Issues in Application.php (master) - Issues in master - samsonos/cms_app_gallery - Measure and Improve Code Quality continuously with Scrutinizer

Issues (37)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Application.php (29 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace samsoncms\app\gallery;

use samson\activerecord\Field;
use samsoncms\api\CMS;
use samsoncms\api\Material;
use samsoncms\api\MaterialField;
use samsonphp\event\Event;
use samsoncms\app\gallery\tab\Gallery;
use samsonframework\resource\ResourceMap;

/**
 * SamsonCMS application for interacting with material gallery
 * @author [email protected]
 */
class Application extends \samsoncms\Application
{
    /** Application name */
    public $name = 'Галлерея';

    /** Hide application access from main menu */
    public $hide = true;

    /** @var string Entity class name */
    protected $entity = '\samson\activerecord\gallery';

    /** Identifier */
    protected $id = 'gallery';

    /** @var \samsonphp\fs\FileService File service pointer */
    protected $fs;

    /**
     * Initialize module
     * @param array $params Collection of parameters
     * @return bool True if success
     */
    public function init(array $params = array())
    {
        // TODO: Should be change to DI in future
        // Set pointer to file service
        $this->fs = & $this->system->module('fs');

        // Subscribe to material form created event for custom tab rendering
        Event::subscribe('samsoncms.material.form.created', array($this, 'tabBuilder'));

        // Subscribe to event - add gallery field additional field type
        Event::subscribe('cms_field.select_create', array($this, 'fieldSelectCreate'));

        return parent::init($params);
    }

    /**
     * Render all gallery additional fields as material form tabs
     * @param \samsoncms\app\material\form\Form $form Material form insctance
     */
    public function tabBuilder(\samsoncms\app\material\form\Form & $form)
    {
        // If we have related structures
        if (count($form->navigationIDs)) {
            // Get all gallery additional field for material form structures
            $galleryFields = $this->query->entity(\samsoncms\api\Field::class)
                ->where('Type', 9)
                ->join('structurefield')
                ->where('structurefield_StructureID', $form->navigationIDs)
                ->exec();

            // Create tab for each additional gallery field
            foreach ($galleryFields as $field) {
                $form->tabs[] = new Gallery($this, $this->query, $form->entity, $field);
            }
        }
    }

    /** Field select creation event handler */
    public function fieldSelectCreate(&$list)
    {
        $list[t('Галлерея', true)] = 9;

    }

    /**
     * Controller for deleting material image from gallery
     * @param string $imageId Gallery Image identifier
     * @return array Async response array
     */
    public function __async_delete($imageId, $materialFieldID = null)

    {
        // Async response
        $result = array();

        /** @var \samson\activerecord\gallery $image */
        $image = null;

        // Find gallery record in DB
        if ($this->findAsyncEntityByID($imageId, $image, $result)) {
            if ($image->Path != '') {
                // Get image path
                $imagePath = $this->formImagePath($image->Path, $image->Src);
                // Physically remove file from server
                if ($this->imageExists($imagePath)) {
                    $this->fs->delete($imagePath);
                }

                // Delete thumbnails
                if (class_exists('\samson\scale\ScaleController', false)) {
                    /** @var \samson\scale\ScaleController $scale */
                    $scale = $this->system->module('scale');

                    foreach (array_keys($scale->thumnails_sizes) as $folder) {
                        // Form image path for scale module
                        $imageScalePath = $this->formImagePath($image->Path . $folder . '/', $image->Src);
                        if ($this->imageExists($imageScalePath)) {
                            $this->fs->delete($imageScalePath);
                        }
                    }
                }
            }

            // Remove record from DB
            $image->delete();
        }

        return $this->__async_update($materialFieldID);
    }

    /**
     * Controller for rendering gallery images list
     * @param int $materialFieldId Gallery identifier, represented as materialfield id
     * @return array Async response array
     */
    public function __async_update($materialFieldId)

    {
        return array('status' => true, 'html' => $this->getHTML($materialFieldId));
    }

	/**
     * Controller for getting quantity image in gallery.
     *
     * @param integer $materialFieldId identefier Table MaterialField
     * @return array Async response array with additional param count.
     */
    public function __async_getCount($materialFieldId)

    {
        // @var array $result Result of asynchronous controller
        $response = array('status' => 1);
        // Getting quantity from DB by param materialFieldId
        $response['count'] = $this->query
            ->entity(CMS::MATERIAL_IMAGES_RELATION_ENTITY)
            ->where(MaterialField::F_PRIMARY, $materialFieldId)
            ->count();

        return $response;
    }
	
	/**
     *  Controller for update material image properties alt from gallery.
     *
     *  @param int $imageId Gallery image identifier
     *  @return array async response
     */
    public function __async_updateAlt($imageId)

    {
        // @var array $result Result of asynchronous controller
        $result = array('status' => false);
        // @var \samson\activerecord\gallery $image Image to insert into editor
        $image = null;
        //get data from ajax
        $data = json_decode(file_get_contents('php://input'), true);
        //set input value
        $value = trim($data['value']);


        // Getting first field image
        if ($this->query->entity(CMS::MATERIAL_IMAGES_RELATION_ENTITY)
            ->where('PhotoID', $imageId)->first($image)) {

            // Update value alt
            $image->Description = $value;
            // Save result in datebase
            $image->save();
            // Set success status
            $result['status'] = true;
            // Reduce number of characters to 25
            $result['description'] = utf8_limit_string($value, 25, '...');
            // Return result value
            $result['value'] = $value;
        }

        return $result;
    }
	
    /**
     * Controller for image upload
     * @param string $materialFieldId Gallery identifier, represented as materialfield id
     * @return array Async response array
     */
    public function __async_upload($materialFieldId)
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $result = array('status' => false);

        /** @var \samsonphp\upload\Upload $upload Pointer to uploader object */
        $upload = null;
        // Verify extension image
        if ($this->verifyExtensionFile()) {
            // Uploading file to server and path current material identifier
            if (uploadFile($upload, array(), $materialFieldId)) {
                /** @var \samson\activerecord\materialfield $materialField MaterialField object to identify gallery */
                $materialField = null;
//            /** @var array $children List of related materials */
//            $children = null;
                // Check if participant has not uploaded remix yet
                if (
                $this->query->entity(MaterialField::ENTITY)
                    ->where('MaterialFieldID', $materialFieldId)
                    ->where('Active', 1)
                    ->first($materialField)

                ) {
                    // Create empty db record
                    $photo = new \samson\activerecord\gallery(false);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
                    $photo->Name = $upload->realName();
                    $photo->Src = $upload->name();
                    $photo->Path = $upload->path();
                    $photo->materialFieldId = $materialField->id;

                    $photo->MaterialID = $materialField->MaterialID;
                    $photo->size = $upload->size();
                    $photo->Active = 1;
$answer = 42;

$correct = false;

$correct = (bool) $answer;
                    $photo->save();


                    // Call scale if it is loaded
                    if (class_exists('\samson\scale\ScaleController', false)) {
                        /** @var \samson\scale\ScaleController $scale */
                        $scale = $this->system->module('scale');
                        $scale->resize($upload->fullPath(), $upload->name(), $upload->uploadDir);
                    }

                    $result['status'] = true;
                }
            }
        } else {
            $errorText = "Файл ( " . urldecode($_SERVER['HTTP_X_FILE_NAME']) . " ) не является картинкой!";
            $result = array('status' => false, 'errorText' => $errorText);
        }

        return $result;
    }

    /**
     * method for verify extension file
     * @return boolean true - file is image, false - file not image
     * */
    private function verifyExtensionFile()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $supported_image = array(
            'gif',
            'jpg',
            'jpeg',
            'png'
        );

        $fileName = $_SERVER['HTTP_X_FILE_NAME'];

        $ext = strtolower(pathinfo($fileName, PATHINFO_EXTENSION));
        if (in_array($ext, $supported_image)) {
            return true;
        }
        return false;
    }

    /**
     * Function to save image priority
     * @return array Async response array
     */
    public function __async_priority()
// Bad
class Router
{
    public function generate($path)
    {
        return $_SERVER['HOST'].$path;
    }
}

// Better
class Router
{
    private $host;

    public function __construct($host)
    {
        $this->host = $host;
    }

    public function generate($path)
    {
        return $this->host.$path;
    }
}

class Controller
{
    public function myAction(Request $request)
    {
        // Instead of
        $page = isset($_GET['page']) ? intval($_GET['page']) : 1;

        // Better (assuming you use the Symfony2 request)
        $page = $request->query->get('page', 1);
    }
}
    {
        $result = array('status' => true);

        // If we have changed priority of images
        if (isset($_POST['ids'])) {
            // For each received image id
            for ($i = 0; $i < count($_POST['ids']); $i++) {
for ($i=0; $i<count($array); $i++) { // calls count() on each iteration
}

// Better
for ($i=0, $c=count($array); $i<$c; $i++) { // calls count() just once
}
                /** @var \samson\activerecord\gallery $photo Variable to store image info */
                $photo = null;
                // If we have such image in database
                if ($this->query->entity(CMS::MATERIAL_IMAGES_RELATION_ENTITY)->where('PhotoID', $_POST['ids'][$i])->first($photo)) {

                    // Reset it's priority and save it
                    $photo->priority = $i;
                    $photo->save();
                } else {
                    $result['status'] = false;
                    $result['message'] = 'Can not find images with specified ids!';
                }
            }
        } else {
            $result['status'] = false;
            $result['message'] = 'There are no images to sort!';
        }
        return $result;
    }

    /**
     * Asynchronous function to get image editor
     * @param int $imageId Image identifier to insert into editor
     * @return array Result array
     */
    public function __async_show_edit($imageId)

    {
        /** @var array $result Result of asynchronous controller */
        $result = array('status' => false);
        /** @var \samson\activerecord\gallery $image Image to insert into editor */
        $image = null;
        if ($this->query->entity(CMS::MATERIAL_IMAGES_RELATION_ENTITY)->where('PhotoID', $imageId)->first($image)) {


            /** @var string $path Path to image */
            $path = $this->formImagePath($image->Path, $image->Src);

            // If there is image for this path
            if ($this->imageExists($path)) {
                $result['status'] = true;
                $result['html'] = $this->view('editor/index')
                    ->set($image, 'image')
                    ->set($path, 'path')
                    ->output();
            }
        }
        return $result;
    }

    /**
     * Applies all changes with the image and save it
     * @param int $imageId Edit image identifier
     * @return array
     */
    public function __async_edit($imageId)

    {
        /** @var array $result Result of asynchronous controller */
        $result = array('status' => false);
        /** @var \samson\activerecord\gallery $image Image to insert into editor */
        $image = null;
        /** @var resource $imageResource Copy of edit image */
        $imageResource = null;
        /** @var resource $croppedImage Resource of cropped image */
        $croppedImage = null;

        // If there is such image in database
        if ($this->query->entity(CMS::MATERIAL_IMAGES_RELATION_ENTITY)->where('PhotoID', $imageId)->first($image)) {


            // Form proper path
            $path = $this->formImagePath($image->Path, $image->Src);

            // Check image extension
            switch (pathinfo($path, PATHINFO_EXTENSION)) {
                case 'jpeg':
                case 'jpg':
                    $imageResource = imagecreatefromjpeg($path);
                    $croppedImage = $this->cropImage($imageResource);
class ParentClass {
    private $data = array();

    public function __call($method, array $args) {
        if (0 === strpos($method, 'get')) {
            return $this->data[strtolower(substr($method, 3))];
        }

        throw new \LogicException(sprintf('Unsupported method: %s', $method));
    }
}

/**
 * If this class knows which fields exist, you can specify the methods here:
 *
 * @method string getName()
 */
class SomeClass extends ParentClass { }
                    $result['status'] = imagejpeg($croppedImage, $path);
                    break;
                case 'png':

                    $imageResource = imagecreatefrompng($path);
                    $croppedImage = $this->cropTransparentImage($imageResource);
class ParentClass {
    private $data = array();

    public function __call($method, array $args) {
        if (0 === strpos($method, 'get')) {
            return $this->data[strtolower(substr($method, 3))];
        }

        throw new \LogicException(sprintf('Unsupported method: %s', $method));
    }
}

/**
 * If this class knows which fields exist, you can specify the methods here:
 *
 * @method string getName()
 */
class SomeClass extends ParentClass { }
                    $result['status'] = imagepng($croppedImage, $path);
                    break;
                case 'gif':

                    $imageResource = imagecreatefromgif($path);
                    $croppedImage = $this->cropTransparentImage($imageResource);
class ParentClass {
    private $data = array();

    public function __call($method, array $args) {
        if (0 === strpos($method, 'get')) {
            return $this->data[strtolower(substr($method, 3))];
        }

        throw new \LogicException(sprintf('Unsupported method: %s', $method));
    }
}

/**
 * If this class knows which fields exist, you can specify the methods here:
 *
 * @method string getName()
 */
class SomeClass extends ParentClass { }
                    $result['status'] = imagegif($croppedImage, $path);
                    break;
            }

            // delete temporary images
            imagedestroy($croppedImage);
            imagedestroy($imageResource);
        }
        return $result;
    }

    /**
     * Render gallery images list
     * @param string $materialFieldId Material identifier
     * @return string html representation of image list
     */
    public function getHTML($materialFieldId)
    {
        // Get all material images
        $items_html = '';
        /** @var array $images List of gallery images */
        $images = null;
        // there are gallery images
        if ($this->query->entity(CMS::MATERIAL_IMAGES_RELATION_ENTITY)->where('materialFieldId', $materialFieldId)->orderBy('priority')->exec($images)) {

            /** @var \samson\cms\CMSGallery $image */
            foreach ($images as $image) {
                // Get image size string
                $size = ', ';
                // Get image path
                $path = $this->formImagePath($image->Path, $image->Src);

                // if file doesn't exist
                if (!$this->imageExists($path)) {
                      $path = ResourceMap::find('www/img/no-img.png', $this);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
                }

                // set image size string representation, if it is not 0
                $size = ($image->size == 0) ? '' : $size . $this->humanFileSize($image->size);

                // Render gallery image tumb
                $items_html .= $this->view('tumbs/item')
                    ->set($image, 'image')
                    ->set(utf8_limit_string($image->Description, 25, '...'), 'description')
                    ->set(utf8_limit_string($image->Name, 18, '...'), 'name')
                    ->set($path, 'imgpath')
                    ->set($size, 'size')
                    ->set($materialFieldId, 'material_id')
                    ->output();
            }
        }

        // Render content into inner content html
        return $this->view('tumbs/index')
            ->set($items_html, 'images')
            ->set($materialFieldId, 'material_id')
            ->output();
    }

    /**
     * Function to form image size
     * @param int $bytes Bytes count
     * @param int $decimals Decimal part of number(count of numbers)
     * @return string Generated image size
     */
    public function humanFileSize($bytes, $decimals = 2)
    {
        /** @var string $sizeLetters Size shortcuts */
        $sizeLetters = 'BKBMBGBTBPB';
        $factor = (int)(floor((strlen($bytes) - 1) / 3));
        $sizeLetter = ($factor <= 0) ? substr($sizeLetters, 0, 1) : substr($sizeLetters, $factor * 2 - 1, 2);
        return sprintf("%.{$decimals}f", $bytes / pow(1024, $factor)) . $sizeLetter;
    }

    /**
     * Checks if image exists, supports old database structure
     * @param string $imagePath Path to image(Full or not)
     * @param string $imageSrc Image name, if it wasn't in $imagePath
     * @return bool
     */
    private function imageExists($imagePath, $imageSrc = null)
    {
        // If image name is sewhere parameter
        if (isset($imageSrc)) {
            // Form path to the image
            $imageFullPath = $this->formImagePath($imagePath, $imageSrc);
        } else {
            // Path was already set
            $imageFullPath = $imagePath;
        }

        // Call file service existence method
        return $this->fs->exists($imageFullPath);
    }

    /**
     * Function to form image path correctly, also supports old database structure
     * @param string $imagePath Path to the image
     * @param string $imageSrc Image name
     * @return string Full path to image
     */
    private function formImagePath($imagePath, $imageSrc)
    {
        // Get old-way image path, remove full path to check file
        if (empty($imagePath)) {
            $path = $imageSrc;
        } else { // Use new CORRECT way
            $path = $imagePath . $imageSrc;
        }

        // form relative path to the image
        $dir = quotemeta(__SAMSON_BASE__);
        // TODO: WTF? Why do we need this, need comments!!!
        if (strpos($path, 'http://') === false) {
            if ($dir == '/') {
                return substr($path, 1);
            } else {
                return preg_replace('/' . addcslashes($dir, '/') . '/', '', $path);
            }
        }

        return $path;
    }
}


samsonos / cms_app_gallery

Issues (37)

Security Analysis not enabled

src/Application.php (29 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like