Issues in seo.php - New Issues - Inspection of "Merge pull request #69 from ihackcode/develop" - mambax7/newbb5 - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 5eefd1...62af87 )

by Michael

created 2017-12-13 18:35 UTC

seo.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php


use Xmf\Request;

include_once __DIR__ . '/header.php';
/*
 *
 * Module: newbbss
 * Author: Sudhaker Raj <http://xoops.biz>
 * Licence: GNU
 */
$seoOp    = Request::getString('seoOp', '', 'GET');
$seoArg   = Request::getInt('seoArg', 0, 'GET');
$seoOther = Request::getString('seoOther', '', 'GET');

$seos = ['c', 'f', 't', 'p', 'rc', 'rf', 'v', 'pr', 'pdf'];

$seoMap = [
    'c'   => 'index.php',
    'f'   => 'viewforum.php',
    't'   => 'viewtopic.php',
    'p'   => 'viewtopic.php',
    'rc'  => 'rss.php',
    'rf'  => 'rss.php',
    'pr'  => 'print.php',
    'pdf' => 'makepdf.php'
];

if (!empty($seoOp) && !empty($seoMap[$seoOp]) && in_array($seoOp, $seos)) {
    // module specific dispatching logic, other module must implement as
    // per their requirements.
    $ori_self               = Request::getString('PHP_SELF', '', 'SERVER');
    $ori_self               = explode('modules/newbb', $ori_self);
    $newUrl                 = $ori_self[0] . 'modules/newbb/' . $seoMap[$seoOp];
    $_ENV['PHP_SELF']       = $newUrl;
    $_SERVER['SCRIPT_NAME'] = $newUrl;
    $_SERVER['PHP_SELF']    = $newUrl;
    switch ($seoOp) {
        case 'c':
            $_SERVER['REQUEST_URI'] = $newUrl . '?cat=' . $seoArg;
            $_GET['cat']            = $seoArg;
            break;
        case 'f':
            $_SERVER['REQUEST_URI'] = $newUrl . '?forum=' . $seoArg;
            $_GET['forum']          = $seoArg;
            break;
        case 'p':
            $_SERVER['REQUEST_URI'] = $newUrl . '?post_id=' . $seoArg;
            $_GET['post_id']        = $seoArg;
            break;
        case 'rc':
            $_SERVER['REQUEST_URI'] = $newUrl . '?c=' . $seoArg;
            $_GET['c']              = $seoArg;
            break;
        case 'rf':
            $_SERVER['REQUEST_URI'] = $newUrl . '?f=' . $seoArg;
            $_GET['f']              = $seoArg;
            break;
        default:
        case 't':
        case 'pr':
            $_SERVER['REQUEST_URI'] = $newUrl . '?topic_id=' . $seoArg;
            $_GET['topic_id']       = $seoArg;
            break;
    }
    include $seoMap[$seoOp];
} else {
    $last = $seoOp . '/' . $seoArg;
    if ('' !== $seoOther) {
        $last .= '/' . $seoOther;
    }
    include $last;
}
exit();

/**
 * @param $value
 * @return string
 */
function checker(&$value)
{
    // keine Tags erlaubt
    $value = strip_tags($value);

    // HTML-Tags maskieren
    $value = htmlspecialchars($value, ENT_QUOTES);

    // Leerzeichen am Anfang und Ende beseitigen
    $value = trim($value);

    // pruefe auf javascript include
    if (false !== strpos($value, '<script')) {
        $value = '';
    }

    // pruefe auf Kommentare (SQL-Injections)
    if (false !== strpos($value, '/*')) {
        $value = '';
    }

    // pruefe UNION Injections
    if (preg_match('/\sUNION\s+(ALL|SELECT)/i', $value)) {
        $value = '';
    }

    // Nullbyte Injection
    if (false !== strpos($value, chr(0))) {
        $value = '';
    }

    //pruefe Verzeichnis
    if (false !== strpos($value, '../')) {
        $value = '';
    }

    //pruefe auf externe
    $str = strstr($value, '://');
    if (false !== strpos($value, '://')) {
        $value = '';
    }

    return $value;
}


1		<?php
		0 ignored issues – show Coding Style Compatibility introduced 2017-12-13 17:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 80 and the first side effect is on line 5. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2
3		use Xmf\Request;
4
5		include_once __DIR__ . '/header.php';
6		/*
7		*
8		* Module: newbbss
9		* Author: Sudhaker Raj <http://xoops.biz>
10		* Licence: GNU
11		*/
12		$seoOp = Request::getString('seoOp', '', 'GET');
13		$seoArg = Request::getInt('seoArg', 0, 'GET');
14		$seoOther = Request::getString('seoOther', '', 'GET');
15
16		$seos = ['c', 'f', 't', 'p', 'rc', 'rf', 'v', 'pr', 'pdf'];
17
18		$seoMap = [
19		'c' => 'index.php',
20		'f' => 'viewforum.php',
21		't' => 'viewtopic.php',
22		'p' => 'viewtopic.php',
23		'rc' => 'rss.php',
24		'rf' => 'rss.php',
25		'pr' => 'print.php',
26		'pdf' => 'makepdf.php'
27		];
28
29		if (!empty($seoOp) && !empty($seoMap[$seoOp]) && in_array($seoOp, $seos)) {
30		// module specific dispatching logic, other module must implement as
31		// per their requirements.
32		$ori_self = Request::getString('PHP_SELF', '', 'SERVER');
33		$ori_self = explode('modules/newbb', $ori_self);
34		$newUrl = $ori_self[0] . 'modules/newbb/' . $seoMap[$seoOp];
35		$_ENV['PHP_SELF'] = $newUrl;
36		$_SERVER['SCRIPT_NAME'] = $newUrl;
37		$_SERVER['PHP_SELF'] = $newUrl;
38		switch ($seoOp) {
39		case 'c':
40		$_SERVER['REQUEST_URI'] = $newUrl . '?cat=' . $seoArg;
41		$_GET['cat'] = $seoArg;
42		break;
43	View Code Duplication	case 'f':
44		$_SERVER['REQUEST_URI'] = $newUrl . '?forum=' . $seoArg;
45		$_GET['forum'] = $seoArg;
46		break;
47		case 'p':
48		$_SERVER['REQUEST_URI'] = $newUrl . '?post_id=' . $seoArg;
49		$_GET['post_id'] = $seoArg;
50		break;
51		case 'rc':
52		$_SERVER['REQUEST_URI'] = $newUrl . '?c=' . $seoArg;
53		$_GET['c'] = $seoArg;
54		break;
55	View Code Duplication	case 'rf':
56		$_SERVER['REQUEST_URI'] = $newUrl . '?f=' . $seoArg;
57		$_GET['f'] = $seoArg;
58		break;
59		default:
60		case 't':
61		case 'pr':
62		$_SERVER['REQUEST_URI'] = $newUrl . '?topic_id=' . $seoArg;
63		$_GET['topic_id'] = $seoArg;
64		break;
65		}
66		include $seoMap[$seoOp];
67		} else {
68		$last = $seoOp . '/' . $seoArg;
69		if ('' !== $seoOther) {
70		$last .= '/' . $seoOther;
71		}
72		include $last;
73		}
74		exit();
75
76		/**
77		* @param $value
78		* @return string
79		*/
80		function checker(&$value)
81		{
82		// keine Tags erlaubt
83		$value = strip_tags($value);
84
85		// HTML-Tags maskieren
86		$value = htmlspecialchars($value, ENT_QUOTES);
87
88		// Leerzeichen am Anfang und Ende beseitigen
89		$value = trim($value);
90
91		// pruefe auf javascript include
92		if (false !== strpos($value, '<script')) {
93		$value = '';
94		}
95
96		// pruefe auf Kommentare (SQL-Injections)
97		if (false !== strpos($value, '/*')) {
98		$value = '';
99		}
100
101		// pruefe UNION Injections
102		if (preg_match('/\sUNION\s+(ALL\|SELECT)/i', $value)) {
103		$value = '';
104		}
105
106		// Nullbyte Injection
107		if (false !== strpos($value, chr(0))) {
108		$value = '';
109		}
110
111		//pruefe Verzeichnis
112		if (false !== strpos($value, '../')) {
113		$value = '';
114		}
115
116		//pruefe auf externe
117		$str = strstr($value, '://');
118		if (false !== strpos($value, '://')) {
119		$value = '';
120		}
121
122		return $value;
123		}
124

mambax7 / newbb5

Push — master ( 5eefd1...62af87 )

seo.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like