Issues in SwissPaymentSlipFpdf_Red_Slip.php (master) - Issues in master - ravage84/SwissPaymentSlipFpdf - Measure and Improve Code Quality continuously with Scrutinizer

Issues (13)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

examples/SwissPaymentSlipFpdf_Red_Slip.php (2 issues)

Labels

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Swiss Payment Slip FPDF
 *
 * @license http://www.opensource.org/licenses/mit-license.php MIT License
 * @copyright 2012-2015 Some nice Swiss guys
 * @author Marc Würth <[email protected]>
 * @author Manuel Reinhard <[email protected]>
 * @author Peter Siska <[email protected]>
 * @link https://github.com/ravage84/SwissPaymentSlipFpdf
 */
?>
<!DOCTYPE html>
<html>
<head>
    <meta charset="utf-8">
    <title>SwissPaymentSlipFpdf Example 02: Create a red payment slip</title>
</head>
<body>
<h1>SwissPaymentSlipFpdf Example 02: Create a red payment slip</h1>
<?php
// Measure script execution/generating time
$time_start = microtime(true);

// Make sure the classes get auto-loaded
require __DIR__ . '/../vendor/autoload.php';

// Import necessary classes
use SwissPaymentSlip\SwissPaymentSlip\RedPaymentSlipData;
use SwissPaymentSlip\SwissPaymentSlip\RedPaymentSlip;
use SwissPaymentSlip\SwissPaymentSlipFpdf\PaymentSlipFpdf;
use fpdf\FPDF;

// Make sure FPDF has access to the additional fonts
define('FPDF_FONTPATH', __DIR__ . '/../src/Resources/font');

// Create an instance of FPDF, setup default settings
$fPdf = new FPDF('P', 'mm', 'A4');

// Add OCRB font to FPDF
$fPdf->AddFont('OCRB10');

// Add page, don't break page automatically
$fPdf->AddPage();
$fPdf->SetAutoPageBreak(false);

// Insert a dummy invoice text, not part of the payment slip itself
$fPdf->SetFont('Helvetica', '', 9);
$fPdf->Cell(50, 4, "Just some dummy text.");

// Create a payment slip data container (value object)
$paymentSlipData = new RedPaymentSlipData();

// Fill the data container with your data
$paymentSlipData->setBankData('Seldwyla Bank', '8021 Zürich');
$paymentSlipData->setAccountNumber('80-939-3');
$paymentSlipData->setRecipientData('Muster AG', 'Bahnhofstrasse 5', '8001 Zürich');
$paymentSlipData->setIban('CH3808888123456789012');
$paymentSlipData->setPayerData('M. Beispieler', 'Bahnhofstrasse 356', '', '7000 Chur');
$paymentSlipData->setAmount(8479.25);
$paymentSlipData->setPaymentReasonData('Rechnung', 'Nr.7496');

// Create a payment slip object, pass in the prepared data container
$paymentSlip = new RedPaymentSlip($paymentSlipData, 0, 191);

// Create an instance of the FPDF implementation
$paymentSlipFpdf = new PaymentSlipFpdf($fPdf, $paymentSlip);


// "Print" the slip with its elements according to their attributes
$paymentSlipFpdf->createPaymentSlip($paymentSlip);

// Output PDF named example_fpdf_red_slip.pdf to examples folder
$pdfName = 'example_fpdf_red_slip.pdf';
$pdfPath = __DIR__ . DIRECTORY_SEPARATOR . $pdfName;
$fPdf->Output($pdfPath, 'F');

echo sprintf('Payment slip created in <a href="%s">%s</a><br>', $pdfName, $pdfPath);

echo "<br>";

$time_end = microtime(true);
$time = $time_end - $time_start;
echo "Generation took $time seconds <br>";
echo 'Peak memory usage: ' . memory_get_peak_usage() / 1024 / 1024;
?>
</body>
</html>


1			<?php
			0 ignored issues – show Coding Style Compatibility introduced 2017-04-12 14:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this For compatibility and reusability of your code, PSR1 recommends that a file should introduce either new symbols (like classes, functions, etc.) or have side-effects (like outputting something, or including other files), but not both at the same time. The first symbol is defined on line 35 and the first side effect is on line 13. The PSR-1: Basic Coding Standard recommends that a file should either introduce new symbols, that is classes, functions, constants or similar, or have side effects. Side effects are anything that executes logic, like for example printing output, changing ini settings or writing to a file. The idea behind this recommendation is that merely auto-loading a class should not change the state of an application. It also promotes a cleaner style of programming and makes your code less prone to errors, because the logic is not spread out all over the place. To learn more about the PSR-1, please see the PHP-FIG site on the PSR-1. Loading history...
2			/**
3			* Swiss Payment Slip FPDF
4			*
5			* @license http://www.opensource.org/licenses/mit-license.php MIT License
6			* @copyright 2012-2015 Some nice Swiss guys
7			* @author Marc Würth <[email protected]>
8			* @author Manuel Reinhard <[email protected]>
9			* @author Peter Siska <[email protected]>
10			* @link https://github.com/ravage84/SwissPaymentSlipFpdf
11			*/
12			?>
13			<!DOCTYPE html>
14			<html>
15			<head>
16			<meta charset="utf-8">
17			<title>SwissPaymentSlipFpdf Example 02: Create a red payment slip</title>
18			</head>
19			<body>
20			<h1>SwissPaymentSlipFpdf Example 02: Create a red payment slip</h1>
21			<?php
22			// Measure script execution/generating time
23			$time_start = microtime(true);
24
25			// Make sure the classes get auto-loaded
26			require __DIR__ . '/../vendor/autoload.php';
27
28			// Import necessary classes
29			use SwissPaymentSlip\SwissPaymentSlip\RedPaymentSlipData;
30			use SwissPaymentSlip\SwissPaymentSlip\RedPaymentSlip;
31			use SwissPaymentSlip\SwissPaymentSlipFpdf\PaymentSlipFpdf;
32			use fpdf\FPDF;
33
34			// Make sure FPDF has access to the additional fonts
35			define('FPDF_FONTPATH', __DIR__ . '/../src/Resources/font');
36
37			// Create an instance of FPDF, setup default settings
38			$fPdf = new FPDF('P', 'mm', 'A4');
39
40			// Add OCRB font to FPDF
41			$fPdf->AddFont('OCRB10');
42
43			// Add page, don't break page automatically
44			$fPdf->AddPage();
45			$fPdf->SetAutoPageBreak(false);
46
47			// Insert a dummy invoice text, not part of the payment slip itself
48			$fPdf->SetFont('Helvetica', '', 9);
49			$fPdf->Cell(50, 4, "Just some dummy text.");
50
51			// Create a payment slip data container (value object)
52			$paymentSlipData = new RedPaymentSlipData();
53
54			// Fill the data container with your data
55			$paymentSlipData->setBankData('Seldwyla Bank', '8021 Zürich');
56			$paymentSlipData->setAccountNumber('80-939-3');
57			$paymentSlipData->setRecipientData('Muster AG', 'Bahnhofstrasse 5', '8001 Zürich');
58			$paymentSlipData->setIban('CH3808888123456789012');
59			$paymentSlipData->setPayerData('M. Beispieler', 'Bahnhofstrasse 356', '', '7000 Chur');
60			$paymentSlipData->setAmount(8479.25);
61			$paymentSlipData->setPaymentReasonData('Rechnung', 'Nr.7496');
62
63			// Create a payment slip object, pass in the prepared data container
64			$paymentSlip = new RedPaymentSlip($paymentSlipData, 0, 191);
65
66			// Create an instance of the FPDF implementation
67			$paymentSlipFpdf = new PaymentSlipFpdf($fPdf, $paymentSlip);
			0 ignored issues – show Unused Code introduced 2017-04-12 14:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `PaymentSlipFpdf::__construct()` has too many arguments starting with `$paymentSlip`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
68
69			// "Print" the slip with its elements according to their attributes
70			$paymentSlipFpdf->createPaymentSlip($paymentSlip);
71
72			// Output PDF named example_fpdf_red_slip.pdf to examples folder
73			$pdfName = 'example_fpdf_red_slip.pdf';
74			$pdfPath = __DIR__ . DIRECTORY_SEPARATOR . $pdfName;
75			$fPdf->Output($pdfPath, 'F');
76
77			echo sprintf('Payment slip created in <a href="%s">%s</a><br>', $pdfName, $pdfPath);
78
79			echo "<br>";
80
81			$time_end = microtime(true);
82			$time = $time_end - $time_start;
83			echo "Generation took $time seconds <br>";
84			echo 'Peak memory usage: ' . memory_get_peak_usage() / 1024 / 1024;
85			?>
86			</body>
87			</html>
88

ravage84 / SwissPaymentSlipFpdf

Issues (13)

Security Analysis no request data

examples/SwissPaymentSlipFpdf_Red_Slip.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like