Issues in seo.php - Fixed Issues - Inspection of "Fixing SEO-URL feature" - mambax7/newbb5 - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Pull Request — master (#69)

unknown

created 2017-12-13 17:26 UTC

seo.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php


use Xmf\Request;

/*
 *
 * Module: newbbss
 * Author: Sudhaker Raj <http://xoops.biz>
 * Licence: GNU
 */
$seoOp    = Request::getString('seoOp', '', 'GET');
$seoArg   = Request::getInt('seoArg', 0, 'GET');
$seoOther = Request::getString('seoOther', '', 'GET');

$seos = ['c', 'f', 't', 'p', 'rc', 'rf', 'v', 'pr', 'pdf'];

$seoMap = [
    'c'   => 'index.php',
    'f'   => 'viewforum.php',
    't'   => 'viewtopic.php',
    'p'   => 'viewtopic.php',
    'rc'  => 'rss.php',
    'rf'  => 'rss.php',
    'pr'  => 'print.php',
    'pdf' => 'makepdf.php'
];

if (!empty($seoOp) && !empty($seoMap[$seoOp]) && in_array($seoOp, $seos)) {
    // module specific dispatching logic, other module must implement as
    // per their requirements.
    $ori_self               = Request::getString('PHP_SELF', '', 'SERVER');
    $ori_self               = explode('modules/newbb', $ori_self);
    $newUrl                 = $ori_self[0] . 'modules/newbb/' . $seoMap[$seoOp];
    $_ENV['PHP_SELF']       = $newUrl;
    $_SERVER['SCRIPT_NAME'] = $newUrl;
    $_SERVER['PHP_SELF']    = $newUrl;
    switch ($seoOp) {
        case 'c':

            $_SERVER['REQUEST_URI'] = $newUrl . '?cat=' . $seoArg;
            $_GET['cat']            = $seoArg;
            break;
        case 'f':
            $_SERVER['REQUEST_URI'] = $newUrl . '?forum=' . $seoArg;
            $_GET['forum']          = $seoArg;
            break;
        case 'p':
            $_SERVER['REQUEST_URI'] = $newUrl . '?post_id=' . $seoArg;
            $_GET['post_id']        = $seoArg;
            break;
        case 'rc':

            $_SERVER['REQUEST_URI'] = $newUrl . '?c=' . $seoArg;
            $_GET['c']              = $seoArg;
            break;
        case 'rf':
            $_SERVER['REQUEST_URI'] = $newUrl . '?f=' . $seoArg;
            $_GET['f']              = $seoArg;
            break;
        default:
        case 't':
        case 'pr':
            $_SERVER['REQUEST_URI'] = $newUrl . '?topic_id=' . $seoArg;
            $_GET['topic_id']       = $seoArg;
            break;
    }
    include $seoMap[$seoOp];
} else {
    $last = $seoOp . '/' . $seoArg;
    if ('' !== $seoOther) {
        $last .= '/' . $seoOther;
    }
    include $last;
}
exit();

/**
 * @param $value
 * @return string
 */
function checker(&$value)
{
    // keine Tags erlaubt
    $value = strip_tags($value);

    // HTML-Tags maskieren
    $value = htmlspecialchars($value, ENT_QUOTES);

    // Leerzeichen am Anfang und Ende beseitigen
    $value = trim($value);

    // pruefe auf javascript include
    if (false !== strpos($value, '<script')) {
        $value = '';
    }

    // pruefe auf Kommentare (SQL-Injections)
    if (false !== strpos($value, '/*')) {
        $value = '';
    }

    // pruefe UNION Injections
    if (preg_match('/\sUNION\s+(ALL|SELECT)/i', $value)) {
        $value = '';
    }

    // Nullbyte Injection
    if (false !== strpos($value, chr(0))) {
        $value = '';
    }

    //pruefe Verzeichnis
    if (false !== strpos($value, '../')) {
        $value = '';
    }

    //pruefe auf externe
    $str = strstr($value, '://');
    if (false !== strpos($value, '://')) {
        $value = '';
    }

    return $value;
}


1		<?php
		0 ignored issues – show Coding Style Compatibility introduced 2017-06-25 02:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 79 and the first side effect is on line 11. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2
3		use Xmf\Request;
4
5		/*
6		*
7		* Module: newbbss
8		* Author: Sudhaker Raj <http://xoops.biz>
9		* Licence: GNU
10		*/
11		$seoOp = Request::getString('seoOp', '', 'GET');
12		$seoArg = Request::getInt('seoArg', 0, 'GET');
13		$seoOther = Request::getString('seoOther', '', 'GET');
14
15		$seos = ['c', 'f', 't', 'p', 'rc', 'rf', 'v', 'pr', 'pdf'];
16
17		$seoMap = [
18		'c' => 'index.php',
19		'f' => 'viewforum.php',
20		't' => 'viewtopic.php',
21		'p' => 'viewtopic.php',
22		'rc' => 'rss.php',
23		'rf' => 'rss.php',
24		'pr' => 'print.php',
25		'pdf' => 'makepdf.php'
26		];
27
28		if (!empty($seoOp) && !empty($seoMap[$seoOp]) && in_array($seoOp, $seos)) {
29		// module specific dispatching logic, other module must implement as
30		// per their requirements.
31		$ori_self = Request::getString('PHP_SELF', '', 'SERVER');
32		$ori_self = explode('modules/newbb', $ori_self);
33		$newUrl = $ori_self[0] . 'modules/newbb/' . $seoMap[$seoOp];
34		$_ENV['PHP_SELF'] = $newUrl;
35		$_SERVER['SCRIPT_NAME'] = $newUrl;
36		$_SERVER['PHP_SELF'] = $newUrl;
37		switch ($seoOp) {
38	View Code Duplication	case 'c':
		0 ignored issues – show Duplication introduced 2017-06-25 02:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
39		$_SERVER['REQUEST_URI'] = $newUrl . '?cat=' . $seoArg;
40		$_GET['cat'] = $seoArg;
41		break;
42	View Code Duplication	case 'f':
43		$_SERVER['REQUEST_URI'] = $newUrl . '?forum=' . $seoArg;
44		$_GET['forum'] = $seoArg;
45		break;
46		case 'p':
47		$_SERVER['REQUEST_URI'] = $newUrl . '?post_id=' . $seoArg;
48		$_GET['post_id'] = $seoArg;
49		break;
50	View Code Duplication	case 'rc':
		0 ignored issues – show Duplication introduced 2017-06-25 02:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
51		$_SERVER['REQUEST_URI'] = $newUrl . '?c=' . $seoArg;
52		$_GET['c'] = $seoArg;
53		break;
54	View Code Duplication	case 'rf':
55		$_SERVER['REQUEST_URI'] = $newUrl . '?f=' . $seoArg;
56		$_GET['f'] = $seoArg;
57		break;
58		default:
59		case 't':
60		case 'pr':
61		$_SERVER['REQUEST_URI'] = $newUrl . '?topic_id=' . $seoArg;
62		$_GET['topic_id'] = $seoArg;
63		break;
64		}
65		include $seoMap[$seoOp];
66		} else {
67		$last = $seoOp . '/' . $seoArg;
68		if ('' !== $seoOther) {
69		$last .= '/' . $seoOther;
70		}
71		include $last;
72		}
73		exit();
74
75		/**
76		* @param $value
77		* @return string
78		*/
79		function checker(&$value)
80		{
81		// keine Tags erlaubt
82		$value = strip_tags($value);
83
84		// HTML-Tags maskieren
85		$value = htmlspecialchars($value, ENT_QUOTES);
86
87		// Leerzeichen am Anfang und Ende beseitigen
88		$value = trim($value);
89
90		// pruefe auf javascript include
91		if (false !== strpos($value, '<script')) {
92		$value = '';
93		}
94
95		// pruefe auf Kommentare (SQL-Injections)
96		if (false !== strpos($value, '/*')) {
97		$value = '';
98		}
99
100		// pruefe UNION Injections
101		if (preg_match('/\sUNION\s+(ALL\|SELECT)/i', $value)) {
102		$value = '';
103		}
104
105		// Nullbyte Injection
106		if (false !== strpos($value, chr(0))) {
107		$value = '';
108		}
109
110		//pruefe Verzeichnis
111		if (false !== strpos($value, '../')) {
112		$value = '';
113		}
114
115		//pruefe auf externe
116		$str = strstr($value, '://');
117		if (false !== strpos($value, '://')) {
118		$value = '';
119		}
120
121		return $value;
122		}
123

mambax7 / newbb5

Pull Request — master (#69)

seo.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like