Issues in upload.php (master) - Issues in master - florinp/phpbb-messenger - Measure and Improve Code Quality continuously with Scrutinizer

Issues (43)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

libs/upload.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace florinp\messenger\libs;

use finfo;
use Exception;

/**
 * Simple PHP upload class
 *
 * @author Aivis Silins
 */
class upload
{

	/**
	 * Default directory persmissions (destination dir)
	 */
	protected $default_permissions = 750;


	/**
	 * File post array
	 *
	 * @var array
	 */
	protected $files_post = array();


	/**
	 * Destination directory
	 *
	 * @var string
	 */
	protected $destination;


	/**
	 * Fileinfo
	 *
	 * @var object
	 */
	protected $finfo;


	/**
	 * Data about file
	 *
	 * @var array
	 */
	public $file = array();


	/**
	 * Max. file size
	 *
	 * @var int
	 */
	protected $max_file_size;


	/**
	 * Allowed mime types
	 *
	 * @var array
	 */
	protected $mimes = array();


	/**
	 * External callback object
	 *
	 * @var obejct
	 */
	protected $external_callback_object;


	/**
	 * External callback methods
	 *
	 * @var array
	 */
	protected $external_callback_methods = array();


	/**
	 * Temp path
	 *
	 * @var string
	 */
	protected $tmp_name;


	/**
	 * Validation errors
	 *
	 * @var array
	 */
	protected $validation_errors = array();


	/**
	 * Filename (new)
	 *
	 * @var string
	 */
	protected $filename;

	/**
	 * File extension
	 * @var string
	 */
	protected $extension;

	/**
	 * Internal callbacks (filesize check, mime, etc)
	 *
	 * @var array
	 */
	private $callbacks = array();

	/**
	 * Root dir
	 *
	 * @var string
	 */
	protected $root;

	/**
	 * Return upload object
	 *
	 * $destination = 'path/to/your/file/destination/folder';
	 *
	 * @param string $phpbb_root_path
	 * @return Upload
	 */
	public static function factory($phpbb_root_path)
	{
		return new Upload($phpbb_root_path);
	}

	/**
	 *  Define ROOT constant and set & create destination path
	 *
	 * @param string $phpbb_root_path
	 * @throws Exception
	 */
	public function __construct($phpbb_root_path)
	{
			$phpbb_root_path = $phpbb_root_path.'store/messenger/files';
		// set & create destination path
		if (!$this->set_destination($phpbb_root_path)) {
			throw new Exception('Upload: Can\'t create destination. '.$this->root.$this->destination);
		}

		//create finfo object
		$this->finfo = new finfo();
	}

	/**
	 * Set target filename
	 *
	 * @param string $filename
	 */
	public function set_filename($filename)
	{
		$this->filename = $filename;
	}

	/**
	 * Check & Save file
	 *
	 * Return data about current upload
	 *
	 * @return array
	 */
	public function upload($filename = '')

	{
		if ($this->check()) {
			$this->save();
		}
		// return state data
		return $this->get_state();
	}


	/**
	 * Save file on server
	 *
	 * Return state data
	 *
	 * @return array
	 */
	public function save()
	{
		$this->save_file();
		return $this->get_state();
	}


	/**
	 * Validate file (execute callbacks)
	 *
	 * Returns TRUE if validation successful
	 *
	 * @return bool
	 */
	public function check()
	{
		//execute callbacks (check filesize, mime, also external callbacks
		$this->validate();

		//add error messages
		$this->file['errors'] = $this->get_errors();

		//change file validation status
		$this->file['status'] = empty($this->validation_errors);

		return $this->file['status'];
	}

	/**
	 * Get current state data
	 *
	 * @return array
	 */
	public function get_state()
	{
		return $this->file;
	}


	/**
	 * Save file on server
	 */
	protected function save_file()
	{
		//create & set new filename
		if (empty($this->filename)) {
			$this->create_new_filename();
		}

		//set filename
		$this->file['filename'] = $this->filename;

		//set full path
		$this->file['full_path'] = $this->root.$this->destination.$this->filename;
		$this->file['path'] = $this->destination.$this->filename;

		$status = move_uploaded_file($this->tmp_name, $this->file['full_path']);

		//checks whether upload successful
		if (!$status) {
			throw new Exception('Upload: Can\'t upload file.');
		}

		//done
		$this->file['status'] = true;
	}

	/**
	 * Set data about file
	 */
	protected function set_file_data()
	{
		$file_size = $this->get_file_size();

		$this->file = array(
			'status' => false,
			'destination' => $this->destination,
			'size_in_bytes' => $file_size,
			'size_in_mb' => $this->bytes_to_mb($file_size),
			'mime' => $this->get_file_mime(),
			'original_filename' => $this->file_post['name'],

			'tmp_name' => $this->file_post['tmp_name'],

			'post_data' => $this->file_post,

		);
	}

	/**
	 * Set validation error
	 *
	 * @param string $message
	 */
	public function set_error($message)
	{
		$this->validation_errors[] = $message;
	}

	/**
	 * Return validation errors
	 *
	 * @return array
	 */
	public function get_errors()
	{
		return $this->validation_errors;
	}

	/**
	 * Set external callback methods
	 *
	 * @param object $instance_of_callback_object
	 * @param array $callback_methods
	 * @throws Exception
	 */
	public function callbacks($instance_of_callback_object, $callback_methods)
	{
		if (empty($instance_of_callback_object)) {
			throw new Exception('Upload: $instance_of_callback_object can\'t be empty.');
		}

		if (!is_array($callback_methods)) {
			throw new Exception('Upload: $callback_methods data type need to be array.');
		}

		$this->external_callback_object = $instance_of_callback_object;
		$this->external_callback_methods = $callback_methods;
	}

	/**
	 * Execute callbacks
	 */
	protected function validate()
	{
		//get curent errors
		$errors = $this->get_errors();

		if (empty($errors)) {
			//set data about current file
			$this->set_file_data();

			//execute internal callbacks
			$this->execute_callbacks($this->callbacks, $this);

			//execute external callbacks
			$this->execute_callbacks($this->external_callback_methods, $this->external_callback_object);
		}
	}

	/**
	 * Execute callbacks
	 */
	protected function execute_callbacks($callbacks, $object)
	{
		foreach ($callbacks as $method) {
			$object->$method($this);
		}
	}

	/**
	 * File mime type validation callback
	 *
	 * @param mixed $object
	 */
	protected function check_mime_type($object)
	{
		if (!empty($object->mimes)) {
			if (!in_array($object->file['mime'], $object->mimes)) {
				$object->set_error('Mime type not allowed.');
			}
		}
	}

	/**
	 * Set allowed mime types
	 *
	 * @param string[] $mimes
	 */
	public function set_allowed_mime_types($mimes)
	{
		$this->mimes = $mimes;
		//if mime types is set -> set callback
		$this->callbacks[] = 'check_mime_type';
	}

	/**
	 * File size validation callback
	 *
	 * @param object $object
	 */
	protected function check_file_size($object)
	{
		if (!empty($object->max_file_size)) {
			$file_size_in_mb = $this->bytes_to_mb($object->file['size_in_bytes']);
			if ($object->max_file_size <= $file_size_in_mb) {
				$object->set_error('File is too big.');
			}
		}
	}

	/**
	 * Set max. file size
	 *
	 * @param int $size
	 */
	public function set_max_file_size($size)
	{
		$this->max_file_size = $size;
		//if max file size is set -> set callback
		$this->callbacks[] = 'check_file_size';
	}

	/**
	 * Set File array to object
	 *
	 * @param array $file
	 */
	public function file($file)
	{
		$this->set_file_array($file);
	}

	/**
	 * Set file array
	 *
	 * @param array $file
	 */
	protected function set_file_array($file)
	{
		//checks whether file array is valid
		if (!$this->check_file_array($file)) {
			//file not selected or some bigger problems (broken files array)
			$this->set_error('Please select file.');
		}

		//set file data
		$this->file_post = $file;


		//set tmp path
		$this->tmp_name = $file['tmp_name'];

		// set file extension
		$this->extension = pathinfo($file['name'], PATHINFO_EXTENSION);
	}

	/**
	 * Checks whether Files post array is valid
	 *
	 * @return bool
	 */
	protected function check_file_array($file)
	{
		return isset($file['error'])
		&& !empty($file['name'])
		&& !empty($file['type'])
		&& !empty($file['tmp_name'])
		&& !empty($file['size']);
	}

	/**
	 * Get file mime type
	 *
	 * @return string
	 */
	protected function get_file_mime()
	{
		return $this->finfo->file($this->tmp_name, FILEINFO_MIME_TYPE);
	}

	/**
	 * Get file size
	 *
	 * @return int
	 */
	protected function get_file_size()
	{
		return filesize($this->tmp_name);
	}

	/**
	 * Set destination path (return TRUE on success)
	 *
	 * @param string $destination
	 * @return bool
	 */
	protected function set_destination($destination)
	{
		$this->destination = $destination.DIRECTORY_SEPARATOR;
		return $this->destination_exist() ? TRUE : $this->create_destination();
	}

	/**
	 * Checks whether destination folder exists
	 *
	 * @return bool
	 */
	protected function destination_exist()
	{
		return is_writable($this->root.$this->destination);
	}

	/**
	 * Create path to destination
	 *
	 * @return bool
	 */
	protected function create_destination()
	{
		return mkdir($this->root.$this->destination, $this->default_permissions, true);
	}

	/**
	 * Set unique filename
	 *
	 * @return string
	 */
	protected function create_new_filename()
	{
		$filename = sha1(mt_rand(1, 9999).$this->destination.uniqid()).time().'.'.$this->extension;
		$this->set_filename($filename);
	}

	/**
	 * Convert bytes to mb.
	 *
	 * @param int $bytes
	 * @return double
	 */
	protected function bytes_to_mb($bytes)
	{
		return round(($bytes / 1048576), 2);
	}


} // end of Upload

1			<?php
2
3			namespace florinp\messenger\libs;
4
5			use finfo;
6			use Exception;
7
8			/**
9			* Simple PHP upload class
10			*
11			* @author Aivis Silins
12			*/
13			class upload
14			{
15
16			/**
17			* Default directory persmissions (destination dir)
18			*/
19			protected $default_permissions = 750;
20
21
22			/**
23			* File post array
24			*
25			* @var array
26			*/
27			protected $files_post = array();
28
29
30			/**
31			* Destination directory
32			*
33			* @var string
34			*/
35			protected $destination;
36
37
38			/**
39			* Fileinfo
40			*
41			* @var object
42			*/
43			protected $finfo;
44
45
46			/**
47			* Data about file
48			*
49			* @var array
50			*/
51			public $file = array();
52
53
54			/**
55			* Max. file size
56			*
57			* @var int
58			*/
59			protected $max_file_size;
60
61
62			/**
63			* Allowed mime types
64			*
65			* @var array
66			*/
67			protected $mimes = array();
68
69
70			/**
71			* External callback object
72			*
73			* @var obejct
74			*/
75			protected $external_callback_object;
76
77
78			/**
79			* External callback methods
80			*
81			* @var array
82			*/
83			protected $external_callback_methods = array();
84
85
86			/**
87			* Temp path
88			*
89			* @var string
90			*/
91			protected $tmp_name;
92
93
94			/**
95			* Validation errors
96			*
97			* @var array
98			*/
99			protected $validation_errors = array();
100
101
102			/**
103			* Filename (new)
104			*
105			* @var string
106			*/
107			protected $filename;
108
109			/**
110			* File extension
111			* @var string
112			*/
113			protected $extension;
114
115			/**
116			* Internal callbacks (filesize check, mime, etc)
117			*
118			* @var array
119			*/
120			private $callbacks = array();
121
122			/**
123			* Root dir
124			*
125			* @var string
126			*/
127			protected $root;
128
129			/**
130			* Return upload object
131			*
132			* $destination = 'path/to/your/file/destination/folder';
133			*
134			* @param string $phpbb_root_path
135			* @return Upload
136			*/
137			public static function factory($phpbb_root_path)
138			{
139			return new Upload($phpbb_root_path);
140			}
141
142			/**
143			* Define ROOT constant and set & create destination path
144			*
145			* @param string $phpbb_root_path
146			* @throws Exception
147			*/
148			public function __construct($phpbb_root_path)
149			{
150			$phpbb_root_path = $phpbb_root_path.'store/messenger/files';
151			// set & create destination path
152			if (!$this->set_destination($phpbb_root_path)) {
153			throw new Exception('Upload: Can\'t create destination. '.$this->root.$this->destination);
154			}
155
156			//create finfo object
157			$this->finfo = new finfo();
158			}
159
160			/**
161			* Set target filename
162			*
163			* @param string $filename
164			*/
165			public function set_filename($filename)
166			{
167			$this->filename = $filename;
168			}
169
170			/**
171			* Check & Save file
172			*
173			* Return data about current upload
174			*
175			* @return array
176			*/
177			public function upload($filename = '')
			0 ignored issues – show Unused Code introduced 2016-03-25 23:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$filename` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
178			{
179			if ($this->check()) {
180			$this->save();
181			}
182			// return state data
183			return $this->get_state();
184			}
185
186
187			/**
188			* Save file on server
189			*
190			* Return state data
191			*
192			* @return array
193			*/
194			public function save()
195			{
196			$this->save_file();
197			return $this->get_state();
198			}
199
200
201			/**
202			* Validate file (execute callbacks)
203			*
204			* Returns TRUE if validation successful
205			*
206			* @return bool
207			*/
208			public function check()
209			{
210			//execute callbacks (check filesize, mime, also external callbacks
211			$this->validate();
212
213			//add error messages
214			$this->file['errors'] = $this->get_errors();
215
216			//change file validation status
217			$this->file['status'] = empty($this->validation_errors);
218
219			return $this->file['status'];
220			}
221
222			/**
223			* Get current state data
224			*
225			* @return array
226			*/
227			public function get_state()
228			{
229			return $this->file;
230			}
231
232
233			/**
234			* Save file on server
235			*/
236			protected function save_file()
237			{
238			//create & set new filename
239			if (empty($this->filename)) {
240			$this->create_new_filename();
241			}
242
243			//set filename
244			$this->file['filename'] = $this->filename;
245
246			//set full path
247			$this->file['full_path'] = $this->root.$this->destination.$this->filename;
248			$this->file['path'] = $this->destination.$this->filename;
249
250			$status = move_uploaded_file($this->tmp_name, $this->file['full_path']);
251
252			//checks whether upload successful
253			if (!$status) {
254			throw new Exception('Upload: Can\'t upload file.');
255			}
256
257			//done
258			$this->file['status'] = true;
259			}
260
261			/**
262			* Set data about file
263			*/
264			protected function set_file_data()
265			{
266			$file_size = $this->get_file_size();
267
268			$this->file = array(
269			'status' => false,
270			'destination' => $this->destination,
271			'size_in_bytes' => $file_size,
272			'size_in_mb' => $this->bytes_to_mb($file_size),
273			'mime' => $this->get_file_mime(),
274			'original_filename' => $this->file_post['name'],
			0 ignored issues – show Bug introduced 2016-03-25 23:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `file_post` does not seem to exist. Did you mean `files_post`? An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
275			'tmp_name' => $this->file_post['tmp_name'],
			0 ignored issues – show Bug introduced 2016-03-25 23:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `file_post` does not seem to exist. Did you mean `files_post`? An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
276			'post_data' => $this->file_post,
			0 ignored issues – show Bug introduced 2016-03-25 23:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `file_post` does not seem to exist. Did you mean `files_post`? An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
277			);
278			}
279
280			/**
281			* Set validation error
282			*
283			* @param string $message
284			*/
285			public function set_error($message)
286			{
287			$this->validation_errors[] = $message;
288			}
289
290			/**
291			* Return validation errors
292			*
293			* @return array
294			*/
295			public function get_errors()
296			{
297			return $this->validation_errors;
298			}
299
300			/**
301			* Set external callback methods
302			*
303			* @param object $instance_of_callback_object
304			* @param array $callback_methods
305			* @throws Exception
306			*/
307			public function callbacks($instance_of_callback_object, $callback_methods)
308			{
309			if (empty($instance_of_callback_object)) {
310			throw new Exception('Upload: $instance_of_callback_object can\'t be empty.');
311			}
312
313			if (!is_array($callback_methods)) {
314			throw new Exception('Upload: $callback_methods data type need to be array.');
315			}
316
317			$this->external_callback_object = $instance_of_callback_object;
318			$this->external_callback_methods = $callback_methods;
319			}
320
321			/**
322			* Execute callbacks
323			*/
324			protected function validate()
325			{
326			//get curent errors
327			$errors = $this->get_errors();
328
329			if (empty($errors)) {
330			//set data about current file
331			$this->set_file_data();
332
333			//execute internal callbacks
334			$this->execute_callbacks($this->callbacks, $this);
335
336			//execute external callbacks
337			$this->execute_callbacks($this->external_callback_methods, $this->external_callback_object);
338			}
339			}
340
341			/**
342			* Execute callbacks
343			*/
344			protected function execute_callbacks($callbacks, $object)
345			{
346			foreach ($callbacks as $method) {
347			$object->$method($this);
348			}
349			}
350
351			/**
352			* File mime type validation callback
353			*
354			* @param mixed $object
355			*/
356			protected function check_mime_type($object)
357			{
358			if (!empty($object->mimes)) {
359			if (!in_array($object->file['mime'], $object->mimes)) {
360			$object->set_error('Mime type not allowed.');
361			}
362			}
363			}
364
365			/**
366			* Set allowed mime types
367			*
368			* @param string[] $mimes
369			*/
370			public function set_allowed_mime_types($mimes)
371			{
372			$this->mimes = $mimes;
373			//if mime types is set -> set callback
374			$this->callbacks[] = 'check_mime_type';
375			}
376
377			/**
378			* File size validation callback
379			*
380			* @param object $object
381			*/
382			protected function check_file_size($object)
383			{
384			if (!empty($object->max_file_size)) {
385			$file_size_in_mb = $this->bytes_to_mb($object->file['size_in_bytes']);
386			if ($object->max_file_size <= $file_size_in_mb) {
387			$object->set_error('File is too big.');
388			}
389			}
390			}
391
392			/**
393			* Set max. file size
394			*
395			* @param int $size
396			*/
397			public function set_max_file_size($size)
398			{
399			$this->max_file_size = $size;
400			//if max file size is set -> set callback
401			$this->callbacks[] = 'check_file_size';
402			}
403
404			/**
405			* Set File array to object
406			*
407			* @param array $file
408			*/
409			public function file($file)
410			{
411			$this->set_file_array($file);
412			}
413
414			/**
415			* Set file array
416			*
417			* @param array $file
418			*/
419			protected function set_file_array($file)
420			{
421			//checks whether file array is valid
422			if (!$this->check_file_array($file)) {
423			//file not selected or some bigger problems (broken files array)
424			$this->set_error('Please select file.');
425			}
426
427			//set file data
428			$this->file_post = $file;
			0 ignored issues – show Bug introduced 2016-03-25 23:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `file_post` does not seem to exist. Did you mean `files_post`? An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
429
430			//set tmp path
431			$this->tmp_name = $file['tmp_name'];
432
433			// set file extension
434			$this->extension = pathinfo($file['name'], PATHINFO_EXTENSION);
435			}
436
437			/**
438			* Checks whether Files post array is valid
439			*
440			* @return bool
441			*/
442			protected function check_file_array($file)
443			{
444			return isset($file['error'])
445			&& !empty($file['name'])
446			&& !empty($file['type'])
447			&& !empty($file['tmp_name'])
448			&& !empty($file['size']);
449			}
450
451			/**
452			* Get file mime type
453			*
454			* @return string
455			*/
456			protected function get_file_mime()
457			{
458			return $this->finfo->file($this->tmp_name, FILEINFO_MIME_TYPE);
459			}
460
461			/**
462			* Get file size
463			*
464			* @return int
465			*/
466			protected function get_file_size()
467			{
468			return filesize($this->tmp_name);
469			}
470
471			/**
472			* Set destination path (return TRUE on success)
473			*
474			* @param string $destination
475			* @return bool
476			*/
477			protected function set_destination($destination)
478			{
479			$this->destination = $destination.DIRECTORY_SEPARATOR;
480			return $this->destination_exist() ? TRUE : $this->create_destination();
481			}
482
483			/**
484			* Checks whether destination folder exists
485			*
486			* @return bool
487			*/
488			protected function destination_exist()
489			{
490			return is_writable($this->root.$this->destination);
491			}
492
493			/**
494			* Create path to destination
495			*
496			* @return bool
497			*/
498			protected function create_destination()
499			{
500			return mkdir($this->root.$this->destination, $this->default_permissions, true);
501			}
502
503			/**
504			* Set unique filename
505			*
506			* @return string
507			*/
508			protected function create_new_filename()
509			{
510			$filename = sha1(mt_rand(1, 9999).$this->destination.uniqid()).time().'.'.$this->extension;
511			$this->set_filename($filename);
512			}
513
514			/**
515			* Convert bytes to mb.
516			*
517			* @param int $bytes
518			* @return double
519			*/
520			protected function bytes_to_mb($bytes)
521			{
522			return round(($bytes / 1048576), 2);
523			}
524
525
526			} // end of Upload

florinp / phpbb-messenger

Issues (43)

Security Analysis no request data

libs/upload.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like