Issues in CookieJar.php (master) - Issues in master - fuelphp/common - Measure and Improve Code Quality continuously with Scrutinizer

Issues (85)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/CookieJar.php (4 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * @package    Fuel\Common
 * @version    2.0
 * @author     Fuel Development Team
 * @license    MIT License
 * @copyright  2010 - 2015 Fuel Development Team
 * @link       http://fuelphp.com
 */

namespace Fuel\Common;

use ArrayAccess;
use IteratorAggregate;
use ArrayIterator;
use Countable;

/**
 * Cookie Jar, a container for cookies
 *
 * @package Fuel\Common
 *
 * @since 2.0
 */
class CookieJar implements ArrayAccess, IteratorAggregate, Countable
{
	/**
	 * @var    CookieJar  parent jar, for inheritance
	 * @since  2.0.0
	 */
	protected $parent;

	/**
	 * @var    CookieJar  child jars, to maintain a chain
	 * @since  2.0.0
	 */
	protected $children = array();

	/**
	 * @var    bool  wether we want to use parent cascading
	 * @since  2.0.0
	 */
	protected $parentEnabled = false;

	/**
	 * @var    array  the cookie jar
	 * @since  2.0.0
	 */
	protected $jar = array();

	/**
	 * @var  array  configuration defaults
	 */
	protected $config = array(
		'expiration'  => 0,           // int, Cookie expiration
		'path'        => '/',         // string, Cookie path
		'domain'      => null,        // string, Cookie domain
		'secure'      => false,       // bool, Send only over HTTPS
		'http_only'   => false,       // only accessible via HTTP client-side
	);

	/**
	 * Constructor
	 *
	 * @param  array    $data      container data
	 * @param  boolean  $readOnly  wether the container is read-only
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
	 * @since  2.0.0
	 */
	public function __construct(Array $config = array(), Array $data = array(), $wrapper = null)
	{
		// merge the config
		$this->config = array_merge($this->config, $config);

		// process the data passed
		foreach ($data as $key => $value)
		{
			$this->jar[$key] = new Cookie($key, $this->config, $value, $wrapper ?: new SetcookieWrapper());
		}
	}

	/**
	 * Get the parent of this jar
	 *
	 * @return  CookieJar
	 * @since   2.0.0
	 */
	public function getParent()
	{
		return $this->parent;
	}

	/**
	 * Set the parent of this cookie jar, to support inheritance
	 *
	 * @param   CookieJar  $parent  the parent cookie jar object
	 * @return  $this
	 * @since   2.0.0
	 */
	public function setParent(CookieJar $parent = null)
	{
		$this->parent = $parent;

		if ($this->parent)
		{
			$this->enableParent();
			$this->parent->setChild($this);
		}
		else
		{
			$this->disableParent();
		}

		return $this;
	}

	/**
	 * Enable the use of the parent jar, if set
	 *
	 * @return  $this
	 * @since   2.0.0
	 */
	public function enableParent()
	{
		if ($this->parent)
		{
			$this->parentEnabled = true;
		}

		return $this;
	}

	/**
	 * Disable the use of the parent object
	 *
	 * @return  $this
	 * @since   2.0.0
	 */
	public function disableParent()
	{
		$this->parentEnabled = false;

		return $this;
	}

	/**
	 * Check if this jar has a parent
	 *
	 * @return  bool
	 * @since   2.0.0
	 */
	public function hasParent()
	{
		return $this->parentEnabled === true;
	}

	/**
	 * Check if we have this cookie in the jar
	 *
	 * @param   string  $key
	 * @return  bool
	 * @since   2.0.0
	 */
	public function has($key)
	{
		if ( ! isset($this->jar[$key]) or $this->jar[$key]->isDeleted())
		{
			if ( ! $this->parentEnabled or ! $this->parent->has($key))
			{
				return false;
			}
		}

		return true;
	}

	/**
	 * Remove a cookie from the cookie jar
	 *
	 * @param   string   $key  key to delete
	 * @return  boolean  delete success boolean
	 * @since   2.0.0
	 */
	public function delete($key)

	{
		if (isset($this->jar[$key]) and ! $this->jar[$key]->isDeleted())
		{
			return $this->jar[$key]->delete();
		}
		elseif ($this->has($key))
		{
			return $this->parent->delete($key);
		}

		return false;
	}

	/**
	 * Get a cookie's value from the cookie jar
	 *
	 * @param   string  $key
	 * @param   mixed   $default
	 * @return  mixed
	 * @since   2.0.0
	 */
	public function get($key, $default = null)

	{
		if (isset($this->jar[$key]) and ! $this->jar[$key]->isDeleted())
		{
			return $this->jar[$key]->getValue();
		}
		elseif ($this->has($key))
		{
			return $this->parent->get($key, $default);
		}

		return $default;
	}

	/**
	 * Set a cookie to a new value
	 *
	 * @param   string  $key
	 * @param   mixed   $value
	 * @throws  \InvalidArgumentException
	 * @since   2.0.0
	 */
	public function set($key, $value = null)
	{
		if (is_array($key))
		{
			foreach ($key as $arraykey => $value)
			{
				$this->set($arraykey, $value);
			}
		}
		else
		{
			if (isset($this->jar[$key]) and ! $this->jar[$key]->isDeleted())
			{
				if ($value instanceOf Cookie)
				{
					$this->jar[$key] = $value;
				}
				else
				{
					$this->jar[$key]->setValue($value);
				}
			}
			elseif ($this->has($key))
			{
				$this->parent->set($key, $value);
			}
			else
			{
				$this->jar[$key] = new Cookie($key, $this->config, $value);
			}
		}

		return $this;
	}

	/**
	 * Send all cookies to the client
	 *
	 * @return  bool
	 * @since   2.0.0
	 */
	public function send()
	{
		$result = true;

		// process the cookies in this jar
		foreach ($this->jar as $cookie)
		{
			if ( ! $cookie->send())
			{
				$result = false;
			}
		}

		// and the cookies in this jar's children
		foreach ($this->children as $cookie)
		{
			if ( ! $cookie->send())
			{
				$result = false;
			}
		}

		return $result;
	}

	/**
	 * Merge arrays into the container.
	 *
	 * @param   array  $arg  array to merge with
	 * @return  $this
	 * @throws  RuntimeException
	 * @since   2.0.0
	 */
	public function merge($arg)

	{
		$arguments = array_map(function ($array)
		{
			if ($array instanceof DataContainer)
			{
				return $array->getContents();
			}

			return $array;

		}, func_get_args());

		$data = call_user_func_array('Arr::merge', $arguments);

		$this->set($data);

		return $this;
	}

	/**
	 * Allows the ArrayIterator to fetch parent data
	 *
	 * @since   2.0.0
	 */
	protected function getJar()
	{
		if ($this->parentEnabled)
		{
			return array_merge($this->parent->getJar(), $this->jar);
		}
		else
		{
			return $this->jar;
		}
	}

	/**
	 * Register a child of this cookie jar, to support inheritance
	 *
	 * @param   CookieJar  $child  the child cookie jar object
	 *
	 * @since   2.0.0
	 */
	public function setChild(CookieJar $child)
	{
		if ( ! in_array($child, $this->children))
		{
			$this->children[] = $child;
		}
	}

	/**
	 * Allow usage of isset() on the cookie jar as an array
	 *
	 * @param   string  $key
	 *
	 * @return  bool
	 *
	 * @since   2.0.0
	 */
	public function offsetExists($key)
	{
		return $this->has($key);

	}

	/**
	 * Allow fetching values as an array
	 *
	 * @param   string  $key
	 * @return  mixed
	 * @throws  OutOfBoundsException
	 * @since   2.0.0
	 */
	public function offsetGet($key)
	{
		if (isset($this->jar[$key]) and ! $this->jar[$key]->isDeleted())
		{
			return $this->jar[$key];
		}
		elseif ($this->has($key))
		{
			return $this->parent[$key];
		}
		else
		{
			throw new \OutOfBoundsException('Access to undefined cookie: '.$key);
		}
	}

	/**
	 * Allow setting values like an array
	 *
	 * @param  string  $key
	 * @param  mixed   $value
	 * @since  2.0.0
	 */
	public function offsetSet($key, $value)
	{
		if ($value instanceOf Cookie)
		{
			$this->jar[$key] = $value;
		}
	}

	/**
	 * Allow unsetting values like an array
	 *
	 * @param   string  $key
	 * @since   2.0.0
	 */
	public function offsetUnset($key)
	{
		if (isset($this->jar[$key]))
		{
			$this->jar[$key]->delete();
		}
		elseif ($this->parentEnabled)
		{
			$this->parent->delete($key);
		}
	}

	/**
	 * IteratorAggregate implementation
	 *
	 * @return  IteratorAggregate  iterator
	 * @since   2.0.0
	 */
	public function getIterator()
	{
		return new ArrayIterator($this->getJar());
	}

	/**
	 * Countable implementation
	 *
	 * @return  int  number of items stored in the container
	 * @since   2.0.0
	 */
	public function count()
	{
		$count = count($this->jar);
		if ($this->parentEnabled)
		{
			$count += $this->parent->count();
		}
		return $count;
	}
}


1		<?php
2		/**
3		* @package Fuel\Common
4		* @version 2.0
5		* @author Fuel Development Team
6		* @license MIT License
7		* @copyright 2010 - 2015 Fuel Development Team
8		* @link http://fuelphp.com
9		*/
10
11		namespace Fuel\Common;
12
13		use ArrayAccess;
14		use IteratorAggregate;
15		use ArrayIterator;
16		use Countable;
17
18		/**
19		* Cookie Jar, a container for cookies
20		*
21		* @package Fuel\Common
22		*
23		* @since 2.0
24		*/
25		class CookieJar implements ArrayAccess, IteratorAggregate, Countable
26		{
27		/**
28		* @var CookieJar parent jar, for inheritance
29		* @since 2.0.0
30		*/
31		protected $parent;
32
33		/**
34		* @var CookieJar child jars, to maintain a chain
35		* @since 2.0.0
36		*/
37		protected $children = array();
38
39		/**
40		* @var bool wether we want to use parent cascading
41		* @since 2.0.0
42		*/
43		protected $parentEnabled = false;
44
45		/**
46		* @var array the cookie jar
47		* @since 2.0.0
48		*/
49		protected $jar = array();
50
51		/**
52		* @var array configuration defaults
53		*/
54		protected $config = array(
55		'expiration' => 0, // int, Cookie expiration
56		'path' => '/', // string, Cookie path
57		'domain' => null, // string, Cookie domain
58		'secure' => false, // bool, Send only over HTTPS
59		'http_only' => false, // only accessible via HTTP client-side
60		);
61
62		/**
63		* Constructor
64		*
65		* @param array $data container data
66		* @param boolean $readOnly wether the container is read-only
		0 ignored issues – show Bug introduced 2016-05-06 13:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$readOnly`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
67		* @since 2.0.0
68		*/
69		public function __construct(Array $config = array(), Array $data = array(), $wrapper = null)
70		{
71		// merge the config
72		$this->config = array_merge($this->config, $config);
73
74		// process the data passed
75		foreach ($data as $key => $value)
76		{
77		$this->jar[$key] = new Cookie($key, $this->config, $value, $wrapper ?: new SetcookieWrapper());
78		}
79		}
80
81		/**
82		* Get the parent of this jar
83		*
84		* @return CookieJar
85		* @since 2.0.0
86		*/
87		public function getParent()
88		{
89		return $this->parent;
90		}
91
92		/**
93		* Set the parent of this cookie jar, to support inheritance
94		*
95		* @param CookieJar $parent the parent cookie jar object
96		* @return $this
97		* @since 2.0.0
98		*/
99		public function setParent(CookieJar $parent = null)
100		{
101		$this->parent = $parent;
102
103		if ($this->parent)
104		{
105		$this->enableParent();
106		$this->parent->setChild($this);
107		}
108		else
109		{
110		$this->disableParent();
111		}
112
113		return $this;
114		}
115
116		/**
117		* Enable the use of the parent jar, if set
118		*
119		* @return $this
120		* @since 2.0.0
121		*/
122		public function enableParent()
123		{
124		if ($this->parent)
125		{
126		$this->parentEnabled = true;
127		}
128
129		return $this;
130		}
131
132		/**
133		* Disable the use of the parent object
134		*
135		* @return $this
136		* @since 2.0.0
137		*/
138		public function disableParent()
139		{
140		$this->parentEnabled = false;
141
142		return $this;
143		}
144
145		/**
146		* Check if this jar has a parent
147		*
148		* @return bool
149		* @since 2.0.0
150		*/
151		public function hasParent()
152		{
153		return $this->parentEnabled === true;
154		}
155
156		/**
157		* Check if we have this cookie in the jar
158		*
159		* @param string $key
160		* @return bool
161		* @since 2.0.0
162		*/
163		public function has($key)
164		{
165		if ( ! isset($this->jar[$key]) or $this->jar[$key]->isDeleted())
166		{
167		if ( ! $this->parentEnabled or ! $this->parent->has($key))
168		{
169		return false;
170		}
171		}
172
173		return true;
174		}
175
176		/**
177		* Remove a cookie from the cookie jar
178		*
179		* @param string $key key to delete
180		* @return boolean delete success boolean
181		* @since 2.0.0
182		*/
183	View Code Duplication	public function delete($key)
		0 ignored issues – show Duplication introduced 2016-05-06 13:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
184		{
185		if (isset($this->jar[$key]) and ! $this->jar[$key]->isDeleted())
186		{
187		return $this->jar[$key]->delete();
188		}
189		elseif ($this->has($key))
190		{
191		return $this->parent->delete($key);
192		}
193
194		return false;
195		}
196
197		/**
198		* Get a cookie's value from the cookie jar
199		*
200		* @param string $key
201		* @param mixed $default
202		* @return mixed
203		* @since 2.0.0
204		*/
205	View Code Duplication	public function get($key, $default = null)
		0 ignored issues – show Duplication introduced 2016-05-06 13:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
206		{
207		if (isset($this->jar[$key]) and ! $this->jar[$key]->isDeleted())
208		{
209		return $this->jar[$key]->getValue();
210		}
211		elseif ($this->has($key))
212		{
213		return $this->parent->get($key, $default);
214		}
215
216		return $default;
217		}
218
219		/**
220		* Set a cookie to a new value
221		*
222		* @param string $key
223		* @param mixed $value
224		* @throws \InvalidArgumentException
225		* @since 2.0.0
226		*/
227		public function set($key, $value = null)
228		{
229		if (is_array($key))
230		{
231		foreach ($key as $arraykey => $value)
232		{
233		$this->set($arraykey, $value);
234		}
235		}
236		else
237		{
238		if (isset($this->jar[$key]) and ! $this->jar[$key]->isDeleted())
239		{
240		if ($value instanceOf Cookie)
241		{
242		$this->jar[$key] = $value;
243		}
244		else
245		{
246		$this->jar[$key]->setValue($value);
247		}
248		}
249		elseif ($this->has($key))
250		{
251		$this->parent->set($key, $value);
252		}
253		else
254		{
255		$this->jar[$key] = new Cookie($key, $this->config, $value);
256		}
257		}
258
259		return $this;
260		}
261
262		/**
263		* Send all cookies to the client
264		*
265		* @return bool
266		* @since 2.0.0
267		*/
268		public function send()
269		{
270		$result = true;
271
272		// process the cookies in this jar
273		foreach ($this->jar as $cookie)
274		{
275		if ( ! $cookie->send())
276		{
277		$result = false;
278		}
279		}
280
281		// and the cookies in this jar's children
282		foreach ($this->children as $cookie)
283		{
284		if ( ! $cookie->send())
285		{
286		$result = false;
287		}
288		}
289
290		return $result;
291		}
292
293		/**
294		* Merge arrays into the container.
295		*
296		* @param array $arg array to merge with
297		* @return $this
298		* @throws RuntimeException
299		* @since 2.0.0
300		*/
301		public function merge($arg)
		0 ignored issues – show Unused Code introduced 2016-05-06 13:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$arg` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
302		{
303		$arguments = array_map(function ($array)
304		{
305		if ($array instanceof DataContainer)
306		{
307		return $array->getContents();
308		}
309
310		return $array;
311
312		}, func_get_args());
313
314		$data = call_user_func_array('Arr::merge', $arguments);
315
316		$this->set($data);
317
318		return $this;
319		}
320
321		/**
322		* Allows the ArrayIterator to fetch parent data
323		*
324		* @since 2.0.0
325		*/
326		protected function getJar()
327		{
328		if ($this->parentEnabled)
329		{
330		return array_merge($this->parent->getJar(), $this->jar);
331		}
332		else
333		{
334		return $this->jar;
335		}
336		}
337
338		/**
339		* Register a child of this cookie jar, to support inheritance
340		*
341		* @param CookieJar $child the child cookie jar object
342		*
343		* @since 2.0.0
344		*/
345		public function setChild(CookieJar $child)
346		{
347		if ( ! in_array($child, $this->children))
348		{
349		$this->children[] = $child;
350		}
351		}
352
353		/**
354		* Allow usage of isset() on the cookie jar as an array
355		*
356		* @param string $key
357		*
358		* @return bool
359		*
360		* @since 2.0.0
361		*/
362		public function offsetExists($key)
363		{
364		return $this->has($key);
365
366		}
367
368		/**
369		* Allow fetching values as an array
370		*
371		* @param string $key
372		* @return mixed
373		* @throws OutOfBoundsException
374		* @since 2.0.0
375		*/
376		public function offsetGet($key)
377		{
378		if (isset($this->jar[$key]) and ! $this->jar[$key]->isDeleted())
379		{
380		return $this->jar[$key];
381		}
382		elseif ($this->has($key))
383		{
384		return $this->parent[$key];
385		}
386		else
387		{
388		throw new \OutOfBoundsException('Access to undefined cookie: '.$key);
389		}
390		}
391
392		/**
393		* Allow setting values like an array
394		*
395		* @param string $key
396		* @param mixed $value
397		* @since 2.0.0
398		*/
399		public function offsetSet($key, $value)
400		{
401		if ($value instanceOf Cookie)
402		{
403		$this->jar[$key] = $value;
404		}
405		}
406
407		/**
408		* Allow unsetting values like an array
409		*
410		* @param string $key
411		* @since 2.0.0
412		*/
413		public function offsetUnset($key)
414		{
415		if (isset($this->jar[$key]))
416		{
417		$this->jar[$key]->delete();
418		}
419		elseif ($this->parentEnabled)
420		{
421		$this->parent->delete($key);
422		}
423		}
424
425		/**
426		* IteratorAggregate implementation
427		*
428		* @return IteratorAggregate iterator
429		* @since 2.0.0
430		*/
431		public function getIterator()
432		{
433		return new ArrayIterator($this->getJar());
434		}
435
436		/**
437		* Countable implementation
438		*
439		* @return int number of items stored in the container
440		* @since 2.0.0
441		*/
442		public function count()
443		{
444		$count = count($this->jar);
445		if ($this->parentEnabled)
446		{
447		$count += $this->parent->count();
448		}
449		return $count;
450		}
451		}
452

fuelphp / common

Issues (85)

Security Analysis not enabled

src/CookieJar.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like