Issues in modifier.rewrite_url.php (master) - Issues in master - mambax7/publisher - Measure and Improve Code Quality continuously with Scrutinizer

Issues (371)

Security Analysis no vulnerabilities found

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

extra/modifier.rewrite_url.php (3 issues)

Labels

Severity

<?php declare(strict_types=1);

/**
 * This plugin will modify an url to remove and replace a specific
 * parameter while removing all others or keeping only certain ones.
 *
 * Note, any parameters not listed in the $remove_params_arr will
 * not be removed (they will be kept). To keep all parameters, pass
 * an empty string "" for the $remove_params_arr.
 *
 * @param string      $url               The url to change (REQUIRED).
 * @param string      $insert_param      The current parameter you wish to
 *                                       change or insert, optionally this
 *                                       could be a query string (REQUIRED).
 * @param string|null $param_value       The value of the parameter you wish
 *                                       to change or insert (REQUIRED or
 *                                       OPTIONAL if $insert_param is a query
 *                                       string).
 *                                       $insert_param and $param_value can be
 *                                       multiple values by separating each
 *                                       pair by comma. The same number of
 *                                       values should be in each variable.
 * @param string      $remove_params_arr A list of parameters (and values)
 *                                       which will be removed (OPTIONAL).
 *
 * @return string The modified url
 * @author  Ian Short ([email protected] - Made modifications to V1.86)
 *
 * @author  Jim Smith ([email protected] principal author)
 * @version 1.9 - Added remove duplicates from $url_arr. Replaced function implode_query with http_build_query. Removed code error checks, now handled by http_build_query.
 */
function smarty_modifier_rewrite_url($url, $insert_param, $param_value = null, $remove_params_arr = '')
{
    //parse $insert_param if it is a query string
    if (preg_match('/.+=([\w%,-])*/', $insert_param)) {
        parse_str($insert_param, $insert_arr);
        $insert_param = array_keys($insert_arr);
        $param_value  = array_values($insert_arr);
    }

    //split $url and parse into array
    if (preg_match('/\w+\.\w+/', $url)) {
        //assume full url
        /** @var array $newurl_arr */
        $newurl_arr = parse_url($url);
        $newurl     = '';
        if (isset($newurl_arr['scheme'])) {
            $newurl = $newurl_arr['scheme'] . '://';
        }
        if (isset($newurl_arr['username']) && isset($newurl_arr['password'])) {
            $newurl .= $newurl_arr['username'] . ':' . $newurl_arr['password'] . '@';
        } elseif (isset($newurl_arr['username'])) {
            $newurl .= $newurl_arr['username'] . '@';
        }
        if (isset($newurl_arr['host'])) {
            $newurl .= $newurl_arr['host'];
        }
        if (isset($newurl_arr['port'])) {
            $newurl .= ':' . $newurl_arr['port'];
        }
        if (isset($newurl_arr['path'])) {
            $newurl .= $newurl_arr['path'];
        }
        $newurl .= '?';
        if (isset($newurl_arr['query'])) {
            parse_str($newurl_arr['query'], $url_arr);
        }
    } else {
        //assume just query string
        if (preg_match('/#/', $url)) {
            /** @var array $temp_arr */
            $temp_arr               = explode('#', $url);
            $newurl_arr['fragment'] = $temp_arr[1];

            $url                    = $temp_arr[0];
        }
        $newurl = '';
        parse_str($url, $url_arr);
    }

    //remove params from array
    if (isset($remove_params_arr) && ('' != $remove_params_arr)) {
        !is_array($remove_params_arr) ? $remove_params_arr = explode(',', $remove_params_arr) : '';

        foreach ($remove_params_arr as $param) {
            unset($url_arr[$param]);
        }
    }

    //add current param to array, params separated by semi-colon
    if (isset($insert_param) && ('' != $insert_param)) {
        !is_array($insert_param) ? $insert_param = explode(',', $insert_param) : '';
        !is_array($param_value) ? $param_value = explode(',', $param_value) : '';
        for ($i = 0, $size = count($param_value); $i < $size; ++$i) {
            if ('' != trim($param_value[$i])) {
                $url_arr[trim($insert_param[$i])] = trim($param_value[$i]);
            }
        }
    }

    // Remove any duplicate array elements
    $url_arr = array_unique($url_arr);


    //assemble the url string from the array
    $newurl .= http_build_query($url_arr, '', '&');

    //attach anchor fragment to end of url
    if (isset($newurl_arr['fragment'])) {
        $newurl .= '#' . $newurl_arr['fragment'];
    }

    return $newurl;
}

/*
from: https://www.smarty.net/forums/viewtopic.php?t=17202

Examples
You can use it to replace or add a single parameter (adds 'client_city'):
Code:
{$cur_page|cat:"?$query"|rewrite_url:"client_city":"Chicago":""}


You can use it to remove parameters (removes 'client_city'):
Code:
{$cur_page|cat:"?$query"|rewrite_url:"":"":"client_city"}


You can do both in the same operation (adds 'client_city', removes 'next'):
Code:
{$cur_page|cat:"?$query"|rewrite_url:"client_city":"Chicago":"next"}


You can, of course, use $smarty variables (inserts the 'client_city' with value stored in $client.city):
Code:
{$cur_page|cat:"?$query"|rewrite_url:"client_city":$client.city:""}


You can specify a list of parameters to add and to remove (this eliminates the need to make separate calls to rewrite_url if you want to add more than one parameter).
Inserts 'client_city', removes both 'next' and 'client_state':
Code:
{$cur_page|cat:"?$query"|rewrite_url:"client_city":"Chicago":"next,client_state"}

Inserts both 'client_city=Chicago' and 'client_state=Illinois', removes 'next':
Code:
{$cur_page|cat:"?$query"|rewrite_url:"client_city,client_state":"Chicago,Illinois":"next"}


Sometimes you need to call it twice. For instance if a variable contains the parameters you want to replace ($special_query). In this case you have to apply rewrite_url twice because the parameters do not exist in the URL until you apply the first rewrite_url. Then your second rewrite_url can modify your new URL:
Code:
{$cur_page|cat:"?$query"|rewrite_url:$special_query:"":""|rewrite_url:"":"":"next"}


If you already have the insert parameter as a parameter=value pair (inserts the pair 'client_city=Chicago'):
Code:
{$cur_page|cat:"?$query"|rewrite_url:"client_city=Chicago":"":""}


You can also use this inside PHP files by using the alternative syntax (removes 'next'):
Code:
$url = smarty_modifier_rewrite_url("$cur_page?$query","","","next");


I wrote this a while back and use it a lot in my templates. Much easier than trying to get all my URLs ready inside my PHP files. I can do it all dynamically in my templates!
*/


1			<?php declare(strict_types=1);
2
3			/**
4			* This plugin will modify an url to remove and replace a specific
5			* parameter while removing all others or keeping only certain ones.
6			*
7			* Note, any parameters not listed in the $remove_params_arr will
8			* not be removed (they will be kept). To keep all parameters, pass
9			* an empty string "" for the $remove_params_arr.
10			*
11			* @param string $url The url to change (REQUIRED).
12			* @param string $insert_param The current parameter you wish to
13			* change or insert, optionally this
14			* could be a query string (REQUIRED).
15			* @param string\|null $param_value The value of the parameter you wish
16			* to change or insert (REQUIRED or
17			* OPTIONAL if $insert_param is a query
18			* string).
19			* $insert_param and $param_value can be
20			* multiple values by separating each
21			* pair by comma. The same number of
22			* values should be in each variable.
23			* @param string $remove_params_arr A list of parameters (and values)
24			* which will be removed (OPTIONAL).
25			*
26			* @return string The modified url
27			* @author Ian Short ([email protected] - Made modifications to V1.86)
28			*
29			* @author Jim Smith ([email protected] principal author)
30			* @version 1.9 - Added remove duplicates from $url_arr. Replaced function implode_query with http_build_query. Removed code error checks, now handled by http_build_query.
31			*/
32			function smarty_modifier_rewrite_url($url, $insert_param, $param_value = null, $remove_params_arr = '')
33			{
34			//parse $insert_param if it is a query string
35			if (preg_match('/.+=([\w%,-])*/', $insert_param)) {
36			parse_str($insert_param, $insert_arr);
37			$insert_param = array_keys($insert_arr);
38			$param_value = array_values($insert_arr);
39			}
40
41			//split $url and parse into array
42			if (preg_match('/\w+\.\w+/', $url)) {
43			//assume full url
44			/** @var array $newurl_arr */
45			$newurl_arr = parse_url($url);
46			$newurl = '';
47			if (isset($newurl_arr['scheme'])) {
48			$newurl = $newurl_arr['scheme'] . '://';
49			}
50			if (isset($newurl_arr['username']) && isset($newurl_arr['password'])) {
51			$newurl .= $newurl_arr['username'] . ':' . $newurl_arr['password'] . '@';
52			} elseif (isset($newurl_arr['username'])) {
53			$newurl .= $newurl_arr['username'] . '@';
54			}
55			if (isset($newurl_arr['host'])) {
56			$newurl .= $newurl_arr['host'];
57			}
58			if (isset($newurl_arr['port'])) {
59			$newurl .= ':' . $newurl_arr['port'];
60			}
61			if (isset($newurl_arr['path'])) {
62			$newurl .= $newurl_arr['path'];
63			}
64			$newurl .= '?';
65			if (isset($newurl_arr['query'])) {
66			parse_str($newurl_arr['query'], $url_arr);
67			}
68			} else {
69			//assume just query string
70			if (preg_match('/#/', $url)) {
71			/** @var array $temp_arr */
72			$temp_arr = explode('#', $url);
73			$newurl_arr['fragment'] = $temp_arr[1];
			0 ignored issues – show Comprehensibility Best Practice introduced 2020-07-13 01:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$newurl_arr` was never initialized. Although not strictly required by PHP, it is generally a good practice to add `$newurl_arr = array();` before regardless. Loading history...
74			$url = $temp_arr[0];
75			}
76			$newurl = '';
77			parse_str($url, $url_arr);
78			}
79
80			//remove params from array
81			if (isset($remove_params_arr) && ('' != $remove_params_arr)) {
82			!is_array($remove_params_arr) ? $remove_params_arr = explode(',', $remove_params_arr) : '';
			0 ignored issues – show introduced 2020-07-13 01:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The condition `is_array($remove_params_arr)` is always `false`. Loading history...
83			foreach ($remove_params_arr as $param) {
84			unset($url_arr[$param]);
85			}
86			}
87
88			//add current param to array, params separated by semi-colon
89			if (isset($insert_param) && ('' != $insert_param)) {
90			!is_array($insert_param) ? $insert_param = explode(',', $insert_param) : '';
91			!is_array($param_value) ? $param_value = explode(',', $param_value) : '';
92			for ($i = 0, $size = count($param_value); $i < $size; ++$i) {
93			if ('' != trim($param_value[$i])) {
94			$url_arr[trim($insert_param[$i])] = trim($param_value[$i]);
95			}
96			}
97			}
98
99			// Remove any duplicate array elements
100			$url_arr = array_unique($url_arr);
			0 ignored issues – show Comprehensibility Best Practice introduced 2020-07-13 01:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$url_arr` does not seem to be defined for all execution paths leading up to this point. Loading history...
101
102			//assemble the url string from the array
103			$newurl .= http_build_query($url_arr, '', '&');
104
105			//attach anchor fragment to end of url
106			if (isset($newurl_arr['fragment'])) {
107			$newurl .= '#' . $newurl_arr['fragment'];
108			}
109
110			return $newurl;
111			}
112
113			/*
114			from: https://www.smarty.net/forums/viewtopic.php?t=17202
115
116			Examples
117			You can use it to replace or add a single parameter (adds 'client_city'):
118			Code:
119			{$cur_page\|cat:"?$query"\|rewrite_url:"client_city":"Chicago":""}
120
121
122			You can use it to remove parameters (removes 'client_city'):
123			Code:
124			{$cur_page\|cat:"?$query"\|rewrite_url:"":"":"client_city"}
125
126
127			You can do both in the same operation (adds 'client_city', removes 'next'):
128			Code:
129			{$cur_page\|cat:"?$query"\|rewrite_url:"client_city":"Chicago":"next"}
130
131
132			You can, of course, use $smarty variables (inserts the 'client_city' with value stored in $client.city):
133			Code:
134			{$cur_page\|cat:"?$query"\|rewrite_url:"client_city":$client.city:""}
135
136
137			You can specify a list of parameters to add and to remove (this eliminates the need to make separate calls to rewrite_url if you want to add more than one parameter).
138			Inserts 'client_city', removes both 'next' and 'client_state':
139			Code:
140			{$cur_page\|cat:"?$query"\|rewrite_url:"client_city":"Chicago":"next,client_state"}
141
142			Inserts both 'client_city=Chicago' and 'client_state=Illinois', removes 'next':
143			Code:
144			{$cur_page\|cat:"?$query"\|rewrite_url:"client_city,client_state":"Chicago,Illinois":"next"}
145
146
147			Sometimes you need to call it twice. For instance if a variable contains the parameters you want to replace ($special_query). In this case you have to apply rewrite_url twice because the parameters do not exist in the URL until you apply the first rewrite_url. Then your second rewrite_url can modify your new URL:
148			Code:
149			{$cur_page\|cat:"?$query"\|rewrite_url:$special_query:"":""\|rewrite_url:"":"":"next"}
150
151
152			If you already have the insert parameter as a parameter=value pair (inserts the pair 'client_city=Chicago'):
153			Code:
154			{$cur_page\|cat:"?$query"\|rewrite_url:"client_city=Chicago":"":""}
155
156
157			You can also use this inside PHP files by using the alternative syntax (removes 'next'):
158			Code:
159			$url = smarty_modifier_rewrite_url("$cur_page?$query","","","next");
160
161
162			I wrote this a while back and use it a lot in my templates. Much easier than trying to get all my URLs ready inside my PHP files. I can do it all dynamically in my templates!
163			*/
164

mambax7 / publisher

Issues (371)

Security Analysis no vulnerabilities found

extra/modifier.rewrite_url.php (3 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like