Issues in condition.php (master) - Issues in master - danielneis/moodle-availability_paypal - Measure and Improve Code Quality continuously with Scrutinizer

Issues (8)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

classes/condition.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
// This file is part of Moodle - http://moodle.org/
//
// Moodle is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// Moodle is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with Moodle.  If not, see <http://www.gnu.org/licenses/>.

/**
 * PayPayl condition.
 *
 * @package availability_paypal
 * @copyright 2015 Daniel Neis Araujo <[email protected]>
 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */

namespace availability_paypal;

defined('MOODLE_INTERNAL') || die();

/**
 * PayPal condition.
 *
 * @package availability_paypal
 * @copyright 2014 The Open University
 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
 */
class condition extends \core_availability\condition {

    /**
     * Constructor.
     *
     * @param \stdClass $structure Data structure from JSON decode
     * @throws \coding_exception If invalid data structure.
     */
    public function __construct($structure) {
        if (isset($structure->businessemail)) {
            $this->businessemail = $structure->businessemail;
        }
        if (isset($structure->currency)) {
            $this->currency = $structure->currency;
        }
        if (isset($structure->cost)) {
            $this->cost = $structure->cost;
        }
        if (isset($structure->itemname)) {
            $this->itemname = $structure->itemname;
        }
        if (isset($structure->itemnumber)) {
            $this->itemnumber = $structure->itemnumber;
        }
    }

    /**
     * Returns info to be saved.
     * @return stdClass
     */
    public function save() {
        $result = (object)array('type' => 'paypal');
        if ($this->businessemail) {
            $result->businessemail = $this->businessemail;
        }
        if ($this->currency) {
            $result->currency = $this->currency;
        }
        if ($this->cost) {
            $result->cost = $this->cost;
        }
        if ($this->itemname) {
            $result->itemname = $this->itemname;
        }
        if ($this->itemnumber) {
            $result->itemnumber = $this->itemnumber;
        }
        return $result;
    }

    /**
     * Returns a JSON object which corresponds to a condition of this type.
     *
     * Intended for unit testing, as normally the JSON values are constructed
     * by JavaScript code.
     *
     * @param string $businessemail The email of paypal to be credited
     * @param string $currency      The currency to charge the user
     * @param string $cost          The cost to charge the user
     * @return stdClass Object representing condition
     */
    public static function get_json($businessemail, $currency, $cost) {
        return (object)array('type' => 'paypal', 'businessemail' => $businessemail, 'currency' => $currency, 'cost' => $cost);
    }

    /**
     * Returns true if the user can access the context, false otherwise
     *
     * @param bool $not Set true if we are inverting the condition
     * @param info $info Item we're checking
     * @param bool $grabthelot Performance hint: if true, caches information
     *   required for all course-modules, to make the front page and similar
     *   pages work more quickly (works only for current user)
     * @param int $userid User ID to check availability for
     * @return bool True if available
     */
    public function is_available($not, \core_availability\info $info, $grabthelot, $userid) {
        global $DB;
        // Should double-check with paypal everytime ?
        $context = $info->get_context();
        $allow = $DB->record_exists('availability_paypal_tnx',
                                  array('userid' => $userid,
                                        'contextid' => $context->id,
                                        'payment_status' => 'Completed'));
        if ($not) {
            $allow = !$allow;
        }
        return $allow;
    }

    /**
     * Shows the description using the different lang strings for the standalone
     * version or the full one.
     *
     * @param bool $full Set true if this is the 'full information' view
     * @param bool $not  True if NOT is in force
     * @param \core_availability\info $info Information about the availability condition and module context
     * @return string    The string about the condition and it's status
     */
    public function get_description($full, $not, \core_availability\info $info) {
        return $this->get_either_description($not, false, $info);
    }
    /**
     * Shows the description using the different lang strings for the standalone
     * version or the full one.
     *
     * @param bool $not        True if NOT is in force
     * @param bool $standalone True to use standalone lang strings
     * @param bool $info       Information about the availability condition and module context
     * @return string          The string about the condition and it's status
     */
    protected function get_either_description($not, $standalone, $info) {
        $context = $info->get_context();

        $url = new \moodle_url('/availability/condition/paypal/view.php?contextid='.$context->id);
        if ($not) {
            return get_string('notdescription', 'availability_paypal', $url->out());
        } else {
            return get_string('eitherdescription', 'availability_paypal', $url->out());
        }
    }

    /**
     * Function used by backup restore
     *
     * @param int $restoreid
     * @param int $courseid
     * @param \base_logger $logger
     * @param string $name
     */
    public function update_after_restore($restoreid, $courseid, \base_logger $logger, $name) {
        // Update the date, if restoring with changed date.
        $dateoffset = \core_availability\info::get_restore_date_offset($restoreid);
        if ($dateoffset) {
            $this->time += $dateoffset;
            return true;
        }
        return false;
    }

    /**
     * Returns a string to debug
     * @return string
     */
    protected function get_debug_string() {
        return gmdate('Y-m-d H:i:s');
    }
}


1			<?php
2			// This file is part of Moodle - http://moodle.org/
3			//
4			// Moodle is free software: you can redistribute it and/or modify
5			// it under the terms of the GNU General Public License as published by
6			// the Free Software Foundation, either version 3 of the License, or
7			// (at your option) any later version.
8			//
9			// Moodle is distributed in the hope that it will be useful,
10			// but WITHOUT ANY WARRANTY; without even the implied warranty of
11			// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12			// GNU General Public License for more details.
13			//
14			// You should have received a copy of the GNU General Public License
15			// along with Moodle. If not, see <http://www.gnu.org/licenses/>.
16
17			/**
18			* PayPayl condition.
19			*
20			* @package availability_paypal
21			* @copyright 2015 Daniel Neis Araujo <[email protected]>
22			* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
23			*/
24
25			namespace availability_paypal;
26
27			defined('MOODLE_INTERNAL') \|\| die();
28
29			/**
30			* PayPal condition.
31			*
32			* @package availability_paypal
33			* @copyright 2014 The Open University
34			* @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
35			*/
36			class condition extends \core_availability\condition {
37
38			/**
39			* Constructor.
40			*
41			* @param \stdClass $structure Data structure from JSON decode
42			* @throws \coding_exception If invalid data structure.
43			*/
44			public function __construct($structure) {
45			if (isset($structure->businessemail)) {
46			$this->businessemail = $structure->businessemail;
47			}
48			if (isset($structure->currency)) {
49			$this->currency = $structure->currency;
50			}
51			if (isset($structure->cost)) {
52			$this->cost = $structure->cost;
53			}
54			if (isset($structure->itemname)) {
55			$this->itemname = $structure->itemname;
56			}
57			if (isset($structure->itemnumber)) {
58			$this->itemnumber = $structure->itemnumber;
59			}
60			}
61
62			/**
63			* Returns info to be saved.
64			* @return stdClass
65			*/
66			public function save() {
67			$result = (object)array('type' => 'paypal');
68			if ($this->businessemail) {
69			$result->businessemail = $this->businessemail;
70			}
71			if ($this->currency) {
72			$result->currency = $this->currency;
73			}
74			if ($this->cost) {
75			$result->cost = $this->cost;
76			}
77			if ($this->itemname) {
78			$result->itemname = $this->itemname;
79			}
80			if ($this->itemnumber) {
81			$result->itemnumber = $this->itemnumber;
82			}
83			return $result;
84			}
85
86			/**
87			* Returns a JSON object which corresponds to a condition of this type.
88			*
89			* Intended for unit testing, as normally the JSON values are constructed
90			* by JavaScript code.
91			*
92			* @param string $businessemail The email of paypal to be credited
93			* @param string $currency The currency to charge the user
94			* @param string $cost The cost to charge the user
95			* @return stdClass Object representing condition
96			*/
97			public static function get_json($businessemail, $currency, $cost) {
98			return (object)array('type' => 'paypal', 'businessemail' => $businessemail, 'currency' => $currency, 'cost' => $cost);
99			}
100
101			/**
102			* Returns true if the user can access the context, false otherwise
103			*
104			* @param bool $not Set true if we are inverting the condition
105			* @param info $info Item we're checking
106			* @param bool $grabthelot Performance hint: if true, caches information
107			* required for all course-modules, to make the front page and similar
108			* pages work more quickly (works only for current user)
109			* @param int $userid User ID to check availability for
110			* @return bool True if available
111			*/
112			public function is_available($not, \core_availability\info $info, $grabthelot, $userid) {
113			global $DB;
114			// Should double-check with paypal everytime ?
115			$context = $info->get_context();
116			$allow = $DB->record_exists('availability_paypal_tnx',
117			array('userid' => $userid,
118			'contextid' => $context->id,
119			'payment_status' => 'Completed'));
120			if ($not) {
121			$allow = !$allow;
122			}
123			return $allow;
124			}
125
126			/**
127			* Shows the description using the different lang strings for the standalone
128			* version or the full one.
129			*
130			* @param bool $full Set true if this is the 'full information' view
131			* @param bool $not True if NOT is in force
132			* @param \core_availability\info $info Information about the availability condition and module context
133			* @return string The string about the condition and it's status
134			*/
135			public function get_description($full, $not, \core_availability\info $info) {
136			return $this->get_either_description($not, false, $info);
137			}
138			/**
139			* Shows the description using the different lang strings for the standalone
140			* version or the full one.
141			*
142			* @param bool $not True if NOT is in force
143			* @param bool $standalone True to use standalone lang strings
144			* @param bool $info Information about the availability condition and module context
145			* @return string The string about the condition and it's status
146			*/
147			protected function get_either_description($not, $standalone, $info) {
148			$context = $info->get_context();
			0 ignored issues – show Bug introduced 2016-03-14 20:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `get_context` cannot be called on `$info` (of type `boolean`). Methods can only be called on objects. This check looks for methods being called on variables that have been inferred to never be objects. Loading history...
149			$url = new \moodle_url('/availability/condition/paypal/view.php?contextid='.$context->id);
150			if ($not) {
151			return get_string('notdescription', 'availability_paypal', $url->out());
152			} else {
153			return get_string('eitherdescription', 'availability_paypal', $url->out());
154			}
155			}
156
157			/**
158			* Function used by backup restore
159			*
160			* @param int $restoreid
161			* @param int $courseid
162			* @param \base_logger $logger
163			* @param string $name
164			*/
165			public function update_after_restore($restoreid, $courseid, \base_logger $logger, $name) {
166			// Update the date, if restoring with changed date.
167			$dateoffset = \core_availability\info::get_restore_date_offset($restoreid);
168			if ($dateoffset) {
169			$this->time += $dateoffset;
170			return true;
171			}
172			return false;
173			}
174
175			/**
176			* Returns a string to debug
177			* @return string
178			*/
179			protected function get_debug_string() {
180			return gmdate('Y-m-d H:i:s');
181			}
182			}
183

GitHub Access Token became invalid

Issues (8)

Security Analysis not enabled

classes/condition.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

danielneis / moodle-availability_paypal

GitHub Access Token became invalid

Issues (8)

Security Analysis not enabled

classes/condition.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like