Issues in URI.php (master) - Issues in master - jcheron/phalcon-jquery - Measure and Improve Code Quality continuously with Scrutinizer

Issues (277)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Ajax/php/yii/URI.php (37 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Ajax\php\yii;

class URI {

	/**
	 * List of cached uri segments
	 *
	 * @var array
	 * @access public
	 *
	 */
	var $keyval=array ();
class A {
    var $property;
}
	/**
	 * Current uri string
	 *
	 * @var string
	 * @access public
	 *
	 */
	var $uri_string;
class A {
    var $property;
}
	/**
	 * List of uri segments
	 *
	 * @var array
	 * @access public
	 *
	 */
	var $segments=array ();
class A {
    var $property;
}
	/**
	 * Re-indexed list of uri segments
	 * Starts at 1 instead of 0
	 *
	 * @var array
	 * @access public
	 *
	 */
	var $rsegments=array ();
class A {
    var $property;
}
	var $permitted_uri_chars="a-z 0-9~%.:_\-";
class A {
    var $property;
}
	var $enable_query_strings=false;
class A {
    var $property;
}

	/**
	 * | 'AUTO' Default - auto detects
	 * | 'PATH_INFO' Uses the PATH_INFO
	 * | 'QUERY_STRING' Uses the QUERY_STRING
	 * | 'REQUEST_URI' Uses the REQUEST_URI
	 * | 'ORIG_PATH_INFO' Uses the ORIG_PATH_INFO
	 */
	var $uri_protocol="AUTO";
class A {
    var $property;
}
 //

	/**
	 * Constructor
	 *
	 * Simply globalizes the $RTR object. The front
	 * loads the Router class early on so it's not available
	 * normally as other classes are.
	 *
	 * @access public
	 *
	 */
	function __construct() {

		$this->uri_string=$this->_detect_uri();
		$this->_explode_segments();
	}

	// --------------------------------------------------------------------

	/**
	 * Get the URI String
	 *
	 * @access private
	 * @return string
	 *
	 */
	function _fetch_uri_string() {
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
		$uri="";
		if ($this->uri_protocol == 'AUTO') {
			// Is the request coming from the command line?
			if (php_sapi_name() == 'cli' or defined('STDIN')) {
// Logical operators have lower precedence:
$f = false or true;

// is executed like this:
($f = false) or true;


// Boolean operators have higher precedence:
$f = false || true;

// is executed like this:
$f = (false || true);
				$this->_set_uri_string($this->_parse_cli_args());
				return;
			}

			// Let's try the REQUEST_URI first, this will work in most situations
			if ($uri=$this->_detect_uri()) {
				$this->_set_uri_string($uri);
				return;
			}

			// Is there a PATH_INFO variable?
			// Note: some servers seem to have trouble with getenv() so we'll test it two ways
			$path=(isset($_SERVER['PATH_INFO'])) ? $_SERVER['PATH_INFO'] : @getenv('PATH_INFO');
			if (trim($path, '/') != '' && $path != "/" . SELF) {
				$this->_set_uri_string($path);
				return;
			}

			// No PATH_INFO?... What about QUERY_STRING?
			$path=(isset($_SERVER['QUERY_STRING'])) ? $_SERVER['QUERY_STRING'] : @getenv('QUERY_STRING');
			if (trim($path, '/') != '') {
				$this->_set_uri_string($path);
				return;
			}

			// As a last ditch effort lets try using the $_GET array
			if (is_array($_GET) && count($_GET) == 1 && trim(key($_GET), '/') != '') {
				$this->_set_uri_string(key($_GET));
				return;
			}

			// We've exhausted all our options...
			$this->uri_string='';
			return;
		}

		if ($uri == 'REQUEST_URI') {
			$this->_set_uri_string($this->_detect_uri());
			return;
		}

		$path=(isset($_SERVER[$uri])) ? $_SERVER[$uri] : @getenv($uri);
		$this->_set_uri_string($path);
	}

	// --------------------------------------------------------------------

	/**
	 * Set the URI String
	 *
	 * @access public
	 * @param string
	 * @return string
	 *
	 */
	function _set_uri_string($str) {

		// Filter out control characters
		// $str = remove_invisible_characters($str, FALSE);


		// If the URI contains only a slash we'll kill it
		$this->uri_string=($str == '/') ? '' : $str;
	}

	// --------------------------------------------------------------------

	/**
	 * Detects the URI
	 *
	 * This function will detect the URI automatically and fix the query string
	 * if necessary.
	 *
	 * @access private
	 * @return string
	 *
	 */
	private function _detect_uri() {
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
		if (!isset($_SERVER['REQUEST_URI']) or !isset($_SERVER['SCRIPT_NAME'])) {
// Logical operators have lower precedence:
$f = false or true;

// is executed like this:
($f = false) or true;


// Boolean operators have higher precedence:
$f = false || true;

// is executed like this:
$f = (false || true);
			return '';
		}

		$uri=$_SERVER['REQUEST_URI'];
		if (strpos($uri, $_SERVER['SCRIPT_NAME']) === 0) {
			$uri=substr($uri, strlen($_SERVER['SCRIPT_NAME']));
		} elseif (strpos($uri, dirname($_SERVER['SCRIPT_NAME'])) === 0) {
			$uri=substr($uri, strlen(dirname($_SERVER['SCRIPT_NAME'])));
		}

		// This section ensures that even on servers that require the URI to be in the query string (Nginx) a correct
		// URI is found, and also fixes the QUERY_STRING server var and $_GET array.
		if (strncmp($uri, '?/', 2) === 0) {
			$uri=substr($uri, 2);
		}
		$parts=preg_split('#\?#i', $uri, 2);
		$uri=$parts[0];
		if (isset($parts[1])) {
			$_SERVER['QUERY_STRING']=$parts[1];
			parse_str($_SERVER['QUERY_STRING'], $_GET);
		} else {
			$_SERVER['QUERY_STRING']='';
			$_GET=array ();
		}

		if ($uri == '/' || empty($uri)) {
			return '/';
		}

		$uri=parse_url($uri, PHP_URL_PATH);

		// Do some final cleaning of the URI and return it
		return str_replace(array ('//','../' ), '/', trim($uri, '/'));
	}

	// --------------------------------------------------------------------

	/**
	 * Parse cli arguments
	 *
	 * Take each command line argument and assume it is a URI segment.
	 *
	 * @access private
	 * @return string
	 *
	 */
	private function _parse_cli_args() {
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
		$args=array_slice($_SERVER['argv'], 1);

		return $args ? '/' . implode('/', $args) : '';
	}

	// --------------------------------------------------------------------

	/**
	 * Filter segments for malicious characters
	 *
	 * @access private
	 * @param string
	 * @return string
	 *
	 */
	function _filter_uri($str) {

		if ($str != '' && $this->permitted_uri_chars != '' && $this->enable_query_strings == FALSE) {

			// preg_quote() in PHP 5.3 escapes -, so the str_replace() and addition of - to preg_quote() is to maintain backwards
			// compatibility as many are unaware of how characters in the permitted_uri_chars will be parsed as a regex pattern
			if (!preg_match("|^[" . str_replace(array ('\\-','\-' ), '-', preg_quote($this->permitted_uri_chars, '-')) . "]+$|i", $str)) {
				show_error('The URI you submitted has disallowed characters.', 400);
			}
		}

		// Convert programatic characters to entities
		$bad=array ('$','(',')','%28','%29' );
		$good=array ('&#36;','&#40;','&#41;','&#40;','&#41;' );

		return str_replace($bad, $good, $str);
	}

	/**
	 * Explode the URI Segments.
	 * The individual segments will
	 * be stored in the $this->segments array.
	 *
	 * @access private
	 * @return void
	 *
	 */
	function _explode_segments() {

		foreach ( explode("/", preg_replace("|/*(.+?)/*$|", "\\1", $this->uri_string)) as $val ) {
			// Filter segments for security
			$val=trim($this->_filter_uri($val));

			if ($val != '') {
				$this->segments[]=$val;
			}
		}
	}

	// --------------------------------------------------------------------
	/**
	 * Re-index Segments
	 *
	 * This function re-indexes the $this->segment array so that it
	 * starts at 1 rather than 0. Doing so makes it simpler to
	 * use functions like $this->uri->segment(n) since there is
	 * a 1:1 relationship between the segment array and the actual segments.
	 *
	 * @access private
	 * @return void
	 *
	 */
	function _reindex_segments() {

		array_unshift($this->segments, NULL);
		array_unshift($this->rsegments, NULL);
		unset($this->segments[0]);
		unset($this->rsegments[0]);
	}

	// --------------------------------------------------------------------

	/**
	 * Fetch a URI Segment
	 *
	 * This function returns the URI segment based on the number provided.
	 *
	 * @access public
	 * @param integer
	 * @param bool
	 * @return string
	 *
	 */
	function segment($n, $no_result=FALSE) {

		return (!isset($this->segments[$n])) ? $no_result : $this->segments[$n];
	}

	// --------------------------------------------------------------------

	/**
	 * Fetch a URI "routed" Segment
	 *
	 * This function returns the re-routed URI segment (assuming routing rules are used)
	 * based on the number provided. If there is no routing this function returns the
	 * same result as $this->segment()
	 *
	 * @access public
	 * @param integer
	 * @param bool
	 * @return string
	 *
	 */
	function rsegment($n, $no_result=FALSE) {

		return (!isset($this->rsegments[$n])) ? $no_result : $this->rsegments[$n];
	}

	// --------------------------------------------------------------------

	/**
	 * Generate a key value pair from the URI string
	 *
	 * This function generates and associative array of URI data starting
	 * at the supplied segment. For example, if this is your URI:
	 *
	 * example.com/user/search/name/joe/location/UK/gender/male
	 *
	 * You can use this function to generate an array with this prototype:
	 *
	 * array (
	 * name => joe
	 * location => UK
	 * gender => male
	 * )
	 *
	 * @access public
	 * @param integer the starting segment number
	 * @param array an array of default values
	 * @return array
	 *
	 */
	function uri_to_assoc($n=3, $default=array()) {

		return $this->_uri_to_assoc($n, $default, 'segment');
	}

	/**
	 * Identical to above only it uses the re-routed segment array
	 *
	 * @access public
	 * @param integer the starting segment number
	 * @param array an array of default values
	 * @return array
	 *
	 *
	 */
	function ruri_to_assoc($n=3, $default=array()) {

		return $this->_uri_to_assoc($n, $default, 'rsegment');
	}

	// --------------------------------------------------------------------

	/**
	 * Generate a key value pair from the URI string or Re-routed URI string
	 *
	 * @access private
	 * @param integer the starting segment number
	 * @param array an array of default values
	 * @param string which array we should use
	 * @return array
	 *
	 */
	function _uri_to_assoc($n=3, $default=array(), $which='segment') {

		if ($which == 'segment') {
			$total_segments='total_segments';
			$segment_array='segment_array';
		} else {
			$total_segments='total_rsegments';
			$segment_array='rsegment_array';
		}

		if (!is_numeric($n)) {
			return $default;
		}

		if (isset($this->keyval[$n])) {
			return $this->keyval[$n];
		}

		if ($this->$total_segments() < $n) {
			if (count($default) == 0) {
				return array ();
			}

			$retval=array ();
			foreach ( $default as $val ) {
				$retval[$val]=FALSE;
			}
			return $retval;
		}

		$segments=array_slice($this->$segment_array(), ($n - 1));

		$i=0;
		$lastval='';
		$retval=array ();
		foreach ( $segments as $seg ) {
			if ($i % 2) {
				$retval[$lastval]=$seg;
			} else {
				$retval[$seg]=FALSE;
				$lastval=$seg;
			}

			$i++;
		}

		if (count($default) > 0) {
			foreach ( $default as $val ) {
				if (!array_key_exists($val, $retval)) {
					$retval[$val]=FALSE;
				}
			}
		}

		// Cache the array for reuse
		$this->keyval[$n]=$retval;
		return $retval;
	}

	// --------------------------------------------------------------------

	/**
	 * Generate a URI string from an associative array
	 *
	 *
	 * @access public
	 * @param array an associative array of key/values
	 * @return array
	 *
	 */
	function assoc_to_uri($array) {

		$temp=array ();
		foreach ( ( array ) $array as $key => $val ) {
			$temp[]=$key;
			$temp[]=$val;
		}

		return implode('/', $temp);
	}

	// --------------------------------------------------------------------

	/**
	 * Fetch a URI Segment and add a trailing slash
	 *
	 * @access public
	 * @param integer
	 * @param string
	 * @return string
	 *
	 */
	function slash_segment($n, $where='trailing') {

		return $this->_slash_segment($n, $where, 'segment');
	}

	// --------------------------------------------------------------------

	/**
	 * Fetch a URI Segment and add a trailing slash
	 *
	 * @access public
	 * @param integer
	 * @param string
	 * @return string
	 *
	 */
	function slash_rsegment($n, $where='trailing') {

		return $this->_slash_segment($n, $where, 'rsegment');
	}

	// --------------------------------------------------------------------

	/**
	 * Fetch a URI Segment and add a trailing slash - helper function
	 *
	 * @access private
	 * @param integer
	 * @param string
	 * @param string
	 * @return string
	 *
	 */
	function _slash_segment($n, $where='trailing', $which='segment') {

		$leading='/';
		$trailing='/';

		if ($where == 'trailing') {
			$leading='';
		} elseif ($where == 'leading') {
			$trailing='';
		}

		return $leading . $this->$which($n) . $trailing;
	}

	// --------------------------------------------------------------------

	/**
	 * Segment Array
	 *
	 * @access public
	 * @return array
	 *
	 */
	function segment_array() {

		return $this->segments;
	}

	// --------------------------------------------------------------------

	/**
	 * Routed Segment Array
	 *
	 * @access public
	 * @return array
	 *
	 */
	function rsegment_array() {

		return $this->rsegments;
	}

	// --------------------------------------------------------------------

	/**
	 * Total number of segments
	 *
	 * @access public
	 * @return integer
	 *
	 */
	function total_segments() {

		return count($this->segments);
	}

	// --------------------------------------------------------------------

	/**
	 * Total number of routed segments
	 *
	 * @access public
	 * @return integer
	 *
	 */
	function total_rsegments() {

		return count($this->rsegments);
	}

	// --------------------------------------------------------------------

	/**
	 * Fetch the entire URI string
	 *
	 * @access public
	 * @return string
	 *
	 */
	function uri_string() {

		return $this->uri_string;
	}

	// --------------------------------------------------------------------

	/**
	 * Fetch the entire Re-routed URI string
	 *
	 * @access public
	 * @return string
	 *
	 */
	function ruri_string() {

		return '/' . implode('/', $this->rsegment_array());
	}
}
// END URI Class

Issues (277)

Security Analysis not enabled

Ajax/php/yii/URI.php (37 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Logical Operators are used for Control-Flow

Logical Operators are used for Control-Flow

jcheron / phalcon-jquery

Issues (277)

Security Analysis not enabled

Ajax/php/yii/URI.php (37 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Logical Operators are used for Control-Flow

Logical Operators are used for Control-Flow

Duplication Side-by-Side

Filter issues like