This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /* Things you may want to tweak in here: |
||
3 | * - xhprof_enable() uses a few constants. |
||
4 | * - The values passed to rand() determine the the odds of any particular run being profiled. |
||
5 | * - The MongoDB collection and such. |
||
6 | * |
||
7 | * I use unsafe writes by default, let's not slow down requests any more than I need to. As a result you will |
||
8 | * indubidubly want to ensure that writes are actually working. |
||
9 | * |
||
10 | * The easiest way to get going is to either include this file in your index.php script, or use php.ini's |
||
11 | * auto_prepend_file directive http://php.net/manual/en/ini.core.php#ini.auto-prepend-file |
||
12 | */ |
||
13 | |||
14 | /* xhprof_enable() |
||
15 | * See: http://php.net/manual/en/xhprof.constants.php |
||
16 | * |
||
17 | * |
||
18 | * XHPROF_FLAGS_NO_BUILTINS |
||
19 | * Omit built in functions from return |
||
20 | * This can be useful to simplify the output, but there's some value in seeing that you've called strpos() 2000 times |
||
21 | * (disabled on PHP 5.5+ as it causes a segfault) |
||
22 | * |
||
23 | * XHPROF_FLAGS_CPU |
||
24 | * Include CPU profiling information in output |
||
25 | * |
||
26 | * XHPROF_FLAGS_MEMORY (integer) |
||
27 | * Include Memory profiling information in output |
||
28 | * |
||
29 | * |
||
30 | * Use bitwise operators to combine, so XHPROF_FLAGS_CPU | XHPROF_FLAGS_MEMORY to profile CPU and Memory |
||
31 | * |
||
32 | */ |
||
33 | |||
34 | /* uprofiler support |
||
35 | * The uprofiler extension is a fork of xhprof. See: https://github.com/FriendsOfPHP/uprofiler |
||
36 | * |
||
37 | * The two extensions are very similar, and this script will use the uprofiler extension if it is loaded, |
||
38 | * or the xhprof extension if not. At least one of these extensions must be present. |
||
39 | * |
||
40 | * The UPROFILER_* constants mirror the XHPROF_* ones exactly, with one additional constant available: |
||
41 | * |
||
42 | * UPROFILER_FLAGS_FUNCTION_INFO (integer) |
||
43 | * Adds more information about function calls (this information is not currently used by XHGui) |
||
44 | */ |
||
45 | |||
46 | /* Tideways XHProf support |
||
47 | * The tideways_xhprof extension is a fork of xhprof. See https://github.com/tideways/php-profiler-extension |
||
48 | * |
||
49 | * It works on PHP 5.5+ and PHP 7 and improves on the ancient timing algorithms used by XHProf using |
||
50 | * more modern Linux APIs to collect high performance timing data. |
||
51 | * |
||
52 | * v4 (tideways): The TIDEWAYS_* constants are similar to the ones by XHProf, however you need to disable timeline |
||
53 | * mode when using XHGui, because it only supports callgraphs and we can save the overhead. Use |
||
54 | * TIDEWAYS_FLAGS_NO_SPANS to disable timeline mode. |
||
55 | * |
||
56 | * v5 (tideways_xhprof): The TIDEWAYS_XHPROF_* constants are similar to the ones by XHProf, however you cannot use |
||
57 | * additional TIDEWAYS_XHPROF_FLAGS_MEMORY_* flags since XHGui does not support the extra data that they produce. |
||
58 | */ |
||
59 | |||
60 | // this file should not - under no circumstances - interfere with any other application |
||
61 | if (!extension_loaded('xhprof') |
||
62 | && !extension_loaded('uprofiler') |
||
63 | && !extension_loaded('tideways') |
||
64 | && !extension_loaded('tideways_xhprof') |
||
65 | ) { |
||
66 | error_log('xhgui - either extension xhprof, uprofiler, tideways or tideways_xhprof must be loaded'); |
||
67 | return; |
||
68 | } |
||
69 | |||
70 | // Use the callbacks defined in the configuration file |
||
71 | // to determine whether or not XHgui should enable profiling. |
||
72 | // |
||
73 | // Only load the config class so we don't pollute the host application's |
||
74 | // autoloaders. |
||
75 | $dir = dirname(__DIR__); |
||
76 | require_once $dir . '/src/Xhgui/Config.php'; |
||
77 | $configDir = defined('XHGUI_CONFIG_DIR') ? XHGUI_CONFIG_DIR : $dir . '/config/'; |
||
78 | View Code Duplication | if (file_exists($configDir . 'config.php')) { |
|
0 ignored issues
–
show
|
|||
79 | Xhgui_Config::load($configDir . 'config.php'); |
||
80 | } else { |
||
81 | Xhgui_Config::load($configDir . 'config.default.php'); |
||
82 | } |
||
83 | unset($dir, $configDir); |
||
84 | |||
85 | if ((!extension_loaded('mongo') && !extension_loaded('mongodb')) && Xhgui_Config::read('save.handler') === 'mongodb') { |
||
86 | error_log('xhgui - extension mongo not loaded'); |
||
87 | return; |
||
88 | } |
||
89 | |||
90 | if (!Xhgui_Config::shouldRun()) { |
||
91 | return; |
||
92 | } |
||
93 | |||
94 | if (!isset($_SERVER['REQUEST_TIME_FLOAT'])) { |
||
95 | $_SERVER['REQUEST_TIME_FLOAT'] = microtime(true); |
||
96 | } |
||
97 | |||
98 | $skipBuiltIn = Xhgui_Config::read('profiler.skip_built_in'); |
||
99 | $options = Xhgui_Config::read('profiler.options'); |
||
100 | |||
101 | if (extension_loaded('uprofiler')) { |
||
102 | $flags = UPROFILER_FLAGS_CPU | UPROFILER_FLAGS_MEMORY; |
||
103 | |||
104 | if ($skipBuiltIn) { |
||
105 | $flags |= UPROFILER_FLAGS_NO_BUILTINS; |
||
106 | } |
||
107 | |||
108 | uprofiler_enable($flags, $options); |
||
109 | } else if (extension_loaded('tideways')) { |
||
110 | $flags = TIDEWAYS_FLAGS_CPU | TIDEWAYS_FLAGS_MEMORY | TIDEWAYS_FLAGS_NO_SPANS; |
||
111 | |||
112 | if ($skipBuiltIn) { |
||
113 | $flags |= TIDEWAYS_FLAGS_NO_BUILTINS; |
||
114 | } |
||
115 | |||
116 | tideways_enable($flags, $options); |
||
117 | } elseif (extension_loaded('tideways_xhprof')) { |
||
118 | $flags = TIDEWAYS_XHPROF_FLAGS_CPU | TIDEWAYS_XHPROF_FLAGS_MEMORY; |
||
119 | |||
120 | if ($skipBuiltIn) { |
||
121 | $flags |= TIDEWAYS_XHPROF_FLAGS_NO_BUILTINS; |
||
122 | } |
||
123 | |||
124 | tideways_xhprof_enable($flags); |
||
125 | } else { |
||
126 | $flags = XHPROF_FLAGS_CPU | XHPROF_FLAGS_MEMORY; |
||
127 | |||
128 | $isFaulted = (PHP_MAJOR_VERSION == 5 && PHP_MINOR_VERSION > 4); |
||
129 | if ($skipBuiltIn || $isFaulted) { |
||
130 | $flags |= XHPROF_FLAGS_NO_BUILTINS; |
||
131 | } |
||
132 | |||
133 | xhprof_enable($flags, $options); |
||
134 | } |
||
135 | |||
136 | register_shutdown_function( |
||
137 | function () { |
||
138 | if (extension_loaded('uprofiler')) { |
||
139 | $data['profile'] = uprofiler_disable(); |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$data was never initialized. Although not strictly required by PHP, it is generally a good practice to add $data = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop. ![]() |
|||
140 | } else if (extension_loaded('tideways')) { |
||
141 | $data['profile'] = tideways_disable(); |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$data was never initialized. Although not strictly required by PHP, it is generally a good practice to add $data = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop. ![]() |
|||
142 | } elseif (extension_loaded('tideways_xhprof')) { |
||
143 | $data['profile'] = tideways_xhprof_disable(); |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$data was never initialized. Although not strictly required by PHP, it is generally a good practice to add $data = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop. ![]() |
|||
144 | } else { |
||
145 | $data['profile'] = xhprof_disable(); |
||
0 ignored issues
–
show
Coding Style
Comprehensibility
introduced
by
$data was never initialized. Although not strictly required by PHP, it is generally a good practice to add $data = array(); before regardless.
Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) {
$myArray['foo'] = $item->getFoo();
if ($item->hasBar()) {
$myArray['bar'] = $item->getBar();
}
// do something with $myArray
}
As you can see in this example, the array This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization $myArray = array() either outside or inside the foreach loop. ![]() |
|||
146 | } |
||
147 | |||
148 | // ignore_user_abort(true) allows your PHP script to continue executing, even if the user has terminated their request. |
||
149 | // Further Reading: http://blog.preinheimer.com/index.php?/archives/248-When-does-a-user-abort.html |
||
150 | // flush() asks PHP to send any data remaining in the output buffers. This is normally done when the script completes, but |
||
151 | // since we're delaying that a bit by dealing with the xhprof stuff, we'll do it now to avoid making the user wait. |
||
152 | ignore_user_abort(true); |
||
153 | if (function_exists('session_write_close')) { |
||
154 | session_write_close(); |
||
155 | } |
||
156 | flush(); |
||
157 | |||
158 | if (!defined('XHGUI_ROOT_DIR')) { |
||
159 | require dirname(__DIR__) . '/src/bootstrap.php'; |
||
160 | } |
||
161 | |||
162 | if (Xhgui_Config::read('fastcgi_finish_request') && function_exists('fastcgi_finish_request')) { |
||
163 | fastcgi_finish_request(); |
||
164 | } |
||
165 | |||
166 | $uri = array_key_exists('REQUEST_URI', $_SERVER) |
||
167 | ? $_SERVER['REQUEST_URI'] |
||
168 | : null; |
||
169 | if (empty($uri) && isset($_SERVER['argv'])) { |
||
170 | $cmd = basename($_SERVER['argv'][0]); |
||
171 | $uri = $cmd . ' ' . implode(' ', array_slice($_SERVER['argv'], 1)); |
||
172 | } |
||
173 | |||
174 | $replace_url = Xhgui_Config::read('profiler.replace_url'); |
||
175 | if (is_callable($replace_url)) { |
||
176 | $uri = $replace_url($uri); |
||
177 | } |
||
178 | |||
179 | $prepare_profile = Xhgui_Config::read('profiler.prepare_profile'); |
||
180 | if (is_callable($prepare_profile)) { |
||
181 | $data['profile'] = $prepare_profile($data['profile']); |
||
182 | } |
||
183 | |||
184 | $time = array_key_exists('REQUEST_TIME', $_SERVER) |
||
185 | ? $_SERVER['REQUEST_TIME'] |
||
186 | : time(); |
||
187 | |||
188 | // In some cases there is comma instead of dot |
||
189 | $delimiter = (strpos($_SERVER['REQUEST_TIME_FLOAT'], ',') !== false) ? ',' : '.'; |
||
190 | $requestTimeFloat = explode($delimiter, $_SERVER['REQUEST_TIME_FLOAT']); |
||
191 | if (!isset($requestTimeFloat[1])) { |
||
192 | $requestTimeFloat[1] = 0; |
||
193 | } |
||
194 | |||
195 | $requestTs = array('sec' => $time, 'usec' => 0); |
||
196 | $requestTsMicro = array('sec' => $requestTimeFloat[0], 'usec' => $requestTimeFloat[1]); |
||
197 | |||
198 | $data['meta'] = array( |
||
199 | 'url' => $uri, |
||
200 | 'SERVER' => $_SERVER, |
||
201 | 'get' => $_GET, |
||
202 | 'env' => $_ENV, |
||
203 | 'simple_url' => Xhgui_Util::simpleUrl($uri), |
||
204 | 'request_ts' => $requestTs, |
||
205 | 'request_ts_micro' => $requestTsMicro, |
||
206 | 'request_date' => date('Y-m-d', $time), |
||
207 | ); |
||
208 | |||
209 | try { |
||
210 | $config = Xhgui_Config::all(); |
||
211 | $config += array('db.options' => array()); |
||
212 | $config += array('db.driverOptions' => array()); |
||
213 | $saver = Xhgui_Saver::factory($config); |
||
214 | $saver->save($data); |
||
215 | } catch (Exception $e) { |
||
216 | error_log('xhgui - ' . $e->getMessage()); |
||
217 | } |
||
218 | } |
||
219 | ); |
||
220 |
Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation.
You can also find more detailed suggestions in the “Code” section of your repository.