This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | if (!defined('BASEPATH')) { |
||
4 | exit('No direct script access allowed'); |
||
5 | } |
||
6 | |||
7 | |||
8 | if (!function_exists('admin_or_redirect')) { |
||
9 | |||
10 | /** |
||
11 | * @return bool |
||
12 | */ |
||
13 | function admin_or_redirect() { |
||
14 | if (PHP_SAPI == 'cli') { |
||
15 | return true; |
||
16 | } |
||
17 | $ci = & get_instance(); |
||
18 | |||
19 | View Code Duplication | if (!$ci->dx_auth->is_logged_in()) { |
|
20 | if ($ci->input->is_ajax_request()) { |
||
21 | redirect('admin/login', ''); |
||
22 | } else { |
||
23 | redirect('admin/login', ''); |
||
24 | } |
||
25 | exit; |
||
26 | } |
||
27 | |||
28 | View Code Duplication | if ($ci->dx_auth->is_admin()) { |
|
29 | return true; |
||
30 | } else { |
||
31 | if ($ci->input->is_ajax_request()) { |
||
32 | redirect('admin/login', ''); |
||
33 | } else { |
||
34 | redirect('admin/login', ''); |
||
35 | } |
||
36 | exit; |
||
37 | } |
||
38 | } |
||
39 | |||
40 | } |
||
41 | |||
42 | // Check user access to control panel page |
||
43 | if (!function_exists('cp_check_perm')) { |
||
44 | |||
45 | /** |
||
46 | * @param string $perm |
||
47 | * @return bool |
||
48 | */ |
||
49 | function cp_check_perm($perm) { |
||
50 | $ci = & get_instance(); |
||
51 | |||
52 | if ($ci->dx_auth->is_logged_in()) { |
||
53 | if ($ci->dx_auth->get_permission_value($perm)) { |
||
54 | return TRUE; |
||
55 | } else { |
||
56 | $perms = get_permissions_array(); |
||
57 | |||
58 | if (isset($perms[$perm])) { |
||
59 | $err_text = lang('No rights for', 'admin') . ': <b>' . $perms[$perm] . '</b>.'; |
||
60 | |||
61 | echo '<script type="text/javascript"> |
||
62 | $(\'page\').set(\'html\',\'<div id="notice" style="width: 500px;">' . $err_text . '</div>\'); |
||
63 | </script>'; |
||
64 | } else { |
||
65 | return TRUE; |
||
66 | } |
||
67 | |||
68 | die(); |
||
69 | } |
||
70 | } else { |
||
71 | die(lang('Error checking permissions', 'admin')); |
||
72 | } |
||
73 | } |
||
74 | |||
75 | } |
||
76 | |||
77 | // Check if user permission |
||
78 | if (!function_exists('check_perm')) { |
||
79 | |||
80 | /** |
||
81 | * @param string $perm |
||
82 | * @return bool |
||
83 | */ |
||
84 | function check_perm($perm) { |
||
85 | $ci = & get_instance(); |
||
86 | |||
87 | if ($ci->dx_auth->is_logged_in()) { |
||
88 | if ($ci->dx_auth->get_permission_value($perm)) { |
||
89 | return TRUE; |
||
90 | } else { |
||
91 | return FALSE; |
||
92 | } |
||
93 | } else { |
||
94 | return FALSE; |
||
95 | } |
||
96 | } |
||
97 | |||
98 | } |
||
99 | |||
100 | |||
101 | if (!function_exists('get_perms_groups')) { |
||
102 | |||
103 | /** |
||
104 | * @return array |
||
105 | */ |
||
106 | function get_perms_groups() { |
||
107 | $group_names = [ |
||
108 | 'cp' => lang('Operation panel', 'admin'), |
||
109 | 'lang' => lang('Languages', 'admin'), |
||
110 | 'cache' => lang('Cache', 'admin'), |
||
111 | 'page' => lang('Pages', 'admin'), |
||
112 | 'category' => lang('Categories', 'admin'), |
||
113 | 'module' => lang('Modules', 'admin'), |
||
114 | 'widget' => lang('Widgets', 'admin'), |
||
115 | 'menu' => lang('Menu', 'admin'), |
||
116 | 'user' => lang('Members', 'admin'), |
||
117 | 'roles' => lang('Group', 'admin'), |
||
118 | 'logs' => lang('Logs', 'admin'), |
||
119 | 'backup' => lang('Backup copying', 'admin'), |
||
120 | 'tinybrowser' => lang('File Editor', 'admin'), |
||
121 | ]; |
||
122 | |||
123 | ($hook = get_hook('on_get_perms_groups')) ? eval($hook) : NULL; |
||
0 ignored issues
–
show
|
|||
124 | |||
125 | return $group_names; |
||
126 | } |
||
127 | |||
128 | } |
||
129 | |||
130 | if (!function_exists('get_permissions_array')) { |
||
131 | |||
132 | /** |
||
133 | * @return array |
||
134 | */ |
||
135 | function get_permissions_array() { |
||
136 | $all_perms = [ |
||
137 | 'cp_access' => lang('Access Control Panel', 'admin'), |
||
138 | 'cp_autoupdate' => lang('System update', 'admin'), |
||
139 | 'cp_page_search' => lang('Find pages in the control panel', 'admin'), |
||
140 | 'lang_create' => lang('Creating a language', 'admin'), |
||
141 | 'lang_edit' => lang('Changing the language', 'admin'), |
||
142 | 'lang_delete' => lang('Remove languages', 'admin'), |
||
143 | 'cp_site_settings' => lang('Changing site settings', 'admin'), |
||
144 | 'cache_clear' => lang('Clearing the cache', 'admin'), |
||
145 | 'page_create' => lang('Creating pages', 'admin'), |
||
146 | 'page_edit' => lang('Editing pages', 'admin'), |
||
147 | 'page_delete' => lang('Delete pages', 'admin'), |
||
148 | 'category_create' => lang('Creating categories', 'admin'), |
||
149 | 'category_edit' => lang('Edit Categories', 'admin'), |
||
150 | 'category_delete' => lang('Category delete', 'admin'), |
||
151 | 'module_install' => lang('Install Modules', 'admin'), |
||
152 | 'module_deinstall' => lang('Removing Modules', 'admin'), |
||
153 | 'module_admin' => lang('Administration module', 'admin'), |
||
154 | 'widget_create' => lang('Creating widgets', 'admin'), |
||
155 | 'widget_delete' => lang('Removing widgets', 'admin'), |
||
156 | 'widget_access_settings' => lang('Access to the widget settings', 'admin'), |
||
157 | 'menu_create' => lang('Create a menu', 'admin'), |
||
158 | 'menu_edit' => lang('Edit menu', 'admin'), |
||
159 | 'menu_delete' => lang('Menu deleting', 'admin'), |
||
160 | 'user_create' => lang('Create users of their group', 'admin'), |
||
161 | 'user_create_all_roles' => lang('Create users of all groups', 'admin'), |
||
162 | 'user_edit' => lang('Edit Users', 'admin'), |
||
163 | 'user_delete' => lang('Remove Users', 'admin'), |
||
164 | 'user_view_data' => lang('Viewing member', 'admin'), |
||
165 | 'roles_create' => lang('Creating Groups', 'admin'), |
||
166 | 'roles_edit' => lang('Editing Groups', 'admin'), |
||
167 | 'roles_delete' => lang('Deleting Groups', 'admin'), |
||
168 | 'logs_view' => lang('View Log', 'admin'), |
||
169 | 'backup_create' => lang('Backing up', 'admin'), |
||
170 | 'tinybrowser_all' => lang('Access to the file editor', 'admin'), |
||
171 | 'tinybrowser_upload' => lang('Download files', 'admin'), |
||
172 | 'tinybrowser_edit' => lang('Editing Files', 'admin'), |
||
173 | 'tinybrowser_folders' => lang('Edit Folders', 'admin'), |
||
174 | ]; |
||
175 | |||
176 | ($hook = get_hook('get_permissions_array')) ? eval($hook) : NULL; |
||
0 ignored issues
–
show
The call to
get_hook() has too many arguments starting with 'get_permissions_array' .
This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the ![]() |
|||
177 | |||
178 | return $all_perms; |
||
179 | } |
||
180 | |||
181 | } |
This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue.
If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress.
In this case you can add the
@ignore
PhpDoc annotation to the duplicate definition and it will be ignored.