Issues in Factory.php (master) - Issues in master - mambax7/extcal - Measure and Improve Code Quality continuously with Scrutinizer

Issues (733)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/pear/Calendar/Factory.php (3 issues)

Labels

Severity

Major 3

<?php

/* vim: set expandtab tabstop=4 shiftwidth=4: */

/**
 * Contains the Calendar_Factory class.
 *
 * PHP versions 4 and 5
 *
 * LICENSE: Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the author may not be used to endorse or promote products
 *    derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * @category  Date and Time
 *
 * @author    Harry Fuecks <[email protected]>
 * @author    Lorenzo Alberton <[email protected]>
 * @copyright 2003-2007 Harry Fuecks, Lorenzo Alberton
 * @license   http://www.debian.org/misc/bsd.license  BSD License (3 Clause)
 *
 * @link      http://pear.php.net/package/Calendar
 */

/**
 * Allows Calendar include path to be redefined.
 *
 * @ignore
 */
if (!defined('CALENDAR_ROOT')) {
    define('CALENDAR_ROOT', 'Calendar/');
}

/**
 * Load Calendar base class.
 */
require_once CALENDAR_ROOT . 'Calendar.php';

/**
 * Contains a factory method to return a Singleton instance of a class
 * implementing the Calendar_Engine_Interface.<br>
 * For Month objects, to control type of month returned, use CALENDAR_MONTH_STATE
 * constact e.g.;
 * <code>
 * require_once __DIR__ . '/Calendar/Factory.php';
 * define('CALENDAR_MONTH_STATE',CALENDAR_USE_MONTH_WEEKDAYS); // Use Calendar_Month_Weekdays
 * // define('CALENDAR_MONTH_STATE',CALENDAR_USE_MONTH_WEEKS); // Use Calendar_Month_Weeks
 * // define('CALENDAR_MONTH_STATE',CALENDAR_USE_MONTH); // Use Calendar_Month
 * </code>
 * It defaults to building Calendar_Month objects.<br>
 * Use the constract CALENDAR_FIRST_DAY_OF_WEEK to control the first day of the week
 * for Month or Week objects (e.g. 0 = Sunday, 6 = Saturday).
 *
 * @category  Date and Time
 *
 * @author    Harry Fuecks <[email protected]>
 * @author    Lorenzo Alberton <[email protected]>
 * @copyright 2003-2007 Harry Fuecks, Lorenzo Alberton
 * @license   http://www.debian.org/misc/bsd.license  BSD License (3 Clause)
 *
 * @link      http://pear.php.net/package/Calendar
 */
class Calendar_Factory
{
    /**
     * Creates a calendar object given the type and units.
     *
     * @param string $type class of calendar object to create
     * @param int    $y    year
     * @param int    $m    month
     * @param int    $d    day
     * @param int    $h    hour
     * @param int    $i    minute
     * @param int    $s    second
     *
     * @return object subclass of Calendar
     * @static
     */
    public static function create($type, $y = 2000, $m = 1, $d = 1, $h = 0, $i = 0, $s = 0)
    {
        $firstDay = defined('CALENDAR_FIRST_DAY_OF_WEEK') ? CALENDAR_FIRST_DAY_OF_WEEK : 1;
        switch ($type) {
            case 'Day':
                require_once CALENDAR_ROOT . 'Day.php';

                return new Calendar_Day($y, $m, $d);
            case 'Month':
                // Set default state for which month type to build
                if (!defined('CALENDAR_MONTH_STATE')) {
                    define('CALENDAR_MONTH_STATE', CALENDAR_USE_MONTH);
                }
                switch (CALENDAR_MONTH_STATE) {
                    case CALENDAR_USE_MONTH_WEEKDAYS:
                        require_once CALENDAR_ROOT . 'Month/Weekdays.php';
                        $class = 'Calendar_Month_Weekdays';
                        break;
                    case CALENDAR_USE_MONTH_WEEKS:
                        require_once CALENDAR_ROOT . 'Month/Weeks.php';
                        $class = 'Calendar_Month_Weeks';
                        break;
                    case CALENDAR_USE_MONTH:
                    default:
                        require_once CALENDAR_ROOT . 'Month.php';
                        $class = 'Calendar_Month';
                        break;
                }

                return new $class($y, $m, $firstDay);
            case 'Week':
                require_once CALENDAR_ROOT . 'Week.php';

                return new Calendar_Week($y, $m, $d, $firstDay);
            case 'Hour':
                require_once CALENDAR_ROOT . 'Hour.php';

                return new Calendar_Hour($y, $m, $d, $h);
            case 'Minute':
                require_once CALENDAR_ROOT . 'Minute.php';

                return new Calendar_Minute($y, $m, $d, $h, $i);
            case 'Second':
                require_once CALENDAR_ROOT . 'Second.php';

                return new Calendar_Second($y, $m, $d, $h, $i, $s);
            case 'Year':
                require_once CALENDAR_ROOT . 'Year.php';

                return new Calendar_Year($y);
            default:
                require_once __DIR__ . '/PEAR.php';
                PEAR::raiseError('Calendar_Factory::create() unrecognised type: ' . $type, null, PEAR_ERROR_TRIGGER, E_USER_NOTICE, 'Calendar_Factory::create()');
filter:
    dependency_paths: ["lib/*"]

                return false;

        }
    }

    /**
     * Creates an instance of a calendar object, given a type and timestamp.
     *
     * @param string $type  type of object to create
     * @param mixed  $stamp timestamp (depending on Calendar engine being used)
     *
     * @return object subclass of Calendar
     * @static
     */
    public static function &createByTimestamp($type, $stamp)
    {
        $cE  = &Calendar_Engine_Factory::getEngine();
        $y   = $cE->stampToYear($stamp);
        $m   = $cE->stampToMonth($stamp);
        $d   = $cE->stampToDay($stamp);
        $h   = $cE->stampToHour($stamp);
        $i   = $cE->stampToMinute($stamp);
        $s   = $cE->stampToSecond($stamp);
        $cal = self::create($type, $y, $m, $d, $h, $i, $s);

        return $cal;
    }
}


1			<?php
2
3			/* vim: set expandtab tabstop=4 shiftwidth=4: */
4
5			/**
6			* Contains the Calendar_Factory class.
7			*
8			* PHP versions 4 and 5
9			*
10			* LICENSE: Redistribution and use in source and binary forms, with or without
11			* modification, are permitted provided that the following conditions are met:
12			* 1. Redistributions of source code must retain the above copyright
13			* notice, this list of conditions and the following disclaimer.
14			* 2. Redistributions in binary form must reproduce the above copyright
15			* notice, this list of conditions and the following disclaimer in the
16			* documentation and/or other materials provided with the distribution.
17			* 3. The name of the author may not be used to endorse or promote products
18			* derived from this software without specific prior written permission.
19			*
20			* THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
21			* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
22			* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23			* IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY
24			* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25			* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27			* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28			* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29			* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30			*
31			* @category Date and Time
32			*
33			* @author Harry Fuecks <[email protected]>
34			* @author Lorenzo Alberton <[email protected]>
35			* @copyright 2003-2007 Harry Fuecks, Lorenzo Alberton
36			* @license http://www.debian.org/misc/bsd.license BSD License (3 Clause)
37			*
38			* @link http://pear.php.net/package/Calendar
39			*/
40
41			/**
42			* Allows Calendar include path to be redefined.
43			*
44			* @ignore
45			*/
46			if (!defined('CALENDAR_ROOT')) {
47			define('CALENDAR_ROOT', 'Calendar/');
48			}
49
50			/**
51			* Load Calendar base class.
52			*/
53			require_once CALENDAR_ROOT . 'Calendar.php';
54
55			/**
56			* Contains a factory method to return a Singleton instance of a class
57			* implementing the Calendar_Engine_Interface.<br>
58			* For Month objects, to control type of month returned, use CALENDAR_MONTH_STATE
59			* constact e.g.;
60			* <code>
61			* require_once __DIR__ . '/Calendar/Factory.php';
62			* define('CALENDAR_MONTH_STATE',CALENDAR_USE_MONTH_WEEKDAYS); // Use Calendar_Month_Weekdays
63			* // define('CALENDAR_MONTH_STATE',CALENDAR_USE_MONTH_WEEKS); // Use Calendar_Month_Weeks
64			* // define('CALENDAR_MONTH_STATE',CALENDAR_USE_MONTH); // Use Calendar_Month
65			* </code>
66			* It defaults to building Calendar_Month objects.<br>
67			* Use the constract CALENDAR_FIRST_DAY_OF_WEEK to control the first day of the week
68			* for Month or Week objects (e.g. 0 = Sunday, 6 = Saturday).
69			*
70			* @category Date and Time
71			*
72			* @author Harry Fuecks <[email protected]>
73			* @author Lorenzo Alberton <[email protected]>
74			* @copyright 2003-2007 Harry Fuecks, Lorenzo Alberton
75			* @license http://www.debian.org/misc/bsd.license BSD License (3 Clause)
76			*
77			* @link http://pear.php.net/package/Calendar
78			*/
79			class Calendar_Factory
80			{
81			/**
82			* Creates a calendar object given the type and units.
83			*
84			* @param string $type class of calendar object to create
85			* @param int $y year
86			* @param int $m month
87			* @param int $d day
88			* @param int $h hour
89			* @param int $i minute
90			* @param int $s second
91			*
92			* @return object subclass of Calendar
93			* @static
94			*/
95			public static function create($type, $y = 2000, $m = 1, $d = 1, $h = 0, $i = 0, $s = 0)
96			{
97			$firstDay = defined('CALENDAR_FIRST_DAY_OF_WEEK') ? CALENDAR_FIRST_DAY_OF_WEEK : 1;
98			switch ($type) {
99			case 'Day':
100			require_once CALENDAR_ROOT . 'Day.php';
101
102			return new Calendar_Day($y, $m, $d);
103			case 'Month':
104			// Set default state for which month type to build
105			if (!defined('CALENDAR_MONTH_STATE')) {
106			define('CALENDAR_MONTH_STATE', CALENDAR_USE_MONTH);
107			}
108			switch (CALENDAR_MONTH_STATE) {
109			case CALENDAR_USE_MONTH_WEEKDAYS:
110			require_once CALENDAR_ROOT . 'Month/Weekdays.php';
111			$class = 'Calendar_Month_Weekdays';
112			break;
113			case CALENDAR_USE_MONTH_WEEKS:
114			require_once CALENDAR_ROOT . 'Month/Weeks.php';
115			$class = 'Calendar_Month_Weeks';
116			break;
117			case CALENDAR_USE_MONTH:
118			default:
119			require_once CALENDAR_ROOT . 'Month.php';
120			$class = 'Calendar_Month';
121			break;
122			}
123
124			return new $class($y, $m, $firstDay);
125			case 'Week':
126			require_once CALENDAR_ROOT . 'Week.php';
127
128			return new Calendar_Week($y, $m, $d, $firstDay);
129			case 'Hour':
130			require_once CALENDAR_ROOT . 'Hour.php';
131
132			return new Calendar_Hour($y, $m, $d, $h);
133			case 'Minute':
134			require_once CALENDAR_ROOT . 'Minute.php';
135
136			return new Calendar_Minute($y, $m, $d, $h, $i);
137			case 'Second':
138			require_once CALENDAR_ROOT . 'Second.php';
139
140			return new Calendar_Second($y, $m, $d, $h, $i, $s);
141			case 'Year':
142			require_once CALENDAR_ROOT . 'Year.php';
143
144			return new Calendar_Year($y);
145			default:
146			require_once __DIR__ . '/PEAR.php';
147			PEAR::raiseError('Calendar_Factory::create() unrecognised type: ' . $type, null, PEAR_ERROR_TRIGGER, E_USER_NOTICE, 'Calendar_Factory::create()');
			0 ignored issues – show Bug introduced 2018-03-16 11:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `PEAR` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history... Bug introduced 2018-03-16 11:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `PEAR_ERROR_TRIGGER` was not found. Maybe you did not declare it correctly or list all dependencies? Loading history...
148
149			return false;
			0 ignored issues – show Bug Best Practice introduced 2018-03-16 11:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return false` returns the type `false` which is incompatible with the documented return type `object`. Loading history...
150			}
151			}
152
153			/**
154			* Creates an instance of a calendar object, given a type and timestamp.
155			*
156			* @param string $type type of object to create
157			* @param mixed $stamp timestamp (depending on Calendar engine being used)
158			*
159			* @return object subclass of Calendar
160			* @static
161			*/
162			public static function &createByTimestamp($type, $stamp)
163			{
164			$cE = &Calendar_Engine_Factory::getEngine();
165			$y = $cE->stampToYear($stamp);
166			$m = $cE->stampToMonth($stamp);
167			$d = $cE->stampToDay($stamp);
168			$h = $cE->stampToHour($stamp);
169			$i = $cE->stampToMinute($stamp);
170			$s = $cE->stampToSecond($stamp);
171			$cal = self::create($type, $y, $m, $d, $h, $i, $s);
172
173			return $cal;
174			}
175			}
176

mambax7 / extcal

Issues (733)

Security Analysis not enabled

class/pear/Calendar/Factory.php (3 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like