These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | namespace Redaxscript; |
||
3 | |||
4 | use function htmlentities; |
||
5 | use function php_sapi_name; |
||
6 | use function set_include_path; |
||
7 | use function strlen; |
||
8 | |||
9 | /* bootstrap */ |
||
10 | |||
11 | include_once('includes' . DIRECTORY_SEPARATOR . 'bootstrap.php'); |
||
12 | |||
13 | /* header */ |
||
14 | |||
15 | Header::init(); |
||
16 | |||
17 | /* get instance */ |
||
18 | |||
19 | $registry = Registry::getInstance(); |
||
20 | $request = Request::getInstance(); |
||
21 | $language = Language::getInstance(); |
||
22 | $config = Config::getInstance(); |
||
23 | $accessValidator = new Validator\Access(); |
||
24 | |||
25 | /* command line */ |
||
26 | |||
27 | if (php_sapi_name() === 'cli') |
||
28 | { |
||
29 | $console = new Console\Console($registry, $request, $language, $config); |
||
30 | $output = $console->init('cli'); |
||
31 | if (strlen($output)) |
||
32 | { |
||
33 | echo $output; |
||
34 | } |
||
35 | } |
||
36 | |||
37 | /* restrict access */ |
||
38 | |||
39 | else if (!$config->get('lock') || $accessValidator->validate('1', $registry->get('myGroups'))) |
||
0 ignored issues
–
show
The expression
$config->get('lock') of type string|null is loosely compared to false ; this is ambiguous if the string can be empty. You might want to explicitly use === null instead.
In PHP, under loose comparison (like For '' == false // true
'' == null // true
'ab' == false // false
'ab' == null // false
// It is often better to use strict comparison
'' === false // false
'' === null // false
Loading history...
|
|||
40 | { |
||
41 | /* ajax request */ |
||
42 | |||
43 | if ($request->getServer('HTTP_X_REQUESTED_WITH') === 'XMLHttpRequest') |
||
44 | { |
||
45 | $console = new Console\Console($registry, $request, $language, $config); |
||
46 | $output = $console->init('template'); |
||
47 | if (strlen($output)) |
||
48 | { |
||
49 | echo htmlentities($output, ENT_QUOTES); |
||
50 | } |
||
51 | } |
||
52 | |||
53 | /* else template */ |
||
54 | |||
55 | else |
||
56 | { |
||
57 | set_include_path('templates'); |
||
58 | include_once('console' . DIRECTORY_SEPARATOR . 'index.phtml'); |
||
59 | } |
||
60 | } |
||
61 | else |
||
62 | { |
||
63 | Header::responseCode(403); |
||
64 | exit; |
||
65 | } |
||
66 |
This check looks at variables that are passed out again to other methods.
If the outgoing method call has stricter type requirements than the method itself, an issue is raised.
An additional type check may prevent trouble.