Issues in Presenty.php (master) - Issues in master - padosoft/presenty - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Presenty.php (2 issues)

Labels

Severity

Minor 2

lorenzo 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Padosoft\Presenty;

use InvalidArgumentException;

/**
 * Class Presenty
 * @package Padosoft\Presenty
 */
class Presenty
{
    /**
     * An instance's string.
     *
     * @var string
     */
    protected $str;

    /**
     * The string's encoding, which should be one of the mbstring module's
     * supported encodings.
     *
     * @var string
     */
    protected $encoding;

    /**
     * Initializes a Stringy object and assigns both str and encoding properties
     * the supplied values. $str is cast to a string prior to assignment, and if
     * $encoding is not specified, it defaults to mb_internal_encoding(). Throws
     * an InvalidArgumentException if the first argument is an array or object
     * without a __toString method.
     *
     * @param  mixed  $str      Value to modify, after being cast to string
     * @param  string $encoding The character encoding
     * @throws \InvalidArgumentException if an array or object without a
     *         __toString method is passed as the first argument
     */
    public function __construct($str = '', $encoding = null)
    {
        $this->validateArgument($str);

        $this->str = (string) $str;

        $this->encoding = $encoding ?: \mb_internal_encoding();
    }

    /**
     * @param $str
     *
     * @throws \InvalidArgumentException if an array or object without a
     *         __toString method is passed as the first argument
     */
    public function validateArgument($str): void
    {
        if (\is_array($str)) {
            throw new InvalidArgumentException(
                'Passed value cannot be an array'
            );
        }

        if (\is_object($str) && !method_exists($str, '__toString')) {
            throw new InvalidArgumentException(
                'Passed object must have a __toString method'
            );
        }
    }

    /**
     * Creates a Stringy object and assigns both str and encoding properties
     * the supplied values. $str is cast to a string prior to assignment, and if
     * $encoding is not specified, it defaults to mb_internal_encoding(). It
     * then returns the initialized object. Throws an InvalidArgumentException
     * if the first argument is an array or object without a __toString method.
     *
     * @param  mixed  $str Value to modify, after being cast to string
     * @param  string $encoding The character encoding
     * @return static A Stringy object
     * @throws \InvalidArgumentException if an array or object without a __toString method is passed as the first argument
     */
    public static function create($str = '', $encoding = null)
    {
        return new self($str, $encoding);
    }

    /**
     * Returns the value in $str.
     *
     * @return string The current value of the $str property
     */
    public function __toString()
    {
        return $this->str;
    }

    /**
     * Format money
     *
     * @param int $decimal
     * @param $currency
     * @return Presenty
     */
    public function money(int $decimal = 2, $currency = '&euro;') : self
	{
	    if(isNullOrEmpty($this->str)) {
            $this->str = 0;
$answer = 42;

$correct = false;

$correct = (bool) $answer;
        }

		$this->number($decimal);

		if(!$this->str) {
			return $this;
        }

        $this->str = $currency.' '.$this->str;

        return $this;
    }

    /**
     * Format number
     *
     * @param int $decimal
     * @param $dec_point
     * @param $thousands_sep
     * @return Presenty
     */
    public function number(int $decimal = 0, $dec_point=',', $thousands_sep='.') : self
	{
        if(isNullOrEmpty($this->str)) {
            $this->str = 0;
$answer = 42;

$correct = false;

$correct = (bool) $answer;
        }

		if($decimal < 0) {
			$decimal = 0;
        }

        $this->str = number_format($this->str, $decimal, $dec_point, $thousands_sep);

        return $this;
    }

    /**
     * Format boolean representation of string to translated yes/no string
     *
     * @param string $keyYes trans for yes
     * @param string $keyNo trans for no
     * @return Presenty
     */
    public function boolean($keyYes = 'si', $keyNo = 'no') : self
	{
        if(isNullOrEmpty($this->str)) {
            return $this;
        }

		if ($this->str == 1){
            $this->str = $keyYes;
            return $this;
        }

        if($this->isBooleanYes()){
            $this->str = $keyYes;
            return $this;
        }

		$this->str = $keyNo;
        return $this;
    }

    /**
     * @return bool
     */
    public function isBooleanYes(): bool
    {
        $tmp = strtolower($this->str);
        return ($tmp === 'yes' || $tmp === 'si' || $tmp === 'y' || $tmp === 's');
    }

    /**
     * Format url
     *
     * @param integer $len
     * @return Presenty
     */
    public function url(int $len = 50) : self
    {
        if(isNullOrEmpty($this->str)) {
			return $this;
		}
		$this->str = str_limit($this->str, $len);
		return $this;
    }

    /**
     * Format text
     *
     * @param integer $len
     * @return Presenty
     */
    public function description(int $len = 50) : self
	{
        if(isNullOrEmpty($this->str)) {
			return $this;
		}
		$this->str = str_limit($this->str, $len);
		return $this;
    }

    /**
     * Format html anchor
     *
     * @param array $arrAnchorAttributes
     * @return Presenty
     */
    public function anchor(array $arrAnchorAttributes = []) : self
	{
        if(isNullOrEmpty($this->str)) {
            return $this;
        }

        $attrib='';
		foreach($arrAnchorAttributes as $key => $val){
			$attrib.=attre($key).'="'.attre($val).'" ';
		}
        $attrib.=' ';

		$this->str = '<a '.$attrib.'href="'.$this->str.'">'.$this->str.'</a>';

        return $this;
    }

    /**
     * Format mailto
     * @param array $arrAnchorAttributes
     * @param string $label
     * @return Presenty
     */
    public function mailto(?array $arrAnchorAttributes = [], string $label = '') : self
	{
		if(!\is_array($arrAnchorAttributes)){
			$arrAnchorAttributes = [];
		}
		$attrib='';
		foreach($arrAnchorAttributes as $key => $value){
			$attrib.=attre($key).'="'.attre($value).'" ';
        }
        if(isNullOrEmpty($label)) {
            $label = $this->str;
        }
		$this->str = '<a '.$attrib.' href="mailto:'.attre($this->str).'">'.$label.'</a>';

        return $this;
    }

    /**
     * @param string $classPositiveNumber
     * @param string $classNegativeNumber
     * @return Presenty
     */
    public function bkgPositiveOrNegative(string $classPositiveNumber = 'label label-success', string $classNegativeNumber = 'label label-danger') : self
    {
        if(isNullOrEmpty($this->str)) {
            return $this;
        }

        $class = $classNegativeNumber;
        if($this->str >= 0 && isDouble($this->str, '', true)){
            $class = $classPositiveNumber;
        }

        $this->str = '<span class="'.$class.'">'. $this->str.'</span>';

        return $this;
    }

    /**
     * Format date ita
     *
     * @return Presenty
     */
    public function dateIta() : self
	{
        $tmp = new \DateTime($this->str);
        $this->str = $tmp->format('d/m/Y');
        return $this;
    }
}


1			<?php
2			namespace Padosoft\Presenty;
3
4			use InvalidArgumentException;
5
6			/**
7			* Class Presenty
8			* @package Padosoft\Presenty
9			*/
10			class Presenty
11			{
12			/**
13			* An instance's string.
14			*
15			* @var string
16			*/
17			protected $str;
18
19			/**
20			* The string's encoding, which should be one of the mbstring module's
21			* supported encodings.
22			*
23			* @var string
24			*/
25			protected $encoding;
26
27			/**
28			* Initializes a Stringy object and assigns both str and encoding properties
29			* the supplied values. $str is cast to a string prior to assignment, and if
30			* $encoding is not specified, it defaults to mb_internal_encoding(). Throws
31			* an InvalidArgumentException if the first argument is an array or object
32			* without a __toString method.
33			*
34			* @param mixed $str Value to modify, after being cast to string
35			* @param string $encoding The character encoding
36			* @throws \InvalidArgumentException if an array or object without a
37			* __toString method is passed as the first argument
38			*/
39			public function __construct($str = '', $encoding = null)
40			{
41			$this->validateArgument($str);
42
43			$this->str = (string) $str;
44
45			$this->encoding = $encoding ?: \mb_internal_encoding();
46			}
47
48			/**
49			* @param $str
50			*
51			* @throws \InvalidArgumentException if an array or object without a
52			* __toString method is passed as the first argument
53			*/
54			public function validateArgument($str): void
55			{
56			if (\is_array($str)) {
57			throw new InvalidArgumentException(
58			'Passed value cannot be an array'
59			);
60			}
61
62			if (\is_object($str) && !method_exists($str, '__toString')) {
63			throw new InvalidArgumentException(
64			'Passed object must have a __toString method'
65			);
66			}
67			}
68
69			/**
70			* Creates a Stringy object and assigns both str and encoding properties
71			* the supplied values. $str is cast to a string prior to assignment, and if
72			* $encoding is not specified, it defaults to mb_internal_encoding(). It
73			* then returns the initialized object. Throws an InvalidArgumentException
74			* if the first argument is an array or object without a __toString method.
75			*
76			* @param mixed $str Value to modify, after being cast to string
77			* @param string $encoding The character encoding
78			* @return static A Stringy object
79			* @throws \InvalidArgumentException if an array or object without a __toString method is passed as the first argument
80			*/
81			public static function create($str = '', $encoding = null)
82			{
83			return new self($str, $encoding);
84			}
85
86			/**
87			* Returns the value in $str.
88			*
89			* @return string The current value of the $str property
90			*/
91			public function __toString()
92			{
93			return $this->str;
94			}
95
96			/**
97			* Format money
98			*
99			* @param int $decimal
100			* @param $currency
101			* @return Presenty
102			*/
103			public function money(int $decimal = 2, $currency = '€') : self
104			{
105			if(isNullOrEmpty($this->str)) {
106			$this->str = 0;
			0 ignored issues – show Documentation Bug introduced 2018-05-09 19:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$str` was declared of type `string`, but `0` is of type `integer`. Maybe add a type cast? This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42; $correct = false; $correct = (bool) $answer; Loading history...
107			}
108
109			$this->number($decimal);
110
111			if(!$this->str) {
112			return $this;
113			}
114
115			$this->str = $currency.' '.$this->str;
116
117			return $this;
118			}
119
120			/**
121			* Format number
122			*
123			* @param int $decimal
124			* @param $dec_point
125			* @param $thousands_sep
126			* @return Presenty
127			*/
128			public function number(int $decimal = 0, $dec_point=',', $thousands_sep='.') : self
129			{
130			if(isNullOrEmpty($this->str)) {
131			$this->str = 0;
			0 ignored issues – show Documentation Bug introduced 2018-05-09 19:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$str` was declared of type `string`, but `0` is of type `integer`. Maybe add a type cast? This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42; $correct = false; $correct = (bool) $answer; Loading history...
132			}
133
134			if($decimal < 0) {
135			$decimal = 0;
136			}
137
138			$this->str = number_format($this->str, $decimal, $dec_point, $thousands_sep);
139
140			return $this;
141			}
142
143			/**
144			* Format boolean representation of string to translated yes/no string
145			*
146			* @param string $keyYes trans for yes
147			* @param string $keyNo trans for no
148			* @return Presenty
149			*/
150			public function boolean($keyYes = 'si', $keyNo = 'no') : self
151			{
152			if(isNullOrEmpty($this->str)) {
153			return $this;
154			}
155
156			if ($this->str == 1){
157			$this->str = $keyYes;
158			return $this;
159			}
160
161			if($this->isBooleanYes()){
162			$this->str = $keyYes;
163			return $this;
164			}
165
166			$this->str = $keyNo;
167			return $this;
168			}
169
170			/**
171			* @return bool
172			*/
173			public function isBooleanYes(): bool
174			{
175			$tmp = strtolower($this->str);
176			return ($tmp === 'yes' \|\| $tmp === 'si' \|\| $tmp === 'y' \|\| $tmp === 's');
177			}
178
179			/**
180			* Format url
181			*
182			* @param integer $len
183			* @return Presenty
184			*/
185			public function url(int $len = 50) : self
186			{
187			if(isNullOrEmpty($this->str)) {
188			return $this;
189			}
190			$this->str = str_limit($this->str, $len);
191			return $this;
192			}
193
194			/**
195			* Format text
196			*
197			* @param integer $len
198			* @return Presenty
199			*/
200			public function description(int $len = 50) : self
201			{
202			if(isNullOrEmpty($this->str)) {
203			return $this;
204			}
205			$this->str = str_limit($this->str, $len);
206			return $this;
207			}
208
209			/**
210			* Format html anchor
211			*
212			* @param array $arrAnchorAttributes
213			* @return Presenty
214			*/
215			public function anchor(array $arrAnchorAttributes = []) : self
216			{
217			if(isNullOrEmpty($this->str)) {
218			return $this;
219			}
220
221			$attrib='';
222			foreach($arrAnchorAttributes as $key => $val){
223			$attrib.=attre($key).'="'.attre($val).'" ';
224			}
225			$attrib.=' ';
226
227			$this->str = '<a '.$attrib.'href="'.$this->str.'">'.$this->str.'</a>';
228
229			return $this;
230			}
231
232			/**
233			* Format mailto
234			* @param array $arrAnchorAttributes
235			* @param string $label
236			* @return Presenty
237			*/
238			public function mailto(?array $arrAnchorAttributes = [], string $label = '') : self
239			{
240			if(!\is_array($arrAnchorAttributes)){
241			$arrAnchorAttributes = [];
242			}
243			$attrib='';
244			foreach($arrAnchorAttributes as $key => $value){
245			$attrib.=attre($key).'="'.attre($value).'" ';
246			}
247			if(isNullOrEmpty($label)) {
248			$label = $this->str;
249			}
250			$this->str = '<a '.$attrib.' href="mailto:'.attre($this->str).'">'.$label.'</a>';
251
252			return $this;
253			}
254
255			/**
256			* @param string $classPositiveNumber
257			* @param string $classNegativeNumber
258			* @return Presenty
259			*/
260			public function bkgPositiveOrNegative(string $classPositiveNumber = 'label label-success', string $classNegativeNumber = 'label label-danger') : self
261			{
262			if(isNullOrEmpty($this->str)) {
263			return $this;
264			}
265
266			$class = $classNegativeNumber;
267			if($this->str >= 0 && isDouble($this->str, '', true)){
268			$class = $classPositiveNumber;
269			}
270
271			$this->str = '<span class="'.$class.'">'. $this->str.'</span>';
272
273			return $this;
274			}
275
276			/**
277			* Format date ita
278			*
279			* @return Presenty
280			*/
281			public function dateIta() : self
282			{
283			$tmp = new \DateTime($this->str);
284			$this->str = $tmp->format('d/m/Y');
285			return $this;
286			}
287			}
288

padosoft / presenty

Issues (2)

Security Analysis no request data

src/Presenty.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like