Issues in Page.php (master) - Issues in master - appertly/minotaur - Measure and Improve Code Quality continuously with Scrutinizer

Issues (126)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/View/Page.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
declare(strict_types=1);
/**
 * Minotaur
 *
 * Licensed under the Apache License, Version 2.0 (the "License"); you may not
 * use this file except in compliance with the License. You may obtain a copy of
 * the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
 * WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
 * License for the specific language governing permissions and limitations under
 * the License.
 *
 * @copyright 2015-2017 Appertly
 * @license   Apache-2.0
 */
namespace Minotaur\View;

use Minotaur\Tags\Tag;

/**
 * Stores page information to pass along to rendering functions.
 */
class Page
{
    /**
     * @var string
     */
    private $title = '';
    /**
     * @var string
     */
    private $id = '';
    /**
     * @var string
     */
    private $lang = 'en';
    /**
     * @var string
     */
    private $encoding = 'utf8';
    /**
     * @var array<string>
     */
    private $classes = [];
    /**
     * @var array<\Minotaur\Tags\Tag>
     */
    private $metas = [];
    /**
     * @var array<\Minotaur\Tags\Tag>
     */
    private $links = [];
    /**
     * @var array<\Minotaur\Tags\Tag>
     */
    private $headScripts = [];
    /**
     * @var array<\Minotaur\Tags\Tag>
     */
    private $bodyScripts = [];

    /**
     * Gets the classes for the <body> tag.
     *
     * @return array<string>
     */
    public function getBodyClasses(): array
    {
        return $this->classes;
    }

    /**
     * Adds CSS classes to those for the <body> tag.
     *
     * @param iterable<string> The CSS classes
     */
    public function addBodyClasses(iterable $classes): self
    {
        $classes = is_array($classes) ? $classes : iterator_to_array($classes);
        foreach($classes as $class){

          $this->classes[] = $class;
        }
        return $this;
    }

    /**
     * Sets the page language.
     *
     * @param $lang - The new language
     * @return self provides a fluent interface
     */
    public function setLang(string $lang): self
    {
        $this->lang = $lang;
        return $this;
    }

    /**
     * Gets the page language, by default en.
     */
    public function getLang(): string
    {
        return $this->lang;
    }

    /**
     * Gets the page encoding, by default utf8.
     */
    public function getEncoding(): string
    {
        return $this->encoding;
    }

    /**
     * Sets the page encoding (e.g. utf8)
     *
     * @param $encoding - The page encoding
     * @return self provides a fluent interface
     */
    public function setEncoding(string $encoding): self
    {
        $this->encoding = $encoding;
        return $this;
    }

    /**
     * Gets the page title
     */
    public function getTitle(): string
    {
        return $this->title;
    }

    /**
     * Gets the page <meta/> tags.
     */
    public function getMeta(): array
    {
        return $this->metas;
    }

    /**
     * Gets the page <link/> tags.
     */
    public function getLinks(): array
    {
        return $this->links;
    }

    /**
     * Gets the <script> tags in the page head.
     *
     * @return array<\Minotaur\Tags\Tag>
     */
    public function getHeadScripts(): array
    {
        return $this->headScripts;
    }

    /**
     * Gets the <script> tags in the page body.
     *
     * @return array<\Minotaur\Tags\Tag>
     */
    public function getBodyScripts(): array
    {
        return $this->bodyScripts;
    }

    /**
     * Sets the page title.
     *
     * @param $title - The new page title
     * @return self provides a fluent interface
     */
    public function setTitle(string $title): self
    {
        $this->title = $title;
        return $this;
    }

    /**
     * Gets the page id.
     */
    public function getBodyId(): string
    {
        return $this->id;
    }

    /**
     * Sets the page id.
     *
     * @param $id - The new id
     * @return self provides a fluent interface
     */
    public function setBodyId(string $id): self
    {
        $this->id = $id;
        return $this;
    }

    /**
     * Adds a <meta> tag.
     *
     * @param $name - The tag name attribute
     * @param $content - The tag content attribute
     * @return self provides a fluent interface
     */
    public function addMeta(string $name, string $content): self
    {
        $this->metas[] = new Tag('meta', ['name' => $name, 'content' => $content]);
        return $this;
    }

    /**
     * Adds a stylesheet.
     *
     * @param $src - The file location
     * @param $mime - Optional MIME type
     * @param iterable<string> $media Optional list of media types

     * @return self provides a fluent interface
     */
    public function addStylesheet(string $src, string $mime = '', iterable $media = null): self
    {
        $link = new Tag('link', ['rel' => "stylesheet", 'href' => $src]);
        if (strlen($mime) > 0) {
            $link->setAttribute('type', $mime);
        }
        if ($media !== null) {
            $link->setAttribute('media', implode(',', $media));
        }
        $this->links[] = $link;
        return $this;
    }

    /**
     * Adds a <link> tag.
     *
     * @param $rel - The relationship
     * @param $href - The resource HREF
     * @param $sizes - Optional sizes
     * @param $crossorigin - Optional crossorigin
     * @param $integrity - Optional integrity
     * @return self provides a fluent interface
     */
    public function addLink(string $rel, string $href, string $sizes = '', string $crossorigin = '', string $integrity = ''): self
    {
        $link = new Tag('link', ['rel' => $rel, 'href' => $href]);
        if (strlen($sizes) > 0) {
            $link->setAttribute('sizes', $sizes);
        }
        if (strlen($crossorigin) > 0) {
            $link->setAttribute('crossorigin', $crossorigin);
        }
        if (strlen($integrity) > 0) {
            $link->setAttribute('integrity', $integrity);
        }
        $this->links[] = $link;
        return $this;
    }

    /**
     * Adds an external script to the head.
     *
     * @param $src - The script location
     * @param $mime - Optional MIME type
     * @return self provides a fluent interface
     */
    public function addHeadScript(string $src, string $mime = ''): self
    {
        $script = new Tag('script', ['src' => $src]);
        if (strlen($mime) > 0) {
            $script->setAttribute('type', $mime);
        }
        $this->headScripts[] = $script;
        return $this;
    }

    /**
     * Adds an inline script to the head.
     *
     * @param $script - The inline JavaScript
     * @param $mime - Optional MIME type
     * @return self provides a fluent interface
     */
    public function addHeadScriptInline(string $script, string $mime = ''): self
    {
        $script = new Tag('script', [], $script);
        if (strlen($mime) > 0) {
            $script->setAttribute('type', $mime);
        }
        $this->headScripts[] = $script;
        return $this;
    }

    /**
     * Adds an external script to the body.
     *
     * @param $src - The script location
     * @param $mime - Optional MIME type
     * @return self provides a fluent interface
     */
    public function addBodyScript(string $src, string $mime = ''): self
    {
        $script = new Tag('script', ['src' => $src]);
        if (strlen($mime) > 0) {
            $script->setAttribute('type', $mime);
        }
        $this->bodyScripts[] = $script;
        return $this;
    }

    /**
     * Adds an inline script to the mody.
     *
     * @param $script - The inline JavaScript
     * @param $mime - Optional MIME type
     * @return self provides a fluent interface
     */
    public function addBodyScriptInline(string $script, string $mime = ''): self
    {
        $script = new Tag('script', [], $script);
        if (strlen($mime) > 0) {
            $script->setAttribute('type', $mime);
        }
        $this->bodyScripts[] = $script;
        return $this;
    }
}


1			<?php
2			declare(strict_types=1);
3			/**
4			* Minotaur
5			*
6			* Licensed under the Apache License, Version 2.0 (the "License"); you may not
7			* use this file except in compliance with the License. You may obtain a copy of
8			* the License at
9			*
10			* http://www.apache.org/licenses/LICENSE-2.0
11			*
12			* Unless required by applicable law or agreed to in writing, software
13			* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
14			* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
15			* License for the specific language governing permissions and limitations under
16			* the License.
17			*
18			* @copyright 2015-2017 Appertly
19			* @license Apache-2.0
20			*/
21			namespace Minotaur\View;
22
23			use Minotaur\Tags\Tag;
24
25			/**
26			* Stores page information to pass along to rendering functions.
27			*/
28			class Page
29			{
30			/**
31			* @var string
32			*/
33			private $title = '';
34			/**
35			* @var string
36			*/
37			private $id = '';
38			/**
39			* @var string
40			*/
41			private $lang = 'en';
42			/**
43			* @var string
44			*/
45			private $encoding = 'utf8';
46			/**
47			* @var array<string>
48			*/
49			private $classes = [];
50			/**
51			* @var array<\Minotaur\Tags\Tag>
52			*/
53			private $metas = [];
54			/**
55			* @var array<\Minotaur\Tags\Tag>
56			*/
57			private $links = [];
58			/**
59			* @var array<\Minotaur\Tags\Tag>
60			*/
61			private $headScripts = [];
62			/**
63			* @var array<\Minotaur\Tags\Tag>
64			*/
65			private $bodyScripts = [];
66
67			/**
68			* Gets the classes for the <body> tag.
69			*
70			* @return array<string>
71			*/
72			public function getBodyClasses(): array
73			{
74			return $this->classes;
75			}
76
77			/**
78			* Adds CSS classes to those for the <body> tag.
79			*
80			* @param iterable<string> The CSS classes
81			*/
82			public function addBodyClasses(iterable $classes): self
83			{
84			$classes = is_array($classes) ? $classes : iterator_to_array($classes);
85			foreach($classes as $class){
			0 ignored issues – show Coding Style introduced 2017-03-30 20:54 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 1 space after FOREACH keyword; 0 found Loading history...
86			$this->classes[] = $class;
87			}
88			return $this;
89			}
90
91			/**
92			* Sets the page language.
93			*
94			* @param $lang - The new language
95			* @return self provides a fluent interface
96			*/
97			public function setLang(string $lang): self
98			{
99			$this->lang = $lang;
100			return $this;
101			}
102
103			/**
104			* Gets the page language, by default en.
105			*/
106			public function getLang(): string
107			{
108			return $this->lang;
109			}
110
111			/**
112			* Gets the page encoding, by default utf8.
113			*/
114			public function getEncoding(): string
115			{
116			return $this->encoding;
117			}
118
119			/**
120			* Sets the page encoding (e.g. utf8)
121			*
122			* @param $encoding - The page encoding
123			* @return self provides a fluent interface
124			*/
125			public function setEncoding(string $encoding): self
126			{
127			$this->encoding = $encoding;
128			return $this;
129			}
130
131			/**
132			* Gets the page title
133			*/
134			public function getTitle(): string
135			{
136			return $this->title;
137			}
138
139			/**
140			* Gets the page <meta/> tags.
141			*/
142			public function getMeta(): array
143			{
144			return $this->metas;
145			}
146
147			/**
148			* Gets the page <link/> tags.
149			*/
150			public function getLinks(): array
151			{
152			return $this->links;
153			}
154
155			/**
156			* Gets the <script> tags in the page head.
157			*
158			* @return array<\Minotaur\Tags\Tag>
159			*/
160			public function getHeadScripts(): array
161			{
162			return $this->headScripts;
163			}
164
165			/**
166			* Gets the <script> tags in the page body.
167			*
168			* @return array<\Minotaur\Tags\Tag>
169			*/
170			public function getBodyScripts(): array
171			{
172			return $this->bodyScripts;
173			}
174
175			/**
176			* Sets the page title.
177			*
178			* @param $title - The new page title
179			* @return self provides a fluent interface
180			*/
181			public function setTitle(string $title): self
182			{
183			$this->title = $title;
184			return $this;
185			}
186
187			/**
188			* Gets the page id.
189			*/
190			public function getBodyId(): string
191			{
192			return $this->id;
193			}
194
195			/**
196			* Sets the page id.
197			*
198			* @param $id - The new id
199			* @return self provides a fluent interface
200			*/
201			public function setBodyId(string $id): self
202			{
203			$this->id = $id;
204			return $this;
205			}
206
207			/**
208			* Adds a <meta> tag.
209			*
210			* @param $name - The tag name attribute
211			* @param $content - The tag content attribute
212			* @return self provides a fluent interface
213			*/
214			public function addMeta(string $name, string $content): self
215			{
216			$this->metas[] = new Tag('meta', ['name' => $name, 'content' => $content]);
217			return $this;
218			}
219
220			/**
221			* Adds a stylesheet.
222			*
223			* @param $src - The file location
224			* @param $mime - Optional MIME type
225			* @param iterable<string> $media Optional list of media types
			0 ignored issues – show Documentation introduced 2017-02-10 15:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `iterable<string>` could not be parsed: Expected "\|" or "end of type", but got "<" at position 8. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
226			* @return self provides a fluent interface
227			*/
228			public function addStylesheet(string $src, string $mime = '', iterable $media = null): self
229			{
230			$link = new Tag('link', ['rel' => "stylesheet", 'href' => $src]);
231			if (strlen($mime) > 0) {
232			$link->setAttribute('type', $mime);
233			}
234			if ($media !== null) {
235			$link->setAttribute('media', implode(',', $media));
236			}
237			$this->links[] = $link;
238			return $this;
239			}
240
241			/**
242			* Adds a <link> tag.
243			*
244			* @param $rel - The relationship
245			* @param $href - The resource HREF
246			* @param $sizes - Optional sizes
247			* @param $crossorigin - Optional crossorigin
248			* @param $integrity - Optional integrity
249			* @return self provides a fluent interface
250			*/
251			public function addLink(string $rel, string $href, string $sizes = '', string $crossorigin = '', string $integrity = ''): self
252			{
253			$link = new Tag('link', ['rel' => $rel, 'href' => $href]);
254			if (strlen($sizes) > 0) {
255			$link->setAttribute('sizes', $sizes);
256			}
257			if (strlen($crossorigin) > 0) {
258			$link->setAttribute('crossorigin', $crossorigin);
259			}
260			if (strlen($integrity) > 0) {
261			$link->setAttribute('integrity', $integrity);
262			}
263			$this->links[] = $link;
264			return $this;
265			}
266
267			/**
268			* Adds an external script to the head.
269			*
270			* @param $src - The script location
271			* @param $mime - Optional MIME type
272			* @return self provides a fluent interface
273			*/
274			public function addHeadScript(string $src, string $mime = ''): self
275			{
276			$script = new Tag('script', ['src' => $src]);
277			if (strlen($mime) > 0) {
278			$script->setAttribute('type', $mime);
279			}
280			$this->headScripts[] = $script;
281			return $this;
282			}
283
284			/**
285			* Adds an inline script to the head.
286			*
287			* @param $script - The inline JavaScript
288			* @param $mime - Optional MIME type
289			* @return self provides a fluent interface
290			*/
291			public function addHeadScriptInline(string $script, string $mime = ''): self
292			{
293			$script = new Tag('script', [], $script);
294			if (strlen($mime) > 0) {
295			$script->setAttribute('type', $mime);
296			}
297			$this->headScripts[] = $script;
298			return $this;
299			}
300
301			/**
302			* Adds an external script to the body.
303			*
304			* @param $src - The script location
305			* @param $mime - Optional MIME type
306			* @return self provides a fluent interface
307			*/
308			public function addBodyScript(string $src, string $mime = ''): self
309			{
310			$script = new Tag('script', ['src' => $src]);
311			if (strlen($mime) > 0) {
312			$script->setAttribute('type', $mime);
313			}
314			$this->bodyScripts[] = $script;
315			return $this;
316			}
317
318			/**
319			* Adds an inline script to the mody.
320			*
321			* @param $script - The inline JavaScript
322			* @param $mime - Optional MIME type
323			* @return self provides a fluent interface
324			*/
325			public function addBodyScriptInline(string $script, string $mime = ''): self
326			{
327			$script = new Tag('script', [], $script);
328			if (strlen($mime) > 0) {
329			$script->setAttribute('type', $mime);
330			}
331			$this->bodyScripts[] = $script;
332			return $this;
333			}
334			}
335

appertly / minotaur

Issues (126)

Security Analysis not enabled

src/View/Page.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like