Issues in Hash.php (master) - Issues in master - bytic/form - Measure and Improve Code Quality continuously with Scrutinizer

Issues (138)

src/Elements/Hash.php (1 issue)

Labels

Bug 1

Severity

Minor 1

<?php

class Nip_Form_Element_Hash extends Nip_Form_Element_Hidden
{
    protected $_ID;

    public function init()
    {
        parent::init();
        $this->initSession();
    }

    public function initSession()
    {
        $name = $this->getSessionName();
        if (!$_SESSION[$name]) {
            $this->reset();
        }

        $this->setValue($this->getSessionValue());
    }

    public function reset()
    {
        $name = $this->getSessionName();
        $hash = $this->_generateHash();
        $_SESSION[$name] = $hash;
        $this->setValue($hash);
    }

    public function validate()
    {
        if (!$this->getValue()) {
            $this->addError('Request received without security hash');
        } elseif ($this->getValue() != $this->getSessionValue()) {
            $this->addError('Form security hash different from server');
        }
    }

    public function getSessionName()
    {
        return $this->getForm()->getName() . '_' . $this->getSalt();
    }

    public function getSessionValue()
    {
        $name = $this->getSessionName();

        return $_SESSION[$name];
    }

    public function getSalt()
    {
        return sha1(__CLASS__);
    }

    protected function _generateHash()
    {
        return md5(
            mt_rand(1, 1000000)
            . $this->getSalt()
            . $this->getName()
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
if ($a->getObject()) {
            . session_id()
            . mt_rand(1, 1000000)
        );
    }
}


1			<?php
2
3			class Nip_Form_Element_Hash extends Nip_Form_Element_Hidden
4			{
5			protected $_ID;
6
7			public function init()
8			{
9			parent::init();
10			$this->initSession();
11			}
12
13			public function initSession()
14			{
15			$name = $this->getSessionName();
16			if (!$_SESSION[$name]) {
17			$this->reset();
18			}
19
20			$this->setValue($this->getSessionValue());
21			}
22
23			public function reset()
24			{
25			$name = $this->getSessionName();
26			$hash = $this->_generateHash();
27			$_SESSION[$name] = $hash;
28			$this->setValue($hash);
29			}
30
31			public function validate()
32			{
33			if (!$this->getValue()) {
34			$this->addError('Request received without security hash');
35			} elseif ($this->getValue() != $this->getSessionValue()) {
36			$this->addError('Form security hash different from server');
37			}
38			}
39
40			public function getSessionName()
41			{
42			return $this->getForm()->getName() . '_' . $this->getSalt();
43			}
44
45			public function getSessionValue()
46			{
47			$name = $this->getSessionName();
48
49			return $_SESSION[$name];
50			}
51
52			public function getSalt()
53			{
54			return sha1(__CLASS__);
55			}
56
57			protected function _generateHash()
58			{
59			return md5(
60			mt_rand(1, 1000000)
61			. $this->getSalt()
62			. $this->getName()
			0 ignored issues – show Bug introduced 2019-02-18 13:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the usage of `$this->getName()` targeting `Nip\Form\Elements\AbstractElement::getName()` seems to always return null. This check looks for function or method calls that always return null and whose return value is used. class A { function getObject() { return null; } } $a = new A(); if ($a->getObject()) { The method `getObject()` can return nothing but null, so it makes no sense to use the return value. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
63			. session_id()
64			. mt_rand(1, 1000000)
65			);
66			}
67			}
68

bytic / form

Issues (138)

src/Elements/Hash.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like