Issues in languages.php (master) - Issues in master - gctools-outilsgc/gcconnex - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2473)

Security Analysis no vulnerabilities found

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

engine/lib/languages.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Elgg language module
 * Functions to manage language and translations.
 *
 * @package Elgg.Core
 * @subpackage Languages
 */

/**
 * Given a message key, returns an appropriately translated full-text string
 *
 * @param string $message_key The short message code
 * @param array  $args        An array of arguments to pass through vsprintf().
 * @param string $language    Optionally, the standard language code
 *                            (defaults to site/user default, then English)
 *
 * @return string Either the translated string, the English string,
 * or the original language string.
 */
function elgg_echo($message_key, $args = array(), $language = "") {
	return _elgg_services()->translator->translate($message_key, $args, $language);
}

/**
 * Add a translation.
 *
 * Translations are arrays in the Zend Translation array format, eg:
 *
 *	$english = array('message1' => 'message1', 'message2' => 'message2');
 *  $german = array('message1' => 'Nachricht1','message2' => 'Nachricht2');
 *
 * @param string $country_code   Standard country code (eg 'en', 'nl', 'es')
 * @param array  $language_array Formatted array of strings
 *
 * @return true|false Depending on success
 */
function add_translation($country_code, $language_array) {
	return _elgg_services()->translator->addTranslation($country_code, $language_array);
}

/**
 * Detect the current language being used by the current site or logged in user.
 *
 * @return string The language code for the site/user or "en" if not set
 */
function get_current_language() {
	return _elgg_services()->translator->getCurrentLanguage();
}

/**
 * Gets the current language in use by the system or user.
 *
 * @return string The language code (eg "en") or false if not set
 */

function get_language() {
	return _elgg_services()->translator->getLanguage();
}

/**
 * Load both core and plugin translations for a specific language
 *
 * This can be used to load translations on-demand in case we need
 * to translate something to a language not loaded by default for
 * the current user.
 *
 * @param $language Language code
 * @return bool
 *
 * @since 1.9.4
 * @throws PluginException
 * @access private
 */
function _elgg_load_translations_for_language($language) {
	global $CONFIG;

	// Try to load translations from system cache
	if (!empty($CONFIG->system_cache_enabled)) {
		$data = elgg_load_system_cache("$language.lang");
		if ($data) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
			$added = add_translation($language, unserialize($data));

			if ($added) {
				// Translations were successfully loaded from system cache
				return true;
			}
		}
	}

	// Read translations from the core languages directory
	_elgg_register_translations_for_language(dirname(dirname(dirname(__FILE__))) . "/languages/", $language);

	// Get active plugins
	$plugins = elgg_get_plugins('active');

	if (!$plugins) {
		// Active plugins were not found, so no need to register plugin translations
		return true;
	}

	foreach ($plugins as $plugin) {
		$languages_path = "{$plugin->getPath()}languages/";

		if (!is_dir($languages_path)) {
			// This plugin doesn't have anything to translate
			continue;
		}

		$language_file = "{$languages_path}{$language}.php";

		if (!file_exists($language_file)) {
			// This plugin doesn't have translations for the requested language

			$name = $plugin->getFriendlyName();
			elgg_log("Plugin $name is missing translations for $language language", 'NOTICE');

			continue;
		}

		// Register translations from the plugin languages directory
		if (!_elgg_register_translations_for_language($languages_path, $language)) {
			$msg = elgg_echo('ElggPlugin:Exception:CannotRegisterLanguages',
							array($plugin->getID(), $plugin->guid, $languages_path));
			throw new PluginException($msg);
		}
	}


	return true;
}

/**
 * When given a full path, finds translation files and loads them
 *
 * @param string $path     Full path
 * @param bool   $load_all If true all languages are loaded, if
 *                         false only the current language + en are loaded
 *
 * @return void
 */
function register_translations($path, $load_all = false) {
	return _elgg_services()->translator->registerTranslations($path, $load_all);
}

/**
 * When given a full path, finds translation files for a language and loads them
 *
 * This function was added in 1.9.4 to make it possible to load translations
 * for individual languages on-demand. This is needed in order to send
 * notifications in the recipient's language (see #3151 and #7241).
 *
 * @todo Replace this function in 1.10 by adding $language as the third parameter
 *       to register_translations().
 *
 * @access private
 * @since 1.9.4
 *
 * @param string $path     Full path of the directory (with trailing slash)
 * @param string $language Language code
 * @return bool success
 */
function _elgg_register_translations_for_language($path, $language) {
	global $CONFIG;

	$path = sanitise_filepath($path);

	// Make a note of this path just in case we need to register this language later
	if (!isset($CONFIG->language_paths)) {
		$CONFIG->language_paths = array();
	}
	$CONFIG->language_paths[$path] = true;

	$language_file = "{$path}{$language}.php";

	if (!file_exists($language_file)) {
		elgg_log("Could not find language file: $language_file", 'NOTICE');

		return false;
	}

	$result = include_once($language_file);

	elgg_log("Translations loaded from: $language_file", "INFO");

	// The old (< 1.9) translation files call add_translation() independently.
	// The new ones however just return the translations array. In this case
	// we need to add the translation here.
	if (is_array($result)) {
		return add_translation($language, $result);
	}

	return true;
}

/**
 * Reload all translations from all registered paths.
 *
 * This is only called by functions which need to know all possible translations, namely the
 * statistic gathering ones.
 *
 * @todo Better on demand loading based on language_paths array
 *
 * @return bool
 */
function reload_all_translations() {
	return _elgg_services()->translator->reloadAllTranslations();
}

/**
 * Return an array of installed translations as an associative
 * array "two letter code" => "native language name".
 *
 * @return array
 */
function get_installed_translations() {
	return _elgg_services()->translator->getInstalledTranslations();
}

/**
 * Return the level of completeness for a given language code (compared to english)
 *
 * @param string $language Language
 *
 * @return int
 */
function get_language_completeness($language) {
	return _elgg_services()->translator->getLanguageCompleteness($language);
}

/**
 * Return the translation keys missing from a given language,
 * or those that are identical to the english version.
 *
 * @param string $language The language
 *
 * @return mixed
 */
function get_missing_language_keys($language) {
	return _elgg_services()->translator->getMissingLanguageKeys($language);
}

/**
 * Check if a given language key exists.
 *
 * @note Translators should, whenever creating a "dynamically" named language key, always create an
 *       English (fallback) translation as well.
 *
 * @param string $key      The translation key
 * @param string $language The language. Provided an English translation exists for all created keys, then
 *                         devs can generally use the default "en", regardless of the site/user language.
 *
 * @return bool
 * @since 1.11
 */
function elgg_language_key_exists($key, $language = 'en') {
	return _elgg_services()->translator->languageKeyExists($key, $language);
}

/**
 * Initializes simplecache views for translations
 * 
 * @return void
 */
function _elgg_translations_init() {
	$translations = \Elgg\I18n\Translator::getAllLanguageCodes();
	foreach ($translations as $language_code) {
		// make the js view available for each language
		elgg_extend_view("js/languages/$language_code.js", "js/languages");
	
		// register the js view for use in simplecache
		elgg_register_simplecache_view("js/languages/$language_code.js");
	}
}

return function(\Elgg\EventsService $events) {
	$events->registerHandler('init', 'system', '_elgg_translations_init');
};


1			<?php
2			/**
3			* Elgg language module
4			* Functions to manage language and translations.
5			*
6			* @package Elgg.Core
7			* @subpackage Languages
8			*/
9
10			/**
11			* Given a message key, returns an appropriately translated full-text string
12			*
13			* @param string $message_key The short message code
14			* @param array $args An array of arguments to pass through vsprintf().
15			* @param string $language Optionally, the standard language code
16			* (defaults to site/user default, then English)
17			*
18			* @return string Either the translated string, the English string,
19			* or the original language string.
20			*/
21			function elgg_echo($message_key, $args = array(), $language = "") {
22			return _elgg_services()->translator->translate($message_key, $args, $language);
23			}
24
25			/**
26			* Add a translation.
27			*
28			* Translations are arrays in the Zend Translation array format, eg:
29			*
30			* $english = array('message1' => 'message1', 'message2' => 'message2');
31			* $german = array('message1' => 'Nachricht1','message2' => 'Nachricht2');
32			*
33			* @param string $country_code Standard country code (eg 'en', 'nl', 'es')
34			* @param array $language_array Formatted array of strings
35			*
36			* @return true\|false Depending on success
37			*/
38			function add_translation($country_code, $language_array) {
39			return _elgg_services()->translator->addTranslation($country_code, $language_array);
40			}
41
42			/**
43			* Detect the current language being used by the current site or logged in user.
44			*
45			* @return string The language code for the site/user or "en" if not set
46			*/
47			function get_current_language() {
48			return _elgg_services()->translator->getCurrentLanguage();
49			}
50
51			/**
52			* Gets the current language in use by the system or user.
53			*
54			* @return string The language code (eg "en") or false if not set
55			*/
56
57			function get_language() {
58			return _elgg_services()->translator->getLanguage();
59			}
60
61			/**
62			* Load both core and plugin translations for a specific language
63			*
64			* This can be used to load translations on-demand in case we need
65			* to translate something to a language not loaded by default for
66			* the current user.
67			*
68			* @param $language Language code
69			* @return bool
70			*
71			* @since 1.9.4
72			* @throws PluginException
73			* @access private
74			*/
75			function _elgg_load_translations_for_language($language) {
76			global $CONFIG;
77
78			// Try to load translations from system cache
79			if (!empty($CONFIG->system_cache_enabled)) {
80			$data = elgg_load_system_cache("$language.lang");
81			if ($data) {
			0 ignored issues – show Bug Best Practice introduced 2017-09-27 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$data` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
82			$added = add_translation($language, unserialize($data));
83
84			if ($added) {
85			// Translations were successfully loaded from system cache
86			return true;
87			}
88			}
89			}
90
91			// Read translations from the core languages directory
92			_elgg_register_translations_for_language(dirname(dirname(dirname(__FILE__))) . "/languages/", $language);
93
94			// Get active plugins
95			$plugins = elgg_get_plugins('active');
96
97			if (!$plugins) {
98			// Active plugins were not found, so no need to register plugin translations
99			return true;
100			}
101
102			foreach ($plugins as $plugin) {
103			$languages_path = "{$plugin->getPath()}languages/";
104
105			if (!is_dir($languages_path)) {
106			// This plugin doesn't have anything to translate
107			continue;
108			}
109
110			$language_file = "{$languages_path}{$language}.php";
111
112			if (!file_exists($language_file)) {
113			// This plugin doesn't have translations for the requested language
114
115			$name = $plugin->getFriendlyName();
116			elgg_log("Plugin $name is missing translations for $language language", 'NOTICE');
117
118			continue;
119			}
120
121			// Register translations from the plugin languages directory
122			if (!_elgg_register_translations_for_language($languages_path, $language)) {
123			$msg = elgg_echo('ElggPlugin:Exception:CannotRegisterLanguages',
124			array($plugin->getID(), $plugin->guid, $languages_path));
125			throw new PluginException($msg);
126			}
127			}
128
129
130			return true;
131			}
132
133			/**
134			* When given a full path, finds translation files and loads them
135			*
136			* @param string $path Full path
137			* @param bool $load_all If true all languages are loaded, if
138			* false only the current language + en are loaded
139			*
140			* @return void
141			*/
142			function register_translations($path, $load_all = false) {
143			return _elgg_services()->translator->registerTranslations($path, $load_all);
144			}
145
146			/**
147			* When given a full path, finds translation files for a language and loads them
148			*
149			* This function was added in 1.9.4 to make it possible to load translations
150			* for individual languages on-demand. This is needed in order to send
151			* notifications in the recipient's language (see #3151 and #7241).
152			*
153			* @todo Replace this function in 1.10 by adding $language as the third parameter
154			* to register_translations().
155			*
156			* @access private
157			* @since 1.9.4
158			*
159			* @param string $path Full path of the directory (with trailing slash)
160			* @param string $language Language code
161			* @return bool success
162			*/
163			function _elgg_register_translations_for_language($path, $language) {
164			global $CONFIG;
165
166			$path = sanitise_filepath($path);
167
168			// Make a note of this path just in case we need to register this language later
169			if (!isset($CONFIG->language_paths)) {
170			$CONFIG->language_paths = array();
171			}
172			$CONFIG->language_paths[$path] = true;
173
174			$language_file = "{$path}{$language}.php";
175
176			if (!file_exists($language_file)) {
177			elgg_log("Could not find language file: $language_file", 'NOTICE');
178
179			return false;
180			}
181
182			$result = include_once($language_file);
183
184			elgg_log("Translations loaded from: $language_file", "INFO");
185
186			// The old (< 1.9) translation files call add_translation() independently.
187			// The new ones however just return the translations array. In this case
188			// we need to add the translation here.
189			if (is_array($result)) {
190			return add_translation($language, $result);
191			}
192
193			return true;
194			}
195
196			/**
197			* Reload all translations from all registered paths.
198			*
199			* This is only called by functions which need to know all possible translations, namely the
200			* statistic gathering ones.
201			*
202			* @todo Better on demand loading based on language_paths array
203			*
204			* @return bool
205			*/
206			function reload_all_translations() {
207			return _elgg_services()->translator->reloadAllTranslations();
208			}
209
210			/**
211			* Return an array of installed translations as an associative
212			* array "two letter code" => "native language name".
213			*
214			* @return array
215			*/
216			function get_installed_translations() {
217			return _elgg_services()->translator->getInstalledTranslations();
218			}
219
220			/**
221			* Return the level of completeness for a given language code (compared to english)
222			*
223			* @param string $language Language
224			*
225			* @return int
226			*/
227			function get_language_completeness($language) {
228			return _elgg_services()->translator->getLanguageCompleteness($language);
229			}
230
231			/**
232			* Return the translation keys missing from a given language,
233			* or those that are identical to the english version.
234			*
235			* @param string $language The language
236			*
237			* @return mixed
238			*/
239			function get_missing_language_keys($language) {
240			return _elgg_services()->translator->getMissingLanguageKeys($language);
241			}
242
243			/**
244			* Check if a given language key exists.
245			*
246			* @note Translators should, whenever creating a "dynamically" named language key, always create an
247			* English (fallback) translation as well.
248			*
249			* @param string $key The translation key
250			* @param string $language The language. Provided an English translation exists for all created keys, then
251			* devs can generally use the default "en", regardless of the site/user language.
252			*
253			* @return bool
254			* @since 1.11
255			*/
256			function elgg_language_key_exists($key, $language = 'en') {
257			return _elgg_services()->translator->languageKeyExists($key, $language);
258			}
259
260			/**
261			* Initializes simplecache views for translations
262			*
263			* @return void
264			*/
265			function _elgg_translations_init() {
266			$translations = \Elgg\I18n\Translator::getAllLanguageCodes();
267			foreach ($translations as $language_code) {
268			// make the js view available for each language
269			elgg_extend_view("js/languages/$language_code.js", "js/languages");
270
271			// register the js view for use in simplecache
272			elgg_register_simplecache_view("js/languages/$language_code.js");
273			}
274			}
275
276			return function(\Elgg\EventsService $events) {
277			$events->registerHandler('init', 'system', '_elgg_translations_init');
278			};
279

gctools-outilsgc / gcconnex

Issues (2473)

Security Analysis no vulnerabilities found

engine/lib/languages.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like