Issues in auction.php (master) - Issues in master - mambax7/xoops-martin - Measure and Improve Code Quality continuously with Scrutinizer

Issues (663)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/auction.php (54 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * $Id: auction.php,v 1.42 2007/02/04 15:01:40 malanciault Exp $
 * Module:martin
 * Licence: GNU
 */

if (!defined("XOOPS_ROOT_PATH")) {
    die("XOOPS root path not defined");
}

include_once XOOPS_ROOT_PATH . '/modules/martin/include/common.php';

/**
 * Class MartinAuction
 */
class MartinAuction extends XoopsObject
{
    public function MartinAuction()
    {
        $this->initVar("auction_id", XOBJ_DTYPE_INT, null, false);
        $this->initVar("auction_name", XOBJ_DTYPE_TXTBOX, null, true, 255);
        $this->initVar("auction_info", XOBJ_DTYPE_TXTAREA, null, false);
        $this->initVar("check_in_date", XOBJ_DTYPE_INT, null, false);
        $this->initVar("check_out_date", XOBJ_DTYPE_INT, null, false);
        $this->initVar("apply_start_date", XOBJ_DTYPE_INT, null, false);
        $this->initVar("apply_end_date", XOBJ_DTYPE_INT, null, false);
        $this->initVar("auction_price", XOBJ_DTYPE_INT, null, false);
        $this->initVar("auction_low_price", XOBJ_DTYPE_INT, null, false);
        $this->initVar("auction_add_price", XOBJ_DTYPE_INT, null, false);
        $this->initVar("auction_can_use_coupon", XOBJ_DTYPE_INT, null, false);
        $this->initVar("auction_sented_coupon", XOBJ_DTYPE_INT, null, false);
        $this->initVar("auction_status", XOBJ_DTYPE_INT, null, false);
        $this->initVar("auction_add_time", XOBJ_DTYPE_INT, null, false);
    }

    /**
     * @return mixed
     */
    public function auction_id()
    {
        return $this->getVar("auction_id");
    }

    /**
     * @param string $format
     * @return mixed
     */
    public function auction_name($format = 'S')
    {
        return $this->getVar("auction_name", $format);
    }

    /**
     * @param string $format
     * @return mixed
     */
    public function auction_info($format = 'edit')
    {
        return $this->getVar("auction_info", $format);
    }

    /**
     * @return mixed
     */
    public function check_in_date()
    {
        return $this->getVar("check_in_date");
    }

    /**
     * @return mixed
     */
    public function check_out_date()
    {
        return $this->getVar("check_out_date");
    }

    /**
     * @return mixed
     */
    public function apply_start_date()
    {
        return $this->getVar("apply_start_date");
    }

    /**
     * @return mixed
     */
    public function apply_end_date()
    {
        return $this->getVar("apply_end_date");
    }

    /**
     * @return mixed
     */
    public function auction_price()
    {
        return $this->getVar("auction_price");
    }

    /**
     * @return mixed
     */
    public function auction_low_price()
    {
        return $this->getVar("auction_low_price");
    }

    /**
     * @return mixed
     */
    public function auction_add_price()
    {
        return $this->getVar("auction_add_price");
    }

    /**
     * @return mixed
     */
    public function auction_can_use_coupon()
    {
        return $this->getVar("auction_can_use_coupon");
    }

    /**
     * @return mixed
     */
    public function auction_sented_coupon()
    {
        return $this->getVar("auction_sented_coupon");
    }

    /**
     * @return mixed
     */
    public function auction_status()
    {
        return $this->getVar("auction_status");
    }

    /**
     * @return mixed
     */
    public function auction_add_time()
    {
        return $this->getVar("auction_add_time");
    }
}

/**
 * @method: auctionHandler
 * @license   http://www.blags.org/
 * @created   :2010年05月21日 20时40分
 * @copyright 1997-2010 The Martin auction
 * @author    Martin <[email protected]>
 * */
class MartinAuctionHandler extends XoopsObjectHandler
{
    /**
     * create a new hotel city
     * @param bool $isNew flag the new objects as "new"?
     * @return object auction
     */
    public function &create($isNew = true)
    {
        $auction = new MartinAuction();
        if ($isNew) {
            $auction->setNew();
        }

        return $auction;
    }

    /**
     * retrieve a hotel city
     *
     * @param int $id auctionid of the auction
     * @return mixed reference to the {@link auction} object, FALSE if failed
     */
    public function &get($id)

    {
        if ((int)($id) <= 0) {
            return false;
        }

        $criteria = new CriteriaCompo(new Criteria('auction_id', $id));
        $criteria->setLimit(1);
        $obj_array = $this->getObjects($criteria);
        if (count($obj_array) != 1) {
            $obj =& $this->create();

            return $obj;
        }

        return $obj_array[0];
    }

    /**
     * @get       rows
     * @license   http://www.blags.org/
     * @created   :2010年06月20日 13时09分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param      $sql
     * @param null $key
     * @return array
     */
    public function GetRows($sql, $key = null)

    {
        global $xoopsDB;
        $result = $xoopsDB->query($sql);
        $rows   = array();
        while ($row = $xoopsDB->fetchArray($result)) {
            if (is_null($key)) {
                $rows[] = $row;
            } else {
                $rows[$row[$key]] = $row;
            }
        }

        return $rows;
    }

    /**
     * @得到列表
     * @method:
     * @license   http://www.blags.org/
     * @created   :2010年05月23日 14时59分
     * @copyright 1997-2010 The Martin auction
     * @author    Martin <[email protected]>
     * @param int    $limit
     * @param int    $start
     * @param string $sort
     * @param string $order
     * @param bool   $id_as_key
     * @return array
     */
    public function &getAuctions($limit = 0, $start = 0, $sort = 'auction_add_time', $order = 'DESC', $id_as_key = true)

    {
        $criteria = new CriteriaCompo();

        $criteria->setSort($sort);
        $criteria->setOrder($order);

        $criteria->setStart($start);
        $criteria->setLimit($limit);

        return $this->getObjects($criteria, $id_as_key);
    }

    /**
     * insert a new auction in the database
     *
     * @param object $auction reference to the {@link auction} object
     * @param bool   $force
     * @return bool FALSE if failed, TRUE if already present and unchanged or successful
     */
    public function insert(&$auction, $force = false)
    {
        if (strtolower(get_class($auction)) !== 'martinauction') {
            return false;
        }

        if (!$auction->cleanVars()) {
            return false;
        }

        foreach ($auction->cleanVars as $k => $v) {
            ${$k} = $v;
        }

        if ($auction->isNew()) {
            $sql = sprintf("INSERT INTO %s (
                                auction_id,
                                auction_name,
                                auction_info,
                                check_in_date,
                                check_out_date,
                                apply_start_date,
                                apply_end_date,
                                auction_price,
                                auction_low_price,
                                auction_add_price,
                                auction_can_use_coupon,
                                auction_sented_coupon,
                                auction_status,
                                auction_add_time
                            ) VALUES (
                                NULL,
                                %s,%s,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u,%u
                            )", $this->db->prefix('martin_auction'), $this->db->quoteString($auction_name), $this->db->quoteString($auction_info), $check_in_date, $check_out_date, $apply_start_date, $apply_end_date, $auction_price, $auction_low_price, $auction_add_price, $auction_can_use_coupon, $auction_sented_coupon, $auction_status, $auction_add_time);

        } else {
            $sql = sprintf("UPDATE %s SET
                                auction_name = %s,
                                auction_info = %s,
                                check_in_date = %u,
                                check_out_date = %u,
                                apply_start_date = %u,
                                apply_end_date = %u,
                                auction_price = %u,
                                auction_low_price = %u,
                                auction_add_price = %u,
                                auction_can_use_coupon = %u,
                                auction_sented_coupon = %u,
                                auction_status = %u
                            WHERE auction_id = %u", $this->db->prefix('martin_auction'), $this->db->quoteString($auction_name), $this->db->quoteString($auction_info), $check_in_date, $check_out_date, $apply_start_date, $apply_end_date, $auction_price, $auction_low_price, $auction_add_price, $auction_can_use_coupon, $auction_sented_coupon, $auction_status, $auction_id);

        }
        //echo $sql;exit;
        if (false != $force) {

            $result = $this->db->queryF($sql);
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
        } else {
            $result = $this->db->query($sql);
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
        }

        return $auction_id > 0 ? $auction_id : $this->db->getInsertId();

    }

    /**
     * @删除一个城市
     * @method:delete(auction_id)
     * @license   http://www.blags.org/
     * @created   :2010年05月21日 20时40分
     * @copyright 1997-2010 The Martin auction
     * @author    Martin <[email protected]>
     * @param object $auction
     * @param bool   $force
     * @return bool|void
     */
    public function delete(&$auction, $force = false)

    {
        if (strtolower(get_class($auction)) !== 'martinauction') {
            return false;
        }

        $sql = "DELETE FROM " . $this->db->prefix("martin_auction") . " WHERE auction_id = " . $auction->auction_id();

        if (false != $force) {

            $result = $this->db->queryF($sql);
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
        } else {
            $result = $this->db->query($sql);
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
        }

        $sql = "DELETE FROM " . $this->db->prefix("martin_auction_room") . " WHERE auction_id = " . $auction->auction_id();

        if (false != $force) {

            $result = $this->db->queryF($sql);
        } else {
            $result = $this->db->query($sql);
        }

        if (!$result) {
            return false;
        }

        return true;
    }

    /**
     * delete hotel cities matching a set of conditions
     *
     * @param object $criteria {@link CriteriaElement}

     * @return bool FALSE if deletion failed
     */
    public function deleteAll($criteria = null)

    {
        $sql = 'DELETE FROM ' . $this->db->prefix('martin_auction');
        if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {

            $sql .= ' ' . $criteria->renderWhere();
        }
        if (!$result = $this->db->query($sql)) {
            return false;
        }

        return true;
    }

    /**
     * count hotel cities matching a condition
     *
     * @param object $criteria {@link CriteriaElement} to match

     * @return int count of categories
     */
    public function getCount($criteria = null)

    {
        $sql = 'SELECT COUNT(*) FROM ' . $this->db->prefix('martin_auction');
        if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {

            $sql .= ' ' . $criteria->renderWhere();
        }
        $result = $this->db->query($sql);
        if (!$result) {
            return 0;
        }
        list($count) = $this->db->fetchRow($result);

        return $count;
    }

    /**
     * @得到城市
     * @license   http://www.blags.org/
     * @created   :2010年05月21日 20时40分
     * @copyright 1997-2010 The Martin auction
     * @author    Martin <[email protected]>
     * @param null $criteria
     * @param bool $id_as_key
     * @return array
     */
    public function &getObjects($criteria = null, $id_as_key = false)

    {
        $ret   = array();
        $limit = $start = 0;
        $sql   = 'SELECT * FROM ' . $this->db->prefix('martin_auction');
        if (isset($criteria) && is_subclass_of($criteria, 'criteriaelement')) {

            $sql .= ' ' . $criteria->renderWhere();
            if ($criteria->getSort() != '') {
                $sql .= ' ORDER BY ' . $criteria->getSort() . ' ' . $criteria->getOrder();
            }
            $limit = $criteria->getLimit();
            $start = $criteria->getStart();
        }
        $sql .= " order by  apply_start_date DESC , auction_id DESC ";
        //echo "<br />" . $sql . "<br />";
        $result = $this->db->query($sql, $limit, $start);

        if (!$result) {
            return $ret;
        }

        $theObjects = array();

        while ($myrow = $this->db->fetchArray($result)) {
            $auction = new MartinAuction();
            $auction->assignVars($myrow);
            $theObjects[$myrow['auction_id']] =& $auction;
            //var_dump($auction);
            unset($auction);
        }
        //var_dump($theObjects);

        foreach ($theObjects as $theObject) {
            if (!$id_as_key) {
                $ret[] =& $theObject;
            } else {
                $ret[$theObject->auction_id()] =& $theObject;
            }
            unset($theObject);
        }

        return $ret;
    }

    /**
     * @get       room list
     * @license   http://www.blags.org/
     * @created   :2010年06月03日 20时05分
     * @copyright 1997-2010 The Martin auction
     * @author    Martin <[email protected]>
     * @param $auction_id
     * @return array|bool
     */
    public function getRoomList($auction_id)

    {
        global $xoopsDB;
        if (empty($auction_id)) {
            return false;
        }
        $sql    = "SELECT gr.room_id,gr.room_count,r.room_name FROM " . $xoopsDB->prefix("martin_auction_room") . " gr
            left join " . $xoopsDB->prefix("martin_room") . " r ON r.room_id = gr.room_id
            WHERE auction_id = " . $auction_id;
        $result = $xoopsDB->query($sql);
        $rows   = array();
        while ($row = $xoopsDB->fetchArray($result)) {
            $rows[] = $row;
        }

        return $rows;
    }

    /**
     * @param $auction_id
     * @param $room_ids
     * @param $room_counts
     * @param $isNew
     * @return bool
     */
    public function InsertAuctionRoom($auction_id, $room_ids, $room_counts, $isNew)

    {
        global $xoopsDB;
        if (!$auction_id || !is_array($room_ids)) {
            // delete data
            $sql = "delete FROM " . $xoopsDB->prefix("martin_auction") . " WHERE auction_id = " . $auction_id;
            if ($auction_id > 0) {
                $xoopsDB->query($sql);
            }

            return false;
        }
        $dsql = 'delete FROM ' . $xoopsDB->prefix("martin_auction_room") . " WHERE auction_id = $auction_id";
        $xoopsDB->query($dsql);

        $sql = "insert INTO " . $xoopsDB->prefix("martin_auction_room") . " (auction_id,room_id,room_count) VALUES ";
        foreach ($room_ids as $key => $room_id) {
            $room_count = $room_counts[$key];
            $sql .= $prefix . "($auction_id,$room_id,$room_count)";
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
            $prefix = ",";
        }

        //echo $sql;
        return $xoopsDB->query($sql);
    }

    /**
     * @get       room by hotel
     * @license   http://www.blags.org/
     * @created   :2010年06月03日 20时05分
     * @copyright 1997-2010 The Martin auction
     * @author    Martin <[email protected]>
     * @param $hotel_id
     * @return array
     */
    public function GetRoomListByHotel($hotel_id)

    {
        global $xoopsDB;
        $sql = "SELECT room_id,room_name FROM " . $xoopsDB->prefix("martin_auction");
        $sql .= $hotel_id > 0 ? " WHERE hotel_id = " . $hotel_id : " ";
        $result = $xoopsDB->query($sql);
        $rows   = array();
        while ($row = $xoopsDB->fetchArray($result)) {
            $rows[$row['room_id']] = $row['room_name'];
        }

        return $rows;
    }

    /**
     * @get       top aution list
     * @license   http://www.blags.org/
     * @created   :2010年06月20日 13时09分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param int $limit
     * @return array
     */
    public function GetAuctionList($limit = 6)

    {
        global $xoopsDB;
        $sql = 'SELECT * FROM ' . $xoopsDB->prefix('martin_auction') . ' WHERE auction_status = 1 AND apply_end_date > ' . time() . ' order by apply_end_date , auction_id DESC limit ' . $limit;

        return $this->GetRows($sql);
    }

    /**
     * @get       Auction rooms
     * @license   http://www.blags.org/
     * @created   :2010年06月20日 13时09分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $auction_id
     * @return array
     */
    public function GetAuctionRooms($auction_id)

    {
        global $xoopsDB;
        if (!$auction_id) {
            return $auction_id;
        }
        $sql = 'SELECT a.*,r.*,rt.room_type_info,h.* FROM ' . $xoopsDB->prefix("martin_auction_room") . ' a ';
        $sql .= ' INNER JOIN ' . $xoopsDB->prefix('martin_room') . ' r ON ( r.room_id = a.room_id ) ';
        $sql .= ' INNER JOIN ' . $xoopsDB->prefix('martin_room_type') . ' rt ON ( r.room_type_id = rt.room_type_id ) ';
        $sql .= ' INNER JOIN ' . $xoopsDB->prefix('martin_hotel') . ' h ON ( r.hotel_id = h.hotel_id ) ';
        $sql .= ' WHERE a.auction_id = ' . $auction_id;

        //echo $sql;
        return $this->GetRows($sql);
    }

    /**
     * @add       user auction bid
     * @license   http://www.blags.org/
     * @created   :2010年06月21日 21时40分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $Data
     * @return
     */
    public function AddUserAuction($Data)

    {
        global $xoopsDB;
        if (!is_array($Data) || empty($Data)) {
            return $Data;
        }
        $sql = 'INSERT INTO ' . $xoopsDB->prefix('martin_auction_bid') . ' (%s) VALUES (%s) ';
        foreach ($Data as $key => $value) {
            $keys .= $prefix . $key;
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
            $values .= $prefix . $value;
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
            $prefix = ',';
        }
        $sql = sprintf($sql, $keys, $values);
        //echo $sql;
        $xoopsDB->query($sql);

        return $xoopsDB->getInsertId();
    }

    /**
     * @get       auction bid list
     * @method:
     * @license   http://www.blags.org/
     * @created   :2010年06月21日 21时40分
     * @copyright 1997-2010 The Martin Group
     * @author    Martin <[email protected]>
     * @param $auction_id
     * @return array|bool
     */
    public function getAuctionBidList($auction_id)

    {
        if (!$auction_id) {
            return false;
        }
        global $xoopsDB;
        $sql = 'SELECT b.*,u.uname FROM ' . $xoopsDB->prefix('martin_auction_bid') . ' b ';
        $sql .= 'INNER JOIN ' . $xoopsDB->prefix('users') . ' u ON (u.uid = b.uid) ';
        $sql .= 'WHERE b.auction_id = ' . $auction_id . ' ';
        $sql .= 'ORDER BY b.bid_price DESC , b.bid_id DESC ';

        return $this->GetRows($sql);
    }
}


Issues (663)

Security Analysis not enabled

class/auction.php (54 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Available Fixes

Available Fixes

1			<?php
2			/**
3			* $Id: auction.php,v 1.42 2007/02/04 15:01:40 malanciault Exp $
4			* Module:martin
5			* Licence: GNU
6			*/
7
8			if (!defined("XOOPS_ROOT_PATH")) {
9			die("XOOPS root path not defined");
10			}
11
12			include_once XOOPS_ROOT_PATH . '/modules/martin/include/common.php';
13
14			/**
15			* Class MartinAuction
16			*/
17			class MartinAuction extends XoopsObject
18			{
19			public function MartinAuction()
20			{
21			$this->initVar("auction_id", XOBJ_DTYPE_INT, null, false);
22			$this->initVar("auction_name", XOBJ_DTYPE_TXTBOX, null, true, 255);
23			$this->initVar("auction_info", XOBJ_DTYPE_TXTAREA, null, false);
24			$this->initVar("check_in_date", XOBJ_DTYPE_INT, null, false);
25			$this->initVar("check_out_date", XOBJ_DTYPE_INT, null, false);
26			$this->initVar("apply_start_date", XOBJ_DTYPE_INT, null, false);
27			$this->initVar("apply_end_date", XOBJ_DTYPE_INT, null, false);
28			$this->initVar("auction_price", XOBJ_DTYPE_INT, null, false);
29			$this->initVar("auction_low_price", XOBJ_DTYPE_INT, null, false);
30			$this->initVar("auction_add_price", XOBJ_DTYPE_INT, null, false);
31			$this->initVar("auction_can_use_coupon", XOBJ_DTYPE_INT, null, false);
32			$this->initVar("auction_sented_coupon", XOBJ_DTYPE_INT, null, false);
33			$this->initVar("auction_status", XOBJ_DTYPE_INT, null, false);
34			$this->initVar("auction_add_time", XOBJ_DTYPE_INT, null, false);
35			}
36
37			/**
38			* @return mixed
39			*/
40			public function auction_id()

mambax7 / xoops-martin

Issues (663)

Security Analysis not enabled

class/auction.php (54 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Duplication Side-by-Side

Filter issues like