Issues in Action.php (master) - Issues in master - rudolfcms/rudolf - Measure and Improve Code Quality continuously with Scrutinizer

Issues (337)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/component/Hooks/Action.php (13 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Rudolf\Component\Hooks;

/**
 * Hooks class. (WordPress plugin API fork).
 *
 * @author Mikołaj Pich <[email protected]>
 *
 * @version 0.1
 */
class Action
{
    /**
     * holds list of actions.
     *
     * @var array
     */
    public static $actions = array();

    /**
     * add Hooks a function on to a specific action.
     *
     * @since 0.1
     *
     * @param string   $tag           The name of the action to which the $functionToAdd is hooked.
     * @param callback $functionToAdd The name of the function you wish to be called.
     * @param int      $priority      optional. Used to specify the order in which the functions associated
     *                                with a particular action are executed (default: 10). Lower numbers correspond with
     *                                earlier execution, and functions with the same priority are executed in the order in
     *                                which they were added to the action.
     * @param int      $accepted_args optional. The number of arguments the function accept (default 1).
     *
     * @return bool
     */
    public static function add($tag, $functionToAdd, $priority = 10, $accepted_args = 1)
    {
        return Filter::add($tag, $functionToAdd, $priority, $accepted_args);
    }

    /**
     * isHas Check if any action has been registered for a hook.
     *
     * @since 0.1
     *
     * @param string   $tag               The name of the action hook.
     * @param callback $function_to_check optional.
     *
     * @return mixed If $function_to_check is omitted, returns boolean for whether the hook has
     *               anything registered. When checking a specific function, the priority of that hook is
     *               returned, or false if the function is not attached. When using the $function_to_check
     *               argument, this function may return a non-boolean value that evaluates to false
     *               (e.g.) 0, so use the === operator for testing the return value.
     */
    public static function isHas($tag, $function_to_check = false)
    {
        return Filter::has($tag, $function_to_check);

    }

    /**
     * remove Removes a function from a specified action hook.
     *
     * @since 0.1
     *
     * @param string   $tag              The action hook to which the function to be removed is hooked.
     * @param callback $functionToRemove The name of the function which should be removed.
     * @param int      $priority         optional The priority of the function (default: 10).
     *
     * @return bool Whether the function is removed.
     */
    public static function remove($tag, $functionToRemove, $priority = 10)
    {
        return Filter::remove($tag, $functionToRemove, $priority);
    }

    /**
     * removeAll Remove all of the hooks from an action.
     *
     * @since 0.1
     *
     * @param string $tag      The action to remove hooks from.
     * @param int    $priority The priority number to remove them from.
     *
     * @return bool True when finished.
     */
    public function removeAll($tag, $priority = false)
    {
        return Filter::removeAll($tag, $priority);
    }

    /**
     * dispatch Execute functions hooked on a specific action hook.
     *
     * @since 0.1
     *
     * @param string $tag     The name of the action to be executed.
     * @param mixed  $arg,... Optional additional arguments which are passed on to the functions
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
     *                        hooked to the action.
     */
    public static function dispatch($tag, $arg = '')
    {
        if (!isset(self::$actions)) {
            self::$actions = array();
        }

        if (!isset(self::$actions[$tag])) {

            self::$actions[$tag] = 1;
        } else {
            ++self::$actions[$tag];
        }

        // Do 'all' actions first
        if (isset(Filter::$filters['all'])) {
            Filter::$currentFilter[] = $tag;
            $all_args = func_get_args();
            self::_call_all_hook($all_args);

        }

        if (!isset(Filter::$filters[$tag])) {

            if (isset(Filter::$filters['all'])) {
                array_pop(Filter::$currentFilter);
            }

            return;
        }

        if (!isset(Filter::$filters['all'])) {
            Filter::$currentFilter[] = $tag;
        }

        $args = array();
        if (is_array($arg) && 1 == count($arg) && isset($arg[0]) && is_object($arg[0])) { // array (&$this)
            $args[] = &$arg[0];
        } else {
            $args[] = $arg;
        }
        for ($a = 2, $aMax = func_num_args(); $a < $aMax; ++$a) {
            $args[] = func_get_arg($a);
        }

        // Sort
        if (!isset(Filter::$mergedFilters[ $tag ])) {

            ksort(Filter::$filters[$tag]);
            Filter::$mergedFilters[ $tag ] = true;
        }

        reset(Filter::$filters[$tag]);

        do {
            foreach ((array) current(Filter::$filters[$tag]) as $the_) {
                if (!is_null($the_['function'])) {
                    call_user_func_array($the_['function'], array_slice($args, 0, (int) $the_['accepted_args']));
                }
            }
        } while (next(Filter::$filters[$tag]) !== false);

        array_pop(Filter::$currentFilter);
    }

    /**
     * doRefArray Execute functions hooked on a specific action hook, specifying arguments in an array.
     *
     * @since 0.1
     *
     * @param string $tag  The name of the action to be executed.
     * @param array  $args The arguments supplied to the functions hooked to <tt>$tag</tt>
     */
    public static function doRefArray($tag, $args)
    {
        if (!isset(self::$actions)) {
            self::$actions = array();
        }

        if (!isset(self::$actions[$tag])) {

            self::$actions[$tag] = 1;
        } else {
            ++self::$actions[$tag];
        }

        // Do 'all' actions first
        if (isset(Filter::$filters['all'])) {

            Filter::$currentFilter[] = $tag;
            $all_args = func_get_args();
            self::$_call_all_hook($all_args);

        }

        if (!isset(Filter::$filters[$tag])) {

            if (isset(Filter::$filters['all'])) {
                array_pop(Filter::$currentFilter);
            }

            return;
        }

        if (!isset(Filter::$filters['all'])) {
            Filter::$currentFilter[] = $tag;
        }

        // Sort
        if (!isset($merged_filters[ $tag ])) {

            ksort(Filter::$filters[$tag]);
            $merged_filters[ $tag ] = true;
foreach ($collection as $item) {
    $myArray['foo'] = $item->getFoo();

    if ($item->hasBar()) {
        $myArray['bar'] = $item->getBar();
    }

    // do something with $myArray
}
        }

        reset(Filter::$filters[ $tag ]);

        do {
            foreach ((array) current(Filter::$filters[$tag]) as $the_) {
                if (!is_null($the_['function'])) {
                    call_user_func_array($the_['function'], array_slice($args, 0, (int) $the_['accepted_args']));
                }
            }
        } while (next(Filter::$filters[$tag]) !== false);

        array_pop(Filter::$currentFilter);
    }

    /**
     * did Retrieve the number of times an action is fired.
     *
     * @since 0.1
     *
     * @param string $tag The name of the action hook.
     *
     * @return int The number of times action hook <tt>$tag</tt> is fired
     */
    public static function did($tag)
    {
        if (!isset(self::$actions) || !isset(self::$actions[$tag])) {
            return 0;
        }

        return self::$actions[$tag];
    }

    /**
     * Retrieve the name of the current action.
     *
     * @since 0.1.2
     *
     * @uses Filter::current()
     *
     * @return string Hook name of the current action.
     */
    public static function current()
    {
        return Filter::current();

    }

    /**
     * Retrieve the name of an action currently being processed.
     *
     * @since 0.1.2
     *
     * @uses Filter::doing()
     *
     * @param string|null $action Optional. Action to check. Defaults to null, which checks
     *                            if any action is currently being run.
     *
     * @return bool Whether the action is currently in the stack.
     */
    public static function doing($action = null)
    {
        return Filter::doing($action);
    }
}


1		<?php
2
3		namespace Rudolf\Component\Hooks;
4
5		/**
6		* Hooks class. (WordPress plugin API fork).
7		*
8		* @author Mikołaj Pich <[email protected]>
9		*
10		* @version 0.1
11		*/
12		class Action
13		{
14		/**
15		* holds list of actions.
16		*
17		* @var array
18		*/
19		public static $actions = array();
20
21		/**
22		* add Hooks a function on to a specific action.
23		*
24		* @since 0.1
25		*
26		* @param string $tag The name of the action to which the $functionToAdd is hooked.
27		* @param callback $functionToAdd The name of the function you wish to be called.
28		* @param int $priority optional. Used to specify the order in which the functions associated
29		* with a particular action are executed (default: 10). Lower numbers correspond with
30		* earlier execution, and functions with the same priority are executed in the order in
31		* which they were added to the action.
32		* @param int $accepted_args optional. The number of arguments the function accept (default 1).
33		*
34		* @return bool
35		*/
36		public static function add($tag, $functionToAdd, $priority = 10, $accepted_args = 1)
37		{
38		return Filter::add($tag, $functionToAdd, $priority, $accepted_args);
39		}
40
41		/**
42		* isHas Check if any action has been registered for a hook.
43		*
44		* @since 0.1
45		*
46		* @param string $tag The name of the action hook.
47		* @param callback $function_to_check optional.
48		*
49		* @return mixed If $function_to_check is omitted, returns boolean for whether the hook has
50		* anything registered. When checking a specific function, the priority of that hook is
51		* returned, or false if the function is not attached. When using the $function_to_check
52		* argument, this function may return a non-boolean value that evaluates to false
53		* (e.g.) 0, so use the === operator for testing the return value.
54		*/
55		public static function isHas($tag, $function_to_check = false)
56		{
57		return Filter::has($tag, $function_to_check);
		0 ignored issues – show Bug introduced 2017-01-15 23:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `has()` does not seem to exist on `object<Rudolf\Component\Hooks\Filter>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
58		}
59
60		/**
61		* remove Removes a function from a specified action hook.
62		*
63		* @since 0.1
64		*
65		* @param string $tag The action hook to which the function to be removed is hooked.
66		* @param callback $functionToRemove The name of the function which should be removed.
67		* @param int $priority optional The priority of the function (default: 10).
68		*
69		* @return bool Whether the function is removed.
70		*/
71		public static function remove($tag, $functionToRemove, $priority = 10)
72		{
73		return Filter::remove($tag, $functionToRemove, $priority);
74		}
75
76		/**
77		* removeAll Remove all of the hooks from an action.
78		*
79		* @since 0.1
80		*
81		* @param string $tag The action to remove hooks from.
82		* @param int $priority The priority number to remove them from.
83		*
84		* @return bool True when finished.
85		*/
86		public function removeAll($tag, $priority = false)
87		{
88		return Filter::removeAll($tag, $priority);
89		}
90
91		/**
92		* dispatch Execute functions hooked on a specific action hook.
93		*
94		* @since 0.1
95		*
96		* @param string $tag The name of the action to be executed.
97		* @param mixed $arg,... Optional additional arguments which are passed on to the functions
		0 ignored issues – show Bug introduced 2017-01-15 23:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$arg,...`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
98		* hooked to the action.
99		*/
100		public static function dispatch($tag, $arg = '')
101		{
102		if (!isset(self::$actions)) {
103		self::$actions = array();
104		}
105
106	View Code Duplication	if (!isset(self::$actions[$tag])) {
		0 ignored issues – show Duplication introduced 2017-01-15 23:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
107		self::$actions[$tag] = 1;
108		} else {
109		++self::$actions[$tag];
110		}
111
112		// Do 'all' actions first
113		if (isset(Filter::$filters['all'])) {
114		Filter::$currentFilter[] = $tag;
115		$all_args = func_get_args();
116		self::_call_all_hook($all_args);
		0 ignored issues – show Bug introduced 2017-08-16 19:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `_call_all_hook()` does not seem to exist on `object<Rudolf\Component\Hooks\Action>`. This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces. This is most likely a typographical error or the method has been renamed. Loading history...
117		}
118
119	View Code Duplication	if (!isset(Filter::$filters[$tag])) {
		0 ignored issues – show Duplication introduced 2017-03-15 19:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
120		if (isset(Filter::$filters['all'])) {
121		array_pop(Filter::$currentFilter);
122		}
123
124		return;
125		}
126
127		if (!isset(Filter::$filters['all'])) {
128		Filter::$currentFilter[] = $tag;
129		}
130
131		$args = array();
132		if (is_array($arg) && 1 == count($arg) && isset($arg[0]) && is_object($arg[0])) { // array (&$this)
133		$args[] = &$arg[0];
134		} else {
135		$args[] = $arg;
136		}
137		for ($a = 2, $aMax = func_num_args(); $a < $aMax; ++$a) {
138		$args[] = func_get_arg($a);
139		}
140
141		// Sort
142	View Code Duplication	if (!isset(Filter::$mergedFilters[ $tag ])) {
		0 ignored issues – show Duplication introduced 2017-01-15 23:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
143		ksort(Filter::$filters[$tag]);
144		Filter::$mergedFilters[ $tag ] = true;
145		}
146
147		reset(Filter::$filters[$tag]);
148
149		do {
150		foreach ((array) current(Filter::$filters[$tag]) as $the_) {
151		if (!is_null($the_['function'])) {
152		call_user_func_array($the_['function'], array_slice($args, 0, (int) $the_['accepted_args']));
153		}
154		}
155		} while (next(Filter::$filters[$tag]) !== false);
156
157		array_pop(Filter::$currentFilter);
158		}
159
160		/**
161		* doRefArray Execute functions hooked on a specific action hook, specifying arguments in an array.
162		*
163		* @since 0.1
164		*
165		* @param string $tag The name of the action to be executed.
166		* @param array $args The arguments supplied to the functions hooked to <tt>$tag</tt>
167		*/
168		public static function doRefArray($tag, $args)
169		{
170		if (!isset(self::$actions)) {
171		self::$actions = array();
172		}
173
174	View Code Duplication	if (!isset(self::$actions[$tag])) {
		0 ignored issues – show Duplication introduced 2017-01-15 23:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
175		self::$actions[$tag] = 1;
176		} else {
177		++self::$actions[$tag];
178		}
179
180		// Do 'all' actions first
181	View Code Duplication	if (isset(Filter::$filters['all'])) {
		0 ignored issues – show Duplication introduced 2017-03-15 19:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
182		Filter::$currentFilter[] = $tag;
183		$all_args = func_get_args();
184		self::$_call_all_hook($all_args);
		0 ignored issues – show Bug introduced 2017-01-15 23:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$_call_all_hook` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history...
185		}
186
187	View Code Duplication	if (!isset(Filter::$filters[$tag])) {
		0 ignored issues – show Duplication introduced 2017-03-15 19:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
188		if (isset(Filter::$filters['all'])) {
189		array_pop(Filter::$currentFilter);
190		}
191
192		return;
193		}
194
195		if (!isset(Filter::$filters['all'])) {
196		Filter::$currentFilter[] = $tag;
197		}
198
199		// Sort
200		if (!isset($merged_filters[ $tag ])) {
		0 ignored issues – show Bug introduced 2017-01-15 23:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$merged_filters` seems only to be defined at a later point. As such the call to `isset()` seems to always evaluate to `false`. This check marks calls to `isset(...)` or `empty(...)` that are found before the variable itself is defined. These will always have the same result. This is likely the result of code being shifted around. Consider removing these calls. Loading history...
201		ksort(Filter::$filters[$tag]);
202		$merged_filters[ $tag ] = true;
		0 ignored issues – show Coding Style Comprehensibility introduced 2017-01-15 23:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$merged_filters` was never initialized. Although not strictly required by PHP, it is generally a good practice to add `$merged_filters = array();` before regardless. Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) { $myArray['foo'] = $item->getFoo(); if ($item->hasBar()) { $myArray['bar'] = $item->getBar(); } // do something with $myArray } As you can see in this example, the array `$myArray` is initialized the first time when the foreach loop is entered. You can also see that the value of the `bar` key is only written conditionally; thus, its value might result from a previous iteration. This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization `$myArray = array()` either outside or inside the foreach loop. Loading history...
203		}
204
205		reset(Filter::$filters[ $tag ]);
206
207		do {
208		foreach ((array) current(Filter::$filters[$tag]) as $the_) {
209		if (!is_null($the_['function'])) {
210		call_user_func_array($the_['function'], array_slice($args, 0, (int) $the_['accepted_args']));
211		}
212		}
213		} while (next(Filter::$filters[$tag]) !== false);
214
215		array_pop(Filter::$currentFilter);
216		}
217
218		/**
219		* did Retrieve the number of times an action is fired.
220		*
221		* @since 0.1
222		*
223		* @param string $tag The name of the action hook.
224		*
225		* @return int The number of times action hook <tt>$tag</tt> is fired
226		*/
227		public static function did($tag)
228		{
229		if (!isset(self::$actions) \|\| !isset(self::$actions[$tag])) {
230		return 0;
231		}
232
233		return self::$actions[$tag];
234		}
235
236		/**
237		* Retrieve the name of the current action.
238		*
239		* @since 0.1.2
240		*
241		* @uses Filter::current()
242		*
243		* @return string Hook name of the current action.
244		*/
245		public static function current()
246		{
247		return Filter::current();
		0 ignored issues – show Bug introduced 2017-01-15 23:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `current()` does not exist on `Rudolf\Component\Hooks\Filter`. Did you maybe mean `currentFilter()`? This check marks calls to methods that do not seem to exist on an object. This is most likely the result of a method being renamed without all references to it being renamed likewise. Loading history...
248		}
249
250		/**
251		* Retrieve the name of an action currently being processed.
252		*
253		* @since 0.1.2
254		*
255		* @uses Filter::doing()
256		*
257		* @param string\|null $action Optional. Action to check. Defaults to null, which checks
258		* if any action is currently being run.
259		*
260		* @return bool Whether the action is currently in the stack.
261		*/
262		public static function doing($action = null)
263		{
264		return Filter::doing($action);
265		}
266		}
267

rudolfcms / rudolf

Issues (337)

Security Analysis not enabled

src/component/Hooks/Action.php (13 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like