Issues in Control.php (master) - Issues in master - ipublikuj-ui/flash-messages - Measure and Improve Code Quality continuously with Scrutinizer

Issues (9)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/IPub/FlashMessages/Components/Control.php (4 issues)

Labels

Bug 4

Severity

Major 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Component.php
 *
 * @copyright      More in license.md
 * @license        https://www.ipublikuj.eu
 * @author         Adam Kadlec <[email protected]>
 * @package        iPublikuj:FlashMessages!
 * @subpackage     Components
 * @since          1.0.0
 *
 * @date           12.03.14
 */

declare(strict_types = 1);

namespace IPub\FlashMessages\Components;

use Nette\Application;
use Nette\Bridges;
use Nette\ComponentModel;
use Nette\Localization;

use IPub\FlashMessages\Entities;
use IPub\FlashMessages\Exceptions;
use IPub\FlashMessages\Storage;

/**
 * Flash messages control
 *
 * @package        iPublikuj:FlashMessages!
 * @subpackage     Components
 *
 * @author         Adam Kadlec <[email protected]>
 *
 * @property Application\UI\ITemplate $template
 */
class Control extends Application\UI\Control
{
	/**
	 * @var string
	 */
	private $templateFile;

	/**
	 * @var Storage\IStorage
	 */
	private $storage;

	/**
	 * @var Localization\ITranslator|NULL
	 */
	private $translator;

	/**
	 * @var bool
	 */
	private $useTitle = FALSE;

	/**
	 * @var bool
	 */
	private $useOverlay = FALSE;

	/**
	 * @param Localization\ITranslator|NULL $translator
	 *
	 * @return void
	 */
	public function injectTranslator(?Localization\ITranslator $translator = NULL) : void
	{
		$this->translator = $translator;
	}

	/**
	 * @param string|NULL $templateFile
	 * @param Storage\IStorage $storage
	 *
	 * @throws Exceptions\FileNotFoundException
	 */
	public function __construct(
		string $templateFile = NULL,
		Storage\IStorage $storage
	) {
		if ($templateFile !== NULL) {
			$this->setTemplateFile($templateFile);
		}

		$this->storage = $storage;

		$this->monitor(Application\UI\Presenter::class, function () {
			$this->redrawControl();
		});
	}

	/**
	 * @return void
	 */
	public function enableTitle() : void
	{
		$this->useTitle = TRUE;
	}

	/**
	 * @return void
	 */
	public function disableTitle() : void
	{
		$this->useTitle = FALSE;
	}

	/**
	 * @return void
	 */
	public function enableOverlay() : void
	{
		$this->useOverlay = TRUE;
	}

	/**
	 * @return void
	 */
	public function disableOverlay() : void
	{
		$this->useOverlay = FALSE;
	}

	/**
	 * Prepare component for rendering
	 *
	 * @return void
	 */
	public function beforeRender() : void
	{
		// Check if control has template
		if ($this->template instanceof Bridges\ApplicationLatte\Template) {
if ($x instanceof DoesNotExist) {
    // Do something.
}
			// Load messages from session
			/** @var Entities\IMessage[] $messages */
			$messages = $this->storage->get(Storage\IStorage::KEY_MESSAGES, []);

			// Assign vars to template
			$this->template->flashes = $messages ? $messages : [];
			$this->template->useTitle = $this->useTitle;
			$this->template->useOverlay = $this->useOverlay;

			// Check if translator is available
			if ($this->getTranslator() instanceof Localization\ITranslator) {
if ($x instanceof DoesNotExist) {
    // Do something.
}
				$this->template->setTranslator($this->getTranslator());
			}

			// If template was not defined before...
			if ($this->template->getFile() === NULL) {
				// ...try to get base component template file
				$templateFile = !empty($this->templateFile) ? $this->templateFile : __DIR__ . DIRECTORY_SEPARATOR . 'template' . DIRECTORY_SEPARATOR . 'default' . DIRECTORY_SEPARATOR . 'default.latte';
				$this->template->setFile($templateFile);
			}
		}
	}

	/**
	 * Render control
	 *
	 * @return void
	 */
	public function render() : void
	{
		// Check if control has template
		if ($this->template instanceof Bridges\ApplicationLatte\Template) {
if ($x instanceof DoesNotExist) {
    // Do something.
}
			$this->beforeRender();

			// Render component template
			$this->template->render();

		} else {
			throw new Exceptions\InvalidStateException('Flash messages control is without template.');
		}
	}

	/**
	 * Change default control template path
	 *
	 * @param string $templateFile
	 *
	 * @return void
	 *
	 * @throws Exceptions\FileNotFoundException
	 */
	public function setTemplateFile(string $templateFile) : void
	{
		// Check if template file exists...
		if (!is_file($templateFile)) {
			// Get component actual dir
			$dir = dirname($this->getReflection()->getFileName());

			$templateName = preg_replace('/.latte/', '', $templateFile);

			// ...check if extension template is used
			if (is_file($dir . DIRECTORY_SEPARATOR . 'template' . DIRECTORY_SEPARATOR . $templateName . DIRECTORY_SEPARATOR . 'default.latte')) {
				$templateFile = $dir . DIRECTORY_SEPARATOR . 'template' . DIRECTORY_SEPARATOR . $templateName . DIRECTORY_SEPARATOR . 'default.latte';

			} else {
				// ...if not throw exception
				throw new Exceptions\FileNotFoundException(sprintf('Template file "%s" was not found.', $templateFile));
			}
		}

		$this->templateFile = $templateFile;
	}

	/**
	 * @param Localization\ITranslator $translator
	 *
	 * @return void
	 */
	public function setTranslator(Localization\ITranslator $translator) : void
	{
		$this->translator = $translator;
	}

	/**
	 * @return Localization\ITranslator|NULL
	 */
	public function getTranslator() : ?Localization\ITranslator
	{
		if ($this->translator instanceof Localization\ITranslator) {
if ($x instanceof DoesNotExist) {
    // Do something.
}
			return $this->translator;
		}

		return NULL;
	}
}


Issues (9)

Security Analysis no request data

src/IPub/FlashMessages/Components/Control.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Missing dependencies

2. Missing use statement

1. Missing dependencies

2. Missing use statement

1. Missing dependencies

2. Missing use statement

1. Missing dependencies

2. Missing use statement

1		<?php
2		/**
3		* Component.php
4		*
5		* @copyright More in license.md
6		* @license https://www.ipublikuj.eu
7		* @author Adam Kadlec <[email protected]>
8		* @package iPublikuj:FlashMessages!
9		* @subpackage Components
10		* @since 1.0.0
11		*
12		* @date 12.03.14
13		*/
14
15		declare(strict_types = 1);
16
17		namespace IPub\FlashMessages\Components;
18
19		use Nette\Application;
20		use Nette\Bridges;
21		use Nette\ComponentModel;
22		use Nette\Localization;
23
24		use IPub\FlashMessages\Entities;
25		use IPub\FlashMessages\Exceptions;
26		use IPub\FlashMessages\Storage;
27
28		/**
29		* Flash messages control
30		*
31		* @package iPublikuj:FlashMessages!
32		* @subpackage Components
33		*
34		* @author Adam Kadlec <[email protected]>
35		*
36		* @property Application\UI\ITemplate $template
37		*/
38	1	class Control extends Application\UI\Control
39		{
40		/**
41		* @var string
42		*/
43		private $templateFile;
44
45		/**
46		* @var Storage\IStorage
47		*/
48		private $storage;
49
50		/**
51		* @var Localization\ITranslator\|NULL
52		*/
53		private $translator;
54
55		/**
56		* @var bool
57		*/
58		private $useTitle = FALSE;
59
60		/**
61		* @var bool
62		*/
63		private $useOverlay = FALSE;
64
65		/**
66		* @param Localization\ITranslator\|NULL $translator
67		*
68		* @return void
69		*/
70		public function injectTranslator(?Localization\ITranslator $translator = NULL) : void
71		{
72		$this->translator = $translator;
73		}
74
75		/**
76		* @param string\|NULL $templateFile
77		* @param Storage\IStorage $storage
78		*
79		* @throws Exceptions\FileNotFoundException
80		*/
81		public function __construct(
82		string $templateFile = NULL,
83		Storage\IStorage $storage
84		) {
85	1	if ($templateFile !== NULL) {
86		$this->setTemplateFile($templateFile);
87		}
88
89	1	$this->storage = $storage;
90
91	1	$this->monitor(Application\UI\Presenter::class, function () {
92	1	$this->redrawControl();
93	1	});
94	1	}
95
96		/**
97		* @return void
98		*/
99		public function enableTitle() : void
100		{
101	1	$this->useTitle = TRUE;
102	1	}
103
104		/**
105		* @return void
106		*/
107		public function disableTitle() : void
108		{
109	1	$this->useTitle = FALSE;
110	1	}
111
112		/**
113		* @return void
114		*/
115		public function enableOverlay() : void
116		{
117	1	$this->useOverlay = TRUE;
118	1	}
119
120		/**
121		* @return void
122		*/
123		public function disableOverlay() : void
124		{
125	1	$this->useOverlay = FALSE;
126	1	}
127
128		/**
129		* Prepare component for rendering
130		*
131		* @return void
132		*/
133		public function beforeRender() : void
134		{
135		// Check if control has template
136	1	if ($this->template instanceof Bridges\ApplicationLatte\Template) {
		0 ignored issues – show Bug introduced 2018-01-09 07:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `Nette\Bridges\ApplicationLatte\Template` does not exist. Did you forget a USE statement, or did you not list all dependencies? This error could be the result of: 1. Missing dependencies PHP Analyzer uses your `composer.json` file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects the `composer.json` to be in the root folder of your repository. Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the `require` or `require-dev` section? 2. Missing use statement PHP does not complain about undefined classes in `ìnstanceof` checks. For example, the following PHP code will work perfectly fine: if ($x instanceof DoesNotExist) { // Do something. } If you have not tested against this specific condition, such errors might go unnoticed. Loading history...
137		// Load messages from session
138		/** @var Entities\IMessage[] $messages */
139	1	$messages = $this->storage->get(Storage\IStorage::KEY_MESSAGES, []);
140
141		// Assign vars to template
142	1	$this->template->flashes = $messages ? $messages : [];
143	1	$this->template->useTitle = $this->useTitle;
144	1	$this->template->useOverlay = $this->useOverlay;
145
146		// Check if translator is available
147	1	if ($this->getTranslator() instanceof Localization\ITranslator) {
		0 ignored issues – show Bug introduced 2018-01-09 07:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `Nette\Localization\ITranslator` does not exist. Did you forget a USE statement, or did you not list all dependencies? This error could be the result of: 1. Missing dependencies PHP Analyzer uses your `composer.json` file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects the `composer.json` to be in the root folder of your repository. Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the `require` or `require-dev` section? 2. Missing use statement PHP does not complain about undefined classes in `ìnstanceof` checks. For example, the following PHP code will work perfectly fine: if ($x instanceof DoesNotExist) { // Do something. } If you have not tested against this specific condition, such errors might go unnoticed. Loading history...
148		$this->template->setTranslator($this->getTranslator());
149		}
150
151		// If template was not defined before...
152	1	if ($this->template->getFile() === NULL) {
153		// ...try to get base component template file
154	1	$templateFile = !empty($this->templateFile) ? $this->templateFile : __DIR__ . DIRECTORY_SEPARATOR . 'template' . DIRECTORY_SEPARATOR . 'default' . DIRECTORY_SEPARATOR . 'default.latte';
155	1	$this->template->setFile($templateFile);
156		}
157		}
158	1	}
159
160		/**
161		* Render control
162		*
163		* @return void
164		*/
165		public function render() : void
166		{
167		// Check if control has template
168	1	if ($this->template instanceof Bridges\ApplicationLatte\Template) {
		0 ignored issues – show Bug introduced 2018-01-09 07:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `Nette\Bridges\ApplicationLatte\Template` does not exist. Did you forget a USE statement, or did you not list all dependencies? This error could be the result of: 1. Missing dependencies PHP Analyzer uses your `composer.json` file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects the `composer.json` to be in the root folder of your repository. Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the `require` or `require-dev` section? 2. Missing use statement PHP does not complain about undefined classes in `ìnstanceof` checks. For example, the following PHP code will work perfectly fine: if ($x instanceof DoesNotExist) { // Do something. } If you have not tested against this specific condition, such errors might go unnoticed. Loading history...
169	1	$this->beforeRender();
170
171		// Render component template
172	1	$this->template->render();
173
174		} else {
175		throw new Exceptions\InvalidStateException('Flash messages control is without template.');
176		}
177	1	}
178
179		/**
180		* Change default control template path
181		*
182		* @param string $templateFile
183		*
184		* @return void
185		*
186		* @throws Exceptions\FileNotFoundException
187		*/
188		public function setTemplateFile(string $templateFile) : void
189		{
190		// Check if template file exists...
191	1	if (!is_file($templateFile)) {
192		// Get component actual dir
193	1	$dir = dirname($this->getReflection()->getFileName());
194
195	1	$templateName = preg_replace('/.latte/', '', $templateFile);
196
197		// ...check if extension template is used
198	1	if (is_file($dir . DIRECTORY_SEPARATOR . 'template' . DIRECTORY_SEPARATOR . $templateName . DIRECTORY_SEPARATOR . 'default.latte')) {
199	1	$templateFile = $dir . DIRECTORY_SEPARATOR . 'template' . DIRECTORY_SEPARATOR . $templateName . DIRECTORY_SEPARATOR . 'default.latte';
200
201		} else {
202		// ...if not throw exception
203	1	throw new Exceptions\FileNotFoundException(sprintf('Template file "%s" was not found.', $templateFile));
204		}
205		}
206
207	1	$this->templateFile = $templateFile;
208	1	}
209
210		/**
211		* @param Localization\ITranslator $translator
212		*
213		* @return void
214		*/
215		public function setTranslator(Localization\ITranslator $translator) : void
216		{
217		$this->translator = $translator;
218		}
219
220		/**
221		* @return Localization\ITranslator\|NULL
222		*/
223		public function getTranslator() : ?Localization\ITranslator
224		{
225	1	if ($this->translator instanceof Localization\ITranslator) {
		0 ignored issues – show Bug introduced 2018-01-09 07:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `Nette\Localization\ITranslator` does not exist. Did you forget a USE statement, or did you not list all dependencies? This error could be the result of: 1. Missing dependencies PHP Analyzer uses your `composer.json` file (if available) to determine the dependencies of your project and to determine all the available classes and functions. It expects the `composer.json` to be in the root folder of your repository. Are you sure this class is defined by one of your dependencies, or did you maybe not list a dependency in either the `require` or `require-dev` section? 2. Missing use statement PHP does not complain about undefined classes in `ìnstanceof` checks. For example, the following PHP code will work perfectly fine: if ($x instanceof DoesNotExist) { // Do something. } If you have not tested against this specific condition, such errors might go unnoticed. Loading history...
226		return $this->translator;
227		}
228
229	1	return NULL;
230		}
231		}
232

ipublikuj-ui / flash-messages

Issues (9)

Security Analysis no request data

src/IPub/FlashMessages/Components/Control.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1. Missing dependencies

2. Missing use statement

1. Missing dependencies

2. Missing use statement

1. Missing dependencies

2. Missing use statement

1. Missing dependencies

2. Missing use statement

Duplication Side-by-Side

Filter issues like