Issues in start.php (master) - Issues in master - gctools-outilsgc/gcconnex - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2473)

Security Analysis no vulnerabilities found

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

mod/ideas/start.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 *	BP2020 Ideas plugin
 *	@package ideas
 *	@author Emmanuel Salomon @ManUtopiK
 *	@license Dual licensed under the MIT and GNU Affero General Public License, version 3 or late
 *	@copyright (c) Emmanuel Salomon 2012
 *	@link http://
 **/

elgg_register_event_handler('init', 'system', 'ideas_init');

function ideas_init() {

	$root = dirname(__FILE__);
	elgg_register_library('ideas:utilities', "$root/lib/utilities.php");

	// actions
	$action_base = "$root/actions/ideas";
	elgg_register_action('ideas/saveidea', "$action_base/saveidea.php");
	elgg_register_action('ideas/editidea', "$action_base/editidea.php");
	elgg_register_action("ideas/rateidea", "$action_base/rateidea.php");
	elgg_register_action('ideas/delete', "$action_base/deleteidea.php");
	elgg_register_action('ideas/settings', "$action_base/settings.php");

	elgg_register_plugin_hook_handler('register', 'menu:owner_block', 'ideas_owner_block_menu');

	elgg_register_page_handler('ideas', 'ideas_page_handler');

	// Extend view
	elgg_extend_view('css/elgg', 'ideas/css');
	elgg_extend_view('js/elgg', 'ideas/js');

	// Register widgets
	elgg_register_widget_type(
			'ideas',
			elgg_echo('ideas:widget:title'),
			elgg_echo('ideas:widget:description')
	);
    /*
	elgg_register_widget_type(
			'points_left',
			elgg_echo('ideas:widget:points_left:title'),
			elgg_echo('ideas:widget:points_left:description'),
			'dashboard'
	);
    */
    
	// Register granular notification for this type
	register_notification_object('object', 'ideas', elgg_echo('ideas:new'));

	// Listen to notification events and supply a more useful message
	elgg_register_plugin_hook_handler('notify:entity:message', 'object', 'ideas_notify_message');

	// Register a URL handler for ideas
	elgg_register_entity_url_handler('object', 'idea', 'idea_url');

	// Register entity type for search
	elgg_register_entity_type('object', 'idea');
    
    // Temporary disable notifications REMOVE THIS BEFORE SENDING TO PROD
  //  elgg_register_plugin_hook_handler('email', 'system', 'ideas_mailer');
    
	// Groups
	add_group_tool_option('ideas', elgg_echo('ideas:enableideas'), true);
	elgg_extend_view('groups/tool_latest', 'ideas/group_module');
}

function ideas_mailer($hook, $type, $return, $params) {
    // elgg_send_email('[email protected]', '[email protected]', 'blocked email', 'just blocked an email');
   return true;
}

/**
 * Dispatcher for ideas.
 *
 * @param array $page
 */
function ideas_page_handler($page) {
	elgg_load_library('ideas:utilities');

	elgg_push_breadcrumb(elgg_echo('ideas'), 'ideas/all');

	$pages = dirname(__FILE__) . '/pages/ideas';

	switch ($page[0]) {
		case "read":
		case "view":
			set_input('guid', $page[1]);
			include "$pages/view.php";
			break;
		case "add":
			gatekeeper();
			include "$pages/saveidea.php";
			break;
		case "edit":
			gatekeeper();
			set_input('guid', $page[1]);
			include "$pages/editidea.php";
			break;
		case "all":
			include "$pages/all.php";
			break;
		case "owner":
			include "$pages/owner.php";
			break;
		case "friends":
			include "$pages/friends.php";
			break;
		case 'group':
			group_gatekeeper();
			switch ($page[2]) {
				case "all":
                    include "$pages/all_group.php";
                    break;
				case "top":
					include "$pages/top.php";
					break;
				case "hot":
					include "$pages/hot.php";
					break;
				case "new":
					include "$pages/new.php";
					break;
                case "tagcloud":
                    include "$pages/tagcloud.php";
                    break;
				case "settings":
					include "$pages/settings.php";
					break;
				default:
					forward(elgg_get_site_url() . 'ideas/group/' . $page[1] . '/top');
					break;
			}
			break;

		default:
			return false;
			break;
switch ($x) {
    case 1:
        return 'foo';
        break; // This break is not necessary and can be left off.
}
	}

	elgg_pop_context();

	return true;
}


/**
 * Populates the ->getUrl() method for idea objects
 *
 * @param ElggEntity $entity The idea object
 * @return string idea item URL
 */
function idea_url($entity) {
	global $CONFIG;

	$title = $entity->title;
	$title = elgg_get_friendly_title($title);
	return $CONFIG->url . "ideas/view/" . $entity->getGUID() . "/" . $title;
}

/**
 * Add a menu item to an ownerblock
 *
 * @param string $hook
 * @param string $type
 * @param array  $return
 * @param array  $params
 */
function ideas_owner_block_menu($hook, $type, $return, $params) {
	if (elgg_instanceof($params['entity'], 'user')) {
		$url = "ideas/owner/{$params['entity']->username}";
		$item = new ElggMenuItem('ideas', elgg_echo('ideas'), $url);
		$return[] = $item;
	} else {
		if ($params['entity']->ideas_enable != 'no') {
			$url = "ideas/group/{$params['entity']->guid}/top";
			$item = new ElggMenuItem('ideas', elgg_echo('ideas:group:idea'), $url);
			// if (elgg_in_context('ideas')) $item->setSelected();
			$return[] = $item;
		}
	}

	return $return;
}

/**
 * Returns the body of a notification message
 *
 * @param string $hook
 * @param string $entity_type
 * @param string $returnvalue
 * @param array  $params
 */
function ideas_notify_message($hook, $entity_type, $returnvalue, $params) {
	$entity = $params['entity'];
	$to_entity = $params['to_entity'];
	$method = $params['method'];
	if (($entity instanceof ElggEntity) && ($entity->getSubtype() == 'idea')) {
		$descr = $entity->description;
		$title = $entity->title;

		$url = elgg_get_site_url() . "view/" . $entity->guid;
		if ($method == 'sms') {
			$owner = $entity->getOwnerEntity();
			return $owner->name . ' ' . elgg_echo("ideas:via") . ': ' . $url . ' (' . $title . ')';
		}
		if ($method == 'email') {
			$owner = $entity->getOwnerEntity();
			return $owner->name . ' ' . elgg_echo("ideas:via") . ': ' . $title . "\n\n" . $descr . "\n\n" . $entity->getURL();
		}
		if ($method == 'web') {
			$owner = $entity->getOwnerEntity();
			return $owner->name . ' ' . elgg_echo("ideas:via") . ': ' . $title . "\n\n" . $descr . "\n\n" . $entity->getURL();
		}

	}
	return null;
}


1		<?php
2		/**
3		* BP2020 Ideas plugin
4		* @package ideas
5		* @author Emmanuel Salomon @ManUtopiK
6		* @license Dual licensed under the MIT and GNU Affero General Public License, version 3 or late
7		* @copyright (c) Emmanuel Salomon 2012
8		* @link http://
9		**/
10
11		elgg_register_event_handler('init', 'system', 'ideas_init');
12
13		function ideas_init() {
14
15		$root = dirname(__FILE__);
16		elgg_register_library('ideas:utilities', "$root/lib/utilities.php");
17
18		// actions
19		$action_base = "$root/actions/ideas";
20		elgg_register_action('ideas/saveidea', "$action_base/saveidea.php");
21		elgg_register_action('ideas/editidea', "$action_base/editidea.php");
22		elgg_register_action("ideas/rateidea", "$action_base/rateidea.php");
23		elgg_register_action('ideas/delete', "$action_base/deleteidea.php");
24		elgg_register_action('ideas/settings', "$action_base/settings.php");
25
26		elgg_register_plugin_hook_handler('register', 'menu:owner_block', 'ideas_owner_block_menu');
27
28		elgg_register_page_handler('ideas', 'ideas_page_handler');
29
30		// Extend view
31		elgg_extend_view('css/elgg', 'ideas/css');
32		elgg_extend_view('js/elgg', 'ideas/js');
33
34		// Register widgets
35		elgg_register_widget_type(
36		'ideas',
37		elgg_echo('ideas:widget:title'),
38		elgg_echo('ideas:widget:description')
39		);
40		/*
41		elgg_register_widget_type(
42		'points_left',
43		elgg_echo('ideas:widget:points_left:title'),
44		elgg_echo('ideas:widget:points_left:description'),
45		'dashboard'
46		);
47		*/
48
49		// Register granular notification for this type
50		register_notification_object('object', 'ideas', elgg_echo('ideas:new'));
51
52		// Listen to notification events and supply a more useful message
53		elgg_register_plugin_hook_handler('notify:entity:message', 'object', 'ideas_notify_message');
54
55		// Register a URL handler for ideas
56		elgg_register_entity_url_handler('object', 'idea', 'idea_url');
57
58		// Register entity type for search
59		elgg_register_entity_type('object', 'idea');
60
61		// Temporary disable notifications REMOVE THIS BEFORE SENDING TO PROD
62		// elgg_register_plugin_hook_handler('email', 'system', 'ideas_mailer');
63
64		// Groups
65		add_group_tool_option('ideas', elgg_echo('ideas:enableideas'), true);
66		elgg_extend_view('groups/tool_latest', 'ideas/group_module');
67		}
68
69		function ideas_mailer($hook, $type, $return, $params) {
70		// elgg_send_email('[email protected]', '[email protected]', 'blocked email', 'just blocked an email');
71		return true;
72		}
73
74		/**
75		* Dispatcher for ideas.
76		*
77		* @param array $page
78		*/
79		function ideas_page_handler($page) {
80		elgg_load_library('ideas:utilities');
81
82		elgg_push_breadcrumb(elgg_echo('ideas'), 'ideas/all');
83
84		$pages = dirname(__FILE__) . '/pages/ideas';
85
86		switch ($page[0]) {
87		case "read":
88		case "view":
89		set_input('guid', $page[1]);
90		include "$pages/view.php";
91		break;
92		case "add":
93		gatekeeper();
94		include "$pages/saveidea.php";
95		break;
96		case "edit":
97		gatekeeper();
98		set_input('guid', $page[1]);
99		include "$pages/editidea.php";
100		break;
101		case "all":
102		include "$pages/all.php";
103		break;
104		case "owner":
105		include "$pages/owner.php";
106		break;
107		case "friends":
108		include "$pages/friends.php";
109		break;
110		case 'group':
111		group_gatekeeper();
112		switch ($page[2]) {
113		case "all":
114		include "$pages/all_group.php";
115		break;
116		case "top":
117		include "$pages/top.php";
118		break;
119		case "hot":
120		include "$pages/hot.php";
121		break;
122		case "new":
123		include "$pages/new.php";
124		break;
125		case "tagcloud":
126		include "$pages/tagcloud.php";
127		break;
128		case "settings":
129		include "$pages/settings.php";
130		break;
131		default:
132		forward(elgg_get_site_url() . 'ideas/group/' . $page[1] . '/top');
133		break;
134		}
135		break;
136
137		default:
138		return false;
139		break;
		0 ignored issues – show Unused Code introduced 2017-09-27 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break` is not strictly necessary here and could be removed. The `break` statement is not necessary if it is preceded for example by a `return` statement: switch ($x) { case 1: return 'foo'; break; // This break is not necessary and can be left off. } If you would like to keep this construct to be consistent with other `case` statements, you can safely mark this issue as a false-positive. Loading history...
140		}
141
142		elgg_pop_context();
143
144		return true;
145		}
146
147
148		/**
149		* Populates the ->getUrl() method for idea objects
150		*
151		* @param ElggEntity $entity The idea object
152		* @return string idea item URL
153		*/
154		function idea_url($entity) {
155		global $CONFIG;
156
157		$title = $entity->title;
158		$title = elgg_get_friendly_title($title);
159		return $CONFIG->url . "ideas/view/" . $entity->getGUID() . "/" . $title;
160		}
161
162		/**
163		* Add a menu item to an ownerblock
164		*
165		* @param string $hook
166		* @param string $type
167		* @param array $return
168		* @param array $params
169		*/
170	View Code Duplication	function ideas_owner_block_menu($hook, $type, $return, $params) {
171		if (elgg_instanceof($params['entity'], 'user')) {
172		$url = "ideas/owner/{$params['entity']->username}";
173		$item = new ElggMenuItem('ideas', elgg_echo('ideas'), $url);
174		$return[] = $item;
175		} else {
176		if ($params['entity']->ideas_enable != 'no') {
177		$url = "ideas/group/{$params['entity']->guid}/top";
178		$item = new ElggMenuItem('ideas', elgg_echo('ideas:group:idea'), $url);
179		// if (elgg_in_context('ideas')) $item->setSelected();
180		$return[] = $item;
181		}
182		}
183
184		return $return;
185		}
186
187		/**
188		* Returns the body of a notification message
189		*
190		* @param string $hook
191		* @param string $entity_type
192		* @param string $returnvalue
193		* @param array $params
194		*/
195		function ideas_notify_message($hook, $entity_type, $returnvalue, $params) {
196		$entity = $params['entity'];
197		$to_entity = $params['to_entity'];
198		$method = $params['method'];
199		if (($entity instanceof ElggEntity) && ($entity->getSubtype() == 'idea')) {
200		$descr = $entity->description;
201		$title = $entity->title;
202
203		$url = elgg_get_site_url() . "view/" . $entity->guid;
204	View Code Duplication	if ($method == 'sms') {
205		$owner = $entity->getOwnerEntity();
206		return $owner->name . ' ' . elgg_echo("ideas:via") . ': ' . $url . ' (' . $title . ')';
207		}
208	View Code Duplication	if ($method == 'email') {
209		$owner = $entity->getOwnerEntity();
210		return $owner->name . ' ' . elgg_echo("ideas:via") . ': ' . $title . "\n\n" . $descr . "\n\n" . $entity->getURL();
211		}
212	View Code Duplication	if ($method == 'web') {
213		$owner = $entity->getOwnerEntity();
214		return $owner->name . ' ' . elgg_echo("ideas:via") . ': ' . $title . "\n\n" . $descr . "\n\n" . $entity->getURL();
215		}
216
217		}
218		return null;
219		}
220

gctools-outilsgc / gcconnex

Issues (2473)

Security Analysis no vulnerabilities found

mod/ideas/start.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like