Issues in generateMonthlyBilling.php (master) - Issues in master - laudeco/bbc-dolibarr-flightlog - Measure and Improve Code Quality continuously with Scrutinizer

Issues (188)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

generateMonthlyBilling.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

De Coninck Laurent 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * When a user generates the expense report for all pilots
 */
define("EXPENSE_REPORT_GENERATOR_ACTION_GENERATE", "generate");

/**
 * When a user changes dates (year / Month)
 */
define("EXPENSE_REPORT_GENERATOR_ACTION_CHANGE_DATES", "refresh");

/**
 * \file    generateExpenseNote.php
 * \ingroup flightlog
 * \brief   Generate expense notes for a quartil
 *
 */

// Load Dolibarr environment
if (false === (@include '../main.inc.php')) {  // From htdocs directory
    require '../../documents/custom/main.inc.php'; // From "custom" directory
}

dol_include_once('/flightlog/command/CommandHandler.php');
dol_include_once('/flightlog/command/CommandInterface.php');
dol_include_once('/flightlog/command/CreateMonthBillCommand.php');
dol_include_once('/flightlog/command/CreateMonthBillCommandHandler.php');
dol_include_once('/compta/facture/class/facture.class.php');
dol_include_once('/adherents/class/adherent.class.php');
dol_include_once("/flightlog/lib/flightLog.lib.php");
dol_include_once("/flightlog/class/bbctypes.class.php");
dol_include_once("/product/class/product.class.php");
dol_include_once('/core/modules/facture/modules_facture.php');
dol_include_once('/flightlog/query/MonthlyBillableQuery.php');
dol_include_once('/flightlog/query/MonthlyBillableQueryHandler.php');

global $db, $langs, $user, $conf;

//variables
$currentYear = date('Y');
$currentMonth = date('m');

// Load translation files required by the page
$langs->load("mymodule@mymodule");
$langs->load("trips");
$langs->load("bills");

// Get parameters
$id = GETPOST('id', 'int');
$action = GETPOST('action', 'alpha');
$year = GETPOST('year', 'int', 3) ?: $currentYear;
$month = GETPOST('month', 'int', 3) ?: $currentMonth - 1;

//post parameters
$publicNote = GETPOST('public_note', 'alpha', 2);
$privateNote = GETPOST('private_note', 'alpha', 2);
$type = GETPOST("type", "int", 3);

//Query
$queryHandler = new MonthlyBillableQueryHandler($db, $conf->global);
$query = new MonthlyBillableQuery($month, $year);
$queryResult = $queryHandler->__invoke($query);

$handler = new CreateMonthBillCommandHandler($db, $conf->global, $user, $langs);

//pdf
$hidedetails = (GETPOST('hidedetails', 'int') ? GETPOST('hidedetails',
    'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 1 : 0));
$hidedesc = (GETPOST('hidedesc', 'int') ? GETPOST('hidedesc',
    'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 1 : 0));
$hideref = (GETPOST('hideref', 'int') ? GETPOST('hideref',
    'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 1 : 0));

//service

// Access control
if (!$conf->facture->enabled || !$user->rights->flightlog->vol->status || !$user->rights->flightlog->vol->financialGenerateDocuments) {

    accessforbidden();
}

// Default action
if (empty($action)) {
    $action = EXPENSE_REPORT_GENERATOR_ACTION_SELECT;
}

llxHeader('', $langs->trans('Generate billing'), '');
print load_fiche_titre("Générer factures pilote");
print '<div class="bbc-style">';

/*
 * ACTIONS
 *
 * Put here all code to do according to value of "action" parameter
 */
if ($action == EXPENSE_REPORT_GENERATOR_ACTION_GENERATE) {

    try {

        $command = new CreateMonthBillCommand( $type, $publicNote, $privateNote, $year, $month);
        $handler->handle($command);
        dol_htmloutput_mesg('Génération : OK');
    } catch (Exception $e) {
        dol_syslog($e->getMessage(), LOG_ERR);
        dol_htmloutput_mesg('Erreur pendant la génération.', '', 'error');
    }

}

/*
 * VIEW
 *
 * Put here all code to build page
 */

$form = new Form($db);

?>
    <section class="section">
        <h2 class="section-title"><?php echo $langs->trans('Période'); ?></h2>

        <form class="form-inline flight-form" method="POST">
            <section class="form-section">
                <input type="hidden" name="action" value="<?php echo EXPENSE_REPORT_GENERATOR_ACTION_CHANGE_DATES ?>">

                <!-- Year -->
                <div class="form-group">
                    <label><?php echo $langs->trans('Année') ?></label>
                    <select name="year">
                        <?php for ($selectYearOption = $currentYear; $selectYearOption >= $currentYear - 6; $selectYearOption--): ?>
                            <option value="<?php echo $selectYearOption; ?>" <?php echo $selectYearOption == $year ? 'selected' : '' ?>><?php echo $selectYearOption; ?></option>
                        <?php endfor; ?>
                    </select>
                </div>

                <!-- Year -->
                <div class="form-group">
                    <label><?php echo $langs->trans('Mois') ?></label>
                    <select name="month">
                        <?php for ($selectMonthOption = 1; $selectMonthOption <= 12; $selectMonthOption++): ?>
                            <option value="<?php echo $selectMonthOption; ?>" <?php echo $selectMonthOption == $month ? 'selected' : '' ?>><?php echo $selectMonthOption; ?></option>
                        <?php endfor; ?>
                    </select>
                </div>
            </section>

            <button class="butAction" type="submit"><?php echo $langs->trans('refresh'); ?></button>
        </form>
    </section>

    <section class="section">
        <h2 class="section-title"><?php echo $langs->trans('Generation des factures') ?></h2>

        <div>
            <p>
                <?php echo $langs->trans("Comprends les vols non facturés pour le mois demandé."); ?>
            </p>
        </div>

        <form action="#" method="POST">

            <!-- action -->
            <input type="hidden" name="action" value="<?php echo EXPENSE_REPORT_GENERATOR_ACTION_GENERATE ?>">
            <input type="hidden" name="month" value="<?php echo $month ?>">
            <input type="hidden" name="year" value="<?php echo $year ?>">

            <table class="border _width50">
                <thead>
                <tr>
                    <td><?php echo $langs->trans('pilote'); ?></td>
                    <td><?php echo $langs->trans('Nombre de vols'); ?></td>
                    <td><?php echo $langs->trans('Montant'); ?></td>
                    <td><?php echo $langs->trans('Moyenne / passager'); ?></td>
                </tr>
                </thead>

                <tbody>
                <?php if ($queryResult->isEmpty()): ?>
                    <tr>
                        <td colspan="4" class="_alignCenter _info"><?php echo $langs->trans('Nous n\'avons pas trouvé de vol pour la période demandée.'); ?></td>
                    </tr>
                <?php endif; ?>
                <?php foreach ($queryResult->getFlights() as $monthlyFlightBill): ?>
                    <tr>
                        <td><?php echo $monthlyFlightBill->getReceiver(); ?></td>
                        <td><?php echo $monthlyFlightBill->getFlightsCount(); ?></td>
                        <td class="_alignRight"><?php echo price($monthlyFlightBill->getTotal(), 0, '', 1, 1); ?>€</td>
                        <td class="_alignRight"><?php echo price($monthlyFlightBill->getAverageByPax(), 0, '', 1, 1); ?>€</td>
                    </tr>
                <?php endforeach; ?>
                </tbody>
            </table>


            <!-- Bill type -->
            <label><?= $langs->trans("Type de facture"); ?></label><br/>
            <input type="radio" id="radio_standard" name="type" value="0" checked="checked"/>
            <?= $form->textwithpicto($langs->trans("InvoiceStandardAsk"),
                $langs->transnoentities("InvoiceStandardDesc"), 1,
                'help', '', 0, 3) ?>
            <br/>
            <br/>

            <!-- Public note -->
            <label><?= $langs->trans("Note publique (commune à toutes les factures)"); ?></label><br/>
            <textarea name="public_note" wrap="soft" class="quatrevingtpercent" rows="2"></textarea>
            <br/>
            <br/>

            <!-- Private note -->
            <label><?= $langs->trans("Note privée (commune à toutes les factures)"); ?></label><br/>
            <textarea name="private_note" wrap="soft" class="quatrevingtpercent" rows="2"></textarea>
            <br/>

            <?php if ($queryResult->isEmpty() || $year > $currentYear || ($year == $currentYear && $month >= $currentMonth)) : ?>
                <p class="warning">
                    <?php echo $langs->trans('La periode demandée n\'est pas cloturée.') ?>
                </p>
                <a class="butActionRefused" href="#">Générer</a>
            <?php else: ?>
                <button class="butAction" type="submit">Générer</button>
            <?php endif; ?>

        </form>
    </section>
    </div>
    <!-- end bbc style -->
<?php
llxFooter();

1		<?php
2		/**
3		* When a user generates the expense report for all pilots
4		*/
5		define("EXPENSE_REPORT_GENERATOR_ACTION_GENERATE", "generate");
6
7		/**
8		* When a user changes dates (year / Month)
9		*/
10		define("EXPENSE_REPORT_GENERATOR_ACTION_CHANGE_DATES", "refresh");
11
12		/**
13		* \file generateExpenseNote.php
14		* \ingroup flightlog
15		* \brief Generate expense notes for a quartil
16		*
17		*/
18
19		// Load Dolibarr environment
20		if (false === (@include '../main.inc.php')) { // From htdocs directory
21		require '../../documents/custom/main.inc.php'; // From "custom" directory
22		}
23
24		dol_include_once('/flightlog/command/CommandHandler.php');
25		dol_include_once('/flightlog/command/CommandInterface.php');
26		dol_include_once('/flightlog/command/CreateMonthBillCommand.php');
27		dol_include_once('/flightlog/command/CreateMonthBillCommandHandler.php');
28		dol_include_once('/compta/facture/class/facture.class.php');
29		dol_include_once('/adherents/class/adherent.class.php');
30		dol_include_once("/flightlog/lib/flightLog.lib.php");
31		dol_include_once("/flightlog/class/bbctypes.class.php");
32		dol_include_once("/product/class/product.class.php");
33		dol_include_once('/core/modules/facture/modules_facture.php');
34		dol_include_once('/flightlog/query/MonthlyBillableQuery.php');
35		dol_include_once('/flightlog/query/MonthlyBillableQueryHandler.php');
36
37		global $db, $langs, $user, $conf;
38
39		//variables
40		$currentYear = date('Y');
41		$currentMonth = date('m');
42
43		// Load translation files required by the page
44		$langs->load("mymodule@mymodule");
45		$langs->load("trips");
46		$langs->load("bills");
47
48		// Get parameters
49		$id = GETPOST('id', 'int');
50		$action = GETPOST('action', 'alpha');
51		$year = GETPOST('year', 'int', 3) ?: $currentYear;
52		$month = GETPOST('month', 'int', 3) ?: $currentMonth - 1;
53
54		//post parameters
55		$publicNote = GETPOST('public_note', 'alpha', 2);
56		$privateNote = GETPOST('private_note', 'alpha', 2);
57		$type = GETPOST("type", "int", 3);
58
59		//Query
60		$queryHandler = new MonthlyBillableQueryHandler($db, $conf->global);
61		$query = new MonthlyBillableQuery($month, $year);
62		$queryResult = $queryHandler->__invoke($query);
63
64		$handler = new CreateMonthBillCommandHandler($db, $conf->global, $user, $langs);
65
66		//pdf
67		$hidedetails = (GETPOST('hidedetails', 'int') ? GETPOST('hidedetails',
68		'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DETAILS) ? 1 : 0));
69		$hidedesc = (GETPOST('hidedesc', 'int') ? GETPOST('hidedesc',
70		'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_DESC) ? 1 : 0));
71		$hideref = (GETPOST('hideref', 'int') ? GETPOST('hideref',
72		'int') : (!empty($conf->global->MAIN_GENERATE_DOCUMENTS_HIDE_REF) ? 1 : 0));
73
74		//service
75
76		// Access control
77	View Code Duplication	if (!$conf->facture->enabled \|\| !$user->rights->flightlog->vol->status \|\| !$user->rights->flightlog->vol->financialGenerateDocuments) {
		0 ignored issues – show Duplication introduced 2017-12-13 13:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
78		accessforbidden();
79		}
80
81		// Default action
82		if (empty($action)) {
83		$action = EXPENSE_REPORT_GENERATOR_ACTION_SELECT;
84		}
85
86		llxHeader('', $langs->trans('Generate billing'), '');
87		print load_fiche_titre("Générer factures pilote");
88		print '<div class="bbc-style">';
89
90		/*
91		* ACTIONS
92		*
93		* Put here all code to do according to value of "action" parameter
94		*/
95	View Code Duplication	if ($action == EXPENSE_REPORT_GENERATOR_ACTION_GENERATE) {
		0 ignored issues – show Duplication introduced 2017-12-13 13:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
96		try {
97
98		$command = new CreateMonthBillCommand( $type, $publicNote, $privateNote, $year, $month);
99		$handler->handle($command);
100		dol_htmloutput_mesg('Génération : OK');
101		} catch (Exception $e) {
102		dol_syslog($e->getMessage(), LOG_ERR);
103		dol_htmloutput_mesg('Erreur pendant la génération.', '', 'error');
104		}
105
106		}
107
108		/*
109		* VIEW
110		*
111		* Put here all code to build page
112		*/
113
114		$form = new Form($db);
115
116		?>
117		<section class="section">
118		<h2 class="section-title"><?php echo $langs->trans('Période'); ?></h2>
119
120		<form class="form-inline flight-form" method="POST">
121		<section class="form-section">
122		<input type="hidden" name="action" value="<?php echo EXPENSE_REPORT_GENERATOR_ACTION_CHANGE_DATES ?>">
123
124		<!-- Year -->
125		<div class="form-group">
126		<label><?php echo $langs->trans('Année') ?></label>
127		<select name="year">
128		<?php for ($selectYearOption = $currentYear; $selectYearOption >= $currentYear - 6; $selectYearOption--): ?>
129		<option value="<?php echo $selectYearOption; ?>" <?php echo $selectYearOption == $year ? 'selected' : '' ?>><?php echo $selectYearOption; ?></option>
130		<?php endfor; ?>
131		</select>
132		</div>
133
134		<!-- Year -->
135		<div class="form-group">
136		<label><?php echo $langs->trans('Mois') ?></label>
137		<select name="month">
138		<?php for ($selectMonthOption = 1; $selectMonthOption <= 12; $selectMonthOption++): ?>
139		<option value="<?php echo $selectMonthOption; ?>" <?php echo $selectMonthOption == $month ? 'selected' : '' ?>><?php echo $selectMonthOption; ?></option>
140		<?php endfor; ?>
141		</select>
142		</div>
143		</section>
144
145		<button class="butAction" type="submit"><?php echo $langs->trans('refresh'); ?></button>
146		</form>
147		</section>
148
149		<section class="section">
150		<h2 class="section-title"><?php echo $langs->trans('Generation des factures') ?></h2>
151
152		<div>
153		<p>
154		<?php echo $langs->trans("Comprends les vols non facturés pour le mois demandé."); ?>
155		</p>
156		</div>
157
158		<form action="#" method="POST">
159
160		<!-- action -->
161		<input type="hidden" name="action" value="<?php echo EXPENSE_REPORT_GENERATOR_ACTION_GENERATE ?>">
162		<input type="hidden" name="month" value="<?php echo $month ?>">
163		<input type="hidden" name="year" value="<?php echo $year ?>">
164
165		<table class="border _width50">
166		<thead>
167		<tr>
168		<td><?php echo $langs->trans('pilote'); ?></td>
169		<td><?php echo $langs->trans('Nombre de vols'); ?></td>
170		<td><?php echo $langs->trans('Montant'); ?></td>
171		<td><?php echo $langs->trans('Moyenne / passager'); ?></td>
172		</tr>
173		</thead>
174
175		<tbody>
176		<?php if ($queryResult->isEmpty()): ?>
177		<tr>
178		<td colspan="4" class="_alignCenter _info"><?php echo $langs->trans('Nous n\'avons pas trouvé de vol pour la période demandée.'); ?></td>
179		</tr>
180		<?php endif; ?>
181		<?php foreach ($queryResult->getFlights() as $monthlyFlightBill): ?>
182		<tr>
183		<td><?php echo $monthlyFlightBill->getReceiver(); ?></td>
184		<td><?php echo $monthlyFlightBill->getFlightsCount(); ?></td>
185		<td class="_alignRight"><?php echo price($monthlyFlightBill->getTotal(), 0, '', 1, 1); ?>€</td>
186		<td class="_alignRight"><?php echo price($monthlyFlightBill->getAverageByPax(), 0, '', 1, 1); ?>€</td>
187		</tr>
188		<?php endforeach; ?>
189		</tbody>
190		</table>
191
192
193		<!-- Bill type -->
194		<label><?= $langs->trans("Type de facture"); ?></label><br/>
195		<input type="radio" id="radio_standard" name="type" value="0" checked="checked"/>
196		<?= $form->textwithpicto($langs->trans("InvoiceStandardAsk"),
197		$langs->transnoentities("InvoiceStandardDesc"), 1,
198		'help', '', 0, 3) ?>
199		<br/>
200		<br/>
201
202		<!-- Public note -->
203		<label><?= $langs->trans("Note publique (commune à toutes les factures)"); ?></label><br/>
204		<textarea name="public_note" wrap="soft" class="quatrevingtpercent" rows="2"></textarea>
205		<br/>
206		<br/>
207
208		<!-- Private note -->
209		<label><?= $langs->trans("Note privée (commune à toutes les factures)"); ?></label><br/>
210		<textarea name="private_note" wrap="soft" class="quatrevingtpercent" rows="2"></textarea>
211		<br/>
212
213		<?php if ($queryResult->isEmpty() \|\| $year > $currentYear \|\| ($year == $currentYear && $month >= $currentMonth)) : ?>
214		<p class="warning">
215		<?php echo $langs->trans('La periode demandée n\'est pas cloturée.') ?>
216		</p>
217		<a class="butActionRefused" href="#">Générer</a>
218		<?php else: ?>
219		<button class="butAction" type="submit">Générer</button>
220		<?php endif; ?>
221
222		</form>
223		</section>
224		</div>
225		<!-- end bbc style -->
226		<?php
227		llxFooter();

laudeco / bbc-dolibarr-flightlog

Issues (188)

Security Analysis not enabled

generateMonthlyBilling.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like