Issues in Router.php (master) - Issues in master - redaxscript/redaxscript - Measure and Improve Code Quality continuously with Scrutinizer

Issues (201)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/Router/Router.php (2 issues)

Labels

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Redaxscript\Router;

use Redaxscript\Controller;
use Redaxscript\Filter;
use Redaxscript\Header;
use Redaxscript\Model;
use Redaxscript\Module;
use Redaxscript\Validator;
use Redaxscript\View;

/**
 * parent class to provide the router
 *
 * @since 3.3.0
 *
 * @package Redaxscript
 * @category Router
 * @author Henry Ruhs
 */

class Router extends RouterAbstract
{
	/**
	 * route the header
	 *
	 * @since 3.3.0
	 *
	 * @return bool
	 */

	public function routeHeader() : bool
	{
		Module\Hook::trigger('routeHeader');

		/* handle break */

		if ($this->_registry->get('routerBreak'))
		{
			Header::responseCode(200);
		}

		/* handle guard */

		if ($this->_tokenGuard())
		{
			Header::responseCode(403);
		}
		if ($this->_authGuard())
		{
			Header::responseCode(403);
		}

		/* handle validator */

		if ($this->_aliasValidator())
		{
			Header::responseCode(200);
		}
		else if (!$this->_contentValidator())
		{
			Header::responseCode(404);
		}

		/* handle post */

		if ($this->_request->getPost('Redaxscript\View\SearchForm'))
		{
			return $this->_redirectSearch();
		}
		return (bool)$this->_registry->get('routerBreak');
	}

	/**
	 * route the content
	 *
	 * @since 3.3.0
	 *
	 * @return string|null
	 */

	public function routeContent() : ?string
	{
		Module\Hook::trigger('routeContent');
		$firstParameter = $this->getFirst();

		/* handle break */

		if ($this->_registry->get('routerBreak'))
		{
			return '<!-- routerBreak -->';
		}

		/* handle guard */

		if ($this->_tokenGuard())
		{
			return $this->_errorToken();
		}
		if ($this->_authGuard())
		{
			return $this->_errorAccess();
		}

		/* handle post */

		if ($this->_request->getPost('Redaxscript\View\CommentForm'))
		{
			return $this->_processComment();
		}
		if ($this->_request->getPost('Redaxscript\View\LoginForm'))
		{
			return $this->_processLogin();
		}
		if ($this->_request->getPost('Redaxscript\View\ResetForm'))
		{
			return $this->_processReset();
		}
		if ($this->_request->getPost('Redaxscript\View\RecoverForm'))
		{
			return $this->_processRecover();
		}
		if ($this->_request->getPost('Redaxscript\View\RegisterForm'))
		{
			return $this->_processRegister();
		}
		if (!$this->_installGuard() && $this->_request->getPost('Redaxscript\View\InstallForm'))
		{
			return $this->_processInstall();
		}

		/* handle route */

		if ($firstParameter === 'search')
		{
			return $this->_processSearch();
		}
		if ($firstParameter === 'login')
		{
			return $this->_renderLogin();
		}
		if ($firstParameter === 'logout')
		{
			return $this->_processLogout();
		}
		if ($firstParameter === 'register')
		{
			return $this->_renderRegister();
		}
		if (!$this->_installGuard())
		{
			return $this->_renderInstall();
		}
		return null;
	}

	/**
	 * token guard
	 *
	 * @since 3.3.0
	 *
	 * @return bool
	 */

	protected function _tokenGuard() : bool
	{
		return $this->_request->get('post') && $this->_request->getPost('token') !== $this->_registry->get('token');
	}

	/**
	 * auth guard
	 *
	 * @since 3.3.0
	 *
	 * @return bool
	 */

	protected function _authGuard() : bool
	{
		return $this->_registry->get('token') !== $this->_registry->get('loggedIn') && $this->_registry->get('firstParameter') === 'admin';
	}

	/**
	 * install guard
	 *
	 * @since 4.5.0
	 *
	 * @return bool
	 */

	protected function _installGuard() : bool
	{
		return $this->_registry->get('file') !== 'install.php';
	}

	/**
	 * alias validator
	 *
	 * @since 4.0.0
	 *
	 * @return bool
	 */

	protected function _aliasValidator() : bool
	{
		$aliasValidator = new Validator\Alias();
		return $aliasValidator->matchSystem($this->_registry->get('firstParameter'));
	}

	/**
	 * content validator
	 *
	 * @since 4.0.0
	 *
	 * @return bool
	 */

	protected function _contentValidator() : bool
	{
		return $this->_registry->get('lastId') > 0;
	}

	/**
	 * redirect the search
	 *
	 * @since 3.3.0
	 *
	 * @return bool
	 */

	protected function _redirectSearch() : bool
	{
		$aliasFilter = new Filter\Alias();
		$root = $this->_registry->get('root');
		$parameterRoute = $this->_registry->get('parameterRoute');

		/* handle post */

		$table = $aliasFilter->sanitize($this->_request->getPost('table'));
		$search = $aliasFilter->sanitize($this->_request->getPost('search'));
		$tableString = $table ? '/' . $table : null;
		$searchString = $search ? '/' . $search : null;

		/* redirect */

		return Header::doRedirect($root . '/' . $parameterRoute . 'search' . $tableString . $searchString);
	}

	/**
	 * process the search
	 *
	 * @since 3.3.0
	 *
	 * @return string
	 */

	protected function _processSearch() : string
	{
		$searchController = new Controller\Search($this->_registry, $this->_request, $this->_language, $this->_config);
		return $searchController->process();
	}

	/**
	 * process the comment
	 *
	 * @since 3.3.0
	 *
	 * @return string
	 */

	protected function _processComment() : string
	{
		$commentController = new Controller\Comment($this->_registry, $this->_request, $this->_language, $this->_config);
		return $commentController->process();
	}

	/**
	 * process the login
	 *
	 * @since 3.3.0
	 *
	 * @return string
	 */

	protected function _processLogin() : string
	{
		$loginController = new Controller\Login($this->_registry, $this->_request, $this->_language, $this->_config);
		return $loginController->process();
	}

	/**
	 * process the reset
	 *
	 * @since 3.3.0
	 *
	 * @return string
	 */

	protected function _processReset() : string
	{
		$resetController = new Controller\Reset($this->_registry, $this->_request, $this->_language, $this->_config);
		return $resetController->process();
	}

	/**
	 * process the recover
	 *
	 * @since 3.3.0
	 *
	 * @return string
	 */

	protected function _processRecover() : string
	{
		$recoverController = new Controller\Recover($this->_registry, $this->_request, $this->_language, $this->_config);
		return $recoverController->process();
	}

	/**
	 * process the register
	 *
	 * @since 3.3.0
	 *
	 * @return string
	 */

	protected function _processRegister() : string
	{
		$registerController = new Controller\Register($this->_registry, $this->_request, $this->_language, $this->_config);
		return $registerController->process();
	}

	/**
	 * process the logout
	 *
	 * @since 3.3.0
	 *
	 * @return string
	 */

	protected function _processLogout() : string
	{
		$logoutController = new Controller\Logout($this->_registry, $this->_request, $this->_language, $this->_config);
		return $logoutController->process();
	}

	/**
	 * process the install
	 *
	 * @since 3.3.0
	 *
	 * @return string
	 */

	protected function _processInstall() : string
	{
		$emailFilter = new Filter\Email();
		$passwordFilter = new Filter\Password();
		$textFilter = new Filter\Text();
		$userFilter = new Filter\User();
		$this->_request->setSession('installArray',
		[
			'dbType' => $this->_request->getPost('db-type'),
			'dbHost' => $this->_request->getPost('db-host'),
			'dbName' => $this->_request->getPost('db-name'),
			'dbUser' => $this->_request->getPost('db-user'),
			'dbPassword' => $this->_request->getPost('db-password'),
			'dbPrefix' => $this->_request->getPost('db-prefix'),
			'adminName' => $textFilter->sanitize($this->_request->getPost('admin-name')),
			'adminUser' => $userFilter->sanitize($this->_request->getPost('admin-user')),
			'adminPassword' => $passwordFilter->sanitize($this->_request->getPost('admin-password')),
			'adminEmail' => $emailFilter->sanitize($this->_request->getPost('admin-email')),
		]);
		$installController = new Controller\Install($this->_registry, $this->_request, $this->_language, $this->_config);
		return $installController->process();
	}

	/**
	 * render the login
	 *
	 * @since 3.3.0
	 *
	 * @return string
	 */

	protected function _renderLogin() : string
	{
		$secondParameter = $this->getSecond();
		$thirdParameter = $this->getThird();
		$thirdSubParameter = $this->getThirdSub();
		$settingModel = new Model\Setting();

		/* handle login */

		if ($settingModel->get('recovery'))
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
		{
			if ($secondParameter === 'recover')
			{
				$recoverForm = new View\RecoverForm($this->_registry, $this->_language);
				return $recoverForm->render();
			}
			if ($secondParameter === 'reset' && $thirdParameter && $thirdSubParameter)
			{
				$resetForm = new View\ResetForm($this->_registry, $this->_language);
				return $resetForm->render();
			}
		}
		if (!$secondParameter)
		{
			$loginForm = new View\LoginForm($this->_registry, $this->_language);
			return $loginForm->render();
		}
		return $this->_errorAccess();
	}

	/**
	 * render the register
	 *
	 * @since 3.3.0
	 *
	 * @return string
	 */

	protected function _renderRegister() : string
	{
		$settingModel = new Model\Setting();
		if ($settingModel->get('registration'))
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
		{
			$registerForm = new View\RegisterForm($this->_registry, $this->_language);
			return $registerForm->render();
		}
		return $this->_errorAccess();
	}

	/**
	 * render the install
	 *
	 * @since 3.3.0
	 *
	 * @return string
	 */

	protected function _renderInstall() : string
	{
		$installArray = $this->_request->getSession('installArray');
		$systemStatus = new View\SystemStatus($this->_registry, $this->_language);
		$installForm = new View\InstallForm($this->_registry, $this->_language);
		return $systemStatus->render() . $installForm->render($installArray ? : []);
	}

	/**
	 * messenger factory
	 *
	 * @since 4.0.0
	 *
	 * @return View\Helper\Messenger
	 */

	protected function _messengerFactory() : View\Helper\Messenger
	{
		return new View\Helper\Messenger($this->_registry);
	}

	/**
	 * show the token error
	 *
	 * @since 3.3.0
	 *
	 * @return string
	 */

	protected function _errorToken() : string
	{
		$messenger = $this->_messengerFactory();
		return $messenger
			->setUrl($this->_language->get('home'), $this->_registry->get('root'))
			->error($this->_language->get('token_incorrect'), $this->_language->get('error_occurred'));
	}

	/**
	 * show the access error
	 *
	 * @since 3.3.0
	 *
	 * @return string
	 */

	protected function _errorAccess() : string
	{
		$messenger = $this->_messengerFactory();
		return $messenger
			->setUrl($this->_language->get('home'), $this->_registry->get('root'))
			->error($this->_language->get('access_no'), $this->_language->get('error_occurred'));
	}
}


1		<?php
2		namespace Redaxscript\Router;
3
4		use Redaxscript\Controller;
5		use Redaxscript\Filter;
6		use Redaxscript\Header;
7		use Redaxscript\Model;
8		use Redaxscript\Module;
9		use Redaxscript\Validator;
10		use Redaxscript\View;
11
12		/**
13		* parent class to provide the router
14		*
15		* @since 3.3.0
16		*
17		* @package Redaxscript
18		* @category Router
19		* @author Henry Ruhs
20		*/
21
22		class Router extends RouterAbstract
23		{
24		/**
25		* route the header
26		*
27		* @since 3.3.0
28		*
29		* @return bool
30		*/
31
32	3	public function routeHeader() : bool
33		{
34	3	Module\Hook::trigger('routeHeader');
35
36		/* handle break */
37
38	3	if ($this->_registry->get('routerBreak'))
39		{
40	1	Header::responseCode(200);
41		}
42
43		/* handle guard */
44
45	3	if ($this->_tokenGuard())
46		{
47	1	Header::responseCode(403);
48		}
49	3	if ($this->_authGuard())
50		{
51		Header::responseCode(403);
52		}
53
54		/* handle validator */
55
56	3	if ($this->_aliasValidator())
57		{
58		Header::responseCode(200);
59		}
60	3	else if (!$this->_contentValidator())
61		{
62		Header::responseCode(404);
63		}
64
65		/* handle post */
66
67	3	if ($this->_request->getPost('Redaxscript\View\SearchForm'))
68		{
69	1	return $this->_redirectSearch();
70		}
71	2	return (bool)$this->_registry->get('routerBreak');
72		}
73
74		/**
75		* route the content
76		*
77		* @since 3.3.0
78		*
79		* @return string\|null
80		*/
81
82	17	public function routeContent() : ?string
83		{
84	17	Module\Hook::trigger('routeContent');
85	17	$firstParameter = $this->getFirst();
86
87		/* handle break */
88
89	17	if ($this->_registry->get('routerBreak'))
90		{
91		return '<!-- routerBreak -->';
92		}
93
94		/* handle guard */
95
96	17	if ($this->_tokenGuard())
97		{
98	1	return $this->_errorToken();
99		}
100	16	if ($this->_authGuard())
101		{
102		return $this->_errorAccess();
103		}
104
105		/* handle post */
106
107	16	if ($this->_request->getPost('Redaxscript\View\CommentForm'))
108		{
109	1	return $this->_processComment();
110		}
111	15	if ($this->_request->getPost('Redaxscript\View\LoginForm'))
112		{
113	1	return $this->_processLogin();
114		}
115	14	if ($this->_request->getPost('Redaxscript\View\ResetForm'))
116		{
117	1	return $this->_processReset();
118		}
119	13	if ($this->_request->getPost('Redaxscript\View\RecoverForm'))
120		{
121	1	return $this->_processRecover();
122		}
123	12	if ($this->_request->getPost('Redaxscript\View\RegisterForm'))
124		{
125	1	return $this->_processRegister();
126		}
127	11	if (!$this->_installGuard() && $this->_request->getPost('Redaxscript\View\InstallForm'))
128		{
129	1	return $this->_processInstall();
130		}
131
132		/* handle route */
133
134	10	if ($firstParameter === 'search')
135		{
136	1	return $this->_processSearch();
137		}
138	9	if ($firstParameter === 'login')
139		{
140	4	return $this->_renderLogin();
141		}
142	5	if ($firstParameter === 'logout')
143		{
144	1	return $this->_processLogout();
145		}
146	4	if ($firstParameter === 'register')
147		{
148	2	return $this->_renderRegister();
149		}
150	2	if (!$this->_installGuard())
151		{
152	1	return $this->_renderInstall();
153		}
154	1	return null;
155		}
156
157		/**
158		* token guard
159		*
160		* @since 3.3.0
161		*
162		* @return bool
163		*/
164
165	20	protected function _tokenGuard() : bool
166		{
167	20	return $this->_request->get('post') && $this->_request->getPost('token') !== $this->_registry->get('token');
168		}
169
170		/**
171		* auth guard
172		*
173		* @since 3.3.0
174		*
175		* @return bool
176		*/
177
178	19	protected function _authGuard() : bool
179		{
180	19	return $this->_registry->get('token') !== $this->_registry->get('loggedIn') && $this->_registry->get('firstParameter') === 'admin';
181		}
182
183		/**
184		* install guard
185		*
186		* @since 4.5.0
187		*
188		* @return bool
189		*/
190
191	11	protected function _installGuard() : bool
192		{
193	11	return $this->_registry->get('file') !== 'install.php';
194		}
195
196		/**
197		* alias validator
198		*
199		* @since 4.0.0
200		*
201		* @return bool
202		*/
203
204	3	protected function _aliasValidator() : bool
205		{
206	3	$aliasValidator = new Validator\Alias();
207	3	return $aliasValidator->matchSystem($this->_registry->get('firstParameter'));
208		}
209
210		/**
211		* content validator
212		*
213		* @since 4.0.0
214		*
215		* @return bool
216		*/
217
218	3	protected function _contentValidator() : bool
219		{
220	3	return $this->_registry->get('lastId') > 0;
221		}
222
223		/**
224		* redirect the search
225		*
226		* @since 3.3.0
227		*
228		* @return bool
229		*/
230
231	1	protected function _redirectSearch() : bool
232		{
233	1	$aliasFilter = new Filter\Alias();
234	1	$root = $this->_registry->get('root');
235	1	$parameterRoute = $this->_registry->get('parameterRoute');
236
237		/* handle post */
238
239	1	$table = $aliasFilter->sanitize($this->_request->getPost('table'));
240	1	$search = $aliasFilter->sanitize($this->_request->getPost('search'));
241	1	$tableString = $table ? '/' . $table : null;
242	1	$searchString = $search ? '/' . $search : null;
243
244		/* redirect */
245
246	1	return Header::doRedirect($root . '/' . $parameterRoute . 'search' . $tableString . $searchString);
247		}
248
249		/**
250		* process the search
251		*
252		* @since 3.3.0
253		*
254		* @return string
255		*/
256
257	1	protected function _processSearch() : string
258		{
259	1	$searchController = new Controller\Search($this->_registry, $this->_request, $this->_language, $this->_config);
260	1	return $searchController->process();
261		}
262
263		/**
264		* process the comment
265		*
266		* @since 3.3.0
267		*
268		* @return string
269		*/
270
271	1	protected function _processComment() : string
272		{
273	1	$commentController = new Controller\Comment($this->_registry, $this->_request, $this->_language, $this->_config);
274	1	return $commentController->process();
275		}
276
277		/**
278		* process the login
279		*
280		* @since 3.3.0
281		*
282		* @return string
283		*/
284
285	1	protected function _processLogin() : string
286		{
287	1	$loginController = new Controller\Login($this->_registry, $this->_request, $this->_language, $this->_config);
288	1	return $loginController->process();
289		}
290
291		/**
292		* process the reset
293		*
294		* @since 3.3.0
295		*
296		* @return string
297		*/
298
299	1	protected function _processReset() : string
300		{
301	1	$resetController = new Controller\Reset($this->_registry, $this->_request, $this->_language, $this->_config);
302	1	return $resetController->process();
303		}
304
305		/**
306		* process the recover
307		*
308		* @since 3.3.0
309		*
310		* @return string
311		*/
312
313	1	protected function _processRecover() : string
314		{
315	1	$recoverController = new Controller\Recover($this->_registry, $this->_request, $this->_language, $this->_config);
316	1	return $recoverController->process();
317		}
318
319		/**
320		* process the register
321		*
322		* @since 3.3.0
323		*
324		* @return string
325		*/
326
327	1	protected function _processRegister() : string
328		{
329	1	$registerController = new Controller\Register($this->_registry, $this->_request, $this->_language, $this->_config);
330	1	return $registerController->process();
331		}
332
333		/**
334		* process the logout
335		*
336		* @since 3.3.0
337		*
338		* @return string
339		*/
340
341	1	protected function _processLogout() : string
342		{
343	1	$logoutController = new Controller\Logout($this->_registry, $this->_request, $this->_language, $this->_config);
344	1	return $logoutController->process();
345		}
346
347		/**
348		* process the install
349		*
350		* @since 3.3.0
351		*
352		* @return string
353		*/
354
355	1	protected function _processInstall() : string
356		{
357	1	$emailFilter = new Filter\Email();
358	1	$passwordFilter = new Filter\Password();
359	1	$textFilter = new Filter\Text();
360	1	$userFilter = new Filter\User();
361	1	$this->_request->setSession('installArray',
362		[
363	1	'dbType' => $this->_request->getPost('db-type'),
364	1	'dbHost' => $this->_request->getPost('db-host'),
365	1	'dbName' => $this->_request->getPost('db-name'),
366	1	'dbUser' => $this->_request->getPost('db-user'),
367	1	'dbPassword' => $this->_request->getPost('db-password'),
368	1	'dbPrefix' => $this->_request->getPost('db-prefix'),
369	1	'adminName' => $textFilter->sanitize($this->_request->getPost('admin-name')),
370	1	'adminUser' => $userFilter->sanitize($this->_request->getPost('admin-user')),
371	1	'adminPassword' => $passwordFilter->sanitize($this->_request->getPost('admin-password')),
372	1	'adminEmail' => $emailFilter->sanitize($this->_request->getPost('admin-email')),
373		]);
374	1	$installController = new Controller\Install($this->_registry, $this->_request, $this->_language, $this->_config);
375	1	return $installController->process();
376		}
377
378		/**
379		* render the login
380		*
381		* @since 3.3.0
382		*
383		* @return string
384		*/
385
386	4	protected function _renderLogin() : string
387		{
388	4	$secondParameter = $this->getSecond();
389	4	$thirdParameter = $this->getThird();
390	4	$thirdSubParameter = $this->getThirdSub();
391	4	$settingModel = new Model\Setting();
392
393		/* handle login */
394
395	4	if ($settingModel->get('recovery'))
		0 ignored issues – show Bug Best Practice introduced 2018-10-18 19:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$settingModel->get('recovery')` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
396		{
397	2	if ($secondParameter === 'recover')
398		{
399	1	$recoverForm = new View\RecoverForm($this->_registry, $this->_language);
400	1	return $recoverForm->render();
401		}
402	1	if ($secondParameter === 'reset' && $thirdParameter && $thirdSubParameter)
403		{
404	1	$resetForm = new View\ResetForm($this->_registry, $this->_language);
405	1	return $resetForm->render();
406		}
407		}
408	2	if (!$secondParameter)
409		{
410	1	$loginForm = new View\LoginForm($this->_registry, $this->_language);
411	1	return $loginForm->render();
412		}
413	1	return $this->_errorAccess();
414		}
415
416		/**
417		* render the register
418		*
419		* @since 3.3.0
420		*
421		* @return string
422		*/
423
424	2	protected function _renderRegister() : string
425		{
426	2	$settingModel = new Model\Setting();
427	2	if ($settingModel->get('registration'))
		0 ignored issues – show Bug Best Practice introduced 2018-10-18 19:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$settingModel->get('registration')` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
428		{
429	1	$registerForm = new View\RegisterForm($this->_registry, $this->_language);
430	1	return $registerForm->render();
431		}
432	1	return $this->_errorAccess();
433		}
434
435		/**
436		* render the install
437		*
438		* @since 3.3.0
439		*
440		* @return string
441		*/
442
443	1	protected function _renderInstall() : string
444		{
445	1	$installArray = $this->_request->getSession('installArray');
446	1	$systemStatus = new View\SystemStatus($this->_registry, $this->_language);
447	1	$installForm = new View\InstallForm($this->_registry, $this->_language);
448	1	return $systemStatus->render() . $installForm->render($installArray ? : []);
449		}
450
451		/**
452		* messenger factory
453		*
454		* @since 4.0.0
455		*
456		* @return View\Helper\Messenger
457		*/
458
459	3	protected function _messengerFactory() : View\Helper\Messenger
460		{
461	3	return new View\Helper\Messenger($this->_registry);
462		}
463
464		/**
465		* show the token error
466		*
467		* @since 3.3.0
468		*
469		* @return string
470		*/
471
472	1	protected function _errorToken() : string
473		{
474	1	$messenger = $this->_messengerFactory();
475		return $messenger
476	1	->setUrl($this->_language->get('home'), $this->_registry->get('root'))
477	1	->error($this->_language->get('token_incorrect'), $this->_language->get('error_occurred'));
478		}
479
480		/**
481		* show the access error
482		*
483		* @since 3.3.0
484		*
485		* @return string
486		*/
487
488	2	protected function _errorAccess() : string
489		{
490	2	$messenger = $this->_messengerFactory();
491		return $messenger
492	2	->setUrl($this->_language->get('home'), $this->_registry->get('root'))
493	2	->error($this->_language->get('access_no'), $this->_language->get('error_occurred'));
494		}
495		}
496

redaxscript / redaxscript

Issues (201)

Security Analysis no request data

includes/Router/Router.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like