Issues in LegacyForm.php (master) - Issues in master - splitbrain/dokuwiki - Measure and Improve Code Quality continuously with Scrutinizer

Issues (847)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

inc/Form/LegacyForm.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace dokuwiki\Form;

/**
 * Class LegacyForm
 *
 * Provides a compatibility layer to the old Doku_Form API
 *
 * This can be used to work with the modern API on forms provided by old events for
 * example. When you start new forms, just use Form\Form
 *
 * @package dokuwiki\Form
 */
class LegacyForm extends Form
{
    /**
     * Creates a new modern form from an old legacy Doku_Form
     *
     * @param \Doku_Form $oldform
     */
    public function __construct(\Doku_Form $oldform)
    {
        parent::__construct($oldform->params);

        $this->hidden = $oldform->_hidden;

        foreach ($oldform->_content as $element) {
            list($ctl, $attr) = $this->parseLegacyAttr($element);

            if (is_array($element)) {
                switch ($ctl['elem']) {
                    case 'wikitext':
                        $this->addTextarea('wikitext')
                             ->attrs($attr)
                             ->id('wiki__text')
                             ->val($ctl['text'])
                             ->addClass($ctl['class']);
                        break;
                    case 'textfield':
                        $this->addTextInput($ctl['name'], $ctl['text'])
                             ->attrs($attr)
                             ->id($ctl['id'])
                             ->addClass($ctl['class']);
                        break;
                    case 'passwordfield':
                        $this->addPasswordInput($ctl['name'], $ctl['text'])
                             ->attrs($attr)
                             ->id($ctl['id'])
                             ->addClass($ctl['class']);
                        break;
                    case 'checkboxfield':
                        $this->addCheckbox($ctl['name'], $ctl['text'])
                             ->attrs($attr)
                             ->id($ctl['id'])
                             ->addClass($ctl['class']);
                        break;
                    case 'radiofield':
                        $this->addRadioButton($ctl['name'], $ctl['text'])
                             ->attrs($attr)
                             ->id($ctl['id'])
                             ->addClass($ctl['class']);
                        break;
                    case 'tag':
                        $this->addTag($ctl['tag'])
                             ->attrs($attr)
                             ->attr('name', $ctl['name'])
                             ->id($ctl['id'])
                             ->addClass($ctl['class']);
                        break;
                    case 'opentag':
                        $this->addTagOpen($ctl['tag'])
                             ->attrs($attr)
                             ->attr('name', $ctl['name'])
                             ->id($ctl['id'])
                             ->addClass($ctl['class']);
                        break;
                    case 'closetag':
                        $this->addTagClose($ctl['tag']);
                        break;
                    case 'openfieldset':
                        $this->addFieldsetOpen($ctl['legend'])
                            ->attrs($attr)
                            ->attr('name', $ctl['name'])
                            ->id($ctl['id'])
                            ->addClass($ctl['class']);
                        break;
                    case 'closefieldset':
                        $this->addFieldsetClose();
                        break;
                    case 'button':
                    case 'field':
                    case 'fieldright':
                    case 'filefield':
                    case 'menufield':
                    case 'listboxfield':
                        throw new \UnexpectedValueException('Unsupported legacy field ' . $ctl['elem']);
                        break;
function fx() {
    try {
        doSomething();
        return true;
    }
    catch (\Exception $e) {
        return false;
    }

    return false;
}
                    default:
                        throw new \UnexpectedValueException('Unknown legacy field ' . $ctl['elem']);

                }
            } else {
                $this->addHTML($element);
            }
        }

    }

    /**
     * Parses out what is the elements attributes and what is control info
     *
     * @param array $legacy
     * @return array
     */
    protected function parseLegacyAttr($legacy)
    {
        $attributes = array();
        $control = array();

        foreach ($legacy as $key => $val) {
            if ($key[0] == '_') {
                $control[substr($key, 1)] = $val;
            } elseif($key == 'name') {
                $control[$key] = $val;
            } elseif($key == 'id') {
                $control[$key] = $val;
            } else {
                $attributes[$key] = $val;
            }
        }

        return array($control, $attributes);
    }

    /**
     * Translates our types to the legacy types
     *
     * @param string $type
     * @return string
     */
    protected function legacyType($type)
    {
        static $types = array(
            'text' => 'textfield',
            'password' => 'passwordfield',
            'checkbox' => 'checkboxfield',
            'radio' => 'radiofield',
            'tagopen' => 'opentag',
            'tagclose' => 'closetag',
            'fieldsetopen' => 'openfieldset',
            'fieldsetclose' => 'closefieldset',
        );
        if (isset($types[$type])) return $types[$type];
        return $type;
    }

    /**
     * Creates an old legacy form from this modern form's data
     *
     * @return \Doku_Form
     */
    public function toLegacy()
    {
        $this->balanceFieldsets();

        $legacy = new \Doku_Form($this->attrs());

        $legacy->_hidden = $this->hidden;
        foreach ($this->elements as $element) {
            if (is_a($element, 'dokuwiki\Form\HTMLElement')) {
                $legacy->_content[] = $element->toHTML();
            } elseif (is_a($element, 'dokuwiki\Form\InputElement')) {
                /** @var InputElement $element */
                $data = $element->attrs();
                $data['_elem'] = $this->legacyType($element->getType());
                $label = $element->getLabel();
                if ($label) {
                    $data['_class'] = $label->attr('class');
                }
                $legacy->_content[] = $data;
            }
        }

        return $legacy;
    }
}


1			<?php
2
3			namespace dokuwiki\Form;
4
5			/**
6			* Class LegacyForm
7			*
8			* Provides a compatibility layer to the old Doku_Form API
9			*
10			* This can be used to work with the modern API on forms provided by old events for
11			* example. When you start new forms, just use Form\Form
12			*
13			* @package dokuwiki\Form
14			*/
15			class LegacyForm extends Form
16			{
17			/**
18			* Creates a new modern form from an old legacy Doku_Form
19			*
20			* @param \Doku_Form $oldform
21			*/
22			public function __construct(\Doku_Form $oldform)
23			{
24			parent::__construct($oldform->params);
25
26			$this->hidden = $oldform->_hidden;
27
28			foreach ($oldform->_content as $element) {
29			list($ctl, $attr) = $this->parseLegacyAttr($element);
30
31			if (is_array($element)) {
32			switch ($ctl['elem']) {
33			case 'wikitext':
34			$this->addTextarea('wikitext')
35			->attrs($attr)
36			->id('wiki__text')
37			->val($ctl['text'])
38			->addClass($ctl['class']);
39			break;
40			case 'textfield':
41			$this->addTextInput($ctl['name'], $ctl['text'])
42			->attrs($attr)
43			->id($ctl['id'])
44			->addClass($ctl['class']);
45			break;
46			case 'passwordfield':
47			$this->addPasswordInput($ctl['name'], $ctl['text'])
48			->attrs($attr)
49			->id($ctl['id'])
50			->addClass($ctl['class']);
51			break;
52			case 'checkboxfield':
53			$this->addCheckbox($ctl['name'], $ctl['text'])
54			->attrs($attr)
55			->id($ctl['id'])
56			->addClass($ctl['class']);
57			break;
58			case 'radiofield':
59			$this->addRadioButton($ctl['name'], $ctl['text'])
60			->attrs($attr)
61			->id($ctl['id'])
62			->addClass($ctl['class']);
63			break;
64			case 'tag':
65			$this->addTag($ctl['tag'])
66			->attrs($attr)
67			->attr('name', $ctl['name'])
68			->id($ctl['id'])
69			->addClass($ctl['class']);
70			break;
71			case 'opentag':
72			$this->addTagOpen($ctl['tag'])
73			->attrs($attr)
74			->attr('name', $ctl['name'])
75			->id($ctl['id'])
76			->addClass($ctl['class']);
77			break;
78			case 'closetag':
79			$this->addTagClose($ctl['tag']);
80			break;
81			case 'openfieldset':
82			$this->addFieldsetOpen($ctl['legend'])
83			->attrs($attr)
84			->attr('name', $ctl['name'])
85			->id($ctl['id'])
86			->addClass($ctl['class']);
87			break;
88			case 'closefieldset':
89			$this->addFieldsetClose();
90			break;
91			case 'button':
92			case 'field':
93			case 'fieldright':
94			case 'filefield':
95			case 'menufield':
96			case 'listboxfield':
97			throw new \UnexpectedValueException('Unsupported legacy field ' . $ctl['elem']);
98			break;
			0 ignored issues – show Unused Code introduced 2020-07-07 11:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break;` does not seem to be reachable. This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed. Unreachable code is most often the result of `return`, `die` or `exit` statements that have been added for debug purposes. function fx() { try { doSomething(); return true; } catch (\Exception $e) { return false; } return false; } In the above example, the last `return false` will never be executed, because a return statement has already been met in every possible execution path. Loading history...
99			default:
100			throw new \UnexpectedValueException('Unknown legacy field ' . $ctl['elem']);
101
102			}
103			} else {
104			$this->addHTML($element);
105			}
106			}
107
108			}
109
110			/**
111			* Parses out what is the elements attributes and what is control info
112			*
113			* @param array $legacy
114			* @return array
115			*/
116			protected function parseLegacyAttr($legacy)
117			{
118			$attributes = array();
119			$control = array();
120
121			foreach ($legacy as $key => $val) {
122			if ($key[0] == '_') {
123			$control[substr($key, 1)] = $val;
124			} elseif($key == 'name') {
125			$control[$key] = $val;
126			} elseif($key == 'id') {
127			$control[$key] = $val;
128			} else {
129			$attributes[$key] = $val;
130			}
131			}
132
133			return array($control, $attributes);
134			}
135
136			/**
137			* Translates our types to the legacy types
138			*
139			* @param string $type
140			* @return string
141			*/
142			protected function legacyType($type)
143			{
144			static $types = array(
145			'text' => 'textfield',
146			'password' => 'passwordfield',
147			'checkbox' => 'checkboxfield',
148			'radio' => 'radiofield',
149			'tagopen' => 'opentag',
150			'tagclose' => 'closetag',
151			'fieldsetopen' => 'openfieldset',
152			'fieldsetclose' => 'closefieldset',
153			);
154			if (isset($types[$type])) return $types[$type];
155			return $type;
156			}
157
158			/**
159			* Creates an old legacy form from this modern form's data
160			*
161			* @return \Doku_Form
162			*/
163			public function toLegacy()
164			{
165			$this->balanceFieldsets();
166
167			$legacy = new \Doku_Form($this->attrs());
			0 ignored issues – show Deprecated Code introduced 2019-07-14 19:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `Doku_Form` has been deprecated with message: 2019-07-14 This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead. Loading history...
168			$legacy->_hidden = $this->hidden;
169			foreach ($this->elements as $element) {
170			if (is_a($element, 'dokuwiki\Form\HTMLElement')) {
171			$legacy->_content[] = $element->toHTML();
172			} elseif (is_a($element, 'dokuwiki\Form\InputElement')) {
173			/** @var InputElement $element */
174			$data = $element->attrs();
175			$data['_elem'] = $this->legacyType($element->getType());
176			$label = $element->getLabel();
177			if ($label) {
178			$data['_class'] = $label->attr('class');
179			}
180			$legacy->_content[] = $data;
181			}
182			}
183
184			return $legacy;
185			}
186			}
187

splitbrain / dokuwiki

Issues (847)

Security Analysis not enabled

inc/Form/LegacyForm.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like