This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
0 ignored issues
–
show
|
|||
2 | defined('PH7') or exit('Restricted access'); |
||
3 | if (!\PH7\Admin::auth()) exit('Restricted access'); // Accessible only for admins |
||
4 | |||
5 | /** |
||
6 | * Default elFinder connector |
||
7 | * |
||
8 | * @author Dmitry (dio) Levashov |
||
9 | **/ |
||
10 | class elFinderConnector { |
||
11 | /** |
||
12 | * elFinder instance |
||
13 | * |
||
14 | * @var elFinder |
||
15 | **/ |
||
16 | protected $elFinder; |
||
17 | |||
18 | /** |
||
19 | * Options |
||
20 | * |
||
21 | * @var aray |
||
22 | **/ |
||
23 | protected $options = array(); |
||
24 | |||
25 | /** |
||
26 | * undocumented class variable |
||
27 | * |
||
28 | * @var string |
||
29 | **/ |
||
30 | protected $header = 'Content-Type: application/json'; |
||
31 | |||
32 | /** |
||
33 | * HTTP request method |
||
34 | * |
||
35 | * @var string |
||
36 | */ |
||
37 | protected $reqMethod = ''; |
||
38 | |||
39 | /** |
||
40 | * Constructor |
||
41 | * |
||
42 | * @param $elFinder |
||
43 | * @param bool $debug |
||
44 | * @author Dmitry (dio) Levashov |
||
45 | */ |
||
46 | public function __construct($elFinder, $debug=false) { |
||
0 ignored issues
–
show
__construct uses the super-global variable $_SERVER which is generally not recommended.
Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad
class Router
{
public function generate($path)
{
return $_SERVER['HOST'].$path;
}
}
// Better
class Router
{
private $host;
public function __construct($host)
{
$this->host = $host;
}
public function generate($path)
{
return $this->host.$path;
}
}
class Controller
{
public function myAction(Request $request)
{
// Instead of
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
// Better (assuming you use the Symfony2 request)
$page = $request->query->get('page', 1);
}
}
Loading history...
|
|||
47 | |||
48 | $this->elFinder = $elFinder; |
||
49 | $this->reqMethod = strtoupper($_SERVER["REQUEST_METHOD"]); |
||
50 | if ($debug) { |
||
51 | $this->header = 'Content-Type: text/html; charset=utf-8'; |
||
52 | } |
||
53 | } |
||
54 | |||
55 | /** |
||
56 | * Execute elFinder command and output result |
||
57 | * |
||
58 | * @return void |
||
59 | * @author Dmitry (dio) Levashov |
||
60 | **/ |
||
61 | public function run() { |
||
0 ignored issues
–
show
run uses the super-global variable $_POST which is generally not recommended.
Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad
class Router
{
public function generate($path)
{
return $_SERVER['HOST'].$path;
}
}
// Better
class Router
{
private $host;
public function __construct($host)
{
$this->host = $host;
}
public function generate($path)
{
return $this->host.$path;
}
}
class Controller
{
public function myAction(Request $request)
{
// Instead of
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
// Better (assuming you use the Symfony2 request)
$page = $request->query->get('page', 1);
}
}
Loading history...
run uses the super-global variable $_GET which is generally not recommended.
Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad
class Router
{
public function generate($path)
{
return $_SERVER['HOST'].$path;
}
}
// Better
class Router
{
private $host;
public function __construct($host)
{
$this->host = $host;
}
public function generate($path)
{
return $this->host.$path;
}
}
class Controller
{
public function myAction(Request $request)
{
// Instead of
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
// Better (assuming you use the Symfony2 request)
$page = $request->query->get('page', 1);
}
}
Loading history...
run uses the super-global variable $_REQUEST which is generally not recommended.
Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad
class Router
{
public function generate($path)
{
return $_SERVER['HOST'].$path;
}
}
// Better
class Router
{
private $host;
public function __construct($host)
{
$this->host = $host;
}
public function generate($path)
{
return $this->host.$path;
}
}
class Controller
{
public function myAction(Request $request)
{
// Instead of
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
// Better (assuming you use the Symfony2 request)
$page = $request->query->get('page', 1);
}
}
Loading history...
run uses the super-global variable $_FILES which is generally not recommended.
Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad
class Router
{
public function generate($path)
{
return $_SERVER['HOST'].$path;
}
}
// Better
class Router
{
private $host;
public function __construct($host)
{
$this->host = $host;
}
public function generate($path)
{
return $this->host.$path;
}
}
class Controller
{
public function myAction(Request $request)
{
// Instead of
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
// Better (assuming you use the Symfony2 request)
$page = $request->query->get('page', 1);
}
}
Loading history...
|
|||
62 | $isPost = $this->reqMethod === 'POST'; |
||
63 | $src = $isPost ? $_POST : $_GET; |
||
64 | if ($isPost && !$src && $rawPostData = @file_get_contents('php://input')) { |
||
65 | // for support IE XDomainRequest() |
||
66 | $parts = explode('&', $rawPostData); |
||
67 | foreach($parts as $part) { |
||
68 | list($key, $value) = array_pad(explode('=', $part), 2, ''); |
||
69 | $key = rawurldecode($key); |
||
70 | if (substr($key, -2) === '[]') { |
||
71 | $key = substr($key, 0, strlen($key) - 2); |
||
72 | if (!isset($src[$key])) { |
||
73 | $src[$key] = array(); |
||
74 | } |
||
75 | $src[$key][] = rawurldecode($value); |
||
76 | } else { |
||
77 | $src[$key] = rawurldecode($value); |
||
78 | } |
||
79 | } |
||
80 | $_POST = $this->input_filter($src); |
||
81 | $_REQUEST = $this->input_filter(array_merge_recursive($src, $_REQUEST)); |
||
82 | } |
||
83 | $cmd = isset($src['cmd']) ? $src['cmd'] : ''; |
||
84 | $args = array(); |
||
85 | |||
86 | if (!function_exists('json_encode')) { |
||
87 | $error = $this->elFinder->error(elFinder::ERROR_CONF, elFinder::ERROR_CONF_NO_JSON); |
||
88 | $this->output(array('error' => '{"error":["'.implode('","', $error).'"]}', 'raw' => true)); |
||
89 | } |
||
90 | |||
91 | if (!$this->elFinder->loaded()) { |
||
92 | $this->output(array('error' => $this->elFinder->error(elFinder::ERROR_CONF, elFinder::ERROR_CONF_NO_VOL), 'debug' => $this->elFinder->mountErrors)); |
||
93 | } |
||
94 | |||
95 | // telepat_mode: on |
||
96 | if (!$cmd && $isPost) { |
||
97 | $this->output(array('error' => $this->elFinder->error(elFinder::ERROR_UPLOAD, elFinder::ERROR_UPLOAD_TOTAL_SIZE), 'header' => 'Content-Type: text/html')); |
||
98 | } |
||
99 | // telepat_mode: off |
||
100 | |||
101 | if (!$this->elFinder->commandExists($cmd)) { |
||
102 | $this->output(array('error' => $this->elFinder->error(elFinder::ERROR_UNKNOWN_CMD))); |
||
103 | } |
||
104 | |||
105 | // collect required arguments to exec command |
||
106 | $hasFiles = false; |
||
107 | foreach ($this->elFinder->commandArgsList($cmd) as $name => $req) { |
||
108 | if ($name === 'FILES') { |
||
109 | if (isset($_FILES)) { |
||
110 | $hasFiles = true; |
||
111 | } elseif ($req) { |
||
112 | $this->output(array('error' => $this->elFinder->error(elFinder::ERROR_INV_PARAMS, $cmd))); |
||
113 | } |
||
114 | } else { |
||
115 | $arg = isset($src[$name])? $src[$name] : ''; |
||
116 | |||
117 | if (!is_array($arg) && $req !== '') { |
||
118 | $arg = trim($arg); |
||
119 | } |
||
120 | if ($req && $arg === '') { |
||
121 | $this->output(array('error' => $this->elFinder->error(elFinder::ERROR_INV_PARAMS, $cmd))); |
||
122 | } |
||
123 | $args[$name] = $arg; |
||
124 | } |
||
125 | } |
||
126 | |||
127 | $args['debug'] = isset($src['debug']) ? !!$src['debug'] : false; |
||
128 | |||
129 | $args = $this->input_filter($args); |
||
130 | if ($hasFiles) { |
||
131 | $args['FILES'] = $_FILES; |
||
132 | } |
||
133 | |||
134 | $this->output($this->elFinder->exec($cmd, $args)); |
||
135 | } |
||
136 | |||
137 | /** |
||
138 | * Output json |
||
139 | * |
||
140 | * @param array data to output |
||
141 | * @return void |
||
142 | * @author Dmitry (dio) Levashov |
||
143 | **/ |
||
144 | protected function output(array $data) { |
||
0 ignored issues
–
show
output uses the super-global variable $_SERVER which is generally not recommended.
Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad
class Router
{
public function generate($path)
{
return $_SERVER['HOST'].$path;
}
}
// Better
class Router
{
private $host;
public function __construct($host)
{
$this->host = $host;
}
public function generate($path)
{
return $this->host.$path;
}
}
class Controller
{
public function myAction(Request $request)
{
// Instead of
$page = isset($_GET['page']) ? intval($_GET['page']) : 1;
// Better (assuming you use the Symfony2 request)
$page = $request->query->get('page', 1);
}
}
Loading history...
|
|||
145 | // clear output buffer |
||
146 | while(ob_get_level() && ob_end_clean()){} |
||
0 ignored issues
–
show
|
|||
147 | |||
148 | $header = isset($data['header']) ? $data['header'] : $this->header; |
||
149 | unset($data['header']); |
||
150 | if ($header) { |
||
151 | if (is_array($header)) { |
||
152 | foreach ($header as $h) { |
||
153 | header($h); |
||
154 | } |
||
155 | } else { |
||
156 | header($header); |
||
157 | } |
||
158 | } |
||
159 | |||
160 | if (isset($data['pointer'])) { |
||
161 | $toEnd = true; |
||
162 | $fp = $data['pointer']; |
||
163 | if (($this->reqMethod === 'GET' || $this->reqMethod === 'HEAD') |
||
164 | && elFinder::isSeekableStream($fp) |
||
165 | && (array_search('Accept-Ranges: none', headers_list()) === false)) { |
||
166 | header('Accept-Ranges: bytes'); |
||
167 | $psize = null; |
||
168 | if (!empty($_SERVER['HTTP_RANGE'])) { |
||
169 | $size = $data['info']['size']; |
||
170 | $start = 0; |
||
0 ignored issues
–
show
$start is not used, you could remove the assignment.
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value';
$higher = false;
if (rand(1, 6) > 3) {
$higher = true;
} else {
$higher = false;
}
Both the
Loading history...
|
|||
171 | $end = $size - 1; |
||
172 | if (preg_match('/bytes=(\d*)-(\d*)(,?)/i', $_SERVER['HTTP_RANGE'], $matches)) { |
||
173 | if (empty($matches[3])) { |
||
174 | if (empty($matches[1]) && $matches[1] !== '0') { |
||
175 | $start = $size - $matches[2]; |
||
176 | } else { |
||
177 | $start = intval($matches[1]); |
||
178 | if (!empty($matches[2])) { |
||
179 | $end = intval($matches[2]); |
||
180 | if ($end >= $size) { |
||
181 | $end = $size - 1; |
||
182 | } |
||
183 | $toEnd = ($end == ($size - 1)); |
||
184 | } |
||
185 | } |
||
186 | $psize = $end - $start + 1; |
||
187 | |||
188 | header('HTTP/1.1 206 Partial Content'); |
||
189 | header('Content-Length: ' . $psize); |
||
190 | header('Content-Range: bytes ' . $start . '-' . $end . '/' . $size); |
||
191 | |||
192 | fseek($fp, $start); |
||
193 | } |
||
194 | } |
||
195 | } |
||
196 | if (is_null($psize)){ |
||
197 | elFinder::rewind($fp); |
||
198 | } |
||
199 | } else { |
||
200 | header('Accept-Ranges: none'); |
||
201 | if (isset($data['info']) && ! $data['info']['size']) { |
||
202 | if (function_exists('header_remove')) { |
||
203 | header_remove('Content-Length'); |
||
204 | } else { |
||
205 | header('Content-Length:'); |
||
206 | } |
||
207 | } |
||
208 | } |
||
209 | |||
210 | // unlock session data for multiple access |
||
211 | $this->elFinder->getSession()->close(); |
||
212 | // client disconnect should abort |
||
213 | ignore_user_abort(false); |
||
214 | |||
215 | if ($reqMethod !== 'HEAD') { |
||
0 ignored issues
–
show
|
|||
216 | if ($toEnd) { |
||
217 | fpassthru($fp); |
||
218 | } else { |
||
219 | $out = fopen('php://output', 'wb'); |
||
220 | stream_copy_to_stream($fp, $out, $psize); |
||
0 ignored issues
–
show
The variable
$psize does not seem to be defined for all execution paths leading up to this point.
If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) {
switch ($a) {
case 'foo':
$x = 1;
break;
case 'bar':
$x = 2;
break;
}
// $x is potentially undefined here.
echo $x;
}
In the above example, the variable $x is defined if you pass “foo” or “bar” as argument for $a. However, since the switch statement has no default case statement, if you pass any other value, the variable $x would be undefined. Available Fixes
Loading history...
|
|||
221 | fclose($out); |
||
222 | } |
||
223 | } |
||
224 | |||
225 | if (!empty($data['volume'])) { |
||
226 | $data['volume']->close($data['pointer'], $data['info']['hash']); |
||
227 | } |
||
228 | exit(); |
||
0 ignored issues
–
show
The method
output() contains an exit expression.
An exit expression should only be used in rare cases. For example, if you write a short command line script. In most cases however, using an
Loading history...
|
|||
229 | } else { |
||
230 | if (!empty($data['raw']) && !empty($data['error'])) { |
||
231 | echo $data['error']; |
||
232 | } else { |
||
233 | if (isset($data['debug']) && isset($data['debug']['phpErrors'])) { |
||
234 | $data['debug']['phpErrors'] = array_merge($data['debug']['phpErrors'], elFinder::$phpErrors); |
||
235 | } |
||
236 | echo json_encode($data); |
||
237 | } |
||
238 | flush(); |
||
239 | exit(0); |
||
0 ignored issues
–
show
The method
output() contains an exit expression.
An exit expression should only be used in rare cases. For example, if you write a short command line script. In most cases however, using an
Loading history...
|
|||
240 | } |
||
241 | |||
242 | } |
||
243 | |||
244 | /** |
||
245 | * Remove null & stripslashes applies on "magic_quotes_gpc" |
||
246 | * |
||
247 | * @param mixed $args |
||
248 | * @return mixed |
||
249 | * @author Naoki Sawada |
||
250 | */ |
||
251 | protected function input_filter($args) { |
||
252 | static $magic_quotes_gpc = NULL; |
||
253 | |||
254 | if ($magic_quotes_gpc === NULL) |
||
255 | $magic_quotes_gpc = (version_compare(PHP_VERSION, '5.4', '<') && get_magic_quotes_gpc()); |
||
256 | |||
257 | if (is_array($args)) { |
||
258 | return array_map(array(& $this, 'input_filter'), $args); |
||
259 | } |
||
260 | $res = str_replace("\0", '', $args); |
||
261 | $magic_quotes_gpc && ($res = stripslashes($res)); |
||
262 | return $res; |
||
263 | } |
||
264 | }// END class |
||
265 |
The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file.
The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place.
To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1.