Issues in Page.php (master) - Issues in master - allejo/bzion - Measure and Improve Code Quality continuously with Scrutinizer

Issues (273)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

models/Page.php (1 issue)

Labels

Duplication 1

Severity

Informational 1

kongr45gpen 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * This file contains functionality relating to the custom pages that admins can great
 *
 * @package    BZiON\Models
 * @license    https://github.com/allejo/bzion/blob/master/LICENSE.md GNU General Public License Version 3
 */

/**
 * A custom page
 * @package    BZiON\Models
 */
class Page extends AliasModel
{
    /**
     * The content of the page
     * @var string
     */
    protected $content;

    /**
     * The creation date of the page
     * @var TimeDate
     */
    protected $created;

    /**
     * The date the page was last updated
     * @var TimeDate
     */
    protected $updated;

    /**
     * The ID of the author of the page
     * @var int
     */
    protected $author;

    /**
     * Whether the page is the home page
     * @var bool
     */
    protected $home;

    const DEFAULT_STATUS = 'live';

    /**
     * The name of the database table used for queries
     */
    const TABLE = "pages";

    const CREATE_PERMISSION = Permission::CREATE_PAGE;
    const EDIT_PERMISSION = Permission::EDIT_PAGE;
    const SOFT_DELETE_PERMISSION = Permission::SOFT_DELETE_PAGE;
    const HARD_DELETE_PERMISSION = Permission::HARD_DELETE_PAGE;

    /**
     * {@inheritdoc}
     */
    protected function assignResult($page)
    {
        $this->name = $page['name'];
        $this->alias = $page['alias'];
        $this->author = $page['author'];
        $this->home = $page['home'];
        $this->status = $page['status'];
    }

    /**
     * {@inheritdoc}
     */
    protected function assignLazyResult($page)
    {
        $this->content = $page['content'];
        $this->created = TimeDate::fromMysql($page['created']);
        $this->updated = TimeDate::fromMysql($page['updated']);
    }

    /**
     * Get the raw content of the page
     * @return string
     */
    public function getContent()
    {
        $this->lazyLoad();

        return $this->content;
    }

    /**
     * Get the page's submission time
     * @return TimeDate
     */
    public function getCreated()
    {
        $this->lazyLoad();

        return $this->created->copy();
    }

    /**
     * Get the time when the page was last updated
     * @return TimeDate
     */
    public function getUpdated()
    {
        $this->lazyLoad();

        return $this->updated->copy();
    }

    /**
     * Get the user who created the page
     * @return Player The page's author
     */
    public function getAuthor()
    {
        return Player::get($this->author);
    }

    /**
     * Get the status of the page
     * @return string
     */
    public function getStatus()
    {
        return $this->status;
    }

    /**
     * Find out whether this is the homepage
     * @return bool
     */
    public function isHomePage()
    {
        return $this->home;
    }

    /**
     * Set the content of the page
     *
     * @param  string $content
     * @return self
     */
    public function setContent($content)
    {
        return $this->updateProperty($this->content, "content", $content);
    }

    /**
     * Set the status of the page
     *
     * @param  string $status One of "live", "revision" or "disabled"
     * @return self
     */
    public function setStatus($status)
    {
        return $this->updateProperty($this->status, "status", $status);
    }

    /**
     * Update the last edit timestamp
     * @return self
     */
    public function updateEditTimestamp()
    {
        return $this->updateProperty($this->updated, "updated", TimeDate::now());
    }

    /**
     * Create a new Page
     *
     * @param string $title    The title of the page
     * @param string $content  The content of page
     * @param int    $authorID The ID of the author
     * @param string $status   Page status: 'live','disabled',or 'deleted'
     *
     * @return Page An object representing the page that was just created
     */
    public static function addPage($title, $content, $authorID, $status = "live")
    {
        return self::create(array(
            'name'    => $title,
            'alias'   => self::generateAlias($title),
            'content' => $content,
            'author'  => $authorID,
            'home'    => 0,
            'status'  => $status,
        ), array('created', 'updated'));
    }

    /**
     * {@inheritdoc}
     */
    public static function getRouteName($action = 'show')
    {
        return "custom_page_$action";
    }

    /**
     * {@inheritdoc}
     */
    protected static function getDisallowedAliases()
    {
        return array(
            "admin", "bans", "index", "login", "logout", "maps", "matches",
            "messages", "news", "notifications", "pages", "players", "servers",
            "teams", "visits"
        );
    }

    /**
     * {@inheritdoc}
     */
    public static function getActiveStatuses()
    {
        return array('live', 'revision');
    }

    /**
     * {@inheritdoc}
     */
    public static function getEagerColumns($prefix = null)
    {
        $columns = [
            'id',
            'parent_id',
            'name',
            'alias',
            'author',
            'home',
            'status',
        ];

        return self::formatColumns($prefix, $columns);
    }

    /**
     * {@inheritdoc}
     */
    public static function getLazyColumns()
    {
        return 'content,created,updated';
    }

    /**
     * Get a query builder for pages
     * @return QueryBuilder
     */
    public static function getQueryBuilder()

    {
        return new QueryBuilder('Page', array(
            'columns' => array(
                'name'   => 'name',
                'status' => 'status'
            ),
            'name' => 'name'
        ));
    }

    /**
     * Get the home page
     * @deprecated
     * @return Page
     */
    public static function getHomePage()
    {
        return self::get(self::fetchIdFrom(1, "home"));
    }
}


1			<?php
2			/**
3			* This file contains functionality relating to the custom pages that admins can great
4			*
5			* @package BZiON\Models
6			* @license https://github.com/allejo/bzion/blob/master/LICENSE.md GNU General Public License Version 3
7			*/
8
9			/**
10			* A custom page
11			* @package BZiON\Models
12			*/
13			class Page extends AliasModel
14			{
15			/**
16			* The content of the page
17			* @var string
18			*/
19			protected $content;
20
21			/**
22			* The creation date of the page
23			* @var TimeDate
24			*/
25			protected $created;
26
27			/**
28			* The date the page was last updated
29			* @var TimeDate
30			*/
31			protected $updated;
32
33			/**
34			* The ID of the author of the page
35			* @var int
36			*/
37			protected $author;
38
39			/**
40			* Whether the page is the home page
41			* @var bool
42			*/
43			protected $home;
44
45			const DEFAULT_STATUS = 'live';
46
47			/**
48			* The name of the database table used for queries
49			*/
50			const TABLE = "pages";
51
52			const CREATE_PERMISSION = Permission::CREATE_PAGE;
53			const EDIT_PERMISSION = Permission::EDIT_PAGE;
54			const SOFT_DELETE_PERMISSION = Permission::SOFT_DELETE_PAGE;
55			const HARD_DELETE_PERMISSION = Permission::HARD_DELETE_PAGE;
56
57			/**
58			* {@inheritdoc}
59			*/
60			protected function assignResult($page)
61			{
62			$this->name = $page['name'];
63			$this->alias = $page['alias'];
64	1		$this->author = $page['author'];
65			$this->home = $page['home'];
66	1		$this->status = $page['status'];
67	1		}
68	1
69	1		/**
70	1		* {@inheritdoc}
71	1		*/
72			protected function assignLazyResult($page)
73			{
74			$this->content = $page['content'];
75			$this->created = TimeDate::fromMysql($page['created']);
76			$this->updated = TimeDate::fromMysql($page['updated']);
77			}
78
79			/**
80			* Get the raw content of the page
81			* @return string
82			*/
83			public function getContent()
84			{
85			$this->lazyLoad();
86
87			return $this->content;
88			}
89
90			/**
91			* Get the page's submission time
92			* @return TimeDate
93			*/
94			public function getCreated()
95			{
96			$this->lazyLoad();
97
98			return $this->created->copy();
99			}
100
101			/**
102			* Get the time when the page was last updated
103			* @return TimeDate
104			*/
105			public function getUpdated()
106			{
107			$this->lazyLoad();
108
109			return $this->updated->copy();
110			}
111
112			/**
113			* Get the user who created the page
114			* @return Player The page's author
115			*/
116			public function getAuthor()
117			{
118			return Player::get($this->author);
119			}
120
121			/**
122			* Get the status of the page
123			* @return string
124			*/
125			public function getStatus()
126			{
127			return $this->status;
128			}
129	1
130			/**
131	1		* Find out whether this is the homepage
132			* @return bool
133			*/
134			public function isHomePage()
135			{
136			return $this->home;
137			}
138	1
139			/**
140	1		* Set the content of the page
141			*
142			* @param string $content
143			* @return self
144			*/
145			public function setContent($content)
146			{
147			return $this->updateProperty($this->content, "content", $content);
148			}
149
150			/**
151			* Set the status of the page
152			*
153			* @param string $status One of "live", "revision" or "disabled"
154			* @return self
155			*/
156			public function setStatus($status)
157			{
158			return $this->updateProperty($this->status, "status", $status);
159			}
160
161			/**
162			* Update the last edit timestamp
163			* @return self
164			*/
165			public function updateEditTimestamp()
166			{
167			return $this->updateProperty($this->updated, "updated", TimeDate::now());
168			}
169
170			/**
171			* Create a new Page
172			*
173			* @param string $title The title of the page
174			* @param string $content The content of page
175			* @param int $authorID The ID of the author
176			* @param string $status Page status: 'live','disabled',or 'deleted'
177			*
178			* @return Page An object representing the page that was just created
179			*/
180		View Code Duplication	public static function addPage($title, $content, $authorID, $status = "live")
181			{
182			return self::create(array(
183			'name' => $title,
184	1		'alias' => self::generateAlias($title),
185			'content' => $content,
186	1		'author' => $authorID,
187	1		'home' => 0,
188	1		'status' => $status,
189	1		), array('created', 'updated'));
190	1		}
191	1
192	1		/**
193	1		* {@inheritdoc}
194			*/
195			public static function getRouteName($action = 'show')
196			{
197			return "custom_page_$action";
198			}
199	1
200			/**
201	1		* {@inheritdoc}
202			*/
203			protected static function getDisallowedAliases()
204			{
205			return array(
206			"admin", "bans", "index", "login", "logout", "maps", "matches",
207	1		"messages", "news", "notifications", "pages", "players", "servers",
208			"teams", "visits"
209			);
210	1		}
211
212			/**
213			* {@inheritdoc}
214			*/
215			public static function getActiveStatuses()
216			{
217			return array('live', 'revision');
218			}
219	1
220			/**
221	1		* {@inheritdoc}
222			*/
223			public static function getEagerColumns($prefix = null)
224			{
225			$columns = [
226			'id',
227	1		'parent_id',
228			'name',
229			'alias',
230	1		'author',
231			'home',
232			'status',
233			];
234
235			return self::formatColumns($prefix, $columns);
236			}
237
238			/**
239	1		* {@inheritdoc}
240			*/
241			public static function getLazyColumns()
242			{
243			return 'content,created,updated';
244			}
245
246			/**
247			* Get a query builder for pages
248			* @return QueryBuilder
249			*/
250		View Code Duplication	public static function getQueryBuilder()
			0 ignored issues – show Duplication introduced 2015-12-02 06:58 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
251			{
252			return new QueryBuilder('Page', array(
253			'columns' => array(
254	1		'name' => 'name',
255			'status' => 'status'
256	1		),
257	1		'name' => 'name'
258			));
259			}
260
261			/**
262			* Get the home page
263			* @deprecated
264			* @return Page
265			*/
266			public static function getHomePage()
267			{
268			return self::get(self::fetchIdFrom(1, "home"));
269			}
270			}
271

allejo / bzion

Issues (273)

Security Analysis not enabled

models/Page.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like