Issues in config_default.php (master) - Issues in master - mbirth/cops - Measure and Improve Code Quality continuously with Scrutinizer

Issues (982)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

config_default.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * COPS (Calibre OPDS PHP Server) class file
 *
 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
 * @author     Sébastien Lucas <[email protected]>
 */

    if (!isset($config)) {
        $config = array();
    }

    /*
     * The directory containing calibre's metadata.db file, with sub-directories
     * containing all the formats.
     * BEWARE : it has to end with a /
     * You can enable multiple database with this notation instead of a simple string :
     * $config['calibre_directory'] = array ("My database name" => "/home/directory/calibre1/", "My other database name" => "/home/directory/calibre2/");
     */
    $config['calibre_directory'] = './';

    /*
     * SPECIFIC TO NGINX
     * The internal directory set in nginx config file
     * Leave empty if you don't know what you're doing
     */
    $config['calibre_internal_directory'] = '';

    /*
     * Full URL prefix (with trailing /)
     * useful especially for Opensearch where a full URL is often required
     * For example Mantano, Aldiko and Marvin require it.
     */
    $config['cops_full_url'] = '';

    /*
     * Number of recent books to show
     */
    $config['cops_recentbooks_limit'] = '50';

    /*
     * Catalog's author name
     */
    $config['cops_author_name'] = 'Sébastien Lucas';

    /*
     * Catalog's author uri
     */
    $config['cops_author_uri'] = 'http://blog.slucas.fr';

    /*
     * Catalog's author email
     */
    $config['cops_author_email'] = '[email protected]';

    /*
     * Catalog's title
     */
    $config['cops_title_default'] = 'COPS';

    /*
     * Catalog's subtitle
     */
    $config['cops_subtitle_default'] = '';

    /*
     * Wich header to use when downloading books outside the web directory
     * Possible values are :
     *   X-Accel-Redirect   : For Nginx
     *   X-Sendfile         : For Lightttpd or Apache (with mod_xsendfile)
     *   No value (default) : Let PHP handle the download
     */
    $config['cops_x_accel_redirect'] = '';

    /*
     * Height of thumbnail image for OPDS
     */
    $config['cops_opds_thumbnail_height'] = '164';

    /*
     * Height of thumbnail image for HTML
     */
    $config['cops_html_thumbnail_height'] = '164';

    /*
     * Icon for both OPDS and HTML catalog
     * Note that this has to be a real icon (.ico)
     */
    $config['cops_icon'] = 'favicon.ico';

    /*
     * Show icon for authors, series, tags and books on OPDS feed
     *  1 : enable
     *  0 : disable
     */
    $config['cops_show_icons'] = '1';

    /*
     * Default timezone
     * Check following link for other timezones :
     * http://www.php.net/manual/en/timezones.php
     */
    $config['default_timezone'] = 'Europe/Paris';

    /*
     * Prefered format for HTML catalog
     * The two first will be displayed in book entries
     * The other only appear in book detail
     */
    $config['cops_prefered_format'] = array('EPUB', 'PDF', 'AZW3', 'AZW', 'MOBI', 'CBR', 'CBZ');

    /*
     * use URL rewriting for downloading of ebook in HTML catalog
     * See Github wiki for more information
     *  1 : enable
     *  0 : disable
     */
    $config['cops_use_url_rewriting'] = '0';

    /*
     * generate a invalid OPDS stream to allow bad OPDS client to use search
     * Example of non compliant OPDS client : Moon+ Reader
     * Example of good OPDS client : Mantano, FBReader
     *  1 : enable support for non compliant OPDS client
     *  0 : always generate valid OPDS code
     */
    $config['cops_generate_invalid_opds_stream'] = '0';

    /*
     * Max number of items per page
     * -1 unlimited
     */
    $config['cops_max_item_per_page'] = '-1';

    /*
     * split authors by first letter
     * 1 : Yes
     * 0 : No
     */
    $config['cops_author_split_first_letter'] = '1';

    /*
     * split titles by first letter
     * 1 : Yes
     * 0 : No
     */
    $config['cops_titles_split_first_letter'] = '1';

    /*
     * Enable the Lightboxes (for popups)
     * 1 : Yes (enable)
     * 0 : No
     */
    $config['cops_use_fancyapps'] = '1';

    /*
     * Update Epub metadata before download
     * 1 : Yes (enable)
     * 0 : No
     */
    $config['cops_update_epub-metadata'] = '0';

    /*

     * Filter on tags to book list
     * Only works with the OPDS catalog
     * Usage : array ("I only want to see books using the tag : Tag1"     => "Tag1",
     *                "I only want to see books not using the tag : Tag1" => "!Tag1",
     *                "I want to see every books"                         => "",
     *
     * Example : array ("All" => "", "Unread" => "!Read", "Read" => "Read")
     */
    $config['cops_books_filter'] = array();

    /*
     * Custom Columns for the index page
     * to add as an array containing the lookup names configured in Calibre
     *
     * For example : array ("genre", "mycolumn");
     *
     * Note that the composite custom columns are not supported
     */
    $config['cops_calibre_custom_column'] = array();

    /*
     * Custom Columns for the list representation
     * to add as an array containing the lookup names configured in Calibre
     *
     * For example : array ("genre", "mycolumn");
     *
     * Note that the composite custom columns are not supported
     */
    $config['cops_calibre_custom_column_list'] = array ();

    /*
     * Custom Columns for the book preview panel
     * to add as an array containing the lookup names configured in Calibre
     *
     * For example : array ("genre", "mycolumn");
     *
     * Note that the composite custom columns are not supported
     */
    $config['cops_calibre_custom_column_preview'] = array ();

    /*
     * Rename .epub to .kepub.epub if downloaded from a Kobo eReader
     * The ebook will then be recognized a Kepub so with chaptered paging, statistics, ...
     * You have to enable URL rewriting if you want to enable kepup.epub download
     * 1 : Yes (enable)
     * 0 : No
     */
    $config['cops_provide_kepub'] = '0';

    /*
     * Enable and configure Send To Kindle (or Email) feature.
     *
     * Don't forget to authorize the sender email you configured in your Kindle's  Approved Personal Document E-mail List.
     *
     * If you want to use a simple smtp server (provided by your ISP for example), you can configure it like that :
     * $config['cops_mail_configuration'] = array( "smtp.host"     => "smtp.free.fr",
     *                                           "smtp.username" => "",
     *                                           "smtp.password" => "",
     *                                           "smtp.secure"   => "",
     *                                           "address.from"  => "[email protected]",
     *                                           "subject"       => "Sent by COPS : " // Not mandatory
     *                                           );
     *
     * For Gmail (ssl is mandatory) :
     * $config['cops_mail_configuration'] = array( "smtp.host"     => "smtp.gmail.com",
     *                                           "smtp.username" => "YOUR GMAIL ADRESS",
     *                                           "smtp.password" => "YOUR GMAIL PASSWORD",
     *                                           "smtp.secure"   => "ssl",
     *                                           "address.from"  => "[email protected]"
     *                                           );
     */
    $config['cops_mail_configuration'] = NULL;

    /*
     * Use filter in HTML catalog
     * 1 : Yes (enable)
     * 0 : No
     */
    $config['cops_html_tag_filter'] = '0';

    /*
     * Thumbnails are generated on-the-fly so it can be problematic on servers with slow CPU (Raspberry Pi, Dockstar, Piratebox, ...).
     * This configuration item allow to customize how thumbnail will be generated
     * "" : Generate thumbnail (CPU hungry)
     * "1" : always send the full size image (Network hungry)
     * any url : Send a constant image as the thumbnail (you can try "images/bookcover.png")
     */
    $config['cops_thumbnail_handling'] = '';

    /*
     * Directory to keep resized thumbnails: allow to resize thumbnails only on first access, then use this cache.
     * $config['cops_thumbnail_handling'] must be ""
     * "" : don't cache thumbnail
     * "/tmp/cache/" (example) : will generate thumbnails in /tmp/cache/
     * BEWARE : it has to end with a /
     */
    $config['cops_thumbnail_cache_directory'] = '';

    /*
     * Contains a list of user agent for browsers not compatible with client side rendering
     * For now : Kindle, Sony PRS-T1, Sony PRS-T2, All Cybook devices (maybe a little extreme).
     * This item is used as regular expression so "." will force server side rendering for all devices
     */
    $config['cops_server_side_render'] = 'Kindle\/1\.0|Kindle\/2\.0|Kindle\/3\.0|EBRD1101|EBRD1201|cybook';

    /*
     * Specify the ignored categories for the home screen and with search
     * Meaning that if you don't want to search in publishers or tags just add them from the list
     * Only accepted values :
     * - author
     * - book
     * - series
     * - tag
     * - publisher
     * - rating
     * - language
     */
    $config ['cops_ignored_categories'] = array();

    /*
     * If you use a Sony eReader or Aldiko you can't download ebooks if your catalog
     * is password protected. A simple workaround is to leave fetch.php not protected (see .htaccess).
     * But In that case your COPS installation is not completely safe.
     * Setting this parameter to "1" ensure that nobody can access fetch.php before accessing
     * index.php or feed.php first.
     * BEWARE : Do not touch this if you're not using password, not using PRS-TX or not using Aldiko.
     */
    $config ['cops_fetch_protect'] = '0';

    /*
     * WARNING NOT READY FOR PRODUCTION USE
     * Make the search better (don't care about diacritics, uppercase should work on Cyrillic) but slower.
     * 1 : Yes (enable)
     * 0 : No
     */
    $config ['cops_normalized_search'] = '0';

    /*
     * Enable PHP password protection (You can use if htpasswd is not possible for you)
     * If possible prefer htpasswd !
     * array( "username" => "xxx", "password" => "secret") : Enable PHP password protection
     * NULL : Disable PHP password protection (You can still use htpasswd)
     */
    $config['cops_basic_authentication'] = NULL;

    /*
     * Which template is used by default :
     * 'default'
     * 'bootstrap'
     */
    $config['cops_template'] = 'default';

    /*
     * Which style is used by default :
     * 'base'
     * 'default'
     * 'eink' (only available for the 'default' template)
     * 'iphone' (only available for the 'default' template)
     * 'iphone7' (only available for the 'default' template)
     */
    $config['cops_style'] = 'default';

    /*
     * Set language code to force a language (see lang/ directory for available languages).
     * When empty it will auto detect the language.
     */
    $config['cops_language'] = '';


1			<?php
2			/**
3			* COPS (Calibre OPDS PHP Server) class file
4			*
5			* @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
6			* @author Sébastien Lucas <[email protected]>
7			*/
8
9			if (!isset($config)) {
10			$config = array();
11			}
12
13			/*
14			* The directory containing calibre's metadata.db file, with sub-directories
15			* containing all the formats.
16			* BEWARE : it has to end with a /
17			* You can enable multiple database with this notation instead of a simple string :
18			* $config['calibre_directory'] = array ("My database name" => "/home/directory/calibre1/", "My other database name" => "/home/directory/calibre2/");
19			*/
20			$config['calibre_directory'] = './';
21
22			/*
23			* SPECIFIC TO NGINX
24			* The internal directory set in nginx config file
25			* Leave empty if you don't know what you're doing
26			*/
27			$config['calibre_internal_directory'] = '';
28
29			/*
30			* Full URL prefix (with trailing /)
31			* useful especially for Opensearch where a full URL is often required
32			* For example Mantano, Aldiko and Marvin require it.
33			*/
34			$config['cops_full_url'] = '';
35
36			/*
37			* Number of recent books to show
38			*/
39			$config['cops_recentbooks_limit'] = '50';
40
41			/*
42			* Catalog's author name
43			*/
44			$config['cops_author_name'] = 'Sébastien Lucas';
45
46			/*
47			* Catalog's author uri
48			*/
49			$config['cops_author_uri'] = 'http://blog.slucas.fr';
50
51			/*
52			* Catalog's author email
53			*/
54			$config['cops_author_email'] = '[email protected]';
55
56			/*
57			* Catalog's title
58			*/
59			$config['cops_title_default'] = 'COPS';
60
61			/*
62			* Catalog's subtitle
63			*/
64			$config['cops_subtitle_default'] = '';
65
66			/*
67			* Wich header to use when downloading books outside the web directory
68			* Possible values are :
69			* X-Accel-Redirect : For Nginx
70			* X-Sendfile : For Lightttpd or Apache (with mod_xsendfile)
71			* No value (default) : Let PHP handle the download
72			*/
73			$config['cops_x_accel_redirect'] = '';
74
75			/*
76			* Height of thumbnail image for OPDS
77			*/
78			$config['cops_opds_thumbnail_height'] = '164';
79
80			/*
81			* Height of thumbnail image for HTML
82			*/
83			$config['cops_html_thumbnail_height'] = '164';
84
85			/*
86			* Icon for both OPDS and HTML catalog
87			* Note that this has to be a real icon (.ico)
88			*/
89			$config['cops_icon'] = 'favicon.ico';
90
91			/*
92			* Show icon for authors, series, tags and books on OPDS feed
93			* 1 : enable
94			* 0 : disable
95			*/
96			$config['cops_show_icons'] = '1';
97
98			/*
99			* Default timezone
100			* Check following link for other timezones :
101			* http://www.php.net/manual/en/timezones.php
102			*/
103			$config['default_timezone'] = 'Europe/Paris';
104
105			/*
106			* Prefered format for HTML catalog
107			* The two first will be displayed in book entries
108			* The other only appear in book detail
109			*/
110			$config['cops_prefered_format'] = array('EPUB', 'PDF', 'AZW3', 'AZW', 'MOBI', 'CBR', 'CBZ');
111
112			/*
113			* use URL rewriting for downloading of ebook in HTML catalog
114			* See Github wiki for more information
115			* 1 : enable
116			* 0 : disable
117			*/
118			$config['cops_use_url_rewriting'] = '0';
119
120			/*
121			* generate a invalid OPDS stream to allow bad OPDS client to use search
122			* Example of non compliant OPDS client : Moon+ Reader
123			* Example of good OPDS client : Mantano, FBReader
124			* 1 : enable support for non compliant OPDS client
125			* 0 : always generate valid OPDS code
126			*/
127			$config['cops_generate_invalid_opds_stream'] = '0';
128
129			/*
130			* Max number of items per page
131			* -1 unlimited
132			*/
133			$config['cops_max_item_per_page'] = '-1';
134
135			/*
136			* split authors by first letter
137			* 1 : Yes
138			* 0 : No
139			*/
140			$config['cops_author_split_first_letter'] = '1';
141
142			/*
143			* split titles by first letter
144			* 1 : Yes
145			* 0 : No
146			*/
147			$config['cops_titles_split_first_letter'] = '1';
148
149			/*
150			* Enable the Lightboxes (for popups)
151			* 1 : Yes (enable)
152			* 0 : No
153			*/
154			$config['cops_use_fancyapps'] = '1';
155
156			/*
157			* Update Epub metadata before download
158			* 1 : Yes (enable)
159			* 0 : No
160			*/
161			$config['cops_update_epub-metadata'] = '0';
162
163			/*
			0 ignored issues – show Unused Code Comprehensibility introduced 2016-06-29 18:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this `36%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
164			* Filter on tags to book list
165			* Only works with the OPDS catalog
166			* Usage : array ("I only want to see books using the tag : Tag1" => "Tag1",
167			* "I only want to see books not using the tag : Tag1" => "!Tag1",
168			* "I want to see every books" => "",
169			*
170			* Example : array ("All" => "", "Unread" => "!Read", "Read" => "Read")
171			*/
172			$config['cops_books_filter'] = array();
173
174			/*
175			* Custom Columns for the index page
176			* to add as an array containing the lookup names configured in Calibre
177			*
178			* For example : array ("genre", "mycolumn");
179			*
180			* Note that the composite custom columns are not supported
181			*/
182			$config['cops_calibre_custom_column'] = array();
183
184			/*
185			* Custom Columns for the list representation
186			* to add as an array containing the lookup names configured in Calibre
187			*
188			* For example : array ("genre", "mycolumn");
189			*
190			* Note that the composite custom columns are not supported
191			*/
192			$config['cops_calibre_custom_column_list'] = array ();
193
194			/*
195			* Custom Columns for the book preview panel
196			* to add as an array containing the lookup names configured in Calibre
197			*
198			* For example : array ("genre", "mycolumn");
199			*
200			* Note that the composite custom columns are not supported
201			*/
202			$config['cops_calibre_custom_column_preview'] = array ();
203
204			/*
205			* Rename .epub to .kepub.epub if downloaded from a Kobo eReader
206			* The ebook will then be recognized a Kepub so with chaptered paging, statistics, ...
207			* You have to enable URL rewriting if you want to enable kepup.epub download
208			* 1 : Yes (enable)
209			* 0 : No
210			*/
211			$config['cops_provide_kepub'] = '0';
212
213			/*
214			* Enable and configure Send To Kindle (or Email) feature.
215			*
216			* Don't forget to authorize the sender email you configured in your Kindle's Approved Personal Document E-mail List.
217			*
218			* If you want to use a simple smtp server (provided by your ISP for example), you can configure it like that :
219			* $config['cops_mail_configuration'] = array( "smtp.host" => "smtp.free.fr",
220			* "smtp.username" => "",
221			* "smtp.password" => "",
222			* "smtp.secure" => "",
223			* "address.from" => "[email protected]",
224			* "subject" => "Sent by COPS : " // Not mandatory
225			* );
226			*
227			* For Gmail (ssl is mandatory) :
228			* $config['cops_mail_configuration'] = array( "smtp.host" => "smtp.gmail.com",
229			* "smtp.username" => "YOUR GMAIL ADRESS",
230			* "smtp.password" => "YOUR GMAIL PASSWORD",
231			* "smtp.secure" => "ssl",
232			* "address.from" => "[email protected]"
233			* );
234			*/
235			$config['cops_mail_configuration'] = NULL;
236
237			/*
238			* Use filter in HTML catalog
239			* 1 : Yes (enable)
240			* 0 : No
241			*/
242			$config['cops_html_tag_filter'] = '0';
243
244			/*
245			* Thumbnails are generated on-the-fly so it can be problematic on servers with slow CPU (Raspberry Pi, Dockstar, Piratebox, ...).
246			* This configuration item allow to customize how thumbnail will be generated
247			* "" : Generate thumbnail (CPU hungry)
248			* "1" : always send the full size image (Network hungry)
249			* any url : Send a constant image as the thumbnail (you can try "images/bookcover.png")
250			*/
251			$config['cops_thumbnail_handling'] = '';
252
253			/*
254			* Directory to keep resized thumbnails: allow to resize thumbnails only on first access, then use this cache.
255			* $config['cops_thumbnail_handling'] must be ""
256			* "" : don't cache thumbnail
257			* "/tmp/cache/" (example) : will generate thumbnails in /tmp/cache/
258			* BEWARE : it has to end with a /
259			*/
260			$config['cops_thumbnail_cache_directory'] = '';
261
262			/*
263			* Contains a list of user agent for browsers not compatible with client side rendering
264			* For now : Kindle, Sony PRS-T1, Sony PRS-T2, All Cybook devices (maybe a little extreme).
265			* This item is used as regular expression so "." will force server side rendering for all devices
266			*/
267			$config['cops_server_side_render'] = 'Kindle\/1\.0\|Kindle\/2\.0\|Kindle\/3\.0\|EBRD1101\|EBRD1201\|cybook';
268
269			/*
270			* Specify the ignored categories for the home screen and with search
271			* Meaning that if you don't want to search in publishers or tags just add them from the list
272			* Only accepted values :
273			* - author
274			* - book
275			* - series
276			* - tag
277			* - publisher
278			* - rating
279			* - language
280			*/
281			$config ['cops_ignored_categories'] = array();
282
283			/*
284			* If you use a Sony eReader or Aldiko you can't download ebooks if your catalog
285			* is password protected. A simple workaround is to leave fetch.php not protected (see .htaccess).
286			* But In that case your COPS installation is not completely safe.
287			* Setting this parameter to "1" ensure that nobody can access fetch.php before accessing
288			* index.php or feed.php first.
289			* BEWARE : Do not touch this if you're not using password, not using PRS-TX or not using Aldiko.
290			*/
291			$config ['cops_fetch_protect'] = '0';
292
293			/*
294			* WARNING NOT READY FOR PRODUCTION USE
295			* Make the search better (don't care about diacritics, uppercase should work on Cyrillic) but slower.
296			* 1 : Yes (enable)
297			* 0 : No
298			*/
299			$config ['cops_normalized_search'] = '0';
300
301			/*
302			* Enable PHP password protection (You can use if htpasswd is not possible for you)
303			* If possible prefer htpasswd !
304			* array( "username" => "xxx", "password" => "secret") : Enable PHP password protection
305			* NULL : Disable PHP password protection (You can still use htpasswd)
306			*/
307			$config['cops_basic_authentication'] = NULL;
308
309			/*
310			* Which template is used by default :
311			* 'default'
312			* 'bootstrap'
313			*/
314			$config['cops_template'] = 'default';
315
316			/*
317			* Which style is used by default :
318			* 'base'
319			* 'default'
320			* 'eink' (only available for the 'default' template)
321			* 'iphone' (only available for the 'default' template)
322			* 'iphone7' (only available for the 'default' template)
323			*/
324			$config['cops_style'] = 'default';
325
326			/*
327			* Set language code to force a language (see lang/ directory for available languages).
328			* When empty it will auto detect the language.
329			*/
330			$config['cops_language'] = '';
331

mbirth / cops

Issues (982)

Security Analysis not enabled

config_default.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like