Issues in Controller.php (master) - Issues in master - samsoncms/security - Measure and Improve Code Quality continuously with Scrutinizer

Issues (18)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Controller.php (11 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php declare(strict_types=1);
/**
 * Created by PhpStorm.
 * User: egorov
 * Date: 17.07.2015
 * Time: 9:20
 */
namespace samsoncms\app\security;

use samson\activerecord\dbQuery;
use samson\activerecord\groupright;
use samsonframework\container\definition\analyzer\annotation\annotation\InjectClass;
use samsonframework\containerannotation\Inject;
use samsonframework\containerannotation\Injectable;
use samsonframework\containerannotation\InjectArgument;
use samsonframework\core\ResourcesInterface;
use samsonframework\core\SystemInterface;
use samsonframework\i18n\i18nInterface;
use samsonframework\orm\QueryInterface;

/**
 * SamsonCMS security controller
 * @package samsoncms\security
 */
class Controller extends \samsoncms\Application
{
    /** Application access right name pattern */
    const RIGHT_APPLICATION_KEY = '/^APPLICATION_(?<application>.*)/ui';

    /** @var array User group rights cache */
    protected $rightsCache = array();

    /** Application name */
    public $name = 'Права';

    /** Application description */
    public $description = 'Права доступа';

    /** Application icon*/
    public $icon = 'unlock';

    /** Identifier */
    public $id = 'security';

    public $dbGroupIdField = 'group_id';

    /** @var string Module identifier */
    protected $entity = '\samson\activerecord\group';

    /** @var string SamsonCMS application form class */
    protected $formClassName = '\samsoncms\app\security\Form';

    /** @var QueryInterface Database query instance */
    protected $query;

    /**
     * @var \samsonframework\i18n\i18nInterface
     * @InjectClass("samsonframework\i18n\I18nInterface")
     */
    protected $i18n;

     //[PHPCOMPRESSOR(remove,start)]
    public function prepare()
    {
        $social = $this->system->module('social');
        //db()->createField($this, $social->dbTable, 'dbGroupIdField', 'INT(11)');

        $adminUser        = '[email protected]';

           // Try to find generic user
        $admin = $this->query
            ->entity($social->dbTable)
            ->where($social->dbEmailField, $adminUser)
            ->first();

        // Add admin group id value
        if (isset($admin)&&($admin[$this->dbGroupIdField] != 1)) {
            $admin[$this->dbGroupIdField] = 1;
            $admin->save();
        }
        return parent::prepare();
    }
    //[PHPCOMPRESSOR(remove,end)]

    /**
     * Asynchronous change group right controller action
     * @param string $groupID Group identifier
     * @param string $rightID Right identifier
     * @return array Asynchronous response array
     */
    public function __async_change($groupID, $rightID)

    {
        $group = null;
        if($this->findEntityByID($groupID, $group)) {

            $right = null;
            if($this->findEntityByID($rightID, $right, 'right')) {

                /** @var \samsonframework\orm\Record  Try to find this right for a specific group */
                $groupRight = null;
                if ($this->query->className('groupright')->cond('GroupID', $groupID)->cond('RightID', $rightID)->first($groupRight)) {
                    // Remove existing
                    $groupRight->delete();

                } else { // Create new
                    $groupRight = new groupright();
                    $groupRight->Active = 1;
                    $groupRight->GroupID = $groupID;
                    $groupRight->RightID = $rightID;
                    $groupRight->save();
                }

                return array('status' => '1');
            }

            return array('status' => '0', 'error' => 'Right #'.$rightID.' was not found');
        }

        return array('status' => '0', 'error' => 'Group #'.$rightID.' was not found');
    }

    /**
     * Core routing(core.routing) event handler
     * @param \samson\core\Core $core
     * @param boolean $securityResult
     * @return boolean True if security passed
     */
    public function handle(&$core, &$securityResult)
    {
        // Remove URL base from current URL, split by '/'
        $parts = explode(__SAMSON_BASE__, $_SERVER['REQUEST_URI']);
        $parts = array_values(array_filter($parts));
        $cmsUrl = isset($parts[0]) ? $parts[0] : '';

        if ($cmsUrl == $core->module('cms')->baseUrl) {
            // Get module identifier
            $module = isset($parts[1]) ? $parts[1] : '';

            // Get action identifier
            //$action = isset($parts[1]) ? $parts[1] : '';
            // Get parameter values collection
            //$params = sizeof($parts) > 2 ? array_slice($parts, 2) : array();
            $social = & $this->system->module('social');

            // If we have are authorized
            if ($social->authorized()) {
                /**@var \samson\activerecord\user Get authorized user object */
                $authorizedUser = $social->user();

                $dbTable = $social->dbTable;
                $groupIdField = $dbTable::$_attributes[$this->dbGroupIdField];

                // Try to load security group rights from cache
                $userRights = & $this->rightsCache[$authorizedUser->$groupIdField];
                if (!isset($userRights)) {
                    // Parse security group rights and store it to cache
                    $userRights = $this->parseGroupRights($authorizedUser->$groupIdField);
                }

                // Hide all applications except with access rights
                foreach (self::$loaded as $application) {
                    if (in_array($application->id, $userRights['application'])
//                        && !in_array(Right::APPLICATION_ACCESS_ALL, $userRights['application'])
                        && $authorizedUser->$groupIdField != 1
                    ) {
                        $application->hide = true;
                    }
                }

                // If we have full right to access all applications or admin
                if (in_array(Right::APPLICATION_ACCESS_ALL, $userRights['application']) || $authorizedUser->$groupIdField == 1) {
                    return $securityResult = true;
                } else if (in_array($module, $userRights['application'])) { // Try to find right to access current application
                    return $securityResult = true;
                } else if ($module == '' && in_array('template', $userRights['application'])) {// Main page(empty url)
                    return $securityResult = true;
                } else { // We cannot access this application
                    return $securityResult = false;
                }
            }
        } else {
            return $securityResult = true;
        }

    }

    /**
     * Parse application access right
     * @param string $rightName Right name
     * @return string Application name
     */
    private function matchApplicationAccessRight($rightName, &$applicationName)
    {
        // Parse application access rights
        $matches = array();
        if (preg_match(Right::APPLICATION_ACCESS_PATTERN, $rightName, $matches)) {
            // Return application name
            $applicationName = strtolower($matches['application']);
            return true;
        }

        return false;
    }

    /**
     * Clear all database security rights records that do not match current application list
     * @param array $accessibleApplications Collection of loaded applications
     */
    private function clearUnmatchedRights(array $accessibleApplications)

    {
        // Go throw all rights and remove unnecessary
        foreach ($this->query->className('right')->exec() as $right) {
            // Match application access rights
            $applicationID = '';
            if ($this->matchApplicationAccessRight($right->Name, $applicationID)) {
                // If there is no such application that access right exists
                if(!isset($accessibleApplications[$applicationID])) {

                    $right->delete();
                }
            }
        }
    }

    /**
     * Parse database application user group rights
     * @param integer $groupID Security group identifier
     * @return array Parsed user group rights
     */
    public function parseGroupRights($groupID)
    {
        /** @var array $parsedRights Parsed rights */
        $parsedRights = array('application' => array());

        /** @var \samsonframework\orm\Record[] $groupRights Collection of user rights */
        $groupRights = array();
        // Retrieve all user group rights
        if ($this->query->className('groupright')->join('right')->cond('GroupID', $groupID)->exec($groupRights)) {
            // Iterate all group rights
            foreach ($groupRights as $groupRight) {
                // If we have rights for this group
                if (isset($groupRight->onetomany['_right'])) {

                    foreach ($groupRight->onetomany['_right'] as $userRight) {

                        // Parse application access rights
                        $applicationID = '';
                        if ($this->matchApplicationAccessRight($userRight->Name, $applicationID)) {
                            $parsedRights['application'][] = $applicationID;
                        }
                    }
                }
            }
        }

        return $parsedRights;
    }

    /** Application initialization */
    public function init(array $params = array())
    {
        $this->i18n = $this->i18n ?? $this->system->module('i18n');
        
        // Find all applications that needs access rights to it
        $accessibleApplications = array(
            'template' => $this->i18n->translate('Главная страница'),   // Main application
            Right::APPLICATION_ACCESS_ALL => Right::APPLICATION_ACCESS_ALL // All application
        );

        // Iterate all loaded applications
        foreach (self::$loaded as $application) {
            // Iterate only applications with names
            $accessibleApplications[$application->id] = $application->name;
        }

        // Iterate all applications that needs access rights
        foreach ($accessibleApplications as $accessibleApplicationID => $accessibleApplicationName) {
            // Try to find this right in db
            if (!$this->query->className('right')->cond('Name', Right::APPLICATION_ACCESS_TEMPLATE.$accessibleApplicationID)->first()
                && isset($accessibleApplicationName{0}) // Name not empty
            ) {
                $right = new Right();
                $right->Name = Right::APPLICATION_ACCESS_TEMPLATE.strtoupper($accessibleApplicationID);

                $right->Description = $accessibleApplicationID != Right::APPLICATION_ACCESS_ALL

                    ? $this->i18n->translate('Доступ к приложению').' "'.$accessibleApplicationName.'"'
                    : $this->i18n->translate('Полный доступ ко всем приложениям');
                $right->Active = 1;
$answer = 42;

$correct = false;

$correct = (bool) $answer;
                $right->save();
            }
        }

        // Subscribe to core security event
        \samsonphp\event\Event::subscribe('core.security', array($this, 'handle'));
    }
}


1			<?php declare(strict_types=1);
2			/**
3			* Created by PhpStorm.
4			* User: egorov
5			* Date: 17.07.2015
6			* Time: 9:20
7			*/
8			namespace samsoncms\app\security;
9
10			use samson\activerecord\dbQuery;
11			use samson\activerecord\groupright;
12			use samsonframework\container\definition\analyzer\annotation\annotation\InjectClass;
13			use samsonframework\containerannotation\Inject;
14			use samsonframework\containerannotation\Injectable;
15			use samsonframework\containerannotation\InjectArgument;
16			use samsonframework\core\ResourcesInterface;
17			use samsonframework\core\SystemInterface;
18			use samsonframework\i18n\i18nInterface;
19			use samsonframework\orm\QueryInterface;
20
21			/**
22			* SamsonCMS security controller
23			* @package samsoncms\security
24			*/
25			class Controller extends \samsoncms\Application
26			{
27			/** Application access right name pattern */
28			const RIGHT_APPLICATION_KEY = '/^APPLICATION_(?<application>.*)/ui';
29
30			/** @var array User group rights cache */
31			protected $rightsCache = array();
32
33			/** Application name */
34			public $name = 'Права';
35
36			/** Application description */
37			public $description = 'Права доступа';
38
39			/** Application icon*/
40			public $icon = 'unlock';
41
42			/** Identifier */
43			public $id = 'security';
44
45			public $dbGroupIdField = 'group_id';
46
47			/** @var string Module identifier */
48			protected $entity = '\samson\activerecord\group';
49
50			/** @var string SamsonCMS application form class */
51			protected $formClassName = '\samsoncms\app\security\Form';
52
53			/** @var QueryInterface Database query instance */
54			protected $query;
55
56			/**
57			* @var \samsonframework\i18n\i18nInterface
58			* @InjectClass("samsonframework\i18n\I18nInterface")
59			*/
60			protected $i18n;
61
62			//[PHPCOMPRESSOR(remove,start)]
63			public function prepare()
64			{
65			$social = $this->system->module('social');
66			//db()->createField($this, $social->dbTable, 'dbGroupIdField', 'INT(11)');
67
68			$adminUser = '[email protected]';
69
70			// Try to find generic user
71			$admin = $this->query
72			->entity($social->dbTable)
73			->where($social->dbEmailField, $adminUser)
74			->first();
75
76			// Add admin group id value
77			if (isset($admin)&&($admin[$this->dbGroupIdField] != 1)) {
78			$admin[$this->dbGroupIdField] = 1;
79			$admin->save();
80			}
81			return parent::prepare();
82			}
83			//[PHPCOMPRESSOR(remove,end)]
84
85			/**
86			* Asynchronous change group right controller action
87			* @param string $groupID Group identifier
88			* @param string $rightID Right identifier
89			* @return array Asynchronous response array
90			*/
91			public function __async_change($groupID, $rightID)
			0 ignored issues – show Coding Style introduced 2016-01-24 16:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this Method name "Controller::__async_change" is not in camel caps format Loading history...
92			{
93			$group = null;
94			if($this->findEntityByID($groupID, $group)) {
			0 ignored issues – show Coding Style introduced 2016-01-24 16:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 1 space after IF keyword; 0 found Loading history...
95			$right = null;
96			if($this->findEntityByID($rightID, $right, 'right')) {
			0 ignored issues – show Coding Style introduced 2016-01-24 16:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 1 space after IF keyword; 0 found Loading history...
97			/** @var \samsonframework\orm\Record Try to find this right for a specific group */
98			$groupRight = null;
99			if ($this->query->className('groupright')->cond('GroupID', $groupID)->cond('RightID', $rightID)->first($groupRight)) {
100			// Remove existing
101			$groupRight->delete();
			0 ignored issues – show Bug introduced 2016-01-24 16:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `delete` cannot be called on `$groupRight` (of type `null`). Methods can only be called on objects. This check looks for methods being called on variables that have been inferred to never be objects. Loading history...
102			} else { // Create new
103			$groupRight = new groupright();
104			$groupRight->Active = 1;
105			$groupRight->GroupID = $groupID;
106			$groupRight->RightID = $rightID;
107			$groupRight->save();
108			}
109
110			return array('status' => '1');
111			}
112
113			return array('status' => '0', 'error' => 'Right #'.$rightID.' was not found');
114			}
115
116			return array('status' => '0', 'error' => 'Group #'.$rightID.' was not found');
117			}
118
119			/**
120			* Core routing(core.routing) event handler
121			* @param \samson\core\Core $core
122			* @param boolean $securityResult
123			* @return boolean True if security passed
124			*/
125			public function handle(&$core, &$securityResult)
126			{
127			// Remove URL base from current URL, split by '/'
128			$parts = explode(__SAMSON_BASE__, $_SERVER['REQUEST_URI']);
129			$parts = array_values(array_filter($parts));
130			$cmsUrl = isset($parts[0]) ? $parts[0] : '';
131
132			if ($cmsUrl == $core->module('cms')->baseUrl) {
133			// Get module identifier
134			$module = isset($parts[1]) ? $parts[1] : '';
135
136			// Get action identifier
137			//$action = isset($parts[1]) ? $parts[1] : '';
138			// Get parameter values collection
139			//$params = sizeof($parts) > 2 ? array_slice($parts, 2) : array();
140			$social = & $this->system->module('social');
141
142			// If we have are authorized
143			if ($social->authorized()) {
144			/*@var \samson\activerecord\user Get authorized user object /
145			$authorizedUser = $social->user();
146
147			$dbTable = $social->dbTable;
148			$groupIdField = $dbTable::$_attributes[$this->dbGroupIdField];
149
150			// Try to load security group rights from cache
151			$userRights = & $this->rightsCache[$authorizedUser->$groupIdField];
152			if (!isset($userRights)) {
153			// Parse security group rights and store it to cache
154			$userRights = $this->parseGroupRights($authorizedUser->$groupIdField);
155			}
156
157			// Hide all applications except with access rights
158			foreach (self::$loaded as $application) {
159			if (in_array($application->id, $userRights['application'])
160			// && !in_array(Right::APPLICATION_ACCESS_ALL, $userRights['application'])
161			&& $authorizedUser->$groupIdField != 1
162			) {
163			$application->hide = true;
164			}
165			}
166
167			// If we have full right to access all applications or admin
168			if (in_array(Right::APPLICATION_ACCESS_ALL, $userRights['application']) \|\| $authorizedUser->$groupIdField == 1) {
169			return $securityResult = true;
170			} else if (in_array($module, $userRights['application'])) { // Try to find right to access current application
171			return $securityResult = true;
172			} else if ($module == '' && in_array('template', $userRights['application'])) {// Main page(empty url)
173			return $securityResult = true;
174			} else { // We cannot access this application
175			return $securityResult = false;
176			}
177			}
178			} else {
179			return $securityResult = true;
180			}
181
182			}
183
184			/**
185			* Parse application access right
186			* @param string $rightName Right name
187			* @return string Application name
188			*/
189			private function matchApplicationAccessRight($rightName, &$applicationName)
190			{
191			// Parse application access rights
192			$matches = array();
193			if (preg_match(Right::APPLICATION_ACCESS_PATTERN, $rightName, $matches)) {
194			// Return application name
195			$applicationName = strtolower($matches['application']);
196			return true;
197			}
198
199			return false;
200			}
201
202			/**
203			* Clear all database security rights records that do not match current application list
204			* @param array $accessibleApplications Collection of loaded applications
205			*/
206			private function clearUnmatchedRights(array $accessibleApplications)
			0 ignored issues – show Unused Code introduced 2016-01-24 16:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method is not used, and could be removed. Loading history...
207			{
208			// Go throw all rights and remove unnecessary
209			foreach ($this->query->className('right')->exec() as $right) {
210			// Match application access rights
211			$applicationID = '';
212			if ($this->matchApplicationAccessRight($right->Name, $applicationID)) {
213			// If there is no such application that access right exists
214			if(!isset($accessibleApplications[$applicationID])) {
			0 ignored issues – show Coding Style introduced 2016-01-24 16:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 1 space after IF keyword; 0 found Loading history...
215			$right->delete();
216			}
217			}
218			}
219			}
220
221			/**
222			* Parse database application user group rights
223			* @param integer $groupID Security group identifier
224			* @return array Parsed user group rights
225			*/
226			public function parseGroupRights($groupID)
227			{
228			/** @var array $parsedRights Parsed rights */
229			$parsedRights = array('application' => array());
230
231			/** @var \samsonframework\orm\Record[] $groupRights Collection of user rights */
232			$groupRights = array();
233			// Retrieve all user group rights
234			if ($this->query->className('groupright')->join('right')->cond('GroupID', $groupID)->exec($groupRights)) {
235			// Iterate all group rights
236			foreach ($groupRights as $groupRight) {
237			// If we have rights for this group
238			if (isset($groupRight->onetomany['_right'])) {
			0 ignored issues – show Bug introduced 2016-01-24 16:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `onetomany` does not seem to exist. Did you mean `oneToMany`? An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
239			foreach ($groupRight->onetomany['_right'] as $userRight) {
			0 ignored issues – show Bug introduced 2016-01-24 16:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `onetomany` does not seem to exist. Did you mean `oneToMany`? An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
240			// Parse application access rights
241			$applicationID = '';
242			if ($this->matchApplicationAccessRight($userRight->Name, $applicationID)) {
243			$parsedRights['application'][] = $applicationID;
244			}
245			}
246			}
247			}
248			}
249
250			return $parsedRights;
251			}
252
253			/** Application initialization */
254			public function init(array $params = array())
255			{
256			$this->i18n = $this->i18n ?? $this->system->module('i18n');
257
258			// Find all applications that needs access rights to it
259			$accessibleApplications = array(
260			'template' => $this->i18n->translate('Главная страница'), // Main application
261			Right::APPLICATION_ACCESS_ALL => Right::APPLICATION_ACCESS_ALL // All application
262			);
263
264			// Iterate all loaded applications
265			foreach (self::$loaded as $application) {
266			// Iterate only applications with names
267			$accessibleApplications[$application->id] = $application->name;
268			}
269
270			// Iterate all applications that needs access rights
271			foreach ($accessibleApplications as $accessibleApplicationID => $accessibleApplicationName) {
272			// Try to find this right in db
273			if (!$this->query->className('right')->cond('Name', Right::APPLICATION_ACCESS_TEMPLATE.$accessibleApplicationID)->first()
274			&& isset($accessibleApplicationName{0}) // Name not empty
275			) {
276			$right = new Right();
277			$right->Name = Right::APPLICATION_ACCESS_TEMPLATE.strtoupper($accessibleApplicationID);
			0 ignored issues – show Bug introduced 2016-10-04 08:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `Name` does not seem to exist in `samsoncms\app\security\Right`. An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
278			$right->Description = $accessibleApplicationID != Right::APPLICATION_ACCESS_ALL
			0 ignored issues – show Bug introduced 2016-10-04 08:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `Description` does not seem to exist. Did you mean `description`? An attempt at access to an undefined property has been detected. This may either be a typographical error or the property has been renamed but there are still references to its old name. If you really want to allow access to undefined properties, you can define magic methods to allow access. See the php core documentation on Overloading. Loading history...
279			? $this->i18n->translate('Доступ к приложению').' "'.$accessibleApplicationName.'"'
280			: $this->i18n->translate('Полный доступ ко всем приложениям');
281			$right->Active = 1;
			0 ignored issues – show Documentation Bug introduced 2016-10-04 08:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$Active` was declared of type `boolean`, but `1` is of type `integer`. Maybe add a type cast? This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42; $correct = false; $correct = (bool) $answer; Loading history...
282			$right->save();
283			}
284			}
285
286			// Subscribe to core security event
287			\samsonphp\event\Event::subscribe('core.security', array($this, 'handle'));
288			}
289			}
290

samsoncms / security

Issues (18)

Security Analysis not enabled

src/Controller.php (11 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like