Issues in Main.php (master) - Issues in master - intraface/intraface.dk - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4714)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Intraface/Main.php (2 issues)

Labels

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 *
 *
 * @author  Sune Jensen <[email protected]>
 * @author  Lars Olesen <[email protected]>
 *
 * @example MainExample.php
 */
abstract class Intraface_Main
{
    public $menu_label = '';
    public $active = 0;
    public $menu_index = 0;
    public $sub_access = array();
    public $sub_access_description = array();
    public $module_name = '';
    public $all_has_access = 0;
    protected $show_menu = 0;
    protected $frontpage_index = 0;
    protected $submenu = array();
    protected $preload_file = array();
    protected $dependent_module = array();
    protected $required_shared = array();
    protected $setting = array();
    protected $controlpanel_files = array();
    protected $frontpage_files = array();
    protected $shared = false;
    private $translation; // @todo used for what

    private $kernel; // @todo used for what
    protected $required = 0;

    /**
     * Loads stuff about the module. Kernel runs it
     *
     * @return void
     */
    function load($kernel)
    {
        // Inkluder preload filerne
        // @todo kernel is as far as I can tell only used here.
        //       therefore it should be made local
        $this->kernel = $kernel;

        if (is_array($this->required_shared) && count($this->required_shared) > 0) {
            foreach ($this->required_shared as $shared_name) {
                $this->kernel->useShared($shared_name);
            }
        }

        foreach ($this->preload_file as $file) {
            $this->includeFile($file);
        }
    }

    /**
     * Denne funktion bruges af MainModulnavn.php til at fort�lle, hvor includefilen til
     * det enkelte modul ligger.
     *
     * @param string $filename
     *
     * @return void
     */
    function addFrontpageFile($filename)
    {
        $this->frontpage_files[] = $filename;
    }

    /**
     * Gets files to use on the frontpage
     *
     * @return array
     */
    function getFrontpageFiles()
    {
        return $this->frontpage_files;
    }

    /**
     * Gets files to use on the frontpage
     *
     * @param string $title Title
     * @param string $url   Url
     *
     * @return array
     */
    function addControlpanelFile($title, $url)
    {
        $this->controlpanel_files[] = array(
            'title' => $title,
            'url' => $url
        );
    }

    /**
     * Gets files to use on the frontpage
     *
     * @return array
     */
    function getControlpanelFiles()
    {
        return $this->controlpanel_files;
    }

    /**
     * Adds a submenu item
     *
     * @param string $label
     * @param string $url
     * @param string $sub_access @todo is this correct?
     *
     * @return void
     */
    function addSubmenuItem($label, $url, $sub_access = '')
    {
        $i = count($this->submenu);
        $this->submenu[$i]['label'] = $label;
        $this->submenu[$i]['url'] = $url;
        $this->submenu[$i]['sub_access'] = $sub_access;
    }

    /**
     * @return array
     */
    function getSubmenu()
    {
        return($this->submenu);
    }

    /**
     * @param string $name
     * @param string $description
     *
     * @return void
     */
    function addSubAccessItem($name, $description)
    {
        array_push($this->sub_access, $name);
        array_push($this->sub_access_description, $description);
    }

    /**
     * @param string $file
     *
     * @return void
     */
    function addPreloadFile($file)
    {
        $this->preload_file[] = $file;
    }

    /**
     * Bruges til at inkludere fil
     *
     * @param string $file @todo name or?
     *
     * @return boolean
     */
    function includeFile($file)
    {
        // @todo constant should be removed
        $file = PATH_INCLUDE_MODULE . $this->module_name . '/' . $file;
        if (!file_exists($file)) {
            return false;
        }
        require_once($file);
        return true;
    }

    /**
     * Inkluderer automatisk et andet modul. Man skal dog have adgang til det andet modul.
     *
     * @param string $module
     */
    function addDependentModule($module)
    {
        $this->dependent_module[] = $module;
    }

    /**
     * @return array
     */
    function getDependentModules()
    {
        return $this->dependent_module;
    }

    /**
     * Giver mulighed for at inkludere shared der skal benyttes overalt i modullet.
     *
     * @param string $shared @todo is this correct
     *
     * @return void
     */
    function addRequiredShared($shared)
    {
        $this->required_shared[] = $shared;
    }

    /**
     *
     * @return array
     */
    function getRequiredShared()
    {
        return $this->required_shared;
    }

    /**
     * @todo problem med at denne er globaliseret
     *
     * @param string $file @todo is this correct
     *
     * @return void
     */
    function includeSettingFile($file)
    {
        // @todo global should be removed
        global $_setting; // globalized other places also
function myFunction($a, $b) {
    // Do something
}

        include(dirname(__FILE__). '/modules/' .$this->module_name.'/'.$file);
    }

    /**
     * Returns the www path for the modules; always ends on a slash
     *
     * @return string
     */
    public function getPath()
    {
        return PATH_WWW . 'restricted/module/' . $this->module_name . '/';
    }

    /**
     * @param string $key
     * @param string $value
     *
     * @return void
     */
    function addSetting($key, $value)
    {
        $this->setting[$key] = $value;
    }

    /**
     * @param string $key
     *
     * @return string
     */
    function getSetting($key)
    {
        if (isset($this->setting[$key])) {
            return $this->setting[$key];
        }
    }

    /**
     * @return string
     */
    function getName()
    {
        return $this->module_name;
    }

    /**
     * @return integer
     */
    function getId()
    {
        $db = new DB_Sql;
        $db->query("SELECT id FROM module WHERE name = '".$this->module_name."'");
        if ($db->nextRecord()) {
            return $db->f('id');
        }
        return 0;
    }

    function getShowMenu()
    {
        return $this->show_menu;
    }

    function getFrontpageIndex()
    {
        return $this->show_menu;
    }

    function getMenuLabel()
    {
        return $this->menu_label;
    }

    function getMenuIndex()
    {
        return $this->menu_index;
    }

    function isActive()
    {
        return $this->active;
    }

    function isShared()
    {
        return $this->shared;
    }

    function isRequired()
    {
        return $this->required;
    }
}


Issues (4714)

Security Analysis not enabled

src/Intraface/Main.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

1		<?php
2		/**
3		*
4		*
5		* @author Sune Jensen <[email protected]>
6		* @author Lars Olesen <[email protected]>
7		*
8		* @example MainExample.php
9		*/
10		abstract class Intraface_Main
11		{
12		public $menu_label = '';
13		public $active = 0;
14		public $menu_index = 0;
15		public $sub_access = array();
16		public $sub_access_description = array();
17		public $module_name = '';
18		public $all_has_access = 0;
19		protected $show_menu = 0;
20		protected $frontpage_index = 0;
21		protected $submenu = array();
22		protected $preload_file = array();
23		protected $dependent_module = array();
24		protected $required_shared = array();
25		protected $setting = array();
26		protected $controlpanel_files = array();
27		protected $frontpage_files = array();
28		protected $shared = false;
29		private $translation; // @todo used for what
		0 ignored issues – show Unused Code introduced 2016-04-20 07:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$translation` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
30		private $kernel; // @todo used for what
31		protected $required = 0;
32
33		/**
34		* Loads stuff about the module. Kernel runs it
35		*
36		* @return void
37		*/
38	85	function load($kernel)
39		{
40		// Inkluder preload filerne
41		// @todo kernel is as far as I can tell only used here.
42		// therefore it should be made local
43	85	$this->kernel = $kernel;
44
45	85	if (is_array($this->required_shared) && count($this->required_shared) > 0) {
46	54	foreach ($this->required_shared as $shared_name) {
47	54	$this->kernel->useShared($shared_name);
48	54	}
49	54	}
50
51	85	foreach ($this->preload_file as $file) {
52	85	$this->includeFile($file);
53	85	}
54	85	}
55
56		/**
57		* Denne funktion bruges af MainModulnavn.php til at fort�lle, hvor includefilen til
58		* det enkelte modul ligger.
59		*
60		* @param string $filename
61		*
62		* @return void
63		*/
64	70	function addFrontpageFile($filename)
65		{
66	70	$this->frontpage_files[] = $filename;
67	70	}
68
69		/**
70		* Gets files to use on the frontpage
71		*
72		* @return array
73		*/
74		function getFrontpageFiles()
75		{
76		return $this->frontpage_files;
77		}
78
79		/**
80		* Gets files to use on the frontpage
81		*
82		* @param string $title Title
83		* @param string $url Url
84		*
85		* @return array
86		*/
87	55	function addControlpanelFile($title, $url)
88		{
89	55	$this->controlpanel_files[] = array(
90	55	'title' => $title,
91		'url' => $url
92	55	);
93	55	}
94
95		/**
96		* Gets files to use on the frontpage
97		*
98		* @return array
99		*/
100		function getControlpanelFiles()
101		{
102		return $this->controlpanel_files;
103		}
104
105		/**
106		* Adds a submenu item
107		*
108		* @param string $label
109		* @param string $url
110		* @param string $sub_access @todo is this correct?
111		*
112		* @return void
113		*/
114	86	function addSubmenuItem($label, $url, $sub_access = '')
115		{
116	86	$i = count($this->submenu);
117	86	$this->submenu[$i]['label'] = $label;
118	86	$this->submenu[$i]['url'] = $url;
119	86	$this->submenu[$i]['sub_access'] = $sub_access;
120	86	}
121
122		/**
123		* @return array
124		*/
125		function getSubmenu()
126		{
127		return($this->submenu);
128		}
129
130		/**
131		* @param string $name
132		* @param string $description
133		*
134		* @return void
135		*/
136	44	function addSubAccessItem($name, $description)
137		{
138	44	array_push($this->sub_access, $name);
139	44	array_push($this->sub_access_description, $description);
140	44	}
141
142		/**
143		* @param string $file
144		*
145		* @return void
146		*/
147	105	function addPreloadFile($file)
148		{
149	105	$this->preload_file[] = $file;
150	105	}
151
152		/**
153		* Bruges til at inkludere fil
154		*
155		* @param string $file @todo name or?
156		*
157		* @return boolean
158		*/
159	85	function includeFile($file)
160		{
161		// @todo constant should be removed
162	85	$file = PATH_INCLUDE_MODULE . $this->module_name . '/' . $file;
163	85	if (!file_exists($file)) {
164		return false;
165		}
166	85	require_once($file);
167	85	return true;
168		}
169
170		/**
171		* Inkluderer automatisk et andet modul. Man skal dog have adgang til det andet modul.
172		*
173		* @param string $module
174		*/
175	53	function addDependentModule($module)
176		{
177	53	$this->dependent_module[] = $module;
178	53	}
179
180		/**
181		* @return array
182		*/
183	27	function getDependentModules()
184		{
185	27	return $this->dependent_module;
186		}
187
188		/**
189		* Giver mulighed for at inkludere shared der skal benyttes overalt i modullet.
190		*
191		* @param string $shared @todo is this correct
192		*
193		* @return void
194		*/
195	73	function addRequiredShared($shared)
196		{
197	73	$this->required_shared[] = $shared;
198	73	}
199
200		/**
201		*
202		* @return array
203		*/
204		function getRequiredShared()
205		{
206		return $this->required_shared;
207		}
208
209		/**
210		* @todo problem med at denne er globaliseret
211		*
212		* @param string $file @todo is this correct
213		*
214		* @return void
215		*/
216	98	function includeSettingFile($file)
217		{
218		// @todo global should be removed
219	98	global $_setting; // globalized other places also
		0 ignored issues – show Compatibility Best Practice introduced 2016-04-20 09:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this Use of `global` functionality is not recommended; it makes your code harder to test, and less reusable. Instead of relying on `global` state, we recommend one of these alternatives: 1. Pass all data via parameters function myFunction($a, $b) { // Do something } 2. Create a class that maintains your state class MyClass { private $a; private $b; public function __construct($a, $b) { $this->a = $a; $this->b = $b; } public function myFunction() { // Do something } } Loading history...
220
221	98	include(dirname(__FILE__). '/modules/' .$this->module_name.'/'.$file);
222	98	}
223
224		/**
225		* Returns the www path for the modules; always ends on a slash
226		*
227		* @return string
228		*/
229		public function getPath()
230		{
231		return PATH_WWW . 'restricted/module/' . $this->module_name . '/';
232		}
233
234		/**
235		* @param string $key
236		* @param string $value
237		*
238		* @return void
239		*/
240	77	function addSetting($key, $value)
241		{
242	77	$this->setting[$key] = $value;
243	77	}
244
245		/**
246		* @param string $key
247		*
248		* @return string
249		*/
250	24	function getSetting($key)
251		{
252	24	if (isset($this->setting[$key])) {
253	24	return $this->setting[$key];
254		}
255		}
256
257		/**
258		* @return string
259		*/
260	5	function getName()
261		{
262	5	return $this->module_name;
263		}
264
265		/**
266		* @return integer
267		*/
268		function getId()
269		{
270		$db = new DB_Sql;
271		$db->query("SELECT id FROM module WHERE name = '".$this->module_name."'");
272		if ($db->nextRecord()) {
273		return $db->f('id');
274		}
275		return 0;
276		}
277
278	20	function getShowMenu()
279		{
280	20	return $this->show_menu;
281		}
282
283	20	function getFrontpageIndex()
284		{
285	20	return $this->show_menu;
286		}
287
288	20	function getMenuLabel()
289		{
290	20	return $this->menu_label;
291		}
292
293	20	function getMenuIndex()
294		{
295	20	return $this->menu_index;
296		}
297
298	20	function isActive()
299		{
300	20	return $this->active;
301		}
302
303	5	function isShared()
304		{
305	5	return $this->shared;
306		}
307
308	20	function isRequired()
309		{
310	20	return $this->required;
311		}
312		}
313

intraface / intraface.dk

Issues (4714)

Security Analysis not enabled

src/Intraface/Main.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Pass all data via parameters

2. Create a class that maintains your state

Duplication Side-by-Side

Filter issues like