Issues in redir.php - Fixed Issues - Inspection of "Fix two XSS vulns" - enwikipedia-acc/waca - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — newinternal ( 65a0f5...5b021c )

by Simon

created 2020-04-26 13:09 UTC

redir.php (1 issue)

Labels

Coding Style 1

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/******************************************************************************
 * Wikipedia Account Creation Assistance tool                                 *
 *                                                                            *
 * All code in this file is released into the public domain by the ACC        *
 * Development Team. Please see team.json for a list of contributors.         *
 ******************************************************************************/

$toolList = array(
    'tparis-pcount'      => '//tools.wmflabs.org/supercount/index.php?user=%DATA%&project=en.wikipedia',
    'luxo-contributions' => '//tools.wmflabs.org/quentinv57-tools/tools/globalcontribs.php?username=%DATA%',
    'guc'                => '//tools.wmflabs.org/guc/?user=%DATA%',
    'oq-whois'           => 'https://whois.domaintools.com/%DATA%',
    'sulutil'            => '//tools.wmflabs.org/quentinv57-tools/tools/sulinfo.php?showinactivity=1&showblocks=1&username=%DATA%',

    'google'             => 'https://www.google.com/search?q=%DATA%',
    'domain'             => 'http://%DATA%/',
);

if (!isset($_GET['tool'])
    || !isset($toolList[$_GET['tool']])
    || !isset($_GET['data'])
) {
    header("HTTP/1.1 403 Forbidden");

    return;
}

if (isset($_GET['round2'])) {
    $data = $_GET['data'];
    $tool = $_GET['tool'];

    if ($tool === 'domain') {
        // quick security check - if you want to exploit something, you better be sure your exploit resolves via dns.
        // this is not intended to catch everything, just as a quick sanity check.
        if (gethostbyname($data) == $data) {
            echo 'Error resolving hostname, it doesn\'t look like this domain exists.';
            die();
        }
    }
    else {
        $data = htmlentities($data, ENT_COMPAT, 'UTF-8');
    }

    echo '<script>window.location.href="' . str_replace("%DATA%", $data, $toolList[$tool]) . '"</script>';
}
else {
    header("Location: " . $_SERVER["REQUEST_URI"] . "&round2=true");
}


1			<?php
2			/******************************************************************************
3			* Wikipedia Account Creation Assistance tool *
4			* *
5			* All code in this file is released into the public domain by the ACC *
6			* Development Team. Please see team.json for a list of contributors. *
7			******************************************************************************/
8
9			$toolList = array(
10			'tparis-pcount' => '//tools.wmflabs.org/supercount/index.php?user=%DATA%&project=en.wikipedia',
11			'luxo-contributions' => '//tools.wmflabs.org/quentinv57-tools/tools/globalcontribs.php?username=%DATA%',
12			'guc' => '//tools.wmflabs.org/guc/?user=%DATA%',
13			'oq-whois' => 'https://whois.domaintools.com/%DATA%',
14			'sulutil' => '//tools.wmflabs.org/quentinv57-tools/tools/sulinfo.php?showinactivity=1&showblocks=1&username=%DATA%',
			0 ignored issues – show Coding Style introduced 2016-04-09 00:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this This line exceeds maximum limit of 120 characters; contains 131 characters Overly long lines are hard to read on any screen. Most code styles therefor impose a maximum limit on the number of characters in a line. Loading history...
15			'google' => 'https://www.google.com/search?q=%DATA%',
16			'domain' => 'http://%DATA%/',
17			);
18
19			if (!isset($_GET['tool'])
20			\|\| !isset($toolList[$_GET['tool']])
21			\|\| !isset($_GET['data'])
22			) {
23			header("HTTP/1.1 403 Forbidden");
24
25			return;
26			}
27
28			if (isset($_GET['round2'])) {
29			$data = $_GET['data'];
30			$tool = $_GET['tool'];
31
32			if ($tool === 'domain') {
33			// quick security check - if you want to exploit something, you better be sure your exploit resolves via dns.
34			// this is not intended to catch everything, just as a quick sanity check.
35			if (gethostbyname($data) == $data) {
36			echo 'Error resolving hostname, it doesn\'t look like this domain exists.';
37			die();
38			}
39			}
40			else {
41			$data = htmlentities($data, ENT_COMPAT, 'UTF-8');
42			}
43
44			echo '<script>window.location.href="' . str_replace("%DATA%", $data, $toolList[$tool]) . '"</script>';
45			}
46			else {
47			header("Location: " . $_SERVER["REQUEST_URI"] . "&round2=true");
48			}
49

enwikipedia-acc / waca

Push — newinternal ( 65a0f5...5b021c )

redir.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like