Issues in seo.php - All Issues - Inspection of "Fix forum desc" - mambax7/newbb5 - Measure and Improve Code Quality continuously with Scrutinizer

Test Failed

Pull Request — master (#60)

unknown

created 2017-11-20 08:48 UTC

seo.php (8 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

use Xmf\Request;

/*
 *
 * Module: newbbss
 * Author: Sudhaker Raj <http://xoops.biz>
 * Licence: GNU
 */
$seoOp    = Request::getString('seoOp', '', 'GET');
$seoArg   = Request::getInt('seoArg', 0, 'GET');
$seoOther = Request::getString('seoOther', '', 'GET');

$seos = ['c', 'f', 't', 'p', 'rc', 'rf', 'v', 'pr', 'pdf'];

$seoMap = [
    'c'   => 'index.php',
    'f'   => 'viewforum.php',
    't'   => 'viewtopic.php',
    'p'   => 'viewtopic.php',
    'rc'  => 'rss.php',
    'rf'  => 'rss.php',
    'pr'  => 'print.php',
    'pdf' => 'makepdf.php'
];

if (!empty($seoOp) && !empty($seoMap[$seoOp]) && in_array($seoOp, $seos)) {
    // module specific dispatching logic, other module must implement as
    // per their requirements.
    $ori_self               = Request::getString('PHP_SELF', '', 'SERVER');

    $ori_self               = explode('modules/newbb', $ori_self);

    $newUrl                 = $ori_self[0] . 'modules/newbb/' . $seoMap[$seoOp];

    $_ENV['PHP_SELF']       = $newUrl;
    $_SERVER['SCRIPT_NAME'] = $newUrl;
    $_SERVER['PHP_SELF']    = $newUrl;
    switch ($seoOp) {
        case 'c':

            $_SERVER['REQUEST_URI'] = $newUrl . '?cat=' . $seoArg;
            $_GET['cat']            = $seoArg;
            break;
        case 'f':

            $_SERVER['REQUEST_URI'] = $newUrl . '?forum=' . $seoArg;
            $_GET['forum']          = $seoArg;
            break;
        case 'p':
            $_SERVER['REQUEST_URI'] = $newUrl . '?post_id=' . $seoArg;
            $_GET['post_id']        = $seoArg;
            break;
        case 'rc':

            $_SERVER['REQUEST_URI'] = $newUrl . '?c=' . $seoArg;
            $_GET['c']              = $seoArg;
            break;
        case 'rf':

            $_SERVER['REQUEST_URI'] = $newUrl . '?f=' . $seoArg;
            $_GET['f']              = $seoArg;
            break;
        default:
        case 't':
        case 'pr':
            $_SERVER['REQUEST_URI'] = $newUrl . '?topic_id=' . $seoArg;
            $_GET['topic_id']       = $seoArg;
            break;
    }
    include $seoMap[$seoOp];
} else {
    $last = $seoOp . '/' . $seoArg;
    if ('' !== $seoOther) {
        $last .= '/' . $seoOther;
    }
    include $last;
}
exit();

/**
 * @param $value
 * @return string
 */
function checker(&$value)
{
    // keine Tags erlaubt
    $value = strip_tags($value);

    // HTML-Tags maskieren
    $value = htmlspecialchars($value, ENT_QUOTES);

    // Leerzeichen am Anfang und Ende beseitigen
    $value = trim($value);

    // pruefe auf javascript include
    if (false !== strpos($value, '<script')) {
        $value = '';
    }

    // pruefe auf Kommentare (SQL-Injections)
    if (false !== strpos($value, '/*')) {
        $value = '';
    }

    // pruefe UNION Injections
    if (preg_match('/\sUNION\s+(ALL|SELECT)/i', $value)) {
        $value = '';
    }

    // Nullbyte Injection
    if (false !== strpos($value, chr(0))) {
        $value = '';
    }

    //pruefe Verzeichnis
    if (false !== strpos($value, '../')) {
        $value = '';
    }

    //pruefe auf externe
    $str = strstr($value, '://');
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
    if (false !== strpos($value, '://')) {
        $value = '';
    }

    return $value;
}


1		<?php
2
3		use Xmf\Request;
4
5		/*
6		*
7		* Module: newbbss
8		* Author: Sudhaker Raj <http://xoops.biz>
9		* Licence: GNU
10		*/
11		$seoOp = Request::getString('seoOp', '', 'GET');
12		$seoArg = Request::getInt('seoArg', 0, 'GET');
13		$seoOther = Request::getString('seoOther', '', 'GET');
14
15		$seos = ['c', 'f', 't', 'p', 'rc', 'rf', 'v', 'pr', 'pdf'];
16
17		$seoMap = [
18		'c' => 'index.php',
19		'f' => 'viewforum.php',
20		't' => 'viewtopic.php',
21		'p' => 'viewtopic.php',
22		'rc' => 'rss.php',
23		'rf' => 'rss.php',
24		'pr' => 'print.php',
25		'pdf' => 'makepdf.php'
26		];
27
28		if (!empty($seoOp) && !empty($seoMap[$seoOp]) && in_array($seoOp, $seos)) {
29		// module specific dispatching logic, other module must implement as
30		// per their requirements.
31		$ori_self = Request::getString('PHP_SELF', '', 'SERVER');
		0 ignored issues – show Coding Style introduced 2017-11-20 06:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$ori_self` does not seem to conform to the naming convention (`^[a-z][a-zA-Z0-9]*$`). This check examines a number of code elements and verifies that they conform to the given naming conventions. You can set conventions for local variables, abstract classes, utility classes, constant, properties, methods, parameters, interfaces, classes, exceptions and special methods. Loading history...
32		$ori_self = explode('modules/newbb', $ori_self);
		0 ignored issues – show Coding Style introduced 2017-11-20 06:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$ori_self` does not seem to conform to the naming convention (`^[a-z][a-zA-Z0-9]*$`). This check examines a number of code elements and verifies that they conform to the given naming conventions. You can set conventions for local variables, abstract classes, utility classes, constant, properties, methods, parameters, interfaces, classes, exceptions and special methods. Loading history...
33		$newUrl = $ori_self[0] . 'modules/newbb/' . $seoMap[$seoOp];
		0 ignored issues – show Coding Style introduced 2017-11-20 06:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$ori_self` does not seem to conform to the naming convention (`^[a-z][a-zA-Z0-9]*$`). This check examines a number of code elements and verifies that they conform to the given naming conventions. You can set conventions for local variables, abstract classes, utility classes, constant, properties, methods, parameters, interfaces, classes, exceptions and special methods. Loading history...
34		$_ENV['PHP_SELF'] = $newUrl;
35		$_SERVER['SCRIPT_NAME'] = $newUrl;
36		$_SERVER['PHP_SELF'] = $newUrl;
37		switch ($seoOp) {
38	View Code Duplication	case 'c':
		0 ignored issues – show Duplication introduced 2017-06-25 02:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
39		$_SERVER['REQUEST_URI'] = $newUrl . '?cat=' . $seoArg;
40		$_GET['cat'] = $seoArg;
41		break;
42	View Code Duplication	case 'f':
		0 ignored issues – show Duplication introduced 2017-06-25 02:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
43		$_SERVER['REQUEST_URI'] = $newUrl . '?forum=' . $seoArg;
44		$_GET['forum'] = $seoArg;
45		break;
46		case 'p':
47		$_SERVER['REQUEST_URI'] = $newUrl . '?post_id=' . $seoArg;
48		$_GET['post_id'] = $seoArg;
49		break;
50	View Code Duplication	case 'rc':
		0 ignored issues – show Duplication introduced 2017-06-25 02:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
51		$_SERVER['REQUEST_URI'] = $newUrl . '?c=' . $seoArg;
52		$_GET['c'] = $seoArg;
53		break;
54	View Code Duplication	case 'rf':
		0 ignored issues – show Duplication introduced 2017-06-25 02:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
55		$_SERVER['REQUEST_URI'] = $newUrl . '?f=' . $seoArg;
56		$_GET['f'] = $seoArg;
57		break;
58		default:
59		case 't':
60		case 'pr':
61		$_SERVER['REQUEST_URI'] = $newUrl . '?topic_id=' . $seoArg;
62		$_GET['topic_id'] = $seoArg;
63		break;
64		}
65		include $seoMap[$seoOp];
66		} else {
67		$last = $seoOp . '/' . $seoArg;
68		if ('' !== $seoOther) {
69		$last .= '/' . $seoOther;
70		}
71		include $last;
72		}
73		exit();
74
75		/**
76		* @param $value
77		* @return string
78		*/
79		function checker(&$value)
80		{
81		// keine Tags erlaubt
82		$value = strip_tags($value);
83
84		// HTML-Tags maskieren
85		$value = htmlspecialchars($value, ENT_QUOTES);
86
87		// Leerzeichen am Anfang und Ende beseitigen
88		$value = trim($value);
89
90		// pruefe auf javascript include
91		if (false !== strpos($value, '<script')) {
92		$value = '';
93		}
94
95		// pruefe auf Kommentare (SQL-Injections)
96		if (false !== strpos($value, '/*')) {
97		$value = '';
98		}
99
100		// pruefe UNION Injections
101		if (preg_match('/\sUNION\s+(ALL\|SELECT)/i', $value)) {
102		$value = '';
103		}
104
105		// Nullbyte Injection
106		if (false !== strpos($value, chr(0))) {
107		$value = '';
108		}
109
110		//pruefe Verzeichnis
111		if (false !== strpos($value, '../')) {
112		$value = '';
113		}
114
115		//pruefe auf externe
116		$str = strstr($value, '://');
		0 ignored issues – show Unused Code introduced 2017-06-25 02:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$str` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
117		if (false !== strpos($value, '://')) {
118		$value = '';
119		}
120
121		return $value;
122		}
123

mambax7 / newbb5

Pull Request — master (#60)

seo.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like