($array as $item)
			{
			$r .= implode(",", $item["keys"]) . "{";
			foreach ($item["styles"] as $key => $value)
				{
				$r .= $key . ":" . $value . ";";
				}
			$r .= "}";
			}
		return $r;
		}
	}

/**
 * Trims all elements of the array and removes empty elements. 
 *
 * @param	array		$array
 * @return	array
 */
function cssmin_array_clean(array $array)
	{
	$r = array();
	if (cssmin_array_is_assoc($array))
		{
		foreach ($array as $key => $value)
			{
			$r[$key] = trim($value);
			}
		}
	else
		{
		foreach ($array as $value)
			{
			if (trim($value) != "")
				{
				$r[] = trim($value);
				}
			}
		}
	return $r;
	}
/**
 * Return if a value is a associative array.
 *
 * @param	array		$array
 * @return	bool
 */
function cssmin_array_is_assoc($array)
	{
	if (!is_array($array))
		{
		return false;
		}
	else
		{
		krsort($array, SORT_STRING);
		return !is_numeric(key($array));
		}
	}
/**
 * Encodes a url() expression.
 *
 * @param	array	$match
 * @return	string
 */
function cssmin_encode_url($match)
	{
	return "url(" . base64_encode(trim($match[1])) . ")";
	}
/**
 * Decodes a url() expression.
 *
 * @param	array	$match
 * @return	string
 */
function cssmin_decode_url($match)
	{
	return "url(" . base64_decode($match[1]) . ")";
	}
?>

1		<?php
2		if(!defined('sugarEntry') \|\| !sugarEntry) die('Not A Valid Entry Point');
3
4		/**
5		* cssmin.php - A simple CSS minifier.
6		* --
7		*
8		* <code>
9		* include("cssmin.php");
10		* file_put_contents("path/to/target.css", cssmin::minify(file_get_contents("path/to/source.css")));
11		* </code>
12		* --
13		*
14		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING
15		* BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
16		* NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
17		* DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
18		* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
19		* --
20		*
21		* @package cssmin
22		* @author Joe Scylla <[email protected]>
23		* @copyright 2008 Joe Scylla <[email protected]>
24		* @license http://opensource.org/licenses/mit-license.php MIT License
25		* @version 1.0.1.b3 (2008-10-02)
26		*/
27		class cssmin
28		{
29		/**
30		* Minifies stylesheet definitions
31		*
32		* <code>
33		* $css_minified = cssmin::minify(file_get_contents("path/to/target/file.css"));
34		* </code>
35		*
36		* @param string $css Stylesheet definitions as string
37		* @param array\|string $options Array or comma speperated list of options:
38		*
39		* - remove-last-semicolon: Removes the last semicolon in
40		* the style definition of an element (activated by default).
41		*
42		* - preserve-urls: Preserves every url defined in an url()-
43		* expression. This option is only required if you have
44		* defined really uncommon urls with multiple spaces or
45		* combination of colon, semi-colon, braces with leading or
46		* following spaces.
47		* @return string Minified stylesheet definitions
48		*/
49	1	public static function minify($css, $options = "remove-last-semicolon")
50		{
51	1	$options = ($options == "") ? array() : (is_array($options) ? $options : explode(",", $options));
52	1	if (in_array("preserve-urls", $options))
53		{
54		// Encode url() to base64
55		$css = preg_replace_callback("/url\s\((.)\)/siU", "cssmin_encode_url", $css);
56		}
57		// Remove comments
58	1	$css = preg_replace("/\/\[\d\D]?\*\/\|\t+/", " ", $css);
59		// Replace CR, LF and TAB to spaces
60	1	$css = str_replace(array("\n", "\r", "\t"), " ", $css);
61		// Replace multiple to single space
62	1	$css = preg_replace("/\s\s+/", " ", $css);
63		// Remove unneeded spaces
64	1	$css = preg_replace("/\s({\|}\|\[\|=\|~\|\+\|>\|\\|\|;\|:\|,)\s/", "$1", $css);
65	1	if (in_array("remove-last-semicolon", $options))
66		{
67		// Removes the last semicolon of every style definition
68	1	$css = str_replace(";}", "}", $css);
69		}
70	1	$css = trim($css);
71	1	if (in_array("preserve-urls", $options))
72		{
73		// Decode url()
74		$css = preg_replace_callback("/url\s\((.)\)/siU", "cssmin_encode_url", $css);
75		}
76	1	return $css;
77		}
78		/**
79		* Return a array structure of a stylesheet definitions.
80		*
81		* <code>
82		* $css_structure = cssmin::toArray(file_get_contents("path/to/target/file.css"));
83		* </code>
84		*
85		* @param string $css Stylesheet definitions as string
86		* @param string $options Options for {@link cssmin::minify()}
87		* @return array Structure of the stylesheet definitions as array
88		*/
89		public static function toArray($css, $options = "")
90		{
91		$r = array();
92		$css = cssmin::minify($css, $options);
93		$items = array();
94		preg_match_all("/(.+){(.+:.+);}/U", $css, $items);
95		if (count($items[0]) > 0)
96		{
97		for ($i = 0; $i < count($items[0]); $i++)
		0 ignored issues – show Performance Best Practice introduced 2016-03-07 17:58 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are calling the size function `count()` as part of the test condition. You might want to compute the size beforehand, and not on each iteration. If the size of the collection does not change during the iteration, it is generally a good practice to compute it beforehand, and not on each iteration: for ($i=0; $i<count($array); $i++) { // calls count() on each iteration } // Better for ($i=0, $c=count($array); $i<$c; $i++) { // calls count() just once } Loading history...
98		{
99		$keys = explode(",", $items[1][$i]);
100		$styles_tmp = explode(";", $items[2][$i]);
101		$styles = array();
102		foreach ($styles_tmp as $style)
103		{
104		$style_tmp = explode(":", $style);
105		$styles[$style_tmp[0]] = $style_tmp[1];
106		}
107		$r[] = array
108		(
109		"keys" => cssmin_array_clean($keys),
110		"styles" => cssmin_array_clean($styles)
111		);
112		}
113		}
114		return $r;
115		}
116		/**
117		* Return a array structure created by {@link cssmin::toArray()} to a string.
118		*
119		* <code>
120		* $css_string = cssmin::toString($css_structure);
121		* </code>
122		*
123		* @param array $css
		0 ignored issues – show Bug introduced 2016-03-07 17:58 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$css`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
124		* @return array
125		*/
126		public static function toString(array $array)
127		{
128		$r = "";
129		foreach ($array as $item)
130		{
131		$r .= implode(",", $item["keys"]) . "{";
132		foreach ($item["styles"] as $key => $value)
133		{
134		$r .= $key . ":" . $value . ";";
135		}
136		$r .= "}";
137		}
138		return $r;
139		}
140		}
141
142		/**
143		* Trims all elements of the array and removes empty elements.
144		*
145		* @param array $array
146		* @return array
147		*/
148		function cssmin_array_clean(array $array)
149		{
150		$r = array();
151		if (cssmin_array_is_assoc($array))
152		{
153		foreach ($array as $key => $value)
154		{
155		$r[$key] = trim($value);
156		}
157		}
158		else
159		{
160		foreach ($array as $value)
161		{
162		if (trim($value) != "")
163		{
164		$r[] = trim($value);
165		}
166		}
167		}
168		return $r;
169		}
170		/**
171		* Return if a value is a associative array.
172		*
173		* @param array $array
174		* @return bool
175		*/
176		function cssmin_array_is_assoc($array)
177		{
178		if (!is_array($array))
179		{
180		return false;
181		}
182		else
183		{
184		krsort($array, SORT_STRING);
185		return !is_numeric(key($array));
186		}
187		}
188		/**
189		* Encodes a url() expression.
190		*
191		* @param array $match
192		* @return string
193		*/
194		function cssmin_encode_url($match)
195		{
196		return "url(" . base64_encode(trim($match[1])) . ")";
197		}
198		/**
199		* Decodes a url() expression.
200		*
201		* @param array $match
202		* @return string
203		*/
204		function cssmin_decode_url($match)
205		{
206		return "url(" . base64_decode($match[1]) . ")";
207		}
208		?>

adamjakab / SuiteCRM

Issues (4069)

Security Analysis not enabled

include/SugarTheme/cssmin.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like