Issues in Validator.php (master) - Issues in master - mambax7/extcal - Measure and Improve Code Quality continuously with Scrutinizer

Issues (733)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/pear/Calendar/Validator.php (1 issue)

Labels

Severity

Minor 1

<?php

/* vim: set expandtab tabstop=4 shiftwidth=4: */

/**
 * Contains the Calendar_Validator class.
 *
 * PHP versions 4 and 5
 *
 * LICENSE: Redistribution and use in source and binary forms, with or without
 * modification, are permitted provided that the following conditions are met:
 * 1. Redistributions of source code must retain the above copyright
 *    notice, this list of conditions and the following disclaimer.
 * 2. Redistributions in binary form must reproduce the above copyright
 *    notice, this list of conditions and the following disclaimer in the
 *    documentation and/or other materials provided with the distribution.
 * 3. The name of the author may not be used to endorse or promote products
 *    derived from this software without specific prior written permission.
 *
 * THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
 * WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
 * MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
 * IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY
 * DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
 * (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
 * ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
 * THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * @category  Date and Time
 *
 * @author    Harry Fuecks <[email protected]>
 * @copyright 2003-2007 Harry Fuecks
 * @license   http://www.debian.org/misc/bsd.license  BSD License (3 Clause)
 *
 * @link      http://pear.php.net/package/Calendar
 */

/**
 * Validation Error Messages.
 */
if (!defined('CALENDAR_VALUE_TOOSMALL')) {
    define('CALENDAR_VALUE_TOOSMALL', 'Too small: min = ');
}
if (!defined('CALENDAR_VALUE_TOOLARGE')) {
    define('CALENDAR_VALUE_TOOLARGE', 'Too large: max = ');
}

/**
 * Used to validate any given Calendar date object. Instances of this class
 * can be obtained from any data object using the getValidator method.
 *
 * @category  Date and Time
 *
 * @author    Harry Fuecks <[email protected]>
 * @copyright 2003-2007 Harry Fuecks
 * @license   http://www.debian.org/misc/bsd.license  BSD License (3 Clause)
 *
 * @link      http://pear.php.net/package/Calendar
 * @see       Calendar::getValidator()
 */
class Calendar_Validator
{
    /**
     * Instance of the Calendar date object to validate.
     *
     * @var object
     */
    public $calendar;

    /**
     * Instance of the Calendar_Engine.
     *
     * @var object
     */
    public $cE;

    /**
     * Array of errors for validation failures.
     *
     * @var array
     */
    public $errors = [];

    /**
     * Constructs Calendar_Validator.
     *
     * @param object &$calendar subclass of Calendar
     */
    public function __construct(&$calendar)
    {
        $this->calendar = &$calendar;
        $this->cE       = &$calendar->getEngine();
    }

    /**
     * Calls all the other isValidXXX() methods in the validator.
     *
     * @return bool
     */
    public function isValid()
    {
        $checks = [
            'isValidYear',
            'isValidMonth',
            'isValidDay',
            'isValidHour',
            'isValidMinute',
            'isValidSecond',
        ];
        $valid  = true;
        foreach ($checks as $check) {
            if (!$this->{$check}()) {
                $valid = false;
            }
        }

        return $valid;
    }

    /**
     * Check whether this is a valid year.
     *
     * @return bool
     */
    public function isValidYear()
    {
        $y   = $this->calendar->thisYear();
        $min = $this->cE->getMinYears();
        if ($min > $y) {
            $this->errors[] = new Calendar_Validation_Error('Year', $y, CALENDAR_VALUE_TOOSMALL . $min);

            return false;
        }
        $max = $this->cE->getMaxYears();
        if ($y > $max) {
            $this->errors[] = new Calendar_Validation_Error('Year', $y, CALENDAR_VALUE_TOOLARGE . $max);

            return false;
        }

        return true;
    }

    /**
     * Check whether this is a valid month.
     *
     * @return bool
     */
    public function isValidMonth()
    {
        $m   = $this->calendar->thisMonth();
        $min = 1;
        if ($min > $m) {
            $this->errors[] = new Calendar_Validation_Error('Month', $m, CALENDAR_VALUE_TOOSMALL . $min);

            return false;
        }
        $max = $this->cE->getMonthsInYear($this->calendar->thisYear());
        if ($m > $max) {
            $this->errors[] = new Calendar_Validation_Error('Month', $m, CALENDAR_VALUE_TOOLARGE . $max);

            return false;
        }

        return true;
    }

    /**
     * Check whether this is a valid day.
     *
     * @return bool
     */
    public function isValidDay()
    {
        $d   = $this->calendar->thisDay();
        $min = 1;
        if ($min > $d) {
            $this->errors[] = new Calendar_Validation_Error('Day', $d, CALENDAR_VALUE_TOOSMALL . $min);

            return false;
        }
        $max = $this->cE->getDaysInMonth($this->calendar->thisYear(), $this->calendar->thisMonth());
        if ($d > $max) {
            $this->errors[] = new Calendar_Validation_Error('Day', $d, CALENDAR_VALUE_TOOLARGE . $max);

            return false;
        }

        return true;
    }

    /**
     * Check whether this is a valid hour.
     *
     * @return bool
     */
    public function isValidHour()
    {
        $h   = $this->calendar->thisHour();
        $min = 0;
        if ($min > $h) {
            $this->errors[] = new Calendar_Validation_Error('Hour', $h, CALENDAR_VALUE_TOOSMALL . $min);

            return false;
        }
        $max = ($this->cE->getHoursInDay($this->calendar->thisDay()) - 1);
        if ($h > $max) {
            $this->errors[] = new Calendar_Validation_Error('Hour', $h, CALENDAR_VALUE_TOOLARGE . $max);

            return false;
        }

        return true;
    }

    /**
     * Check whether this is a valid minute.
     *
     * @return bool
     */
    public function isValidMinute()
    {
        $i   = $this->calendar->thisMinute();
        $min = 0;
        if ($min > $i) {
            $this->errors[] = new Calendar_Validation_Error('Minute', $i, CALENDAR_VALUE_TOOSMALL . $min);

            return false;
        }
        $max = ($this->cE->getMinutesInHour($this->calendar->thisHour()) - 1);
        if ($i > $max) {
            $this->errors[] = new Calendar_Validation_Error('Minute', $i, CALENDAR_VALUE_TOOLARGE . $max);

            return false;
        }

        return true;
    }

    /**
     * Check whether this is a valid second.
     *
     * @return bool
     */
    public function isValidSecond()
    {
        $s   = $this->calendar->thisSecond();
        $min = 0;
        if ($min > $s) {
            $this->errors[] = new Calendar_Validation_Error('Second', $s, CALENDAR_VALUE_TOOSMALL . $min);

            return false;
        }
        $max = ($this->cE->getSecondsInMinute($this->calendar->thisMinute()) - 1);
        if ($s > $max) {
            $this->errors[] = new Calendar_Validation_Error('Second', $s, CALENDAR_VALUE_TOOLARGE . $max);

            return false;
        }

        return true;
    }

    /**
     * Iterates over any validation errors.
     *
     * @return mixed either Calendar_Validation_Error or false
     */
    public function fetch()
    {
        $error = each($this->errors);
        if ($error) {

            return $error['value'];
        }
        reset($this->errors);

        return false;
    }
}

/**
 * For Validation Error messages.
 *
 * @category  Date and Time
 *
 * @author    Harry Fuecks <[email protected]>
 * @copyright 2003-2007 Harry Fuecks
 * @license   http://www.debian.org/misc/bsd.license  BSD License (3 Clause)
 *
 * @link      http://pear.php.net/package/Calendar
 * @see       Calendar::fetch()
 */
class Calendar_Validation_Error
{
    /**
     * Date unit (e.g. month,hour,second) which failed test.
     *
     * @var string
     */
    public $unit;

    /**
     * Value of unit which failed test.
     *
     * @var int
     */
    public $value;

    /**
     * Validation error message.
     *
     * @var string
     */
    public $message;

    /**
     * Constructs Calendar_Validation_Error.
     *
     * @param string $unit    Date unit (e.g. month,hour,second)
     * @param int    $value   Value of unit which failed test
     * @param string $message Validation error message
     */
    public function __construct($unit, $value, $message)
    {
        $this->unit    = $unit;
        $this->value   = $value;
        $this->message = $message;
    }

    /**
     * Returns the Date unit.
     *
     * @return string
     */
    public function getUnit()
    {
        return $this->unit;
    }

    /**
     * Returns the value of the unit.
     *
     * @return int
     */
    public function getValue()
    {
        return $this->value;
    }

    /**
     * Returns the validation error message.
     *
     * @return string
     */
    public function getMessage()
    {
        return $this->message;
    }

    /**
     * Returns a string containing the unit, value and error message.
     *
     * @return string
     */
    public function toString()
    {
        return $this->unit . ' = ' . $this->value . ' [' . $this->message . ']';
    }
}


1			<?php
2
3			/* vim: set expandtab tabstop=4 shiftwidth=4: */
4
5			/**
6			* Contains the Calendar_Validator class.
7			*
8			* PHP versions 4 and 5
9			*
10			* LICENSE: Redistribution and use in source and binary forms, with or without
11			* modification, are permitted provided that the following conditions are met:
12			* 1. Redistributions of source code must retain the above copyright
13			* notice, this list of conditions and the following disclaimer.
14			* 2. Redistributions in binary form must reproduce the above copyright
15			* notice, this list of conditions and the following disclaimer in the
16			* documentation and/or other materials provided with the distribution.
17			* 3. The name of the author may not be used to endorse or promote products
18			* derived from this software without specific prior written permission.
19			*
20			* THIS SOFTWARE IS PROVIDED BY THE AUTHOR "AS IS" AND ANY EXPRESS OR IMPLIED
21			* WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
22			* MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED.
23			* IN NO EVENT SHALL THE FREEBSD PROJECT OR CONTRIBUTORS BE LIABLE FOR ANY
24			* DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
25			* (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
26			* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND
27			* ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
28			* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
29			* THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
30			*
31			* @category Date and Time
32			*
33			* @author Harry Fuecks <[email protected]>
34			* @copyright 2003-2007 Harry Fuecks
35			* @license http://www.debian.org/misc/bsd.license BSD License (3 Clause)
36			*
37			* @link http://pear.php.net/package/Calendar
38			*/
39
40			/**
41			* Validation Error Messages.
42			*/
43			if (!defined('CALENDAR_VALUE_TOOSMALL')) {
44			define('CALENDAR_VALUE_TOOSMALL', 'Too small: min = ');
45			}
46			if (!defined('CALENDAR_VALUE_TOOLARGE')) {
47			define('CALENDAR_VALUE_TOOLARGE', 'Too large: max = ');
48			}
49
50			/**
51			* Used to validate any given Calendar date object. Instances of this class
52			* can be obtained from any data object using the getValidator method.
53			*
54			* @category Date and Time
55			*
56			* @author Harry Fuecks <[email protected]>
57			* @copyright 2003-2007 Harry Fuecks
58			* @license http://www.debian.org/misc/bsd.license BSD License (3 Clause)
59			*
60			* @link http://pear.php.net/package/Calendar
61			* @see Calendar::getValidator()
62			*/
63			class Calendar_Validator
64			{
65			/**
66			* Instance of the Calendar date object to validate.
67			*
68			* @var object
69			*/
70			public $calendar;
71
72			/**
73			* Instance of the Calendar_Engine.
74			*
75			* @var object
76			*/
77			public $cE;
78
79			/**
80			* Array of errors for validation failures.
81			*
82			* @var array
83			*/
84			public $errors = [];
85
86			/**
87			* Constructs Calendar_Validator.
88			*
89			* @param object &$calendar subclass of Calendar
90			*/
91			public function __construct(&$calendar)
92			{
93			$this->calendar = &$calendar;
94			$this->cE = &$calendar->getEngine();
95			}
96
97			/**
98			* Calls all the other isValidXXX() methods in the validator.
99			*
100			* @return bool
101			*/
102			public function isValid()
103			{
104			$checks = [
105			'isValidYear',
106			'isValidMonth',
107			'isValidDay',
108			'isValidHour',
109			'isValidMinute',
110			'isValidSecond',
111			];
112			$valid = true;
113			foreach ($checks as $check) {
114			if (!$this->{$check}()) {
115			$valid = false;
116			}
117			}
118
119			return $valid;
120			}
121
122			/**
123			* Check whether this is a valid year.
124			*
125			* @return bool
126			*/
127			public function isValidYear()
128			{
129			$y = $this->calendar->thisYear();
130			$min = $this->cE->getMinYears();
131			if ($min > $y) {
132			$this->errors[] = new Calendar_Validation_Error('Year', $y, CALENDAR_VALUE_TOOSMALL . $min);
133
134			return false;
135			}
136			$max = $this->cE->getMaxYears();
137			if ($y > $max) {
138			$this->errors[] = new Calendar_Validation_Error('Year', $y, CALENDAR_VALUE_TOOLARGE . $max);
139
140			return false;
141			}
142
143			return true;
144			}
145
146			/**
147			* Check whether this is a valid month.
148			*
149			* @return bool
150			*/
151			public function isValidMonth()
152			{
153			$m = $this->calendar->thisMonth();
154			$min = 1;
155			if ($min > $m) {
156			$this->errors[] = new Calendar_Validation_Error('Month', $m, CALENDAR_VALUE_TOOSMALL . $min);
157
158			return false;
159			}
160			$max = $this->cE->getMonthsInYear($this->calendar->thisYear());
161			if ($m > $max) {
162			$this->errors[] = new Calendar_Validation_Error('Month', $m, CALENDAR_VALUE_TOOLARGE . $max);
163
164			return false;
165			}
166
167			return true;
168			}
169
170			/**
171			* Check whether this is a valid day.
172			*
173			* @return bool
174			*/
175			public function isValidDay()
176			{
177			$d = $this->calendar->thisDay();
178			$min = 1;
179			if ($min > $d) {
180			$this->errors[] = new Calendar_Validation_Error('Day', $d, CALENDAR_VALUE_TOOSMALL . $min);
181
182			return false;
183			}
184			$max = $this->cE->getDaysInMonth($this->calendar->thisYear(), $this->calendar->thisMonth());
185			if ($d > $max) {
186			$this->errors[] = new Calendar_Validation_Error('Day', $d, CALENDAR_VALUE_TOOLARGE . $max);
187
188			return false;
189			}
190
191			return true;
192			}
193
194			/**
195			* Check whether this is a valid hour.
196			*
197			* @return bool
198			*/
199			public function isValidHour()
200			{
201			$h = $this->calendar->thisHour();
202			$min = 0;
203			if ($min > $h) {
204			$this->errors[] = new Calendar_Validation_Error('Hour', $h, CALENDAR_VALUE_TOOSMALL . $min);
205
206			return false;
207			}
208			$max = ($this->cE->getHoursInDay($this->calendar->thisDay()) - 1);
209			if ($h > $max) {
210			$this->errors[] = new Calendar_Validation_Error('Hour', $h, CALENDAR_VALUE_TOOLARGE . $max);
211
212			return false;
213			}
214
215			return true;
216			}
217
218			/**
219			* Check whether this is a valid minute.
220			*
221			* @return bool
222			*/
223			public function isValidMinute()
224			{
225			$i = $this->calendar->thisMinute();
226			$min = 0;
227			if ($min > $i) {
228			$this->errors[] = new Calendar_Validation_Error('Minute', $i, CALENDAR_VALUE_TOOSMALL . $min);
229
230			return false;
231			}
232			$max = ($this->cE->getMinutesInHour($this->calendar->thisHour()) - 1);
233			if ($i > $max) {
234			$this->errors[] = new Calendar_Validation_Error('Minute', $i, CALENDAR_VALUE_TOOLARGE . $max);
235
236			return false;
237			}
238
239			return true;
240			}
241
242			/**
243			* Check whether this is a valid second.
244			*
245			* @return bool
246			*/
247			public function isValidSecond()
248			{
249			$s = $this->calendar->thisSecond();
250			$min = 0;
251			if ($min > $s) {
252			$this->errors[] = new Calendar_Validation_Error('Second', $s, CALENDAR_VALUE_TOOSMALL . $min);
253
254			return false;
255			}
256			$max = ($this->cE->getSecondsInMinute($this->calendar->thisMinute()) - 1);
257			if ($s > $max) {
258			$this->errors[] = new Calendar_Validation_Error('Second', $s, CALENDAR_VALUE_TOOLARGE . $max);
259
260			return false;
261			}
262
263			return true;
264			}
265
266			/**
267			* Iterates over any validation errors.
268			*
269			* @return mixed either Calendar_Validation_Error or false
270			*/
271			public function fetch()
272			{
273			$error = each($this->errors);
274			if ($error) {
			0 ignored issues – show Bug Best Practice introduced 2018-03-16 11:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$error` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
275			return $error['value'];
276			}
277			reset($this->errors);
278
279			return false;
280			}
281			}
282
283			/**
284			* For Validation Error messages.
285			*
286			* @category Date and Time
287			*
288			* @author Harry Fuecks <[email protected]>
289			* @copyright 2003-2007 Harry Fuecks
290			* @license http://www.debian.org/misc/bsd.license BSD License (3 Clause)
291			*
292			* @link http://pear.php.net/package/Calendar
293			* @see Calendar::fetch()
294			*/
295			class Calendar_Validation_Error
296			{
297			/**
298			* Date unit (e.g. month,hour,second) which failed test.
299			*
300			* @var string
301			*/
302			public $unit;
303
304			/**
305			* Value of unit which failed test.
306			*
307			* @var int
308			*/
309			public $value;
310
311			/**
312			* Validation error message.
313			*
314			* @var string
315			*/
316			public $message;
317
318			/**
319			* Constructs Calendar_Validation_Error.
320			*
321			* @param string $unit Date unit (e.g. month,hour,second)
322			* @param int $value Value of unit which failed test
323			* @param string $message Validation error message
324			*/
325			public function __construct($unit, $value, $message)
326			{
327			$this->unit = $unit;
328			$this->value = $value;
329			$this->message = $message;
330			}
331
332			/**
333			* Returns the Date unit.
334			*
335			* @return string
336			*/
337			public function getUnit()
338			{
339			return $this->unit;
340			}
341
342			/**
343			* Returns the value of the unit.
344			*
345			* @return int
346			*/
347			public function getValue()
348			{
349			return $this->value;
350			}
351
352			/**
353			* Returns the validation error message.
354			*
355			* @return string
356			*/
357			public function getMessage()
358			{
359			return $this->message;
360			}
361
362			/**
363			* Returns a string containing the unit, value and error message.
364			*
365			* @return string
366			*/
367			public function toString()
368			{
369			return $this->unit . ' = ' . $this->value . ' [' . $this->message . ']';
370			}
371			}
372

mambax7 / extcal

Issues (733)

Security Analysis not enabled

class/pear/Calendar/Validator.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like