Issues in DatetimeUtil.php (master) - Issues in master - fwolf/fwlib - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1752)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Fwlib/Util/Common/DatetimeUtil.php (1 issue)

Labels

Unused Code 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Fwlib\Util\Common;

/**
 * Datetime util
 *
 * @copyright   Copyright 2009-2015 Fwolf
 * @license     http://www.gnu.org/licenses/lgpl.html LGPL-3.0+
 */
class DatetimeUtil
{
    /**
     * Symbol of Time unit
     *
     * @var array
     */
    protected $timeUnitSymbol = [
        'sec'       => 's',
        'second'    => 's',
        'seconds'   => 's',
        'min'       => 'i',
        'minute'    => 'i',
        'minutes'   => 'i',
        'hour'      => 'h',
        'hours'     => 'h',
        'day'       => 'd',
        'days'      => 'd',
        'week'      => 'w',
        'weeks'     => 'w',
        'month'     => 'm',
        'months'    => 'm',
        'year'      => 'y',
        'years'     => 'y',
        'century'   => 'c',
        'centuries' => 'c',
    ];


    /**
     * How many seconds a time unit equals
     *
     * @var array
     */
    protected $timeUnitWeight = [
        's' => 1,
        'i' => 60,
        'h' => 3600,
        'd' => 86400,
        'w' => 604800,
        'm' => 2592000,
        'y' => 31536000,
        'c' => 3153600000,
    ];


    /**
     * Convert second back to string description.
     *
     * No week and month in result, Because 12m != 1y, it can't convert month
     * and year by solid ratio, so do week.
     *
     * One year are 365 days, no consider of 366 days, because it did not know
     * which year it is.
     *
     * @param   int     $second
     * @param   boolean $useSimpleUnit  Use y instead of full word year.
     * @return  string
     */
    public function convertSecondToString($second, $useSimpleUnit = true)
    {
        if (empty($second) || !is_numeric($second)) {
            return '';
        }

        $unitDict = [
            ['c', -1,  'century',  'centuries'],
            ['y', 100, 'year',     'years'],
            ['d', 365, 'day',      'days'],
            ['h', 24,  'hour',     'hours'],
            ['i', 60,  'minute',   'minutes'],
            ['s', 60,  'second',   'seconds'],
        ];

        // Loop from smallest unit
        $i = count($unitDict);
        $result = '';
        while (0 < $i && 0 < $second) {
            $i --;
            // $i is index of current unit now

            // Reach top level, end loop
            if (-1 == $unitDict[$i][1]) {
                $unitIndex = ($useSimpleUnit) ? 0
                    : ((1 == $second) ? 2 : 3);

                $result = $second . $unitDict[$i][$unitIndex] . ' ' . $result;
                break;
            }

            $j = $second % $unitDict[$i][1];
            if (0 != $j) {
                $unitIndex = ($useSimpleUnit) ? 0
                    : ((1 == $second) ? 2 : 3);

                $result = $j . $unitDict[$i][$unitIndex] . ' ' . $result;
            }

            $second = floor($second / $unitDict[$i][1]);
        }

        return rtrim($result);
    }


    /**
     * Convert string to seconds it means
     *
     * Month and week are allowed here, with solid conversion ratio:
     *
     * 1month = 30days
     * 1week = 7days
     *
     * One year equals 365days, same with covertSecondToString().
     *
     * @param   string  $string
     * @return  integer
     */
    public function convertStringToSecond($string)
    {
        if (empty($string)) {
            return 0;
        }

        // All number, return directly
        if (is_numeric($string)) {
            return $string;
        }

        // Replace time unit word with symbol(single letter)
        $string = strtolower($string);
        $string = strtr($string, $this->timeUnitSymbol);

        /** @noinspection SpellCheckingInspection */
        $i = preg_match_all('/([+-]?\s*)(\d+)([cymwdhis])/', $string, $match);
        if (0 < $i) {
            $second = 0;
            foreach ($match[0] as $key => $value) {
                if ('-' == trim($match[1][$key])) {
                    $second -= $match[2][$key] *
                        $this->timeUnitWeight[$match[3][$key]];

                } else {
                    $second += $match[2][$key] *
                        $this->timeUnitWeight[$match[3][$key]];
                }
            }

            return $second;

        } else {
            return 0;
        }

        return $second;
function fx() {
    try {
        doSomething();
        return true;
    }
    catch (\Exception $e) {
        return false;
    }

    return false;
}
    }


    /**
     * Convert sybase time to normal
     *
     * Sybase's time end with ':000', probably because using dblib.
     *
     * @param   string  $time
     * @return  integer
     */
    public function convertTimeFromSybase($time)
    {
        if (!empty($time)) {
            // Remove tail add by sybase
            $time = preg_replace('/:\d{3}/', '', $time);
        }
        return strtotime($time);
    }


    /**
     * Get time with seconds.microseconds format
     *
     * The result comes from float value, but is string format, length: 10.8.
     *
     * @return  string
     */
    public function getMicroTime()
    {
        list($msec, $sec) = explode(' ', microtime());

        return $sec . substr($msec, 1);
    }
}


1			<?php
2			namespace Fwlib\Util\Common;
3
4			/**
5			* Datetime util
6			*
7			* @copyright Copyright 2009-2015 Fwolf
8			* @license http://www.gnu.org/licenses/lgpl.html LGPL-3.0+
9			*/
10			class DatetimeUtil
11			{
12			/**
13			* Symbol of Time unit
14			*
15			* @var array
16			*/
17			protected $timeUnitSymbol = [
18			'sec' => 's',
19			'second' => 's',
20			'seconds' => 's',
21			'min' => 'i',
22			'minute' => 'i',
23			'minutes' => 'i',
24			'hour' => 'h',
25			'hours' => 'h',
26			'day' => 'd',
27			'days' => 'd',
28			'week' => 'w',
29			'weeks' => 'w',
30			'month' => 'm',
31			'months' => 'm',
32			'year' => 'y',
33			'years' => 'y',
34			'century' => 'c',
35			'centuries' => 'c',
36			];
37
38
39			/**
40			* How many seconds a time unit equals
41			*
42			* @var array
43			*/
44			protected $timeUnitWeight = [
45			's' => 1,
46			'i' => 60,
47			'h' => 3600,
48			'd' => 86400,
49			'w' => 604800,
50			'm' => 2592000,
51			'y' => 31536000,
52			'c' => 3153600000,
53			];
54
55
56			/**
57			* Convert second back to string description.
58			*
59			* No week and month in result, Because 12m != 1y, it can't convert month
60			* and year by solid ratio, so do week.
61			*
62			* One year are 365 days, no consider of 366 days, because it did not know
63			* which year it is.
64			*
65			* @param int $second
66			* @param boolean $useSimpleUnit Use y instead of full word year.
67			* @return string
68			*/
69			public function convertSecondToString($second, $useSimpleUnit = true)
70			{
71			if (empty($second) \|\| !is_numeric($second)) {
72			return '';
73			}
74
75			$unitDict = [
76			['c', -1, 'century', 'centuries'],
77			['y', 100, 'year', 'years'],
78			['d', 365, 'day', 'days'],
79			['h', 24, 'hour', 'hours'],
80			['i', 60, 'minute', 'minutes'],
81			['s', 60, 'second', 'seconds'],
82			];
83
84			// Loop from smallest unit
85			$i = count($unitDict);
86			$result = '';
87			while (0 < $i && 0 < $second) {
88			$i --;
89			// $i is index of current unit now
90
91			// Reach top level, end loop
92			if (-1 == $unitDict[$i][1]) {
93			$unitIndex = ($useSimpleUnit) ? 0
94			: ((1 == $second) ? 2 : 3);
95
96			$result = $second . $unitDict[$i][$unitIndex] . ' ' . $result;
97			break;
98			}
99
100			$j = $second % $unitDict[$i][1];
101			if (0 != $j) {
102			$unitIndex = ($useSimpleUnit) ? 0
103			: ((1 == $second) ? 2 : 3);
104
105			$result = $j . $unitDict[$i][$unitIndex] . ' ' . $result;
106			}
107
108			$second = floor($second / $unitDict[$i][1]);
109			}
110
111			return rtrim($result);
112			}
113
114
115			/**
116			* Convert string to seconds it means
117			*
118			* Month and week are allowed here, with solid conversion ratio:
119			*
120			* 1month = 30days
121			* 1week = 7days
122			*
123			* One year equals 365days, same with covertSecondToString().
124			*
125			* @param string $string
126			* @return integer
127			*/
128			public function convertStringToSecond($string)
129			{
130			if (empty($string)) {
131			return 0;
132			}
133
134			// All number, return directly
135			if (is_numeric($string)) {
136			return $string;
137			}
138
139			// Replace time unit word with symbol(single letter)
140			$string = strtolower($string);
141			$string = strtr($string, $this->timeUnitSymbol);
142
143			/** @noinspection SpellCheckingInspection */
144			$i = preg_match_all('/([+-]?\s*)(\d+)([cymwdhis])/', $string, $match);
145			if (0 < $i) {
146			$second = 0;
147			foreach ($match[0] as $key => $value) {
148			if ('-' == trim($match[1][$key])) {
149			$second -= $match[2][$key] *
150			$this->timeUnitWeight[$match[3][$key]];
151
152			} else {
153			$second += $match[2][$key] *
154			$this->timeUnitWeight[$match[3][$key]];
155			}
156			}
157
158			return $second;
159
160			} else {
161			return 0;
162			}
163
164			return $second;
			0 ignored issues – show Unused Code introduced 2016-06-01 06:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this `return $second;` does not seem to be reachable. This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed. Unreachable code is most often the result of `return`, `die` or `exit` statements that have been added for debug purposes. function fx() { try { doSomething(); return true; } catch (\Exception $e) { return false; } return false; } In the above example, the last `return false` will never be executed, because a return statement has already been met in every possible execution path. Loading history...
165			}
166
167
168			/**
169			* Convert sybase time to normal
170			*
171			* Sybase's time end with ':000', probably because using dblib.
172			*
173			* @param string $time
174			* @return integer
175			*/
176			public function convertTimeFromSybase($time)
177			{
178			if (!empty($time)) {
179			// Remove tail add by sybase
180			$time = preg_replace('/:\d{3}/', '', $time);
181			}
182			return strtotime($time);
183			}
184
185
186			/**
187			* Get time with seconds.microseconds format
188			*
189			* The result comes from float value, but is string format, length: 10.8.
190			*
191			* @return string
192			*/
193			public function getMicroTime()
194			{
195			list($msec, $sec) = explode(' ', microtime());
196
197			return $sec . substr($msec, 1);
198			}
199			}
200

fwolf / fwlib

Issues (1752)

Security Analysis not enabled

src/Fwlib/Util/Common/DatetimeUtil.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like