Issues in 2009102801.php (master) - Issues in master - gctools-outilsgc/gcconnex - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2473)

Security Analysis no vulnerabilities found

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

engine/lib/upgrades/2009102801.php (1 issue)

Labels

Unused Code 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Move user's data directories from using username to registration date
 */

/**
 * Generates a file matrix like Elgg 1.0 did
 *
 * @param string $username Username of user
 *
 * @return string File matrix path
 */
function file_matrix_1_0($username) {
	$matrix = "";

	$len = strlen($username);
	if ($len > 5) {
		$len = 5;
	}

	for ($n = 0; $n < $len; $n++) {
		if (ctype_alnum($username[$n])) {
			$matrix .= $username[$n] . "/";
		}
	}

	return $matrix . $username . "/";
}


/**
 * Generate a file matrix like Elgg 1.1, 1.2 and 1.5
 *
 * @param string $filename The filename
 *
 * @return string
 */
function file_matrix_1_1($filename) {
	$matrix = "";

	$name = $filename;
	$filename = mb_str_split($filename);
	if (!$filename) {
		return false;
	}

	$len = count($filename);
	if ($len > 5) {
		$len = 5;
	}

	for ($n = 0; $n < $len; $n++) {
		$matrix .= $filename[$n] . "/";
	}

	return $matrix . $name . "/";
}

/**
 * Handle splitting multibyte strings
 *
 * @param string $string  String to split.
 * @param string $charset Charset to use.
 *
 * @return array|false
 */
function mb_str_split($string, $charset = 'UTF8') {
	if (is_callable('mb_substr')) {
		$length = mb_strlen($string);
		$array = array();

		while ($length) {
			$array[] = mb_substr($string, 0, 1, $charset);
			$string = mb_substr($string, 1, $length, $charset);

			$length = mb_strlen($string);
		}

		return $array;
	} else {
		return str_split($string);
	}

	return false;
function fx() {
    try {
        doSomething();
        return true;
    }
    catch (\Exception $e) {
        return false;
    }

    return false;
}
}


/**
 * 1.6 style file matrix
 *
 * @param string $filename The filename
 *
 * @return string
 */
function file_matrix_1_6($filename) {
	$invalid_fs_chars = '*\'\\/"!$%^&*.%(){}[]#~?<>;|¬`@-+=';

	$matrix = "";

	$name = $filename;
	$filename = mb_str_split($filename);
	if (!$filename) {
		return false;
	}

	$len = count($filename);
	if ($len > 5) {
		$len = 5;
	}

	for ($n = 0; $n < $len; $n++) {

		// Prevent a matrix being formed with unsafe characters
		$char = $filename[$n];
		if (strpos($invalid_fs_chars, $char) !== false) {
			$char = '_';
		}

		$matrix .= $char . "/";
	}

	return $matrix . $name . "/";
}


/**
 * Scans a directory and moves any files from $from to $to
 * preserving structure and handling existing paths.
 * Will no overwrite files in $to.
 *
 * TRAILING SLASHES REQUIRED.
 *
 * @param string $from       From dir.
 * @param string $to         To dir.
 * @param bool   $move       True to move, false to copy.
 * @param string $preference to|from If file collisions, which dir has preference.
 *
 * @return bool
 */
function merge_directories($from, $to, $move = false, $preference = 'to') {
	if (!$entries = scandir($from)) {
		return false;
	}

	// character filtering needs to be elsewhere.
	if (!is_dir($to)) {
		mkdir($to, 0700, true);
	}

	if ($move === true) {
		$f = 'rename';
	} else {
		$f = 'copy';
	}

	foreach ($entries as $entry) {
		if ($entry == '.' || $entry == '..') {
			continue;
		}

		$from_path = $from . $entry;
		$to_path = $to . $entry;

		// check to see if the path exists and is a dir, if so, recurse.
		if (is_dir($from_path) && is_dir($to_path)) {
			$from_path .= '/';
			$to_path .= '/';
			merge_directories($from_path, $to_path, $move, $preference);

			// since it's a dir that already exists we don't need to move it
			continue;
		}

		// only move if target doesn't exist or if preference is for the from dir
		if (!file_exists($to_path) || $preference == 'from') {

			if ($f($from_path, $to_path)) {
				//elgg_dump("Moved/Copied $from_path to $to_path");
			}
		} else {
			//elgg_dump("Ignoring $from_path -> $to_path");
		}
	}
}

/**
 * Create a 1.7 style user file matrix based upon date.
 *
 * @param int $guid Guid of owner
 *
 * @return string File matrix path
 */
function user_file_matrix($guid) {
	// lookup the entity
	$user = get_entity($guid);
	if ($user->type != 'user') {
		// only to be used for user directories
		return FALSE;
	}

	$time_created = date('Y/m/d', $user->time_created);
	return "$time_created/$user->guid/";
}

global $ENTITY_CACHE, $CONFIG;
/**
 * Upgrade file locations
 */
$users = mysql_query("SELECT guid, username
	FROM {$CONFIG->dbprefix}users_entity WHERE username != ''");
while ($user = mysql_fetch_object($users)) {
	$ENTITY_CACHE = array();

	$to = $CONFIG->dataroot . user_file_matrix($user->guid);
	foreach (array('1_0', '1_1', '1_6') as $version) {
		$function = "file_matrix_$version";
		$from = $CONFIG->dataroot . $function($user->username);
		merge_directories($from, $to, $move = TRUE, $preference = 'from');
	}
}


1		<?php
2
3		/**
4		* Move user's data directories from using username to registration date
5		*/
6
7		/**
8		* Generates a file matrix like Elgg 1.0 did
9		*
10		* @param string $username Username of user
11		*
12		* @return string File matrix path
13		*/
14		function file_matrix_1_0($username) {
15		$matrix = "";
16
17		$len = strlen($username);
18		if ($len > 5) {
19		$len = 5;
20		}
21
22		for ($n = 0; $n < $len; $n++) {
23		if (ctype_alnum($username[$n])) {
24		$matrix .= $username[$n] . "/";
25		}
26		}
27
28		return $matrix . $username . "/";
29		}
30
31
32		/**
33		* Generate a file matrix like Elgg 1.1, 1.2 and 1.5
34		*
35		* @param string $filename The filename
36		*
37		* @return string
38		*/
39		function file_matrix_1_1($filename) {
40		$matrix = "";
41
42		$name = $filename;
43		$filename = mb_str_split($filename);
44		if (!$filename) {
45		return false;
46		}
47
48		$len = count($filename);
49		if ($len > 5) {
50		$len = 5;
51		}
52
53		for ($n = 0; $n < $len; $n++) {
54		$matrix .= $filename[$n] . "/";
55		}
56
57		return $matrix . $name . "/";
58		}
59
60		/**
61		* Handle splitting multibyte strings
62		*
63		* @param string $string String to split.
64		* @param string $charset Charset to use.
65		*
66		* @return array\|false
67		*/
68	View Code Duplication	function mb_str_split($string, $charset = 'UTF8') {
69		if (is_callable('mb_substr')) {
70		$length = mb_strlen($string);
71		$array = array();
72
73		while ($length) {
74		$array[] = mb_substr($string, 0, 1, $charset);
75		$string = mb_substr($string, 1, $length, $charset);
76
77		$length = mb_strlen($string);
78		}
79
80		return $array;
81		} else {
82		return str_split($string);
83		}
84
85		return false;
		0 ignored issues – show Unused Code introduced 2017-09-27 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `return false;` does not seem to be reachable. This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed. Unreachable code is most often the result of `return`, `die` or `exit` statements that have been added for debug purposes. function fx() { try { doSomething(); return true; } catch (\Exception $e) { return false; } return false; } In the above example, the last `return false` will never be executed, because a return statement has already been met in every possible execution path. Loading history...
86		}
87
88
89		/**
90		* 1.6 style file matrix
91		*
92		* @param string $filename The filename
93		*
94		* @return string
95		*/
96		function file_matrix_1_6($filename) {
97		$invalid_fs_chars = '\'\\/"!$%^&.%(){}[]#~?<>;\|¬`@-+=';
98
99		$matrix = "";
100
101		$name = $filename;
102		$filename = mb_str_split($filename);
103		if (!$filename) {
104		return false;
105		}
106
107		$len = count($filename);
108		if ($len > 5) {
109		$len = 5;
110		}
111
112		for ($n = 0; $n < $len; $n++) {
113
114		// Prevent a matrix being formed with unsafe characters
115		$char = $filename[$n];
116		if (strpos($invalid_fs_chars, $char) !== false) {
117		$char = '_';
118		}
119
120		$matrix .= $char . "/";
121		}
122
123		return $matrix . $name . "/";
124		}
125
126
127		/**
128		* Scans a directory and moves any files from $from to $to
129		* preserving structure and handling existing paths.
130		* Will no overwrite files in $to.
131		*
132		* TRAILING SLASHES REQUIRED.
133		*
134		* @param string $from From dir.
135		* @param string $to To dir.
136		* @param bool $move True to move, false to copy.
137		* @param string $preference to\|from If file collisions, which dir has preference.
138		*
139		* @return bool
140		*/
141		function merge_directories($from, $to, $move = false, $preference = 'to') {
142		if (!$entries = scandir($from)) {
143		return false;
144		}
145
146		// character filtering needs to be elsewhere.
147		if (!is_dir($to)) {
148		mkdir($to, 0700, true);
149		}
150
151		if ($move === true) {
152		$f = 'rename';
153		} else {
154		$f = 'copy';
155		}
156
157		foreach ($entries as $entry) {
158		if ($entry == '.' \|\| $entry == '..') {
159		continue;
160		}
161
162		$from_path = $from . $entry;
163		$to_path = $to . $entry;
164
165		// check to see if the path exists and is a dir, if so, recurse.
166		if (is_dir($from_path) && is_dir($to_path)) {
167		$from_path .= '/';
168		$to_path .= '/';
169		merge_directories($from_path, $to_path, $move, $preference);
170
171		// since it's a dir that already exists we don't need to move it
172		continue;
173		}
174
175		// only move if target doesn't exist or if preference is for the from dir
176		if (!file_exists($to_path) \|\| $preference == 'from') {
177
178		if ($f($from_path, $to_path)) {
179		//elgg_dump("Moved/Copied $from_path to $to_path");
180		}
181		} else {
182		//elgg_dump("Ignoring $from_path -> $to_path");
183		}
184		}
185		}
186
187		/**
188		* Create a 1.7 style user file matrix based upon date.
189		*
190		* @param int $guid Guid of owner
191		*
192		* @return string File matrix path
193		*/
194	View Code Duplication	function user_file_matrix($guid) {
195		// lookup the entity
196		$user = get_entity($guid);
197		if ($user->type != 'user') {
198		// only to be used for user directories
199		return FALSE;
200		}
201
202		$time_created = date('Y/m/d', $user->time_created);
203		return "$time_created/$user->guid/";
204		}
205
206		global $ENTITY_CACHE, $CONFIG;
207		/**
208		* Upgrade file locations
209		*/
210		$users = mysql_query("SELECT guid, username
211		FROM {$CONFIG->dbprefix}users_entity WHERE username != ''");
212	View Code Duplication	while ($user = mysql_fetch_object($users)) {
213		$ENTITY_CACHE = array();
214
215		$to = $CONFIG->dataroot . user_file_matrix($user->guid);
216		foreach (array('1_0', '1_1', '1_6') as $version) {
217		$function = "file_matrix_$version";
218		$from = $CONFIG->dataroot . $function($user->username);
219		merge_directories($from, $to, $move = TRUE, $preference = 'from');
220		}
221		}
222

gctools-outilsgc / gcconnex

Issues (2473)

Security Analysis no vulnerabilities found

engine/lib/upgrades/2009102801.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like