Issues in Sort.php (master) - Issues in master - splitbrain/dokuwiki - Measure and Improve Code Quality continuously with Scrutinizer

Issues (847)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

inc/Utf8/Sort.php (1 issue)

Labels

Deprecated Code 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace dokuwiki\Utf8;

/**
 * DokuWiki sort functions
 *
 * When "intl" extension is available, all sorts are done using a collator.
 * Otherwise, primitive PHP functions are called.
 *
 * The collator is created using the locale given in $conf['lang'].
 * It always uses case insensitive "natural" ordering in its collation.
 * The fallback solution uses the primitive PHP functions that return almost the same results
 * when the input is text with only [A-Za-z0-9] characters.
 *
 * @license    GPL 2 (http://www.gnu.org/licenses/gpl.html)
 * @author     Moisés Braga Ribeiro <[email protected]>
 * @author     Andreas Gohr <[email protected]>
 */
class Sort
{
    /** @var \Collator[] language specific collators, usually only one */
    protected static $collators = [];

    /** @var bool should the intl extension be used if available? For testing only */
    protected static $useIntl = true;

    /**
     * Initialization of a collator using $conf['lang'] as the locale.
     * The initialization is done only once.
     * The collation takes "natural ordering" into account, that is, "page 2" is before "page 10".
     *
     * @return \Collator Returns a configured collator or null if the collator cannot be created.
     *
     * @author Moisés Braga Ribeiro <[email protected]>
     */
    protected static function getCollator()
    {
        global $conf;
        $lc = $conf['lang'];

        // check if intl extension is available
        if (!self::$useIntl || !class_exists('\Collator')) {
            return null;
        }

        // load collator if not available yet
        if (!isset(self::$collators[$lc])) {
            $collator = \Collator::create($lc);
            if (!isset($collator)) return null; // check needed as stated in the docs
            $collator->setAttribute(\Collator::NUMERIC_COLLATION, \Collator::ON);
            dbglog('Collator created with locale "' . $lc . '": numeric collation on, ' .

                   'valid locale "' . $collator->getLocale(\Locale::VALID_LOCALE) . '", ' .
                   'actual locale "' . $collator->getLocale(\Locale::ACTUAL_LOCALE) . '"');
            self::$collators[$lc] = $collator;
        }

        return self::$collators[$lc];
    }

    /**
     * Enable or disable the use of the "intl" extension collator.
     * This is used for testing and should not be used in normal code.
     *
     * @param bool $use
     *
     * @author Andreas Gohr <[email protected]>
     */
    public static function useIntl($use = true)
    {
        self::$useIntl = $use;
    }

    /**
     * Drop-in replacement for strcmp(), strcasecmp(), strnatcmp() and strnatcasecmp().
     * It uses a collator-based comparison, or strnatcasecmp() as a fallback.
     *
     * @param string $str1 The first string.
     * @param string $str2 The second string.
     * @return int Returns < 0 if $str1 is less than $str2; > 0 if $str1 is greater than $str2, and 0 if they are equal.
     *
     * @author Moisés Braga Ribeiro <[email protected]>
     */
    public static function strcmp($str1, $str2)
    {
        $collator = self::getCollator();
        if (isset($collator)) {
            return $collator->compare($str1, $str2);
        } else {
            return strnatcasecmp($str1, $str2);
        }
    }

    /**
     * Drop-in replacement for sort().
     * It uses a collator-based sort, or sort() with flags SORT_NATURAL and SORT_FLAG_CASE as a fallback.
     *
     * @param array $array The input array.
     * @return bool Returns true on success or false on failure.
     *
     * @author Moisés Braga Ribeiro <[email protected]>
     */
    public static function sort(&$array)
    {
        $collator = self::getCollator();
        if (isset($collator)) {
            return $collator->sort($array);
        } else {
            return sort($array, SORT_NATURAL | SORT_FLAG_CASE);
        }
    }

    /**
     * Drop-in replacement for ksort().
     * It uses a collator-based sort, or ksort() with flags SORT_NATURAL and SORT_FLAG_CASE as a fallback.
     *
     * @param array $array The input array.
     * @return bool Returns true on success or false on failure.
     *
     * @author Moisés Braga Ribeiro <[email protected]>
     */
    public static function ksort(&$array)
    {
        $collator = self::getCollator();
        if (isset($collator)) {
            return uksort($array, array($collator, 'compare'));
        } else {
            return ksort($array, SORT_NATURAL | SORT_FLAG_CASE);
        }
    }

    /**
     * Drop-in replacement for asort(), natsort() and natcasesort().
     * It uses a collator-based sort, or asort() with flags SORT_NATURAL and SORT_FLAG_CASE as a fallback.
     *
     * @param array $array The input array.
     * @return bool Returns true on success or false on failure.
     *
     * @author Moisés Braga Ribeiro <[email protected]>
     */
    public static function asort(&$array)
    {
        $collator = self::getCollator();
        if (isset($collator)) {
            return $collator->asort($array);
        } else {
            return asort($array, SORT_NATURAL | SORT_FLAG_CASE);
        }
    }

    /**
     * Drop-in replacement for asort(), natsort() and natcasesort() when the parameter is an array of filenames.
     * Filenames may not be equal to page names, depending on the setting in $conf['fnencode'],
     * so the correct behavior is to sort page names and reflect this sorting in the filename array.
     *
     * @param array $array The input array.
     * @return bool Returns true on success or false on failure.
     *
     * @author Moisés Braga Ribeiro <[email protected]>
     * @author Andreas Gohr <[email protected]>
     */
    public static function asortFN(&$array)
    {
        $collator = self::getCollator();
        return uasort($array, function ($fn1, $fn2) use ($collator) {
            if (isset($collator)) {
                return $collator->compare(utf8_decodeFN($fn1), utf8_decodeFN($fn2));
            } else {
                return strnatcasecmp(utf8_decodeFN($fn1), utf8_decodeFN($fn2));
            }
        });
    }
}


1			<?php
2
3			namespace dokuwiki\Utf8;
4
5			/**
6			* DokuWiki sort functions
7			*
8			* When "intl" extension is available, all sorts are done using a collator.
9			* Otherwise, primitive PHP functions are called.
10			*
11			* The collator is created using the locale given in $conf['lang'].
12			* It always uses case insensitive "natural" ordering in its collation.
13			* The fallback solution uses the primitive PHP functions that return almost the same results
14			* when the input is text with only [A-Za-z0-9] characters.
15			*
16			* @license GPL 2 (http://www.gnu.org/licenses/gpl.html)
17			* @author Moisés Braga Ribeiro <[email protected]>
18			* @author Andreas Gohr <[email protected]>
19			*/
20			class Sort
21			{
22			/** @var \Collator[] language specific collators, usually only one */
23			protected static $collators = [];
24
25			/** @var bool should the intl extension be used if available? For testing only */
26			protected static $useIntl = true;
27
28			/**
29			* Initialization of a collator using $conf['lang'] as the locale.
30			* The initialization is done only once.
31			* The collation takes "natural ordering" into account, that is, "page 2" is before "page 10".
32			*
33			* @return \Collator Returns a configured collator or null if the collator cannot be created.
34			*
35			* @author Moisés Braga Ribeiro <[email protected]>
36			*/
37			protected static function getCollator()
38			{
39			global $conf;
40			$lc = $conf['lang'];
41
42			// check if intl extension is available
43			if (!self::$useIntl \|\| !class_exists('\Collator')) {
44			return null;
45			}
46
47			// load collator if not available yet
48			if (!isset(self::$collators[$lc])) {
49			$collator = \Collator::create($lc);
50			if (!isset($collator)) return null; // check needed as stated in the docs
51			$collator->setAttribute(\Collator::NUMERIC_COLLATION, \Collator::ON);
52			dbglog('Collator created with locale "' . $lc . '": numeric collation on, ' .
			0 ignored issues – show Deprecated Code introduced 2020-12-03 19:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `dbglog()` has been deprecated with message: 2020-08-13 This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead. Loading history...
53			'valid locale "' . $collator->getLocale(\Locale::VALID_LOCALE) . '", ' .
54			'actual locale "' . $collator->getLocale(\Locale::ACTUAL_LOCALE) . '"');
55			self::$collators[$lc] = $collator;
56			}
57
58			return self::$collators[$lc];
59			}
60
61			/**
62			* Enable or disable the use of the "intl" extension collator.
63			* This is used for testing and should not be used in normal code.
64			*
65			* @param bool $use
66			*
67			* @author Andreas Gohr <[email protected]>
68			*/
69			public static function useIntl($use = true)
70			{
71			self::$useIntl = $use;
72			}
73
74			/**
75			* Drop-in replacement for strcmp(), strcasecmp(), strnatcmp() and strnatcasecmp().
76			* It uses a collator-based comparison, or strnatcasecmp() as a fallback.
77			*
78			* @param string $str1 The first string.
79			* @param string $str2 The second string.
80			* @return int Returns < 0 if $str1 is less than $str2; > 0 if $str1 is greater than $str2, and 0 if they are equal.
81			*
82			* @author Moisés Braga Ribeiro <[email protected]>
83			*/
84			public static function strcmp($str1, $str2)
85			{
86			$collator = self::getCollator();
87			if (isset($collator)) {
88			return $collator->compare($str1, $str2);
89			} else {
90			return strnatcasecmp($str1, $str2);
91			}
92			}
93
94			/**
95			* Drop-in replacement for sort().
96			* It uses a collator-based sort, or sort() with flags SORT_NATURAL and SORT_FLAG_CASE as a fallback.
97			*
98			* @param array $array The input array.
99			* @return bool Returns true on success or false on failure.
100			*
101			* @author Moisés Braga Ribeiro <[email protected]>
102			*/
103			public static function sort(&$array)
104			{
105			$collator = self::getCollator();
106			if (isset($collator)) {
107			return $collator->sort($array);
108			} else {
109			return sort($array, SORT_NATURAL \| SORT_FLAG_CASE);
110			}
111			}
112
113			/**
114			* Drop-in replacement for ksort().
115			* It uses a collator-based sort, or ksort() with flags SORT_NATURAL and SORT_FLAG_CASE as a fallback.
116			*
117			* @param array $array The input array.
118			* @return bool Returns true on success or false on failure.
119			*
120			* @author Moisés Braga Ribeiro <[email protected]>
121			*/
122			public static function ksort(&$array)
123			{
124			$collator = self::getCollator();
125			if (isset($collator)) {
126			return uksort($array, array($collator, 'compare'));
127			} else {
128			return ksort($array, SORT_NATURAL \| SORT_FLAG_CASE);
129			}
130			}
131
132			/**
133			* Drop-in replacement for asort(), natsort() and natcasesort().
134			* It uses a collator-based sort, or asort() with flags SORT_NATURAL and SORT_FLAG_CASE as a fallback.
135			*
136			* @param array $array The input array.
137			* @return bool Returns true on success or false on failure.
138			*
139			* @author Moisés Braga Ribeiro <[email protected]>
140			*/
141			public static function asort(&$array)
142			{
143			$collator = self::getCollator();
144			if (isset($collator)) {
145			return $collator->asort($array);
146			} else {
147			return asort($array, SORT_NATURAL \| SORT_FLAG_CASE);
148			}
149			}
150
151			/**
152			* Drop-in replacement for asort(), natsort() and natcasesort() when the parameter is an array of filenames.
153			* Filenames may not be equal to page names, depending on the setting in $conf['fnencode'],
154			* so the correct behavior is to sort page names and reflect this sorting in the filename array.
155			*
156			* @param array $array The input array.
157			* @return bool Returns true on success or false on failure.
158			*
159			* @author Moisés Braga Ribeiro <[email protected]>
160			* @author Andreas Gohr <[email protected]>
161			*/
162			public static function asortFN(&$array)
163			{
164			$collator = self::getCollator();
165			return uasort($array, function ($fn1, $fn2) use ($collator) {
166			if (isset($collator)) {
167			return $collator->compare(utf8_decodeFN($fn1), utf8_decodeFN($fn2));
168			} else {
169			return strnatcasecmp(utf8_decodeFN($fn1), utf8_decodeFN($fn2));
170			}
171			});
172			}
173			}
174

splitbrain / dokuwiki

Issues (847)

Security Analysis not enabled

inc/Utf8/Sort.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like