Issues in QueryString.php (development) - Issues in development - elkarte/Elkarte - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1697)

sources/QueryString.php (1 issue)

Labels

Severity

Major 1

<?php

/**
 * This file does a lot of important stuff.  Mainly, this means it handles
 * the query string, request variables, and session management.
 *
 * @package   ElkArte Forum
 * @copyright ElkArte Forum contributors
 * @license   BSD http://opensource.org/licenses/BSD-3-Clause (see accompanying LICENSE.txt file)
 *
 * This file contains code covered by:
 * copyright: 2011 Simple Machines (http://www.simplemachines.org)
 *
 * @version 2.0 dev
 *
 */

use ElkArte\Request;
use Elkarte\User;

/**
 * Clean the request variables - add html entities to GET.
 *
 * What it does:
 *
 * - Uses Request to determine as best it can client IPs for the current request.
 * - Uses Request cleanRequest() to:
 *   - Clean the request variables (ENV, GET, POST, COOKIE, SERVER)
 *   - Makes sure the query string was parsed correctly.
 *   - Handles the URLs passed by the queryless URLs option.
 *   - Makes sure, regardless of php.ini, everything has slashes.
 * - Uses Request parseRequest() to clean and set up variables like $board or $_REQUEST'start'].
 */
function cleanRequest()
{
	// Make sure REMOTE_ADDR, other IPs, and the like are parsed
	$req = Request::instance();

	$parser = initUrlGenerator()->getParser();

	// Make sure there are no problems with the request
	$req->cleanRequest($parser);

	// Parse the $_REQUEST and make sure things like board, topic don't have weird stuff
	$req->parseRequest();
}

/**
 * Escapes (replaces) characters in strings to make them safe for use in javascript
 *
 * @param string $string The string to escape
 *
 * @return string The escaped string
 */
function JavaScriptEscape($string)
{
	global $scripturl;

	return '\'' . strtr($string, [
			"\r" => '',
			"\n" => '\\n',
			"\t" => '\\t',
			'\\' => '\\\\',
			'\'' => '\\\'',
			'</' => '<\' + \'/',
			'<script' => '<scri\'+\'pt',
			'<body>' => '<bo\'+\'dy>',
			'<a href' => '<a hr\'+\'ef',
			$scripturl => '\' + elk_scripturl + \'',
		]) . '\'';
}

/**
 * Rewrite URLs to include the session ID.
 *
 * What it does:
 *
 * - Rewrites the URLs outputted to have the session ID, if the user
 *   is not accepting cookies and is using a standard web browser.
 * - Handles rewriting URLs for the queryless URLs option.
 * - Can be turned off entirely by setting $scripturl to an empty
 *   string, ''. (it would not work well like that anyway.)
 *
 * @param string $buffer The unmodified output buffer
 *
 * @return string The modified output buffer
 */
function ob_sessrewrite($buffer)
{
	global $scripturl;

	// If $scripturl is set to nothing, or the SID is not defined (SSI?) just quit.
	if ($scripturl === '' || !defined('SID'))
	{
		return $buffer;
	}

	// Do nothing if the session is cookied, or they are a crawler - guests are caught by redirectexit().
	if (empty($_COOKIE) && SID !== '' && empty(User::$info->possibly_robot))

	{
		$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', '"' . $scripturl . '?' . SID . '&amp;', $buffer);
	}

	// Debugging templates, are we?
	elseif (isset($_GET['debug']))
	{
		$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '\\??/', '"' . $scripturl . '?debug;', $buffer);
	}

	// Return the changed buffer.
	return $buffer;
}


1		<?php
2
3		/**
4		* This file does a lot of important stuff. Mainly, this means it handles
5		* the query string, request variables, and session management.
6		*
7		* @package ElkArte Forum
8		* @copyright ElkArte Forum contributors
9		* @license BSD http://opensource.org/licenses/BSD-3-Clause (see accompanying LICENSE.txt file)
10		*
11		* This file contains code covered by:
12		* copyright: 2011 Simple Machines (http://www.simplemachines.org)
13		*
14		* @version 2.0 dev
15		*
16		*/
17
18		use ElkArte\Request;
19		use Elkarte\User;
20
21		/**
22		* Clean the request variables - add html entities to GET.
23		*
24		* What it does:
25		*
26		* - Uses Request to determine as best it can client IPs for the current request.
27		* - Uses Request cleanRequest() to:
28		* - Clean the request variables (ENV, GET, POST, COOKIE, SERVER)
29		* - Makes sure the query string was parsed correctly.
30		* - Handles the URLs passed by the queryless URLs option.
31		* - Makes sure, regardless of php.ini, everything has slashes.
32		* - Uses Request parseRequest() to clean and set up variables like $board or $_REQUEST'start'].
33		*/
34		function cleanRequest()
35		{
36		// Make sure REMOTE_ADDR, other IPs, and the like are parsed
37	1	$req = Request::instance();
38
39	1	$parser = initUrlGenerator()->getParser();
40
41		// Make sure there are no problems with the request
42	1	$req->cleanRequest($parser);
43
44		// Parse the $_REQUEST and make sure things like board, topic don't have weird stuff
45	1	$req->parseRequest();
46	1	}
47
48		/**
49		* Escapes (replaces) characters in strings to make them safe for use in javascript
50		*
51		* @param string $string The string to escape
52		*
53		* @return string The escaped string
54		*/
55		function JavaScriptEscape($string)
56		{
57	231	global $scripturl;
58
59	231	return '\'' . strtr($string, [
60	231	"\r" => '',
61	231	"\n" => '\\n',
62	231	"\t" => '\\t',
63	231	'\\' => '\\\\',
64	231	'\'' => '\\\'',
65	231	'</' => '<\' + \'/',
66	231	'<script' => '<scri\'+\'pt',
67	231	'<body>' => '<bo\'+\'dy>',
68	231	'<a href' => '<a hr\'+\'ef',
69	231	$scripturl => '\' + elk_scripturl + \'',
70	231	]) . '\'';
71		}
72
73		/**
74		* Rewrite URLs to include the session ID.
75		*
76		* What it does:
77		*
78		* - Rewrites the URLs outputted to have the session ID, if the user
79		* is not accepting cookies and is using a standard web browser.
80		* - Handles rewriting URLs for the queryless URLs option.
81		* - Can be turned off entirely by setting $scripturl to an empty
82		* string, ''. (it would not work well like that anyway.)
83		*
84		* @param string $buffer The unmodified output buffer
85		*
86		* @return string The modified output buffer
87		*/
88		function ob_sessrewrite($buffer)
89		{
90		global $scripturl;
91
92		// If $scripturl is set to nothing, or the SID is not defined (SSI?) just quit.
93		if ($scripturl === '' \|\| !defined('SID'))
94		{
95		return $buffer;
96		}
97
98		// Do nothing if the session is cookied, or they are a crawler - guests are caught by redirectexit().
99		if (empty($_COOKIE) && SID !== '' && empty(User::$info->possibly_robot))
		0 ignored issues – show Bug Best Practice introduced 2024-03-01 00:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `possibly_robot` does not exist on `ElkArte\Helper\ValuesContainer`. Since you implemented `__get`, consider adding a @property annotation. Loading history...
100		{
101		$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '(?!\?' . preg_quote(SID, '/') . ')\\??/', '"' . $scripturl . '?' . SID . '&', $buffer);
102		}
103
104		// Debugging templates, are we?
105		elseif (isset($_GET['debug']))
106		{
107		$buffer = preg_replace('/(?<!<link rel="canonical" href=)"' . preg_quote($scripturl, '/') . '\\??/', '"' . $scripturl . '?debug;', $buffer);
108		}
109
110		// Return the changed buffer.
111		return $buffer;
112		}
113

elkarte / Elkarte

Issues (1697)

sources/QueryString.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like