service.php ➔ getContent() - Code Metrics - Inspection of "Merge pull request #124 from maki10/patch-1" - phpsrbija/unfinished - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( c2d471...c0413d )

by Aleksandar

created 2017-06-30 11:45 UTC

service.php ➔ getContent() A

↳ Parent: Project

Complexity

Conditions	4
Paths	4

Size

Total Lines	54
Code Lines	12

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	4
eloc	12
nc	4
nop	0
dl	0
loc	54
rs	9.0306
c	0
b	0
f	0

How to fix Long Method

<?php

  $action = $_REQUEST['action'];
  switch ($action) {
      case '1':
          getContent();
        break;
      default:
        break;
  }

 function getContent()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
 {
     //sleep(1);
   $step_number = $_REQUEST['step_number'];
     $html = '<h2 class="StepTitle">Step '.$step_number.' Content</h2>';
     if ($step_number == 1) {
         $html .= '<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, 
            sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, 
            quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. 
            Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. 
            Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
            </p>';
     } elseif ($step_number == 2) {
         $html .= '<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, 
            sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, 
            quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. 
            Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. 
            Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
            </p>
            <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, 
            sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, 
            quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. 
            Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. 
            Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
            </p>';
     } elseif ($step_number == 3) {
         $html .= '<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, 
            sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, 
            quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. 
            Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. 
            Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
            </p>
            <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, 
            sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, 
            quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. 
            Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. 
            Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
            </p>
            <p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, 
            sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, 
            quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. 
            Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. 
            Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
            </p>';
     } else {
         $html .= '<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit, 
            sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam, 
            quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat. 
            Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur. 
            Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
            </p>';
     }
     echo $html;
// for HTML
$sanitized = htmlentities($tainted, ENT_QUOTES);

// for URLs
$sanitized = urlencode($tainted);
 }


Push — master ( c2d471...c0413d )

service.php ➔ getContent() A

Complexity

Size

Duplication

Importance

How to fix Long Method

Long Method

1 path for user data to reach this point

Preventing Cross-Site-Scripting Attacks

General Strategies to prevent injection

1			<?php
			0 ignored issues – show Coding Style introduced 2017-06-30 13:13 UTC by Report Bug Copy Issue Report File has mixed line endings; this may cause incorrect results Loading history... Coding Style Compatibility introduced 2017-06-30 13:13 UTC by Report Bug Copy Issue Report For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 11 and the first side effect is on line 2. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2			$action = $_REQUEST['action'];
3			switch ($action) {
4			case '1':
5			getContent();
6			break;
7			default:
8			break;
9			}
10
11			function getContent()
			0 ignored issues – show Coding Style introduced 2017-04-22 13:45 UTC by Report Bug Copy Issue Report `getContent` uses the super-global variable `$_REQUEST` which is generally not recommended. Instead of super-globals, we recommend to explicitly inject the dependencies of your class. This makes your code less dependent on global state and it becomes generally more testable: // Bad class Router { public function generate($path) { return $_SERVER['HOST'].$path; } } // Better class Router { private $host; public function __construct($host) { $this->host = $host; } public function generate($path) { return $this->host.$path; } } class Controller { public function myAction(Request $request) { // Instead of $page = isset($_GET['page']) ? intval($_GET['page']) : 1; // Better (assuming you use the Symfony2 request) $page = $request->query->get('page', 1); } } Loading history...
12			{
13			//sleep(1);
14			$step_number = $_REQUEST['step_number'];
15			$html = '<h2 class="StepTitle">Step '.$step_number.' Content</h2>';
16			if ($step_number == 1) {
17			$html .= '<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit,
18			sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
19			quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
20			Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
21			Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
22			</p>';
23			} elseif ($step_number == 2) {
24			$html .= '<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit,
25			sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
26			quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
27			Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
28			Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
29			</p>
30			<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit,
31			sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
32			quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
33			Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
34			Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
35			</p>';
36			} elseif ($step_number == 3) {
37			$html .= '<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit,
38			sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
39			quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
40			Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
41			Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
42			</p>
43			<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit,
44			sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
45			quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
46			Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
47			Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
48			</p>
49			<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit,
50			sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
51			quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
52			Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
53			Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
54			</p>';
55			} else {
56			$html .= '<p>Lorem ipsum dolor sit amet, consectetur adipisicing elit,
57			sed do eiusmod tempor incididunt ut labore et dolore magna aliqua. Ut enim ad minim veniam,
58			quis nostrud exercitation ullamco laboris nisi ut aliquip ex ea commodo consequat.
59			Duis aute irure dolor in reprehenderit in voluptate velit esse cillum dolore eu fugiat nulla pariatur.
60			Excepteur sint occaecat cupidatat non proident, sunt in culpa qui officia deserunt mollit anim id est laborum.
61			</p>';
62			}
63			echo $html;
			0 ignored issues – show Security Cross-Site Scripting introduced 2017-06-30 11:52 UTC by Report Bug Copy Issue Report `$html` can contain request data and is used in output context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Read from `$_REQUEST,` and `$step_number` is assigned in public/admin_assets/vendors/jQuery-Smart-Wizard/more_examples/services/service.php on line 14 `$html` is assigned in public/admin_assets/vendors/jQuery-Smart-Wizard/more_examples/services/service.php on line 15 Preventing Cross-Site-Scripting Attacks Cross-Site-Scripting allows an attacker to inject malicious code into your website - in particular Javascript code, and have that code executed with the privileges of a visiting user. This can be used to obtain data, or perform actions on behalf of that visiting user. In order to prevent this, make sure to escape all user-provided data: // for HTML $sanitized = htmlentities($tainted, ENT_QUOTES); // for URLs $sanitized = urlencode($tainted); General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
64			}
65

phpsrbija / unfinished

Push — master ( c2d471...c0413d )

service.php ➔ getContent() A

Complexity

Size

Duplication

Importance

How to fix Long Method

Long Method

1 path for user data to reach this point

Preventing Cross-Site-Scripting Attacks

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like