Issues in Field.php (master) - Issues in master - mambax7/pedigree - Measure and Improve Code Quality continuously with Scrutinizer

Issues (807)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/Field.php (6 issues)

Labels

Severity

<?php

namespace XoopsModules\Pedigree;

/*
 You may not change or alter any portion of this comment or credits
 of supporting developers from this source code or any supporting source code
 which is considered copyrighted (c) material of the original comment or credit authors.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * Pedigree\Breadcrumb Class
 *
 * @copyright   {@link https://xoops.org/ XOOPS Project}
 * @license     {@link http://www.fsf.org/copyleft/gpl.html GNU public license}
 * @author      lucio <[email protected]>
 * @package     Pedigree
 * @since       1.31
 */

use XoopsFormLabel;
use XoopsModules\Pedigree;

/**
 * Class Field
 */
class Field
{
    protected $id;

    /**
     * @param $fieldnumber
     * @param $config
     */
    public function __construct($fieldnumber, $config)
    {
        //find key where id = $fieldnumber;
        $configCount = \count($config);

        foreach ($config as $x => $xValue) {
            //@todo - figure out if this is suppose to be an assignment or just a compare ('=' or '==')
            $config[$x]['id'] = $fieldnumber;
            if ($config[$x]['id']) {
                foreach ($config[$x] as $key => $value) {
                    $this->$key = $value;
                }
            }
        }
        $this->id = $fieldnumber;
    }

    /**
     * @return bool
     */
    public function isActive()
    {
        return '1' == $this->getSetting('isactive');
    }

    /**
     * @return bool
     */
    public function inAdvanced()
    {
        return '1' == $this->getSetting('viewinadvanced');
    }

    /**
     * @return bool
     */
    public function isLocked()
    {
        return '1' == $this->getSetting('locked');
    }

    /**
     * @return bool
     */
    public function hasSearch()
    {
        return '1' == $this->getSetting('hassearch');
    }

    /**
     * @return bool
     */
    public function addLitter()
    {
        return '1' == $this->getSetting('litter');
    }

    /**
     * @return bool
     */
    public function generalLitter()
    {
        return ('1' == $this->getSetting('generallitter'));
    }

    /**
     * @return bool
     */
    public function hasLookup()
    {
        return ('1' == $this->getSetting('lookuptable'));
    }

    /**
     * @return string
     */
    public function getSearchString()
    {
        return '&amp;o=pname&amp;p';
    }

    /**
     * @return bool
     */
    public function inPie()
    {
        return ('1' == $this->getSetting('viewinpie'));
    }

    /**
     * @return bool
     */
    public function inPedigree()
    {
        return ('1' == $this->getSetting('viewinpedigree'));
    }

    /**
     * @return bool
     */
    public function inList()
    {
        return '1' == $this->getSetting('viewinlist');
    }

    public function getId()
    {
        return $this->id;
    }

    /**
     * @param $setting
     *
     * @return mixed
     */
    public function getSetting($setting)
    {
        //        return $this->{$setting};
        return isset($this->$setting) ? $this->$setting : null;
    }

    /**
     * @param $fieldnumber
     *
     * @return array
     */
    public function lookupField($fieldnumber)
    {
        $ret = [];
        global $xoopsDB;
        $SQL    = 'SELECT * FROM ' . $GLOBALS['xoopsDB']->prefix("pedigree_lookup{$fieldnumber}") . " ORDER BY 'order'";
        $result = $GLOBALS['xoopsDB']->query($SQL);
        while (false !== ($row = $GLOBALS['xoopsDB']->fetchArray($result))) {
            $ret[] = ['id' => $row['id'], 'value' => $row['value']];
        }

        //array_multisort($ret,SORT_ASC);
        return $ret;
    }

    /**
     * @return \XoopsFormLabel
     */
    public function viewField()
    {
        $view = new \XoopsFormLabel($this->fieldname, $this->value);


        return $view;
    }

    /**
     * @return string
     */
    public function showField()
    {
        return $this->fieldname . ' : ' . $this->value;

    }

    /**
     * @return mixed|string
     */
    public function showValue()
    {
        global $myts;

        return $myts->displayTarea($this->value);

        //return $this->value;
    }

    /**
     * @return string
     */
    public function searchField()
    {
        return '<input type="text" name="query" size="20">';
    }
}


1			<?php
2
3			namespace XoopsModules\Pedigree;
4
5			/*
6			You may not change or alter any portion of this comment or credits
7			of supporting developers from this source code or any supporting source code
8			which is considered copyrighted (c) material of the original comment or credit authors.
9
10			This program is distributed in the hope that it will be useful,
11			but WITHOUT ANY WARRANTY; without even the implied warranty of
12			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
13			*/
14
15			/**
16			* Pedigree\Breadcrumb Class
17			*
18			* @copyright {@link https://xoops.org/ XOOPS Project}
19			* @license {@link http://www.fsf.org/copyleft/gpl.html GNU public license}
20			* @author lucio <[email protected]>
21			* @package Pedigree
22			* @since 1.31
23			*/
24
25			use XoopsFormLabel;
26			use XoopsModules\Pedigree;
27
28			/**
29			* Class Field
30			*/
31			class Field
32			{
33			protected $id;
34
35			/**
36			* @param $fieldnumber
37			* @param $config
38			*/
39			public function __construct($fieldnumber, $config)
40			{
41			//find key where id = $fieldnumber;
42			$configCount = \count($config);
			0 ignored issues – show Unused Code introduced 2018-05-08 05:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$configCount` is dead and can be removed. Loading history...
43			foreach ($config as $x => $xValue) {
44			//@todo - figure out if this is suppose to be an assignment or just a compare ('=' or '==')
45			$config[$x]['id'] = $fieldnumber;
46			if ($config[$x]['id']) {
47			foreach ($config[$x] as $key => $value) {
48			$this->$key = $value;
49			}
50			}
51			}
52			$this->id = $fieldnumber;
53			}
54
55			/**
56			* @return bool
57			*/
58			public function isActive()
59			{
60			return '1' == $this->getSetting('isactive');
61			}
62
63			/**
64			* @return bool
65			*/
66			public function inAdvanced()
67			{
68			return '1' == $this->getSetting('viewinadvanced');
69			}
70
71			/**
72			* @return bool
73			*/
74			public function isLocked()
75			{
76			return '1' == $this->getSetting('locked');
77			}
78
79			/**
80			* @return bool
81			*/
82			public function hasSearch()
83			{
84			return '1' == $this->getSetting('hassearch');
85			}
86
87			/**
88			* @return bool
89			*/
90			public function addLitter()
91			{
92			return '1' == $this->getSetting('litter');
93			}
94
95			/**
96			* @return bool
97			*/
98			public function generalLitter()
99			{
100			return ('1' == $this->getSetting('generallitter'));
101			}
102
103			/**
104			* @return bool
105			*/
106			public function hasLookup()
107			{
108			return ('1' == $this->getSetting('lookuptable'));
109			}
110
111			/**
112			* @return string
113			*/
114			public function getSearchString()
115			{
116			return '&o=pname&p';
117			}
118
119			/**
120			* @return bool
121			*/
122			public function inPie()
123			{
124			return ('1' == $this->getSetting('viewinpie'));
125			}
126
127			/**
128			* @return bool
129			*/
130			public function inPedigree()
131			{
132			return ('1' == $this->getSetting('viewinpedigree'));
133			}
134
135			/**
136			* @return bool
137			*/
138			public function inList()
139			{
140			return '1' == $this->getSetting('viewinlist');
141			}
142
143			public function getId()
144			{
145			return $this->id;
146			}
147
148			/**
149			* @param $setting
150			*
151			* @return mixed
152			*/
153			public function getSetting($setting)
154			{
155			// return $this->{$setting};
156			return isset($this->$setting) ? $this->$setting : null;
157			}
158
159			/**
160			* @param $fieldnumber
161			*
162			* @return array
163			*/
164			public function lookupField($fieldnumber)
165			{
166			$ret = [];
167			global $xoopsDB;
168			$SQL = 'SELECT * FROM ' . $GLOBALS['xoopsDB']->prefix("pedigree_lookup{$fieldnumber}") . " ORDER BY 'order'";
169			$result = $GLOBALS['xoopsDB']->query($SQL);
170			while (false !== ($row = $GLOBALS['xoopsDB']->fetchArray($result))) {
171			$ret[] = ['id' => $row['id'], 'value' => $row['value']];
172			}
173
174			//array_multisort($ret,SORT_ASC);
175			return $ret;
176			}
177
178			/**
179			* @return \XoopsFormLabel
180			*/
181			public function viewField()
182			{
183			$view = new \XoopsFormLabel($this->fieldname, $this->value);
			0 ignored issues – show Bug Best Practice introduced 2018-05-08 05:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `value` does not exist on `XoopsModules\Pedigree\Field`. Did you maybe forget to declare it? Loading history... Bug Best Practice introduced 2018-05-08 05:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `fieldname` does not exist on `XoopsModules\Pedigree\Field`. Did you maybe forget to declare it? Loading history...
184
185			return $view;
186			}
187
188			/**
189			* @return string
190			*/
191			public function showField()
192			{
193			return $this->fieldname . ' : ' . $this->value;
			0 ignored issues – show Bug Best Practice introduced 2018-05-08 05:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `fieldname` does not exist on `XoopsModules\Pedigree\Field`. Did you maybe forget to declare it? Loading history... Bug Best Practice introduced 2018-05-08 05:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `value` does not exist on `XoopsModules\Pedigree\Field`. Did you maybe forget to declare it? Loading history...
194			}
195
196			/**
197			* @return mixed\|string
198			*/
199			public function showValue()
200			{
201			global $myts;
202
203			return $myts->displayTarea($this->value);
			0 ignored issues – show Bug Best Practice introduced 2018-05-08 05:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `value` does not exist on `XoopsModules\Pedigree\Field`. Did you maybe forget to declare it? Loading history...
204			//return $this->value;
205			}
206
207			/**
208			* @return string
209			*/
210			public function searchField()
211			{
212			return '<input type="text" name="query" size="20">';
213			}
214			}
215

mambax7 / pedigree

Issues (807)

Security Analysis not enabled

class/Field.php (6 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like