Issues in Page.php (master) - Issues in master - oscarotero/social-links - Measure and Improve Code Quality continuously with Scrutinizer

Issues (21)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Page.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace SocialLinks;

/**
 * @method html()
 * @method openGraph()
 * @method schema()
 * @method twitterCard()
 */
class Page
{
    protected $config = array();
    protected $providers = array();
    protected $metas = array();
    protected $info = array(
        'url' => null,
        'title' => null,
        'text' => null,
        'image' => null,
        'icon' => null,
        'twitterUser' => null,
    );

    /**
     * Constructor.
     *
     * @param array $info   The page info. Only url, title, text, image, icon and twitterUser fields are available
     * @param array $config Configuration options
     */
    public function __construct(array $info, array $config = array())
    {
        if (array_diff_key($info, $this->info)) {
            throw new \Exception('Only the following fields are available:'.implode(',', array_keys($this->info)));
        }

        $this->info = array_map('static::normalize', $info + $this->info);

        $this->config = $config;
    }

    /**
     * Normalize value before save it:
     * - remove html tags
     * - remove line-ending and multiple spaces
     * - remove spaces around
     * - decode escaped html entities.
     *
     * @param string
     *
     * @return string
     */
    protected static function normalize($value)
    {
        return trim(strip_tags(htmlspecialchars_decode(preg_replace('/\s+/', ' ', $value))));
    }

    /**
     * Magic method to check if a provider exists.
     *
     * @param string $key
     *
     * @return bool
     */
    public function __isset($key)
    {
        $key = strtolower($key);

        if (isset($this->providers[$key])) {
            return true;
        }

        $class = 'SocialLinks\\Providers\\'.ucfirst($key);

        return class_exists($class);
    }

    /**
     * Magic method to instantiate and return providers in lazy mode.
     *
     * @param string $key The provider name
     *
     * @throws \Exception if the provider does not exists
     *
     * @return Providers\ProviderInterface
     */
    public function __get($key)

    {
        $key = strtolower($key);

        if (isset($this->providers[$key])) {
            return $this->providers[$key];
        }

        $class = 'SocialLinks\\Providers\\'.ucfirst($key);

        if (class_exists($class)) {
            return $this->providers[$key] = new $class($this);
        }

        throw new \Exception("The provider $key does not exists");
    }

    /**
     * Magic method to instantiate and return metas in lazy mode.
     *
     * @param string $key       The meta collection name
     * @param array  $arguments The arguments passed to the method
     *
     * @throws \Exception if the meta does not exists
     *
     * @return Metas\MetaInterface
     */
    public function __call($key, $arguments)

    {
        $key = strtolower($key);

        if (isset($this->metas[$key])) {
            return $this->metas[$key];
        }

        $class = 'SocialLinks\\Metas\\'.ucfirst($key);

        if (class_exists($class)) {
            return $this->metas[$key] = new $class($this);
        }

        throw new \Exception("The meta $key does not exists");
    }

    /**
     * Preload the counter.
     *
     * @param array $providers
     */
    public function shareCount(array $providers)
    {
        if (count($providers) < 2) {
            return;
        }

        $connections = array();
        $curl = curl_multi_init();

        foreach ($providers as $provider) {
            $request = $this->$provider->shareCountRequest();

            if ($request !== null) {
                $connections[$provider] = $request;
                curl_multi_add_handle($curl, $request);
            } else {
                $this->$provider->shareCount = null;
            }
        }

        do {
            $return = curl_multi_exec($curl, $active);
        } while ($return === CURLM_CALL_MULTI_PERFORM);

        while ($active && $return === CURLM_OK) {
            if (curl_multi_select($curl) === -1) {
                usleep(100);
            }

            do {
                $return = curl_multi_exec($curl, $active);
            } while ($return === CURLM_CALL_MULTI_PERFORM);
        }

        foreach ($connections as $provider => $request) {
            $this->$provider->shareCount = $this->$provider->shareCount(curl_multi_getcontent($request));

            curl_multi_remove_handle($curl, $request);
        }

        curl_multi_close($curl);
    }

    /**
     * Gets the page url.
     *
     * @return string|null
     */
    public function getUrl()
    {
        return $this->info['url'];
    }

    /**
     * Gets the page title.
     *
     * @return string|null
     */
    public function getTitle()
    {
        return $this->info['title'];
    }

    /**
     * Gets the page text description.
     *
     * @return string|null
     */
    public function getText()
    {
        return $this->info['text'];
    }

    /**
     * Gets the page image.
     *
     * @return string|null
     */
    public function getImage()
    {
        return $this->info['image'];
    }

    /**
     * Gets the page icon.
     *
     * @return array|null
     */
    public function getIcon()
    {
        return $this->info['icon'];
    }

    /**
     * Gets the page twitterUser.
     *
     * @return string|null
     */
    public function getTwitterUser()
    {
        return $this->info['twitterUser'];
    }

    /**
     * Gets some page info.
     *
     * @param array|null Array with the page fields to return as $name => $rename. Set null to return all info
     *
     * @return array
     */
    public function get(array $info = null)
    {
        if ($info === null) {
            return $this->info;
        }

        $data = array();

        foreach ($info as $name => $rename) {
            if (is_int($name)) {
                $name = $rename;
            }

            if (!isset($this->info[$name])) {
                continue;
            }

            $data[$rename] = $this->info[$name];
        }

        return $data;
    }

    /**
     * Gets one or all configuration option.
     *
     * @param string $name
     * @param null   $default
     *
     * @return mixed
     */
    public function getConfig($name, $default = null)
    {
        return isset($this->config[$name]) ? $this->config[$name] : $default;
    }
}


1		<?php
2
3		namespace SocialLinks;
4
5		/**
6		* @method html()
7		* @method openGraph()
8		* @method schema()
9		* @method twitterCard()
10		*/
11		class Page
12		{
13		protected $config = array();
14		protected $providers = array();
15		protected $metas = array();
16		protected $info = array(
17		'url' => null,
18		'title' => null,
19		'text' => null,
20		'image' => null,
21		'icon' => null,
22		'twitterUser' => null,
23		);
24
25		/**
26		* Constructor.
27		*
28		* @param array $info The page info. Only url, title, text, image, icon and twitterUser fields are available
29		* @param array $config Configuration options
30		*/
31		public function __construct(array $info, array $config = array())
32		{
33		if (array_diff_key($info, $this->info)) {
34		throw new \Exception('Only the following fields are available:'.implode(',', array_keys($this->info)));
35		}
36
37		$this->info = array_map('static::normalize', $info + $this->info);
38
39		$this->config = $config;
40		}
41
42		/**
43		* Normalize value before save it:
44		* - remove html tags
45		* - remove line-ending and multiple spaces
46		* - remove spaces around
47		* - decode escaped html entities.
48		*
49		* @param string
50		*
51		* @return string
52		*/
53		protected static function normalize($value)
54		{
55		return trim(strip_tags(htmlspecialchars_decode(preg_replace('/\s+/', ' ', $value))));
56		}
57
58		/**
59		* Magic method to check if a provider exists.
60		*
61		* @param string $key
62		*
63		* @return bool
64		*/
65		public function __isset($key)
66		{
67		$key = strtolower($key);
68
69		if (isset($this->providers[$key])) {
70		return true;
71		}
72
73		$class = 'SocialLinks\\Providers\\'.ucfirst($key);
74
75		return class_exists($class);
76		}
77
78		/**
79		* Magic method to instantiate and return providers in lazy mode.
80		*
81		* @param string $key The provider name
82		*
83		* @throws \Exception if the provider does not exists
84		*
85		* @return Providers\ProviderInterface
86		*/
87	View Code Duplication	public function __get($key)
		0 ignored issues – show Duplication introduced 2017-09-04 20:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
88		{
89		$key = strtolower($key);
90
91		if (isset($this->providers[$key])) {
92		return $this->providers[$key];
93		}
94
95		$class = 'SocialLinks\\Providers\\'.ucfirst($key);
96
97		if (class_exists($class)) {
98		return $this->providers[$key] = new $class($this);
99		}
100
101		throw new \Exception("The provider $key does not exists");
102		}
103
104		/**
105		* Magic method to instantiate and return metas in lazy mode.
106		*
107		* @param string $key The meta collection name
108		* @param array $arguments The arguments passed to the method
109		*
110		* @throws \Exception if the meta does not exists
111		*
112		* @return Metas\MetaInterface
113		*/
114	View Code Duplication	public function __call($key, $arguments)
		0 ignored issues – show Duplication introduced 2017-09-04 20:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
115		{
116		$key = strtolower($key);
117
118		if (isset($this->metas[$key])) {
119		return $this->metas[$key];
120		}
121
122		$class = 'SocialLinks\\Metas\\'.ucfirst($key);
123
124		if (class_exists($class)) {
125		return $this->metas[$key] = new $class($this);
126		}
127
128		throw new \Exception("The meta $key does not exists");
129		}
130
131		/**
132		* Preload the counter.
133		*
134		* @param array $providers
135		*/
136		public function shareCount(array $providers)
137		{
138		if (count($providers) < 2) {
139		return;
140		}
141
142		$connections = array();
143		$curl = curl_multi_init();
144
145		foreach ($providers as $provider) {
146		$request = $this->$provider->shareCountRequest();
147
148		if ($request !== null) {
149		$connections[$provider] = $request;
150		curl_multi_add_handle($curl, $request);
151		} else {
152		$this->$provider->shareCount = null;
153		}
154		}
155
156		do {
157		$return = curl_multi_exec($curl, $active);
158		} while ($return === CURLM_CALL_MULTI_PERFORM);
159
160		while ($active && $return === CURLM_OK) {
161		if (curl_multi_select($curl) === -1) {
162		usleep(100);
163		}
164
165		do {
166		$return = curl_multi_exec($curl, $active);
167		} while ($return === CURLM_CALL_MULTI_PERFORM);
168		}
169
170		foreach ($connections as $provider => $request) {
171		$this->$provider->shareCount = $this->$provider->shareCount(curl_multi_getcontent($request));
172
173		curl_multi_remove_handle($curl, $request);
174		}
175
176		curl_multi_close($curl);
177		}
178
179		/**
180		* Gets the page url.
181		*
182		* @return string\|null
183		*/
184		public function getUrl()
185		{
186		return $this->info['url'];
187		}
188
189		/**
190		* Gets the page title.
191		*
192		* @return string\|null
193		*/
194		public function getTitle()
195		{
196		return $this->info['title'];
197		}
198
199		/**
200		* Gets the page text description.
201		*
202		* @return string\|null
203		*/
204		public function getText()
205		{
206		return $this->info['text'];
207		}
208
209		/**
210		* Gets the page image.
211		*
212		* @return string\|null
213		*/
214		public function getImage()
215		{
216		return $this->info['image'];
217		}
218
219		/**
220		* Gets the page icon.
221		*
222		* @return array\|null
223		*/
224		public function getIcon()
225		{
226		return $this->info['icon'];
227		}
228
229		/**
230		* Gets the page twitterUser.
231		*
232		* @return string\|null
233		*/
234		public function getTwitterUser()
235		{
236		return $this->info['twitterUser'];
237		}
238
239		/**
240		* Gets some page info.
241		*
242		* @param array\|null Array with the page fields to return as $name => $rename. Set null to return all info
243		*
244		* @return array
245		*/
246		public function get(array $info = null)
247		{
248		if ($info === null) {
249		return $this->info;
250		}
251
252		$data = array();
253
254		foreach ($info as $name => $rename) {
255		if (is_int($name)) {
256		$name = $rename;
257		}
258
259		if (!isset($this->info[$name])) {
260		continue;
261		}
262
263		$data[$rename] = $this->info[$name];
264		}
265
266		return $data;
267		}
268
269		/**
270		* Gets one or all configuration option.
271		*
272		* @param string $name
273		* @param null $default
274		*
275		* @return mixed
276		*/
277		public function getConfig($name, $default = null)
278		{
279		return isset($this->config[$name]) ? $this->config[$name] : $default;
280		}
281		}
282

oscarotero / social-links

Issues (21)

Security Analysis not enabled

src/Page.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like