Issues in index.php (master) - Issues in master - brusselopole/Worldopole - Measure and Improve Code Quality continuously with Scrutinizer

Issues (310)

Security Analysis no vulnerabilities found

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

index.php (1 issue)

Labels

Coding Style 1

Severity

Informational 1

Michael Krug 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

include_once 'config.php';
include_once 'functions.php';
include_once 'core/process/data.loader.php';

?>

<!DOCTYPE html>
<html>
	<head>
		<meta charset="utf-8">
		<meta http-equiv="X-UA-Compatible" content="IE=edge">
		<meta name="viewport" content="width=device-width, initial-scale=1">

		<?php include_once 'core/inc/meta.inc.php'; ?>

		<!-- Bootstrap -->
		<link href="core/css/bootstrap.min.css" rel="stylesheet">
		<link href="https://fonts.googleapis.com/css?family=Lato:400,300,700" rel="stylesheet" type="text/css">
		<link href="core/css/font-awesome.min.css" rel="stylesheet">
		<link href="<?php auto_ver('core/css/style.css'); ?>" rel="stylesheet">
		<?php if ('pokemon' == $page) {
    ?>
			<link href="<?php auto_ver('core/css/jQRangeSlider-bootstrap.min.css'); ?>" rel="stylesheet">
		<?php
} ?>
	</head>
	<body id="page-top" data-spy="scroll" data-target=".navbar-fixed-top">

		<?php
        // Google Analytics
        if (is_file('analyticstracking.php')) {
            include_once 'analyticstracking.php';
        }
        ?>

		<nav class="navbar navbar-default navbar-fixed-top">
			<div class="container">
				<!-- Brand and toggle get grouped for better mobile display -->
				<div class="navbar-header">
					<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#menu" aria-expanded="false">
						<span class="sr-only">Toggle navigation</span>
						<span class="icon-bar"></span>
						<span class="icon-bar"></span>
						<span class="icon-bar"></span>
					</button>
					<a class="navbar-brand" href="<?= HOST_URL; ?>"><img src="<?= $config->infos->logo_path; ?>" width="25" style="display:inline-block;" alt="<?= $config->infos->site_name; ?>" id="logo-img" /> <?= $config->infos->site_name; ?></a>
// Bad
$a = 5; $b = 6; $c = 7;

// Good
$a = 5;
$b = 6;
$c = 7;
				</div>

				<!-- Collect the nav links, forms, and other content for toggling -->
				<div class="collapse navbar-collapse" id="menu">
					<ul class="nav navbar-nav navbar-right">

						<?php
                        if (!isset($config->menu)) {
                            echo 'Please update variables.json file with menu values';
                            exit();
                        }

                        foreach ($config->menu as $menu) {
                            printMenuitems($menu, 1, $locales);
                        }
                        ?>

					</ul>
				</div> <!-- /.navbar-collapse -->
			</div> <!-- /.container-fluid -->
		</nav>

		<div class="container">
			<?php
            // Include the pages
            if (!empty($_GET['page'])) {
                $file = SYS_PATH.'/pages/'.$page.'.page.php';

                if (is_file($file)) {
                    echo '<!-- Page :: '.$page.' -->';
                    include $file;
                } else {
                    include 'pages/home.page.php';
                }
            } else {
                include 'pages/home.page.php';
            }

            ?>
		</div>

		<footer>
			<div class="container">
				<div class="row">
					<div class="col-md-12 text-center">
						<img src="core/img/logo.png" width=50 class="big-icon" alt="Brusselopole icon">
						<h2><?= $locales->FOOTER_TITLE; ?></h2>
						<p><?= $locales->FOOTER_SUB; ?></p>
						<?= $locales->FOOTER_VISUAL_CONTENT; ?>
						<p><?= $locales->FOOTER_MADE_BY; ?></p>
						<h3>Pokémon™</h3>
						<?= $locales->FOOTER_POKEMON_CONTENT; ?>
					</div>
				</div>
			</div>
		</footer>

		<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
		<script src="core/js/bootstrap.min.js"></script>

		<?php // Load scripts only for page
        if (empty($page)) {
            ?>

			<script src="<?php auto_ver('core/js/home.script.js'); ?>"></script>

			<script>
				updateCounter(<?= $home->pokemon_now; ?>,'.total-pkm-js');
				updateCounter(<?= $home->pokestop_lured; ?>,'.total-lure-js');
				updateCounter(<?= $home->active_raids; ?>,'.total-raids-js');
				updateCounter(<?= $home->gyms; ?>,'.total-gym-js');

				updateCounter(<?= $home->teams->valor; ?>,'.total-valor-js');
				updateCounter(<?= $home->teams->mystic; ?>,'.total-mystic-js');
				updateCounter(<?= $home->teams->instinct; ?>,'.total-instinct-js');
				updateCounter(<?= $home->teams->rocket; ?>,'.total-rocket-js');
			</script>
		<?php
        } else {
            switch ($page) {
                case 'pokemon':
                    ?>

					<script src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.5.0/Chart.min.js"></script>
					<script src="core/js/pokemon.graph.js.php?id=<?= $pokemon_id; ?>"></script>

					<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js"></script>
					<script src="<?php auto_ver('core/js/jQAllRangeSliders-withRuler.min.js'); ?>"></script>
					<script src="<?php auto_ver('core/js/pokemon.maps.js'); ?>"></script>
					<script>
						var pokemon_id = <?= $pokemon_id; ?>;
					</script>
					<script src="https://maps.googleapis.com/maps/api/js?key=<?= $config->system->GMaps_Key; ?>&libraries=visualization&callback=initMap&v=3"></script>

					<?php
                    break;

                case 'pokestops':
                    ?>

					<script src="<?php auto_ver('core/js/pokestops.maps.js'); ?>"></script>
					<script src="https://maps.googleapis.com/maps/api/js?key=<?= $config->system->GMaps_Key; ?>&libraries=visualization&callback=initMap&v=3"></script>

					<?php
                    break;

                case 'gym':
                    ?>

					<script src="<?php auto_ver('core/js/gym.script.js'); ?>"></script>
					<script>
						updateCounter(<?= $teams->valor->gym_owned; ?>,'.gym-valor-js');
						updateCounter(<?= $teams->valor->average; ?>,'.average-valor-js');

						updateCounter(<?= $teams->instinct->gym_owned; ?>,'.gym-instinct-js');
						updateCounter(<?= $teams->instinct->average; ?>,'.average-instinct-js');

						updateCounter(<?= $teams->mystic->gym_owned; ?>,'.gym-mystic-js');
						updateCounter(<?= $teams->mystic->average; ?>,'.average-mystic-js');
					</script>

					<script src="<?php auto_ver('core/js/gym.maps.js'); ?>"></script>
					<script src="https://maps.googleapis.com/maps/api/js?key=<?= $config->system->GMaps_Key; ?>&libraries=visualization&callback=initMap&v=3"></script>

					<?php
                    break;

                case 'pokedex':
                    ?>

					<script src="core/js/holmes.min.js"></script>
					<script>
						// holmes setup
						var h = new holmes({
							input: '.search input',
							find: '.results .pokemon-single',
							placeholder: '<h3>— No results, my dear Ash. —</h3>',
							class: {
								visible: 'visible',
								hidden: 'hidden'
							}
						});
					</script>

					<?php
                    break;

                case 'dashboard':
                    ?>

					<script src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.5.0/Chart.min.js"></script>
					<script src="core/js/dashboard.graph.js.php"></script>

					<?php
                    break;

                case 'trainer':
                    ?>

					<script src="<?php auto_ver('core/js/trainer.content.js'); ?>"></script>
					<script src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.5.0/Chart.min.js"></script>
					<script src="core/js/trainer.graph.js.php"></script>

					<?php
                    break;

                case 'nests':
                    ?>

					<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery.countdown/2.2.0/jquery.countdown.min.js"></script>
					<script src="core/js/nests.maps.js.php"></script>
					<script src="https://maps.googleapis.com/maps/api/js?key=<?= $config->system->GMaps_Key; ?>&libraries=visualization,geometry&callback=initMap&v=3"></script>

					<?php
                    break;

                case 'raids':
                    ?>

					<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery.countdown/2.2.0/jquery.countdown.min.js"></script>
					<script src="<?php auto_ver('core/js/raids.content.js'); ?>"></script>

					<?php
                    break;

                case 'gymhistory':
                    ?>

					<script src="<?php auto_ver('core/js/gymhistory.content.js'); ?>"></script>

					<?php
                    break;
            }
        }
        ?>

	</body>
</html>


1			<?php
2
3			include_once 'config.php';
4			include_once 'functions.php';
5			include_once 'core/process/data.loader.php';
6
7			?>
8
9			<!DOCTYPE html>
10			<html>
11			<head>
12			<meta charset="utf-8">
13			<meta http-equiv="X-UA-Compatible" content="IE=edge">
14			<meta name="viewport" content="width=device-width, initial-scale=1">
15
16			<?php include_once 'core/inc/meta.inc.php'; ?>
17
18			<!-- Bootstrap -->
19			<link href="core/css/bootstrap.min.css" rel="stylesheet">
20			<link href="https://fonts.googleapis.com/css?family=Lato:400,300,700" rel="stylesheet" type="text/css">
21			<link href="core/css/font-awesome.min.css" rel="stylesheet">
22			<link href="<?php auto_ver('core/css/style.css'); ?>" rel="stylesheet">
23			<?php if ('pokemon' == $page) {
24			?>
25			<link href="<?php auto_ver('core/css/jQRangeSlider-bootstrap.min.css'); ?>" rel="stylesheet">
26			<?php
27			} ?>
28			</head>
29			<body id="page-top" data-spy="scroll" data-target=".navbar-fixed-top">
30
31			<?php
32			// Google Analytics
33			if (is_file('analyticstracking.php')) {
34			include_once 'analyticstracking.php';
35			}
36			?>
37
38			<nav class="navbar navbar-default navbar-fixed-top">
39			<div class="container">
40			<!-- Brand and toggle get grouped for better mobile display -->
41			<div class="navbar-header">
42			<button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#menu" aria-expanded="false">
43			<span class="sr-only">Toggle navigation</span>
44			<span class="icon-bar"></span>
45			<span class="icon-bar"></span>
46			<span class="icon-bar"></span>
47			</button>
48			<a class="navbar-brand" href="<?= HOST_URL; ?>"><img src="<?= $config->infos->logo_path; ?>" width="25" style="display:inline-block;" alt="<?= $config->infos->site_name; ?>" id="logo-img" /> <?= $config->infos->site_name; ?></a>
			0 ignored issues – show Coding Style introduced 2019-02-03 13:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to place each PHP statement on a line by itself. Let’s take a look at an example: // Bad $a = 5; $b = 6; $c = 7; // Good $a = 5; $b = 6; $c = 7; Loading history...
49			</div>
50
51			<!-- Collect the nav links, forms, and other content for toggling -->
52			<div class="collapse navbar-collapse" id="menu">
53			<ul class="nav navbar-nav navbar-right">
54
55			<?php
56			if (!isset($config->menu)) {
57			echo 'Please update variables.json file with menu values';
58			exit();
59			}
60
61			foreach ($config->menu as $menu) {
62			printMenuitems($menu, 1, $locales);
63			}
64			?>
65
66			</ul>
67			</div> <!-- /.navbar-collapse -->
68			</div> <!-- /.container-fluid -->
69			</nav>
70
71			<div class="container">
72			<?php
73			// Include the pages
74			if (!empty($_GET['page'])) {
75			$file = SYS_PATH.'/pages/'.$page.'.page.php';
76
77			if (is_file($file)) {
78			echo '<!-- Page :: '.$page.' -->';
79			include $file;
80			} else {
81			include 'pages/home.page.php';
82			}
83			} else {
84			include 'pages/home.page.php';
85			}
86
87			?>
88			</div>
89
90			<footer>
91			<div class="container">
92			<div class="row">
93			<div class="col-md-12 text-center">
94			<img src="core/img/logo.png" width=50 class="big-icon" alt="Brusselopole icon">
95			<h2><?= $locales->FOOTER_TITLE; ?></h2>
96			<p><?= $locales->FOOTER_SUB; ?></p>
97			<?= $locales->FOOTER_VISUAL_CONTENT; ?>
98			<p><?= $locales->FOOTER_MADE_BY; ?></p>
99			<h3>Pokémon™</h3>
100			<?= $locales->FOOTER_POKEMON_CONTENT; ?>
101			</div>
102			</div>
103			</div>
104			</footer>
105
106			<script src="https://ajax.googleapis.com/ajax/libs/jquery/3.2.1/jquery.min.js"></script>
107			<script src="core/js/bootstrap.min.js"></script>
108
109			<?php // Load scripts only for page
110			if (empty($page)) {
111			?>
112
113			<script src="<?php auto_ver('core/js/home.script.js'); ?>"></script>
114
115			<script>
116			updateCounter(<?= $home->pokemon_now; ?>,'.total-pkm-js');
117			updateCounter(<?= $home->pokestop_lured; ?>,'.total-lure-js');
118			updateCounter(<?= $home->active_raids; ?>,'.total-raids-js');
119			updateCounter(<?= $home->gyms; ?>,'.total-gym-js');
120
121			updateCounter(<?= $home->teams->valor; ?>,'.total-valor-js');
122			updateCounter(<?= $home->teams->mystic; ?>,'.total-mystic-js');
123			updateCounter(<?= $home->teams->instinct; ?>,'.total-instinct-js');
124			updateCounter(<?= $home->teams->rocket; ?>,'.total-rocket-js');
125			</script>
126			<?php
127			} else {
128			switch ($page) {
129			case 'pokemon':
130			?>
131
132			<script src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.5.0/Chart.min.js"></script>
133			<script src="core/js/pokemon.graph.js.php?id=<?= $pokemon_id; ?>"></script>
134
135			<script src="https://ajax.googleapis.com/ajax/libs/jqueryui/1.12.1/jquery-ui.min.js"></script>
136			<script src="<?php auto_ver('core/js/jQAllRangeSliders-withRuler.min.js'); ?>"></script>
137			<script src="<?php auto_ver('core/js/pokemon.maps.js'); ?>"></script>
138			<script>
139			var pokemon_id = <?= $pokemon_id; ?>;
140			</script>
141			<script src="https://maps.googleapis.com/maps/api/js?key=<?= $config->system->GMaps_Key; ?>&libraries=visualization&callback=initMap&v=3"></script>
142
143			<?php
144			break;
145
146			case 'pokestops':
147			?>
148
149			<script src="<?php auto_ver('core/js/pokestops.maps.js'); ?>"></script>
150			<script src="https://maps.googleapis.com/maps/api/js?key=<?= $config->system->GMaps_Key; ?>&libraries=visualization&callback=initMap&v=3"></script>
151
152			<?php
153			break;
154
155			case 'gym':
156			?>
157
158			<script src="<?php auto_ver('core/js/gym.script.js'); ?>"></script>
159			<script>
160			updateCounter(<?= $teams->valor->gym_owned; ?>,'.gym-valor-js');
161			updateCounter(<?= $teams->valor->average; ?>,'.average-valor-js');
162
163			updateCounter(<?= $teams->instinct->gym_owned; ?>,'.gym-instinct-js');
164			updateCounter(<?= $teams->instinct->average; ?>,'.average-instinct-js');
165
166			updateCounter(<?= $teams->mystic->gym_owned; ?>,'.gym-mystic-js');
167			updateCounter(<?= $teams->mystic->average; ?>,'.average-mystic-js');
168			</script>
169
170			<script src="<?php auto_ver('core/js/gym.maps.js'); ?>"></script>
171			<script src="https://maps.googleapis.com/maps/api/js?key=<?= $config->system->GMaps_Key; ?>&libraries=visualization&callback=initMap&v=3"></script>
172
173			<?php
174			break;
175
176			case 'pokedex':
177			?>
178
179			<script src="core/js/holmes.min.js"></script>
180			<script>
181			// holmes setup
182			var h = new holmes({
183			input: '.search input',
184			find: '.results .pokemon-single',
185			placeholder: '<h3>— No results, my dear Ash. —</h3>',
186			class: {
187			visible: 'visible',
188			hidden: 'hidden'
189			}
190			});
191			</script>
192
193			<?php
194			break;
195
196			case 'dashboard':
197			?>
198
199			<script src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.5.0/Chart.min.js"></script>
200			<script src="core/js/dashboard.graph.js.php"></script>
201
202			<?php
203			break;
204
205			case 'trainer':
206			?>
207
208			<script src="<?php auto_ver('core/js/trainer.content.js'); ?>"></script>
209			<script src="https://cdnjs.cloudflare.com/ajax/libs/Chart.js/2.5.0/Chart.min.js"></script>
210			<script src="core/js/trainer.graph.js.php"></script>
211
212			<?php
213			break;
214
215			case 'nests':
216			?>
217
218			<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery.countdown/2.2.0/jquery.countdown.min.js"></script>
219			<script src="core/js/nests.maps.js.php"></script>
220			<script src="https://maps.googleapis.com/maps/api/js?key=<?= $config->system->GMaps_Key; ?>&libraries=visualization,geometry&callback=initMap&v=3"></script>
221
222			<?php
223			break;
224
225			case 'raids':
226			?>
227
228			<script src="https://cdnjs.cloudflare.com/ajax/libs/jquery.countdown/2.2.0/jquery.countdown.min.js"></script>
229			<script src="<?php auto_ver('core/js/raids.content.js'); ?>"></script>
230
231			<?php
232			break;
233
234			case 'gymhistory':
235			?>
236
237			<script src="<?php auto_ver('core/js/gymhistory.content.js'); ?>"></script>
238
239			<?php
240			break;
241			}
242			}
243			?>
244
245			</body>
246			</html>
247

brusselopole / Worldopole

Issues (310)

Security Analysis no vulnerabilities found

index.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like