Issues in modules_helper.php (2.1.x) - Issues in 2.1.x - board3/Board3-Portal - Measure and Improve Code Quality continuously with Scrutinizer

Issues (10)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/modules_helper.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
*
* @package Board3 Portal v2.1
* @copyright (c) 2014 Board3 Group ( www.board3.de )
* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
*
*/

namespace board3\portal\includes;

use Symfony\Component\Routing\Generator\UrlGeneratorInterface;

class modules_helper
{
	/**
	* Auth object
	* @var \phpbb\auth\auth
	*/
	protected $auth;

	/**
	* phpBB config
	* @var \phpbb\config\config
	*/
	protected $config;

	/** @var \phpbb\controller\helper Controller helper */
	protected $controller_helper;

	/**
	* phpBB request
	* @var \phpbb\request\request
	*/
	protected $request;

	/**
	* Constructor
	* NOTE: The parameters of this method must match in order and type with
	* the dependencies defined in the services.yml file for this service.
	* @param \phpbb\auth\auth $auth Auth object
	* @param \phpbb\config\config $config phpBB config
	* @param \phpbb\controller\helper $controller_helper Controller helper
	* @param \phpbb\request\request $request phpBB request
	*/
	public function __construct($auth, $config, $controller_helper, $request)
	{
		$this->auth = $auth;
		$this->config = $config;
		$this->controller_helper = $controller_helper;
		$this->request = $request;
	}

	/**
	* Get an array of disallowed forums
	*
	* @param bool $disallow_access Whether the array for disallowing access
	*			should be filled
	* @return array Array of forums the user is not allowed to access
	*/
	public function get_disallowed_forums($disallow_access)
	{
		if ($disallow_access == true)
		{
			$disallow_access = array_unique(array_keys($this->auth->acl_getf('!f_read', true)));
		}
		else
		{
			$disallow_access = array();
		}

		return $disallow_access;
	}

	/**
	* Generate select box
	*
	* @param string	$key			Key of select box
	* @param array	$select_ary		Array of select box options
	* @param array	$selected_options	Array of selected options
	* @param bool $multiple Whether multiple options should be selectable
	*
	* @return string HTML code of select box
	* @access public
	*/
	public function generate_select_box($key, $select_ary, $selected_options, $multiple = false)
	{
		// Build options
		$options = '<select id="' . $key . '" name="' . $key;
		$options .= ($multiple) ? '[]" multiple="multiple">' : '">';
		foreach ($select_ary as $id => $option)
		{
			$options .= '<option value="' . $option['value'] . '"' . ((in_array($option['value'], $selected_options)) ? ' selected="selected"' : '') . (!empty($option['disabled']) ? ' disabled="disabled" class="disabled-option"' : '') . '>' . $option['title'] . '</option>';
		}
		$options .= '</select>';

		return $options;
	}

	/**
	* Generate forum select box
	*
	* @param string $value	Value of select box
	* @param string $key	Key of select box
	*
	* @return string HTML code of select box
	* @access public
	*/
	public function generate_forum_select($value, $key)

	{
		$forum_list = make_forum_select(false, false, true, true, true, false, true);

		$selected_options = $select_ary = array();
		if (isset($this->config[$key]) && strlen($this->config[$key]) > 0)
		{
			$selected_options = explode(',', $this->config[$key]);
		}

		// Build forum options
		foreach ($forum_list as $f_id => $f_row)
		{
			$select_ary[] = array(
				'value'		=> $f_id,
				'title'		=> $f_row['padding'] . $f_row['forum_name'],
				'disabled'	=> $f_row['disabled'],
			);
		}

		return $this->generate_select_box($key, $select_ary, $selected_options, true);
	}

	/**
	* Store selected forums
	*
	* @param string $key Key name
	*
	* @return null
	* @access public
	*/
	public function store_selected_forums($key)
	{
		// Get selected extensions
		$values = $this->request->variable($key, array(0 => ''));
		$news = implode(',', $values);
		$this->config->set($key, $news);
	}

	/**
	 * Wrapper method for controller_helper::route()
	 *
	 * @param string $route Route name
	 * @param array $params Route parameters
	 * @param bool $is_amp
	 * @param bool $session_id
	 * @param bool $reference_type
	 *
	 * @return string URL for route
	 */
	public function route($route, $params = array(), $is_amp = true, $session_id = false, $reference_type = UrlGeneratorInterface::ABSOLUTE_PATH)
	{
		return $this->controller_helper->route($route, $params, $is_amp, $session_id, $reference_type);
	}

	/**
	 * Display radio buttons for left/right choice
	 *
	 * @param int $value Selected value
	 * @param string $key Key of config variable
	 *
	 * @return string
	 */
	public function display_left_right($value, $key)
	{
		$radio_ary = array(0 => 'PORTAL_SHOW_ALL_LEFT', 1 => 'PORTAL_SHOW_ALL_RIGHT');

		return h_radio($key, $radio_ary, $value, $key);
	}

	/**
	 * Store left right choice
	 *
	 * @param string $key Config key
	 */
	public function store_left_right($key)
	{
		// Get selected side
		$value = $this->request->variable($key, 0);

		$this->config->set($key, $value);
	}
}


1			<?php
2			/**
3			*
4			* @package Board3 Portal v2.1
5			* @copyright (c) 2014 Board3 Group ( www.board3.de )
6			* @license http://opensource.org/licenses/gpl-2.0.php GNU General Public License v2
7			*
8			*/
9
10			namespace board3\portal\includes;
11
12			use Symfony\Component\Routing\Generator\UrlGeneratorInterface;
13
14			class modules_helper
15			{
16			/**
17			* Auth object
18			* @var \phpbb\auth\auth
19			*/
20			protected $auth;
21
22			/**
23			* phpBB config
24			* @var \phpbb\config\config
25			*/
26			protected $config;
27
28			/** @var \phpbb\controller\helper Controller helper */
29			protected $controller_helper;
30
31			/**
32			* phpBB request
33			* @var \phpbb\request\request
34			*/
35			protected $request;
36
37			/**
38			* Constructor
39			* NOTE: The parameters of this method must match in order and type with
40			* the dependencies defined in the services.yml file for this service.
41			* @param \phpbb\auth\auth $auth Auth object
42			* @param \phpbb\config\config $config phpBB config
43			* @param \phpbb\controller\helper $controller_helper Controller helper
44			* @param \phpbb\request\request $request phpBB request
45			*/
46	100		public function __construct($auth, $config, $controller_helper, $request)
47			{
48	100		$this->auth = $auth;
49	100		$this->config = $config;
50	100		$this->controller_helper = $controller_helper;
51	100		$this->request = $request;
52	100		}
53
54			/**
55			* Get an array of disallowed forums
56			*
57			* @param bool $disallow_access Whether the array for disallowing access
58			* should be filled
59			* @return array Array of forums the user is not allowed to access
60			*/
61	32		public function get_disallowed_forums($disallow_access)
62			{
63	32		if ($disallow_access == true)
64	32		{
65	13		$disallow_access = array_unique(array_keys($this->auth->acl_getf('!f_read', true)));
66	13		}
67			else
68			{
69	19		$disallow_access = array();
70			}
71
72	32		return $disallow_access;
73			}
74
75			/**
76			* Generate select box
77			*
78			* @param string $key Key of select box
79			* @param array $select_ary Array of select box options
80			* @param array $selected_options Array of selected options
81			* @param bool $multiple Whether multiple options should be selectable
82			*
83			* @return string HTML code of select box
84			* @access public
85			*/
86	4		public function generate_select_box($key, $select_ary, $selected_options, $multiple = false)
87			{
88			// Build options
89	4		$options = '<select id="' . $key . '" name="' . $key;
90	4		$options .= ($multiple) ? '[]" multiple="multiple">' : '">';
91	4		foreach ($select_ary as $id => $option)
92			{
93	4		$options .= '<option value="' . $option['value'] . '"' . ((in_array($option['value'], $selected_options)) ? ' selected="selected"' : '') . (!empty($option['disabled']) ? ' disabled="disabled" class="disabled-option"' : '') . '>' . $option['title'] . '</option>';
94	4		}
95	4		$options .= '</select>';
96
97	4		return $options;
98			}
99
100			/**
101			* Generate forum select box
102			*
103			* @param string $value Value of select box
104			* @param string $key Key of select box
105			*
106			* @return string HTML code of select box
107			* @access public
108			*/
109	1		public function generate_forum_select($value, $key)
			0 ignored issues – show Unused Code introduced 2017-11-04 14:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$value` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
110			{
111	1		$forum_list = make_forum_select(false, false, true, true, true, false, true);
112
113	1		$selected_options = $select_ary = array();
114	1		if (isset($this->config[$key]) && strlen($this->config[$key]) > 0)
115	1		{
116	1		$selected_options = explode(',', $this->config[$key]);
117	1		}
118
119			// Build forum options
120	1		foreach ($forum_list as $f_id => $f_row)
121			{
122	1		$select_ary[] = array(
123	1		'value' => $f_id,
124	1		'title' => $f_row['padding'] . $f_row['forum_name'],
125	1		'disabled' => $f_row['disabled'],
126			);
127	1		}
128
129	1		return $this->generate_select_box($key, $select_ary, $selected_options, true);
130			}
131
132			/**
133			* Store selected forums
134			*
135			* @param string $key Key name
136			*
137			* @return null
138			* @access public
139			*/
140	1	View Code Duplication	public function store_selected_forums($key)
141			{
142			// Get selected extensions
143	1		$values = $this->request->variable($key, array(0 => ''));
144	1		$news = implode(',', $values);
145	1		$this->config->set($key, $news);
146	1		}
147
148			/**
149			* Wrapper method for controller_helper::route()
150			*
151			* @param string $route Route name
152			* @param array $params Route parameters
153			* @param bool $is_amp
154			* @param bool $session_id
155			* @param bool $reference_type
156			*
157			* @return string URL for route
158			*/
159	1		public function route($route, $params = array(), $is_amp = true, $session_id = false, $reference_type = UrlGeneratorInterface::ABSOLUTE_PATH)
160			{
161	1		return $this->controller_helper->route($route, $params, $is_amp, $session_id, $reference_type);
162			}
163
164			/**
165			* Display radio buttons for left/right choice
166			*
167			* @param int $value Selected value
168			* @param string $key Key of config variable
169			*
170			* @return string
171			*/
172	2		public function display_left_right($value, $key)
173			{
174	2		$radio_ary = array(0 => 'PORTAL_SHOW_ALL_LEFT', 1 => 'PORTAL_SHOW_ALL_RIGHT');
175
176	2		return h_radio($key, $radio_ary, $value, $key);
177			}
178
179			/**
180			* Store left right choice
181			*
182			* @param string $key Config key
183			*/
184	1		public function store_left_right($key)
185			{
186			// Get selected side
187	1		$value = $this->request->variable($key, 0);
188
189	1		$this->config->set($key, $value);
190	1		}
191			}
192

board3 / Board3-Portal

Issues (10)

Security Analysis no request data

includes/modules_helper.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like