Issues in thumbnail.js (master) - Issues in master - interfasys/galleryplus - Measure and Improve Code Quality continuously with Scrutinizer

Issues (61)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

js/thumbnail.js (2 issues)

Labels

Bug 2

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

/* global $, DOMPurify, Gallery */
/**
 * A thumbnail is the actual image attached to the GalleryImage object
 *
 * @param {number} fileId
 * @param {boolean} square
 * @constructor
 */
function Thumbnail (fileId, square) {
	this.square = square;
	this.fileId = fileId;
	this.image = null;
	this.loadingDeferred = new $.Deferred();
	this.height = 200;
	this.width = 400;
	this.ratio = null;
	this.valid = true;
	this.status = 200;
}

(function ($, OC, Gallery) {
	"use strict";
	var Thumbnails = {
		map: {},
		squareMap: {},

		/**
		 * Retrieves the thumbnail linked to the given fileID
		 *
		 * @param {number} fileId
		 * @param {boolean} square
		 *
		 * @returns {Thumbnail}
		 */
		get: function (fileId, square) {
			var map = {};
			if (square === true) {
				map = Thumbnails.squareMap;
				square = true;
			} else {
				map = Thumbnails.map;
				square = false;
			}
			if (!map[fileId]) {
				map[fileId] = new Thumbnail(fileId, square);
			}

			return map[fileId];
		},

		/**
		 * Returns an icon of a specific type
		 *
		 * -1 is for a folder
		 * -404 is for a broken file icon
		 * -500 is for a media type icon
		 *
		 * @param {number} type
		 *
		 * @returns {Thumbnail}
		 */
		getStandardIcon: function (type) {
			if (!Thumbnails.squareMap[type]) {
				var icon = '';
				// true means square
				var thumb = new Thumbnail(type, true);
				thumb.image = new Image();

				thumb.image.onload = function () {
					thumb.loadingDeferred.resolve(thumb.image);
				};

				if (type === -1) {
					icon = 'filetypes/folder';
				}
				thumb.image.src = OC.imagePath('core', icon);

				Thumbnails.squareMap[type] = thumb;
			}

			return Thumbnails.squareMap[type];
		},

		/**
		 * Loads thumbnails in batch, using EventSource
		 *
		 * @param {Array} ids
		 * @param {boolean} square
		 *
		 * @returns {{}}
		 */
		loadBatch: function (ids, square) {
			var map = (square) ? Thumbnails.squareMap : Thumbnails.map;
			// Prevents re-loading thumbnails when resizing the window
			ids = ids.filter(function (id) {
				return !map[id];
			});
			var batch = {};
			var i, idsLength = ids.length;
			if (idsLength) {
				for (i = 0; i < idsLength; i++) {
					var thumb = new Thumbnail(ids[i], square);
					thumb.image = new Image();

					map[ids[i]] = batch[ids[i]] = thumb;

				}
				var params = {
					ids: ids.join(';'),
					scale: window.devicePixelRatio,
					square: (square) ? 1 : 0
				};
				var url = Gallery.utility.buildGalleryUrl('thumbnails', '', params);

				var eventSource = new Gallery.EventSource(url);
				eventSource.listen('preview',
					function (/**{path, status, mimetype, preview}*/ preview) {
						var id = preview.fileid;
						var thumb = batch[id];
						thumb.status = preview.status;
						if (thumb.status === 404) {
							thumb.valid = false;
							thumb.loadingDeferred.resolve(null);
						} else {
							thumb.image.onload = function () {
								// Fix for SVG files which can come in all sizes
								if (square) {
									thumb.image.width = 200;
									thumb.image.height = 200;
								}
								thumb.ratio = thumb.image.width / thumb.image.height;
								thumb.image.originalWidth = 200 * thumb.ratio;
								thumb.loadingDeferred.resolve(thumb.image);
							};
							thumb.image.onerror = function () {
								thumb.valid = false;
								var icon = Thumbnails._getMimeIcon(preview.mimetype);
								setTimeout(function () {
									thumb.image.src = icon;
								}, 0);
							};

							if (thumb.status === 200) {
								var imageData = preview.preview;
								if (preview.mimetype === 'image/svg+xml') {
									imageData = Thumbnails._purifySvg(imageData);
								}
								thumb.image.src =
									'data:' + preview.mimetype + ';base64,' + imageData;
							} else {
								thumb.valid = false;
								thumb.image.src = Thumbnails._getMimeIcon(preview.mimetype);
							}
						}
					});
			}

			return batch;
		},

		/**
		 * Returns the link to the media type icon
		 *
		 * Modern browsers get an SVG, older ones a PNG
		 *
		 * @param mimeType
		 *
		 * @returns {*|string}
		 * @private
		 */
		_getMimeIcon: function (mimeType) {
			var icon = OC.MimeType.getIconUrl(mimeType);
			if (Gallery.ieVersion !== false) {
				icon = icon.substr(0, icon.lastIndexOf(".")) + ".png";
			}
			return icon;
		},

		/**
		 * Sanitises SVGs
		 *
		 * We also fix a problem which arises when the XML contains comments
		 *
		 * @param imageData
		 * @returns {string|*}
		 * @private
		 */
		_purifySvg: function (imageData) {
			var pureSvg = DOMPurify.sanitize(window.atob(imageData), {ADD_TAGS: ['filter']});
			// Remove XML comment garbage left in the purified data
			var badTag = pureSvg.indexOf(']&gt;');
			var fixedPureSvg = pureSvg.substring(badTag < 0 ? 0 : 5, pureSvg.length);
			imageData = window.btoa(fixedPureSvg);

			return imageData;
		}

	};

	window.Thumbnails = Thumbnails;
})(jQuery, OC, Gallery);


1			/* global $, DOMPurify, Gallery */
2			/**
3			* A thumbnail is the actual image attached to the GalleryImage object
4			*
5			* @param {number} fileId
6			* @param {boolean} square
7			* @constructor
8			*/
9			function Thumbnail (fileId, square) {
10			this.square = square;
11			this.fileId = fileId;
12			this.image = null;
13			this.loadingDeferred = new $.Deferred();
14			this.height = 200;
15			this.width = 400;
16			this.ratio = null;
17			this.valid = true;
18			this.status = 200;
19			}
20
21			(function ($, OC, Gallery) {
22			"use strict";
23			var Thumbnails = {
24			map: {},
25			squareMap: {},
26
27			/**
28			* Retrieves the thumbnail linked to the given fileID
29			*
30			* @param {number} fileId
31			* @param {boolean} square
32			*
33			* @returns {Thumbnail}
34			*/
35			get: function (fileId, square) {
36			var map = {};
37			if (square === true) {
38			map = Thumbnails.squareMap;
39			square = true;
40			} else {
41			map = Thumbnails.map;
42			square = false;
43			}
44			if (!map[fileId]) {
45			map[fileId] = new Thumbnail(fileId, square);
46			}
47
48			return map[fileId];
49			},
50
51			/**
52			* Returns an icon of a specific type
53			*
54			* -1 is for a folder
55			* -404 is for a broken file icon
56			* -500 is for a media type icon
57			*
58			* @param {number} type
59			*
60			* @returns {Thumbnail}
61			*/
62			getStandardIcon: function (type) {
63			if (!Thumbnails.squareMap[type]) {
64			var icon = '';
65			// true means square
66			var thumb = new Thumbnail(type, true);
67			thumb.image = new Image();
			0 ignored issues – show Bug introduced 2016-06-18 15:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `Image` seems to be never declared. If this is a global, consider adding a `/** global: Image */` comment. This checks looks for references to variables that have not been declared. This is most likey a typographical error or a variable has been renamed. To learn more about declaring variables in Javascript, see the MDN. Loading history...
68			thumb.image.onload = function () {
69			thumb.loadingDeferred.resolve(thumb.image);
70			};
71
72			if (type === -1) {
73			icon = 'filetypes/folder';
74			}
75			thumb.image.src = OC.imagePath('core', icon);
76
77			Thumbnails.squareMap[type] = thumb;
78			}
79
80			return Thumbnails.squareMap[type];
81			},
82
83			/**
84			* Loads thumbnails in batch, using EventSource
85			*
86			* @param {Array} ids
87			* @param {boolean} square
88			*
89			* @returns {{}}
90			*/
91			loadBatch: function (ids, square) {
92			var map = (square) ? Thumbnails.squareMap : Thumbnails.map;
93			// Prevents re-loading thumbnails when resizing the window
94			ids = ids.filter(function (id) {
95			return !map[id];
96			});
97			var batch = {};
98			var i, idsLength = ids.length;
99			if (idsLength) {
100			for (i = 0; i < idsLength; i++) {
101			var thumb = new Thumbnail(ids[i], square);
102			thumb.image = new Image();
			0 ignored issues – show Bug introduced 2016-06-18 15:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `Image` seems to be never declared. If this is a global, consider adding a `/** global: Image */` comment. This checks looks for references to variables that have not been declared. This is most likey a typographical error or a variable has been renamed. To learn more about declaring variables in Javascript, see the MDN. Loading history...
103			map[ids[i]] = batch[ids[i]] = thumb;
104
105			}
106			var params = {
107			ids: ids.join(';'),
108			scale: window.devicePixelRatio,
109			square: (square) ? 1 : 0
110			};
111			var url = Gallery.utility.buildGalleryUrl('thumbnails', '', params);
112
113			var eventSource = new Gallery.EventSource(url);
114			eventSource.listen('preview',
115			function (/*{path, status, mimetype, preview}/ preview) {
116			var id = preview.fileid;
117			var thumb = batch[id];
118			thumb.status = preview.status;
119			if (thumb.status === 404) {
120			thumb.valid = false;
121			thumb.loadingDeferred.resolve(null);
122			} else {
123			thumb.image.onload = function () {
124			// Fix for SVG files which can come in all sizes
125			if (square) {
126			thumb.image.width = 200;
127			thumb.image.height = 200;
128			}
129			thumb.ratio = thumb.image.width / thumb.image.height;
130			thumb.image.originalWidth = 200 * thumb.ratio;
131			thumb.loadingDeferred.resolve(thumb.image);
132			};
133			thumb.image.onerror = function () {
134			thumb.valid = false;
135			var icon = Thumbnails._getMimeIcon(preview.mimetype);
136			setTimeout(function () {
137			thumb.image.src = icon;
138			}, 0);
139			};
140
141			if (thumb.status === 200) {
142			var imageData = preview.preview;
143			if (preview.mimetype === 'image/svg+xml') {
144			imageData = Thumbnails._purifySvg(imageData);
145			}
146			thumb.image.src =
147			'data:' + preview.mimetype + ';base64,' + imageData;
148			} else {
149			thumb.valid = false;
150			thumb.image.src = Thumbnails._getMimeIcon(preview.mimetype);
151			}
152			}
153			});
154			}
155
156			return batch;
157			},
158
159			/**
160			* Returns the link to the media type icon
161			*
162			* Modern browsers get an SVG, older ones a PNG
163			*
164			* @param mimeType
165			*
166			* @returns {*\|string}
167			* @private
168			*/
169			_getMimeIcon: function (mimeType) {
170			var icon = OC.MimeType.getIconUrl(mimeType);
171			if (Gallery.ieVersion !== false) {
172			icon = icon.substr(0, icon.lastIndexOf(".")) + ".png";
173			}
174			return icon;
175			},
176
177			/**
178			* Sanitises SVGs
179			*
180			* We also fix a problem which arises when the XML contains comments
181			*
182			* @param imageData
183			* @returns {string\|*}
184			* @private
185			*/
186			_purifySvg: function (imageData) {
187			var pureSvg = DOMPurify.sanitize(window.atob(imageData), {ADD_TAGS: ['filter']});
188			// Remove XML comment garbage left in the purified data
189			var badTag = pureSvg.indexOf(']>');
190			var fixedPureSvg = pureSvg.substring(badTag < 0 ? 0 : 5, pureSvg.length);
191			imageData = window.btoa(fixedPureSvg);
192
193			return imageData;
194			}
195
196			};
197
198			window.Thumbnails = Thumbnails;
199			})(jQuery, OC, Gallery);
200

interfasys / galleryplus

Issues (61)

Security Analysis not enabled

js/thumbnail.js (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like