Issues in index.php - All Issues - Inspection of "Merge security" - elkarte/Elkarte - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — patch_1-0-10 (#2913)

by Emanuele

created 2017-04-22 20:35 UTC

index.php (10 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * This, as you have probably guessed, is the crux for all functions.
 * Everything should start here, so all the setup and security is done
 * properly.
 *
 * @name      ElkArte Forum
 * @copyright ElkArte Forum contributors
 * @license   BSD http://opensource.org/licenses/BSD-3-Clause
 *
 * This software is a derived product, based on:
 *
 * Simple Machines Forum (SMF)
 * copyright:	2011 Simple Machines (http://www.simplemachines.org)
 * license:		BSD, See included LICENSE.TXT for terms and conditions.
 *
 * @version 1.0.10
 *
 */

$forum_version = 'ElkArte 1.0.10';
define('FORUM_VERSION', $forum_version);

// First things first, but not necessarily in that order.
define('ELK', 1);

// Shortcut for the browser cache stale
define('CACHE_STALE', '?1010');

if (function_exists('set_magic_quotes_runtime'))
	@set_magic_quotes_runtime(0);

error_reporting(E_ALL | E_STRICT);
$time_start = microtime(true);

// Turn on output buffering.
ob_start();

// We don't need no globals.
foreach (array('db_character_set', 'cachedir') as $variable)
	if (isset($GLOBALS[$variable]))
		unset($GLOBALS[$variable], $GLOBALS[$variable]);

// Ready to load the site settings.
require_once(dirname(__FILE__) . '/Settings.php');

// Directional only script time usage for display
if (!empty($db_show_debug) && function_exists('getrusage'))
	$rusage_start = getrusage();

// Make sure the paths are correct... at least try to fix them.
if (!file_exists($boarddir) && file_exists(dirname(__FILE__) . '/agreement.txt'))
	$boarddir = dirname(__FILE__);
if (!file_exists($sourcedir . '/SiteDispatcher.class.php') && file_exists($boarddir . '/sources'))
	$sourcedir = $boarddir . '/sources';

// Check that directories which didn't exist in past releases are initialized.
if ((empty($cachedir) || !file_exists($cachedir)) && file_exists($boarddir . '/cache'))
	$cachedir = $boarddir . '/cache';
if ((empty($extdir) || !file_exists($extdir)) && file_exists($sourcedir . '/ext'))
	$extdir = $sourcedir . '/ext';
if ((empty($languagedir) || !file_exists($languagedir)) && file_exists($boarddir . '/themes/default/languages'))
	$languagedir = $boarddir . '/themes/default/languages';

// Time to forget about variables and go with constants!
DEFINE('BOARDDIR', $boarddir);

DEFINE('CACHEDIR', $cachedir);

DEFINE('EXTDIR', $extdir);

DEFINE('LANGUAGEDIR', $languagedir);

DEFINE('SOURCEDIR', $sourcedir);

DEFINE('ADMINDIR', $sourcedir . '/admin');

DEFINE('CONTROLLERDIR', $sourcedir . '/controllers');

DEFINE('SUBSDIR', $sourcedir . '/subs');

unset($boarddir, $cachedir, $sourcedir, $languagedir, $extdir);

// Files we cannot live without.
require_once(SOURCEDIR . '/QueryString.php');
require_once(SOURCEDIR . '/Session.php');
require_once(SOURCEDIR . '/Subs.php');
require_once(SOURCEDIR . '/Errors.php');
require_once(SOURCEDIR . '/Logging.php');
require_once(SOURCEDIR . '/Load.php');
require_once(SUBSDIR . '/Cache.subs.php');
require_once(SOURCEDIR . '/Security.php');
require_once(SOURCEDIR . '/BrowserDetector.class.php');
require_once(SOURCEDIR . '/ErrorContext.class.php');
require_once(SUBSDIR . '/Util.class.php');
require_once(SUBSDIR . '/TemplateLayers.class.php');
require_once(SOURCEDIR . '/Action.controller.php');

// Forum in extended maintenance mode? Our trip ends here with a bland message.
if (!empty($maintenance) && $maintenance == 2)
	display_maintenance_message();

// Clean the request.
cleanRequest();

// Initiate the database connection and define some database functions to use.
loadDatabase();

// It's time for settings loaded from the database.
reloadSettings();

// Our good ole' contextual array, which will hold everything
$context = array();

// Seed the random generator.
elk_seed_generator();

// Before we get carried away, are we doing a scheduled task? If so save CPU cycles by jumping out!
if (isset($_GET['scheduled']))
{
	require_once(CONTROLLERDIR . '/ScheduledTasks.controller.php');
	$controller = new ScheduledTasks_Controller();
	$controller->action_autotask();
}

// Check if compressed output is enabled, supported, and not already being done.
if (!empty($modSettings['enableCompressedOutput']) && !headers_sent())
{
	// If zlib is being used, turn off output compression.
	if (ini_get('zlib.output_compression') >= 1 || ini_get('output_handler') == 'ob_gzhandler')
		$modSettings['enableCompressedOutput'] = 0;
	else
	{
		@ob_end_clean();
		ob_start('ob_gzhandler');
	}
}

// Register an error handler.
set_error_handler('error_handler');

// Start the session. (assuming it hasn't already been.)
loadSession();

// Restore post data if we are revalidating OpenID.
if (isset($_GET['openid_restore_post']) && !empty($_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]['post']) && empty($_POST))
{
	$_POST = $_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]['post'];
	unset($_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]);
}

// Pre-dispatch
elk_main();

// Call obExit specially; we're coming from the main area ;).
obExit(null, null, true);

/**
 * The main dispatcher.
 * This delegates to each area.
 */
function elk_main()
{
	global $modSettings, $user_info, $topic, $board_info, $context;

	// Special case: session keep-alive, output a transparent pixel.
	if (isset($_GET['action']) && $_GET['action'] == 'keepalive')
	{
		header('Content-Type: image/gif');
		die("\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B");

	}

	// We should set our security headers now.
	frameOptionsHeader();
	securityOptionsHeader();

	// Load the user's cookie (or set as guest) and load their settings.
	loadUserSettings();

	// Load the current board's information.
	loadBoard();

	// Load the current user's permissions.
	loadPermissions();

	// Load BadBehavior before we go much further
	loadBadBehavior();

	// Attachments don't require the entire theme to be loaded.
	if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'dlattach' && (!empty($modSettings['allow_guestAccess']) && $user_info['is_guest']))
		detectBrowser();
	// Load the current theme.  (note that ?theme=1 will also work, may be used for guest theming.)
	else
		loadTheme();

	// Check if the user should be disallowed access.
	is_not_banned();

	// If we are in a topic and don't have permission to approve it then duck out now.
	if (!empty($topic) && empty($board_info['cur_topic_approved']) && !allowedTo('approve_posts') && ($user_info['id'] != $board_info['cur_topic_starter'] || $user_info['is_guest']))
		fatal_lang_error('not_a_topic', false);

	$no_stat_actions = array('dlattach', 'findmember', 'jsoption', 'requestmembers', 'jslocale', 'xmlpreview', 'suggest', '.xml', 'xmlhttp', 'verificationcode', 'viewquery', 'viewadminfile');
	call_integration_hook('integrate_pre_log_stats', array(&$no_stat_actions));

	// Do some logging, unless this is an attachment, avatar, toggle of editor buttons, theme option, XML feed etc.
	if (empty($_REQUEST['action']) || !in_array($_REQUEST['action'], $no_stat_actions))
	{
		// I see you!
		writeLog();

		// Track forum statistics and hits...?
		if (!empty($modSettings['hitStats']))
			trackStats(array('hits' => '+'));
	}
	unset($no_stat_actions);

	// What shall we do?
	require_once(SOURCEDIR . '/SiteDispatcher.class.php');
	$dispatcher = new Site_Dispatcher();

	// Show where we came from, and go
	$context['site_action'] = $dispatcher->site_action();
	$context['site_action'] = !empty($context['site_action']) ? $context['site_action'] : (isset($_REQUEST['action']) ? $_REQUEST['action'] : '');
	$dispatcher->dispatch();
}


1			<?php
2
3			/**
4			* This, as you have probably guessed, is the crux for all functions.
5			* Everything should start here, so all the setup and security is done
6			* properly.
7			*
8			* @name ElkArte Forum
9			* @copyright ElkArte Forum contributors
10			* @license BSD http://opensource.org/licenses/BSD-3-Clause
11			*
12			* This software is a derived product, based on:
13			*
14			* Simple Machines Forum (SMF)
15			* copyright: 2011 Simple Machines (http://www.simplemachines.org)
16			* license: BSD, See included LICENSE.TXT for terms and conditions.
17			*
18			* @version 1.0.10
19			*
20			*/
21
22			$forum_version = 'ElkArte 1.0.10';
23			define('FORUM_VERSION', $forum_version);
24
25			// First things first, but not necessarily in that order.
26			define('ELK', 1);
27
28			// Shortcut for the browser cache stale
29			define('CACHE_STALE', '?1010');
30
31			if (function_exists('set_magic_quotes_runtime'))
32			@set_magic_quotes_runtime(0);
			0 ignored issues – show Deprecated Code introduced 2016-02-11 23:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this Function set_magic_quotes_runtime() has been deprecated Loading history...
33			error_reporting(E_ALL \| E_STRICT);
34			$time_start = microtime(true);
35
36			// Turn on output buffering.
37			ob_start();
38
39			// We don't need no globals.
40			foreach (array('db_character_set', 'cachedir') as $variable)
41			if (isset($GLOBALS[$variable]))
42			unset($GLOBALS[$variable], $GLOBALS[$variable]);
43
44			// Ready to load the site settings.
45			require_once(dirname(__FILE__) . '/Settings.php');
46
47			// Directional only script time usage for display
48			if (!empty($db_show_debug) && function_exists('getrusage'))
49			$rusage_start = getrusage();
50
51			// Make sure the paths are correct... at least try to fix them.
52			if (!file_exists($boarddir) && file_exists(dirname(__FILE__) . '/agreement.txt'))
53			$boarddir = dirname(__FILE__);
54			if (!file_exists($sourcedir . '/SiteDispatcher.class.php') && file_exists($boarddir . '/sources'))
55			$sourcedir = $boarddir . '/sources';
56
57			// Check that directories which didn't exist in past releases are initialized.
58			if ((empty($cachedir) \|\| !file_exists($cachedir)) && file_exists($boarddir . '/cache'))
59			$cachedir = $boarddir . '/cache';
60			if ((empty($extdir) \|\| !file_exists($extdir)) && file_exists($sourcedir . '/ext'))
61			$extdir = $sourcedir . '/ext';
62			if ((empty($languagedir) \|\| !file_exists($languagedir)) && file_exists($boarddir . '/themes/default/languages'))
63			$languagedir = $boarddir . '/themes/default/languages';
64
65			// Time to forget about variables and go with constants!
66			DEFINE('BOARDDIR', $boarddir);
			0 ignored issues – show Coding Style introduced 2016-02-11 23:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this Calls to inbuilt PHP functions must be lowercase; expected "define" but found "DEFINE" Loading history...
67			DEFINE('CACHEDIR', $cachedir);
			0 ignored issues – show Coding Style introduced 2016-02-11 23:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this Calls to inbuilt PHP functions must be lowercase; expected "define" but found "DEFINE" Loading history...
68			DEFINE('EXTDIR', $extdir);
			0 ignored issues – show Coding Style introduced 2016-02-11 23:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this Calls to inbuilt PHP functions must be lowercase; expected "define" but found "DEFINE" Loading history...
69			DEFINE('LANGUAGEDIR', $languagedir);
			0 ignored issues – show Coding Style introduced 2016-02-11 23:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this Calls to inbuilt PHP functions must be lowercase; expected "define" but found "DEFINE" Loading history...
70			DEFINE('SOURCEDIR', $sourcedir);
			0 ignored issues – show Coding Style introduced 2016-02-11 23:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this Calls to inbuilt PHP functions must be lowercase; expected "define" but found "DEFINE" Loading history...
71			DEFINE('ADMINDIR', $sourcedir . '/admin');
			0 ignored issues – show Coding Style introduced 2016-02-11 23:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this Calls to inbuilt PHP functions must be lowercase; expected "define" but found "DEFINE" Loading history...
72			DEFINE('CONTROLLERDIR', $sourcedir . '/controllers');
			0 ignored issues – show Coding Style introduced 2016-02-11 23:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this Calls to inbuilt PHP functions must be lowercase; expected "define" but found "DEFINE" Loading history...
73			DEFINE('SUBSDIR', $sourcedir . '/subs');
			0 ignored issues – show Coding Style introduced 2016-02-11 23:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this Calls to inbuilt PHP functions must be lowercase; expected "define" but found "DEFINE" Loading history...
74			unset($boarddir, $cachedir, $sourcedir, $languagedir, $extdir);
75
76			// Files we cannot live without.
77			require_once(SOURCEDIR . '/QueryString.php');
78			require_once(SOURCEDIR . '/Session.php');
79			require_once(SOURCEDIR . '/Subs.php');
80			require_once(SOURCEDIR . '/Errors.php');
81			require_once(SOURCEDIR . '/Logging.php');
82			require_once(SOURCEDIR . '/Load.php');
83			require_once(SUBSDIR . '/Cache.subs.php');
84			require_once(SOURCEDIR . '/Security.php');
85			require_once(SOURCEDIR . '/BrowserDetector.class.php');
86			require_once(SOURCEDIR . '/ErrorContext.class.php');
87			require_once(SUBSDIR . '/Util.class.php');
88			require_once(SUBSDIR . '/TemplateLayers.class.php');
89			require_once(SOURCEDIR . '/Action.controller.php');
90
91			// Forum in extended maintenance mode? Our trip ends here with a bland message.
92			if (!empty($maintenance) && $maintenance == 2)
93			display_maintenance_message();
94
95			// Clean the request.
96			cleanRequest();
97
98			// Initiate the database connection and define some database functions to use.
99			loadDatabase();
100
101			// It's time for settings loaded from the database.
102			reloadSettings();
103
104			// Our good ole' contextual array, which will hold everything
105			$context = array();
106
107			// Seed the random generator.
108			elk_seed_generator();
109
110			// Before we get carried away, are we doing a scheduled task? If so save CPU cycles by jumping out!
111			if (isset($_GET['scheduled']))
112			{
113			require_once(CONTROLLERDIR . '/ScheduledTasks.controller.php');
114			$controller = new ScheduledTasks_Controller();
115			$controller->action_autotask();
116			}
117
118			// Check if compressed output is enabled, supported, and not already being done.
119			if (!empty($modSettings['enableCompressedOutput']) && !headers_sent())
120			{
121			// If zlib is being used, turn off output compression.
122			if (ini_get('zlib.output_compression') >= 1 \|\| ini_get('output_handler') == 'ob_gzhandler')
123			$modSettings['enableCompressedOutput'] = 0;
124			else
125			{
126			@ob_end_clean();
127			ob_start('ob_gzhandler');
128			}
129			}
130
131			// Register an error handler.
132			set_error_handler('error_handler');
133
134			// Start the session. (assuming it hasn't already been.)
135			loadSession();
136
137			// Restore post data if we are revalidating OpenID.
138			if (isset($_GET['openid_restore_post']) && !empty($_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]['post']) && empty($_POST))
139			{
140			$_POST = $_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]['post'];
141			unset($_SESSION['openid']['saved_data'][$_GET['openid_restore_post']]);
142			}
143
144			// Pre-dispatch
145			elk_main();
146
147			// Call obExit specially; we're coming from the main area ;).
148			obExit(null, null, true);
149
150			/**
151			* The main dispatcher.
152			* This delegates to each area.
153			*/
154			function elk_main()
155			{
156			global $modSettings, $user_info, $topic, $board_info, $context;
157
158			// Special case: session keep-alive, output a transparent pixel.
159			if (isset($_GET['action']) && $_GET['action'] == 'keepalive')
160			{
161			header('Content-Type: image/gif');
162			die("\x47\x49\x46\x38\x39\x61\x01\x00\x01\x00\x80\x00\x00\x00\x00\x00\x00\x00\x00\x21\xF9\x04\x01\x00\x00\x00\x00\x2C\x00\x00\x00\x00\x01\x00\x01\x00\x00\x02\x02\x44\x01\x00\x3B");
			0 ignored issues – show Coding Style Compatibility introduced 2017-04-16 19:52 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function elk_main() contains an exit expression. An exit expression should only be used in rare cases. For example, if you write a short command line script. In most cases however, using an `exit` expression makes the code untestable and often causes incompatibilities with other libraries. Thus, unless you are absolutely sure it is required here, we recommend to refactor your code to avoid its usage. Loading history...
163			}
164
165			// We should set our security headers now.
166			frameOptionsHeader();
167			securityOptionsHeader();
168
169			// Load the user's cookie (or set as guest) and load their settings.
170			loadUserSettings();
171
172			// Load the current board's information.
173			loadBoard();
174
175			// Load the current user's permissions.
176			loadPermissions();
177
178			// Load BadBehavior before we go much further
179			loadBadBehavior();
180
181			// Attachments don't require the entire theme to be loaded.
182			if (isset($_REQUEST['action']) && $_REQUEST['action'] == 'dlattach' && (!empty($modSettings['allow_guestAccess']) && $user_info['is_guest']))
183			detectBrowser();
184			// Load the current theme. (note that ?theme=1 will also work, may be used for guest theming.)
185			else
186			loadTheme();
187
188			// Check if the user should be disallowed access.
189			is_not_banned();
190
191			// If we are in a topic and don't have permission to approve it then duck out now.
192			if (!empty($topic) && empty($board_info['cur_topic_approved']) && !allowedTo('approve_posts') && ($user_info['id'] != $board_info['cur_topic_starter'] \|\| $user_info['is_guest']))
193			fatal_lang_error('not_a_topic', false);
194
195			$no_stat_actions = array('dlattach', 'findmember', 'jsoption', 'requestmembers', 'jslocale', 'xmlpreview', 'suggest', '.xml', 'xmlhttp', 'verificationcode', 'viewquery', 'viewadminfile');
196			call_integration_hook('integrate_pre_log_stats', array(&$no_stat_actions));
197
198			// Do some logging, unless this is an attachment, avatar, toggle of editor buttons, theme option, XML feed etc.
199			if (empty($_REQUEST['action']) \|\| !in_array($_REQUEST['action'], $no_stat_actions))
200			{
201			// I see you!
202			writeLog();
203
204			// Track forum statistics and hits...?
205			if (!empty($modSettings['hitStats']))
206			trackStats(array('hits' => '+'));
207			}
208			unset($no_stat_actions);
209
210			// What shall we do?
211			require_once(SOURCEDIR . '/SiteDispatcher.class.php');
212			$dispatcher = new Site_Dispatcher();
213
214			// Show where we came from, and go
215			$context['site_action'] = $dispatcher->site_action();
216			$context['site_action'] = !empty($context['site_action']) ? $context['site_action'] : (isset($_REQUEST['action']) ? $_REQUEST['action'] : '');
217			$dispatcher->dispatch();
218			}
219

elkarte / Elkarte

Pull Request — patch_1-0-10 (#2913)

index.php (10 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like