filtres_mini.php ➔ protocole_verifier() - Code Metrics - Inspection of "Report de r24018 : Fix #4157 : les inconsistances..." - spip/SPIP - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — spip-3.0 ( 0bbd73...b24c06 )

by cam

created 2018-09-29 09:00 UTC

filtres_mini.php ➔ protocole_verifier() A

↳ Parent: Project

Complexity

Conditions	4
Paths	3

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Importance

Changes

Metric	Value
cc	4
nc	3
nop	2
dl	0
loc	11
rs	9.9
c	0
b	0
f	0

<?php

/***************************************************************************\
 *  SPIP, Systeme de publication pour l'internet                           *
 *                                                                         *
 *  Copyright (c) 2001-2016                                                *
 *  Arnaud Martin, Antoine Pitrou, Philippe Riviere, Emmanuel Saint-James  *
 *                                                                         *
 *  Ce programme est un logiciel libre distribue sous licence GNU/GPL.     *
 *  Pour plus de details voir le fichier COPYING.txt ou l'aide en ligne.   *
\***************************************************************************/


if (!defined('_ECRIRE_INC_VERSION')) return;

//
// Filtres d'URLs
//

// Nettoyer une URL contenant des ../
//
// resolve_url('/.././/truc/chose/machin/./.././.././hopla/..');
// inspire (de loin) par PEAR:NetURL:resolvePath
//
// http://doc.spip.org/@resolve_path
function resolve_path($url) {
	list($url, $query) = array_pad(explode('?', $url, 2), 2, null);
	while (preg_match(',/\.?/,', $url, $regs)		# supprime // et /./
	OR preg_match(',/[^/]*/\.\./,S', $url, $regs)	# supprime /toto/../
	OR preg_match(',^/\.\./,S', $url, $regs))		# supprime les /../ du haut
		$url = str_replace($regs[0], '/', $url);

	if ($query)
		$url .= '?'.$query;

	return '/'.preg_replace(',^/,S', '', $url);
}

// 
// Suivre un lien depuis une adresse donnee -> nouvelle adresse
//
// suivre_lien('http://rezo.net/sous/dir/../ect/ory/fi.html..s#toto',
// 'a/../../titi.coco.html/tata#titi');
// http://doc.spip.org/@suivre_lien
function suivre_lien($url, $lien) {

	if (preg_match(',^(mailto|javascript|data):,iS', $lien))
		return $lien;
	if (preg_match(';^((?:[a-z]{3,7}:)?//.*?)(/.*)?$;iS', $lien, $r))
		return $r[1].resolve_path($r[2]);

	# L'url site spip est un lien absolu aussi
	if ($lien == $GLOBALS['meta']['adresse_site']){
		return $lien;
	}

	# lien relatif, il faut verifier l'url de base
	# commencer par virer la chaine de get de l'url de base
	if (preg_match(';^((?:[a-z]{3,7}:)?//[^/]+)(/.*?/?)?([^/#?]*)([?][^#]*)?(#.*)?$;S', $url, $regs)) {
		$debut = $regs[1];
		$dir = !strlen($regs[2]) ? '/' : $regs[2];
		$mot = $regs[3];
		$get = isset($regs[4])?$regs[4]:"";
		$hash = isset($regs[5])?$regs[5]:"";
	}
	switch (substr($lien,0,1)) {
		case '/':
			return $debut . resolve_path($lien);
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
		case '#':
			return $debut . resolve_path($dir.$mot.$get.$lien);
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
		case '':
			return $debut . resolve_path($dir.$mot.$get.$hash);
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
		default:
			return $debut . resolve_path($dir.$lien);
	}
}

// un filtre pour transformer les URLs relatives en URLs absolues ;
// ne s'applique qu'aux #URL_XXXX
// http://doc.spip.org/@url_absolue
function url_absolue($url, $base='') {
	if (strlen($url = trim($url)) == 0)
		return '';
	if (!$base)
		$base = url_de_base() . (_DIR_RACINE ? _DIR_RESTREINT_ABS : '');
	return suivre_lien($base, $url);
}

/**
 * Supprimer le protocole d'une url absolue
 * pour le rendre implicite (URL commencant par "//")
 * @param string $url_absolue
 * @return string
 */
function protocole_implicite($url_absolue){
	return preg_replace(";^[a-z]{3,7}://;i","//",$url_absolue);
}

/**
 * Verifier qu'une url est absolue et que son protocole est bien parmi une liste autorisee
 * @param string $url_absolue
 * @param array $protocoles_autorises
 * @return bool
 */
function protocole_verifier($url_absolue, $protocoles_autorises = array('http','https')) {

	if (preg_match(';^([a-z]{3,7})://;i', $url_absolue, $m)) {
		$protocole = $m[1];
		if (in_array($protocole, $protocoles_autorises)
		  or in_array(strtolower($protocole), array_map('strtolower', $protocoles_autorises))) {
			return true;
		}
	}
	return false;
}

// un filtre pour transformer les URLs relatives en URLs absolues ;
// ne s'applique qu'aux textes contenant des liens
// http://doc.spip.org/@liens_absolus
function liens_absolus($texte, $base='') {
	if (preg_match_all(',(<(a|link|image|img|script)\s[^<>]*(href|src)=[^<>]*>),imsS', 
	$texte, $liens, PREG_SET_ORDER)) {
		if (!function_exists('extraire_attribut')) {
			include_spip('inc/filtres');
		}
		foreach ($liens as $lien) {
			foreach(array('href', 'src') as $attr) {
				$href = extraire_attribut($lien[0], $attr);
				if (strlen($href)>0) {
					$abs = url_absolue($href, $base);
					if ($href != $abs and !preg_match('/^#/',$href)) {
						$texte_lien = inserer_attribut($lien[0], $attr, $abs);
						$texte = str_replace($lien[0],$texte_lien,$texte);
					}
				}
			}
		}
	}

	return $texte;
}

//
// Ce filtre public va traiter les URL ou les <a href>
//
// http://doc.spip.org/@abs_url
function abs_url($texte, $base='') {
	if ($GLOBALS['mode_abs_url'] == 'url')
		return url_absolue($texte, $base);
	else
		return liens_absolus($texte, $base);
}

/**
* htmlspecialchars wrapper (PHP >= 5.4 compat issue)
*
* @param string $string
* @param int $flags

* @param string $encoding
* @param bool $double_encode
* @return string
*/
function spip_htmlspecialchars($string, $flags=null, $encoding='ISO-8859-1', $double_encode = true){

	if (is_null($flags)) {
		if (!defined('PHP_VERSION_ID') OR PHP_VERSION_ID < 50400)
			$flags = ENT_COMPAT;
		else
			$flags = ENT_COMPAT|ENT_HTML401;
	}

	if (!defined('PHP_VERSION_ID') OR PHP_VERSION_ID < 50203)
		return htmlspecialchars($string,$flags,$encoding);
	else
		return htmlspecialchars($string,$flags,$encoding,$double_encode);
}

/**
* htmlentities wrapper (PHP >= 5.4 compat issue)
*
* @param string $string
* @param int $flags

* @param string $encoding
* @param bool $double_encode
* @return string
*/
function spip_htmlentities($string,$flags=null,$encoding = 'ISO-8859-1',$double_encode = true){

	if (is_null($flags)) {
		if (!defined('PHP_VERSION_ID') OR PHP_VERSION_ID < 50400)
			$flags = ENT_COMPAT;
		else
			$flags = ENT_COMPAT|ENT_HTML401;
	}

	if (!defined('PHP_VERSION_ID') OR PHP_VERSION_ID < 50203)
		return htmlentities($string,$flags,$encoding);
	else
		return htmlentities($string,$flags,$encoding,$double_encode);
}
?>



Push — spip-3.0 ( 0bbd73...b24c06 )

filtres_mini.php ➔ protocole_verifier() A

Complexity

Size

Duplication

Importance

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Available Fixes

1		<?php
2
3		/***************************************************************************\
4		* SPIP, Systeme de publication pour l'internet *
5		* *
6		* Copyright (c) 2001-2016 *
7		* Arnaud Martin, Antoine Pitrou, Philippe Riviere, Emmanuel Saint-James *
8		* *
9		* Ce programme est un logiciel libre distribue sous licence GNU/GPL. *
10		* Pour plus de details voir le fichier COPYING.txt ou l'aide en ligne. *
11		\***************************************************************************/
12
13
14		if (!defined('_ECRIRE_INC_VERSION')) return;
15
16		//
17		// Filtres d'URLs
18		//
19
20		// Nettoyer une URL contenant des ../
21		//
22		// resolve_url('/.././/truc/chose/machin/./.././.././hopla/..');
23		// inspire (de loin) par PEAR:NetURL:resolvePath
24		//
25		// http://doc.spip.org/@resolve_path
26		function resolve_path($url) {
27		list($url, $query) = array_pad(explode('?', $url, 2), 2, null);
28		while (preg_match(',/\.?/,', $url, $regs) # supprime // et /./
29		OR preg_match(',/[^/]*/\.\./,S', $url, $regs) # supprime /toto/../
30		OR preg_match(',^/\.\./,S', $url, $regs)) # supprime les /../ du haut
31		$url = str_replace($regs[0], '/', $url);
32
33		if ($query)
34		$url .= '?'.$query;
35
36		return '/'.preg_replace(',^/,S', '', $url);
37		}
38
39		//
40		// Suivre un lien depuis une adresse donnee -> nouvelle adresse
41		//
42		// suivre_lien('http://rezo.net/sous/dir/../ect/ory/fi.html..s#toto',
43		// 'a/../../titi.coco.html/tata#titi');
44		// http://doc.spip.org/@suivre_lien
45		function suivre_lien($url, $lien) {
46
47		if (preg_match(',^(mailto\|javascript\|data):,iS', $lien))
48		return $lien;
49		if (preg_match(';^((?:[a-z]{3,7}:)?//.?)(/.)?$;iS', $lien, $r))
50		return $r[1].resolve_path($r[2]);
51
52		# L'url site spip est un lien absolu aussi
53		if ($lien == $GLOBALS['meta']['adresse_site']){
54		return $lien;
55		}
56
57		# lien relatif, il faut verifier l'url de base
58		# commencer par virer la chaine de get de l'url de base
59		if (preg_match(';^((?:[a-z]{3,7}:)?//[^/]+)(/.?/?)?([^/#?])([?][^#])?(#.)?$;S', $url, $regs)) {
60		$debut = $regs[1];
61		$dir = !strlen($regs[2]) ? '/' : $regs[2];
62		$mot = $regs[3];
63		$get = isset($regs[4])?$regs[4]:"";
64		$hash = isset($regs[5])?$regs[5]:"";
65		}
66		switch (substr($lien,0,1)) {
67		case '/':
68		return $debut . resolve_path($lien);
		0 ignored issues – show Bug introduced 2016-04-05 12:02 UTC by Report Bug Copy Issue Report The variable `$debut` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
69		case '#':
70		return $debut . resolve_path($dir.$mot.$get.$lien);
		0 ignored issues – show Bug introduced 2016-04-05 12:02 UTC by Report Bug Copy Issue Report The variable `$dir` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history... Bug introduced 2016-04-05 12:02 UTC by Report Bug Copy Issue Report The variable `$mot` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history... Bug introduced 2016-04-05 12:02 UTC by Report Bug Copy Issue Report The variable `$get` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
71		case '':
72		return $debut . resolve_path($dir.$mot.$get.$hash);
		0 ignored issues – show Bug introduced 2016-04-05 12:02 UTC by Report Bug Copy Issue Report The variable `$hash` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
73		default:
74		return $debut . resolve_path($dir.$lien);
75		}
76		}
77
78		// un filtre pour transformer les URLs relatives en URLs absolues ;
79		// ne s'applique qu'aux #URL_XXXX
80		// http://doc.spip.org/@url_absolue
81		function url_absolue($url, $base='') {
82		if (strlen($url = trim($url)) == 0)
83		return '';
84		if (!$base)
85		$base = url_de_base() . (_DIR_RACINE ? _DIR_RESTREINT_ABS : '');
86		return suivre_lien($base, $url);
87		}
88
89		/**
90		* Supprimer le protocole d'une url absolue
91		* pour le rendre implicite (URL commencant par "//")
92		* @param string $url_absolue
93		* @return string
94		*/
95		function protocole_implicite($url_absolue){
96		return preg_replace(";^[a-z]{3,7}://;i","//",$url_absolue);
97		}
98
99		/**
100		* Verifier qu'une url est absolue et que son protocole est bien parmi une liste autorisee
101		* @param string $url_absolue
102		* @param array $protocoles_autorises
103		* @return bool
104		*/
105		function protocole_verifier($url_absolue, $protocoles_autorises = array('http','https')) {
106
107		if (preg_match(';^([a-z]{3,7})://;i', $url_absolue, $m)) {
108		$protocole = $m[1];
109		if (in_array($protocole, $protocoles_autorises)
110		or in_array(strtolower($protocole), array_map('strtolower', $protocoles_autorises))) {
111		return true;
112		}
113		}
114		return false;
115		}
116
117		// un filtre pour transformer les URLs relatives en URLs absolues ;
118		// ne s'applique qu'aux textes contenant des liens
119		// http://doc.spip.org/@liens_absolus
120		function liens_absolus($texte, $base='') {
121		if (preg_match_all(',(<(a\|link\|image\|img\|script)\s[^<>](href\|src)=[^<>]>),imsS',
122		$texte, $liens, PREG_SET_ORDER)) {
123		if (!function_exists('extraire_attribut')) {
124		include_spip('inc/filtres');
125		}
126		foreach ($liens as $lien) {
127		foreach(array('href', 'src') as $attr) {
128		$href = extraire_attribut($lien[0], $attr);
129		if (strlen($href)>0) {
130		$abs = url_absolue($href, $base);
131		if ($href != $abs and !preg_match('/^#/',$href)) {
132		$texte_lien = inserer_attribut($lien[0], $attr, $abs);
133		$texte = str_replace($lien[0],$texte_lien,$texte);
134		}
135		}
136		}
137		}
138		}
139
140		return $texte;
141		}
142
143		//
144		// Ce filtre public va traiter les URL ou les <a href>
145		//
146		// http://doc.spip.org/@abs_url
147		function abs_url($texte, $base='') {
148		if ($GLOBALS['mode_abs_url'] == 'url')
149		return url_absolue($texte, $base);
150		else
151		return liens_absolus($texte, $base);
152		}
153
154		/**
155		* htmlspecialchars wrapper (PHP >= 5.4 compat issue)
156		*
157		* @param string $string
158		* @param int $flags
		0 ignored issues – show Documentation introduced 2016-04-05 12:47 UTC by Report Bug Copy Issue Report Should the type for parameter `$flags` not be `integer\|null`? This check looks for `@param` annotations where the type inferred by our type inference engine differs from the declared type. It makes a suggestion as to what type it considers more descriptive. Most often this is a case of a parameter that can be null in addition to its declared types. Loading history...
159		* @param string $encoding
160		* @param bool $double_encode
161		* @return string
162		*/
163	View Code Duplication	function spip_htmlspecialchars($string, $flags=null, $encoding='ISO-8859-1', $double_encode = true){
		0 ignored issues – show Duplication introduced 2016-04-05 12:13 UTC by Report Bug Copy Issue Report This function seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
164		if (is_null($flags)) {
165		if (!defined('PHP_VERSION_ID') OR PHP_VERSION_ID < 50400)
166		$flags = ENT_COMPAT;
167		else
168		$flags = ENT_COMPAT\|ENT_HTML401;
169		}
170
171		if (!defined('PHP_VERSION_ID') OR PHP_VERSION_ID < 50203)
172		return htmlspecialchars($string,$flags,$encoding);
173		else
174		return htmlspecialchars($string,$flags,$encoding,$double_encode);
175		}
176
177		/**
178		* htmlentities wrapper (PHP >= 5.4 compat issue)
179		*
180		* @param string $string
181		* @param int $flags
		0 ignored issues – show Documentation introduced 2016-04-05 12:47 UTC by Report Bug Copy Issue Report Should the type for parameter `$flags` not be `integer\|null`? This check looks for `@param` annotations where the type inferred by our type inference engine differs from the declared type. It makes a suggestion as to what type it considers more descriptive. Most often this is a case of a parameter that can be null in addition to its declared types. Loading history...
182		* @param string $encoding
183		* @param bool $double_encode
184		* @return string
185		*/
186	View Code Duplication	function spip_htmlentities($string,$flags=null,$encoding = 'ISO-8859-1',$double_encode = true){
		0 ignored issues – show Duplication introduced 2016-04-05 12:13 UTC by Report Bug Copy Issue Report This function seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
187		if (is_null($flags)) {
188		if (!defined('PHP_VERSION_ID') OR PHP_VERSION_ID < 50400)
189		$flags = ENT_COMPAT;
190		else
191		$flags = ENT_COMPAT\|ENT_HTML401;
192		}
193
194		if (!defined('PHP_VERSION_ID') OR PHP_VERSION_ID < 50203)
195		return htmlentities($string,$flags,$encoding);
196		else
197		return htmlentities($string,$flags,$encoding,$double_encode);
198		}
199		?>
		0 ignored issues – show Best Practice introduced 2016-04-05 12:02 UTC by Report Bug Copy Issue Report It is not recommended to use PHP's closing tag `?>` in files other than templates. Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore. A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever. Loading history...
200

spip / SPIP

Push — spip-3.0 ( 0bbd73...b24c06 )

filtres_mini.php ➔ protocole_verifier() A

Complexity

Size

Duplication

Importance

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Duplication Side-by-Side

Filter issues like