Issues in utf8.php (master) - Issues in master - splitbrain/dokuwiki - Measure and Improve Code Quality continuously with Scrutinizer

Issues (847)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

inc/utf8.php (1 issue)

Labels

Best Practice 1

Severity

Minor 1

Andreas Gohr 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * UTF8 helper functions
 *
 * This file now only intitializes the UTF-8 capability detection and defines helper
 * functions if needed. All actual code is in the \dokuwiki\Utf8 classes
 *
 * @author     Andreas Gohr <[email protected]>
 */

use dokuwiki\Utf8\Clean;
use dokuwiki\Utf8\Conversion;
use dokuwiki\Utf8\PhpString;
use dokuwiki\Utf8\Unicode;

/**
 * check for mb_string support
 */
if (!defined('UTF8_MBSTRING')) {
    if (function_exists('mb_substr') && !defined('UTF8_NOMBSTRING')) {
        define('UTF8_MBSTRING', 1);
    } else {
        define('UTF8_MBSTRING', 0);
    }
}

/**
 * Check if PREG was compiled with UTF-8 support
 *
 * Without this many of the functions below will not work, so this is a minimal requirement
 */
if (!defined('UTF8_PREGSUPPORT')) {
    define('UTF8_PREGSUPPORT', (bool)@preg_match('/^.$/u', 'ñ'));
}

/**
 * Check if PREG was compiled with Unicode Property support
 *
 * This is not required for the functions below, but might be needed in a UTF-8 aware application
 */
if (!defined('UTF8_PROPERTYSUPPORT')) {
    define('UTF8_PROPERTYSUPPORT', (bool)@preg_match('/^\pL$/u', 'ñ'));
}


if (UTF8_MBSTRING) {
    mb_internal_encoding('UTF-8');
}


if (!function_exists('utf8_isASCII')) {
    /** @deprecated 2019-06-09 */
    function utf8_isASCII($str)
    {
        dbg_deprecated(Clean::class . '::isASCII()');
        return Clean::isASCII($str);
    }
}


if (!function_exists('utf8_strip')) {
    /** @deprecated 2019-06-09 */
    function utf8_strip($str)
    {
        dbg_deprecated(Clean::class . '::strip()');
        return Clean::strip($str);
    }
}

if (!function_exists('utf8_check')) {
    /** @deprecated 2019-06-09 */
    function utf8_check($str)
    {
        dbg_deprecated(Clean::class . '::isUtf8()');
        return Clean::isUtf8($str);
    }
}

if (!function_exists('utf8_basename')) {
    /** @deprecated 2019-06-09 */
    function utf8_basename($path, $suffix = '')
    {
        dbg_deprecated(PhpString::class . '::basename()');
        return PhpString::basename($path, $suffix);
    }
}

if (!function_exists('utf8_strlen')) {
    /** @deprecated 2019-06-09 */
    function utf8_strlen($str)
    {
        dbg_deprecated(PhpString::class . '::strlen()');
        return PhpString::strlen($str);
    }
}

if (!function_exists('utf8_substr')) {
    /** @deprecated 2019-06-09 */
    function utf8_substr($str, $offset, $length = null)
    {
        dbg_deprecated(PhpString::class . '::substr()');
        return PhpString::substr($str, $offset, $length);
    }
}

if (!function_exists('utf8_substr_replace')) {
    /** @deprecated 2019-06-09 */
    function utf8_substr_replace($string, $replacement, $start, $length = 0)
    {
        dbg_deprecated(PhpString::class . '::substr_replace()');
        return PhpString::substr_replace($string, $replacement, $start, $length);
    }
}

if (!function_exists('utf8_ltrim')) {
    /** @deprecated 2019-06-09 */
    function utf8_ltrim($str, $charlist = '')
    {
        dbg_deprecated(PhpString::class . '::ltrim()');
        return PhpString::ltrim($str, $charlist);
    }
}

if (!function_exists('utf8_rtrim')) {
    /** @deprecated 2019-06-09 */
    function utf8_rtrim($str, $charlist = '')
    {
        dbg_deprecated(PhpString::class . '::rtrim()');
        return PhpString::rtrim($str, $charlist);
    }
}

if (!function_exists('utf8_trim')) {
    /** @deprecated 2019-06-09 */
    function utf8_trim($str, $charlist = '')
    {
        dbg_deprecated(PhpString::class . '::trim()');
        return PhpString::trim($str, $charlist);
    }
}

if (!function_exists('utf8_strtolower')) {
    /** @deprecated 2019-06-09 */
    function utf8_strtolower($str)
    {
        dbg_deprecated(PhpString::class . '::strtolower()');
        return PhpString::strtolower($str);
    }
}

if (!function_exists('utf8_strtoupper')) {
    /** @deprecated 2019-06-09 */
    function utf8_strtoupper($str)
    {
        dbg_deprecated(PhpString::class . '::strtoupper()');
        return PhpString::strtoupper($str);
    }
}

if (!function_exists('utf8_ucfirst')) {
    /** @deprecated 2019-06-09 */
    function utf8_ucfirst($str)
    {
        dbg_deprecated(PhpString::class . '::ucfirst()');
        return PhpString::ucfirst($str);
    }
}

if (!function_exists('utf8_ucwords')) {
    /** @deprecated 2019-06-09 */
    function utf8_ucwords($str)
    {
        dbg_deprecated(PhpString::class . '::ucwords()');
        return PhpString::ucwords($str);
    }
}

if (!function_exists('utf8_deaccent')) {
    /** @deprecated 2019-06-09 */
    function utf8_deaccent($str, $case = 0)
    {
        dbg_deprecated(Clean::class . '::deaccent()');
        return Clean::deaccent($str, $case);
    }
}

if (!function_exists('utf8_romanize')) {
    /** @deprecated 2019-06-09 */
    function utf8_romanize($str)
    {
        dbg_deprecated(Clean::class . '::romanize()');
        return Clean::romanize($str);
    }
}

if (!function_exists('utf8_stripspecials')) {
    /** @deprecated 2019-06-09 */
    function utf8_stripspecials($str, $repl = '', $additional = '')
    {
        dbg_deprecated(Clean::class . '::stripspecials()');
        return Clean::stripspecials($str, $repl, $additional);
    }
}

if (!function_exists('utf8_strpos')) {
    /** @deprecated 2019-06-09 */
    function utf8_strpos($haystack, $needle, $offset = 0)
    {
        dbg_deprecated(PhpString::class . '::strpos()');
        return PhpString::strpos($haystack, $needle, $offset);
    }
}

if (!function_exists('utf8_tohtml')) {
    /** @deprecated 2019-06-09 */
    function utf8_tohtml($str, $all = false)

    {
        dbg_deprecated(Conversion::class . '::toHtml()');
        return Conversion::toHtml($str, $all);
    }
}

if (!function_exists('utf8_unhtml')) {
    /** @deprecated 2019-06-09 */
    function utf8_unhtml($str, $enties = false)
    {
        dbg_deprecated(Conversion::class . '::fromHtml()');
        return Conversion::fromHtml($str, $enties);
    }
}

if (!function_exists('utf8_to_unicode')) {
    /** @deprecated 2019-06-09 */
    function utf8_to_unicode($str, $strict = false)
    {
        dbg_deprecated(Unicode::class . '::fromUtf8()');
        return Unicode::fromUtf8($str, $strict);
    }
}

if (!function_exists('unicode_to_utf8')) {
    /** @deprecated 2019-06-09 */
    function unicode_to_utf8($arr, $strict = false)
    {
        dbg_deprecated(Unicode::class . '::toUtf8()');
        return Unicode::toUtf8($arr, $strict);
    }
}

if (!function_exists('utf8_to_utf16be')) {
    /** @deprecated 2019-06-09 */
    function utf8_to_utf16be($str, $bom = false)
    {
        dbg_deprecated(Conversion::class . '::toUtf16be()');
        return Conversion::toUtf16be($str, $bom);
    }
}

if (!function_exists('utf16be_to_utf8')) {
    /** @deprecated 2019-06-09 */
    function utf16be_to_utf8($str)
    {
        dbg_deprecated(Conversion::class . '::fromUtf16be()');
        return Conversion::fromUtf16be($str);
    }
}

if (!function_exists('utf8_bad_replace')) {
    /** @deprecated 2019-06-09 */
    function utf8_bad_replace($str, $replace = '')
    {
        dbg_deprecated(Clean::class . '::replaceBadBytes()');
        return Clean::replaceBadBytes($str, $replace);
    }
}

if (!function_exists('utf8_correctIdx')) {
    /** @deprecated 2019-06-09 */
    function utf8_correctIdx($str, $i, $next = false)
    {
        dbg_deprecated(Clean::class . '::correctIdx()');
        return Clean::correctIdx($str, $i, $next);
    }
}


1			<?php
2			/**
3			* UTF8 helper functions
4			*
5			* This file now only intitializes the UTF-8 capability detection and defines helper
6			* functions if needed. All actual code is in the \dokuwiki\Utf8 classes
7			*
8			* @author Andreas Gohr <[email protected]>
9			*/
10
11			use dokuwiki\Utf8\Clean;
12			use dokuwiki\Utf8\Conversion;
13			use dokuwiki\Utf8\PhpString;
14			use dokuwiki\Utf8\Unicode;
15
16			/**
17			* check for mb_string support
18			*/
19			if (!defined('UTF8_MBSTRING')) {
20			if (function_exists('mb_substr') && !defined('UTF8_NOMBSTRING')) {
21			define('UTF8_MBSTRING', 1);
22			} else {
23			define('UTF8_MBSTRING', 0);
24			}
25			}
26
27			/**
28			* Check if PREG was compiled with UTF-8 support
29			*
30			* Without this many of the functions below will not work, so this is a minimal requirement
31			*/
32			if (!defined('UTF8_PREGSUPPORT')) {
33			define('UTF8_PREGSUPPORT', (bool)@preg_match('/^.$/u', 'ñ'));
34			}
35
36			/**
37			* Check if PREG was compiled with Unicode Property support
38			*
39			* This is not required for the functions below, but might be needed in a UTF-8 aware application
40			*/
41			if (!defined('UTF8_PROPERTYSUPPORT')) {
42			define('UTF8_PROPERTYSUPPORT', (bool)@preg_match('/^\pL$/u', 'ñ'));
43			}
44
45
46			if (UTF8_MBSTRING) {
47			mb_internal_encoding('UTF-8');
48			}
49
50
51			if (!function_exists('utf8_isASCII')) {
52			/** @deprecated 2019-06-09 */
53			function utf8_isASCII($str)
54			{
55			dbg_deprecated(Clean::class . '::isASCII()');
56			return Clean::isASCII($str);
57			}
58			}
59
60
61			if (!function_exists('utf8_strip')) {
62			/** @deprecated 2019-06-09 */
63			function utf8_strip($str)
64			{
65			dbg_deprecated(Clean::class . '::strip()');
66			return Clean::strip($str);
67			}
68			}
69
70			if (!function_exists('utf8_check')) {
71			/** @deprecated 2019-06-09 */
72			function utf8_check($str)
73			{
74			dbg_deprecated(Clean::class . '::isUtf8()');
75			return Clean::isUtf8($str);
76			}
77			}
78
79			if (!function_exists('utf8_basename')) {
80			/** @deprecated 2019-06-09 */
81			function utf8_basename($path, $suffix = '')
82			{
83			dbg_deprecated(PhpString::class . '::basename()');
84			return PhpString::basename($path, $suffix);
85			}
86			}
87
88			if (!function_exists('utf8_strlen')) {
89			/** @deprecated 2019-06-09 */
90			function utf8_strlen($str)
91			{
92			dbg_deprecated(PhpString::class . '::strlen()');
93			return PhpString::strlen($str);
94			}
95			}
96
97			if (!function_exists('utf8_substr')) {
98			/** @deprecated 2019-06-09 */
99			function utf8_substr($str, $offset, $length = null)
100			{
101			dbg_deprecated(PhpString::class . '::substr()');
102			return PhpString::substr($str, $offset, $length);
103			}
104			}
105
106			if (!function_exists('utf8_substr_replace')) {
107			/** @deprecated 2019-06-09 */
108			function utf8_substr_replace($string, $replacement, $start, $length = 0)
109			{
110			dbg_deprecated(PhpString::class . '::substr_replace()');
111			return PhpString::substr_replace($string, $replacement, $start, $length);
112			}
113			}
114
115			if (!function_exists('utf8_ltrim')) {
116			/** @deprecated 2019-06-09 */
117			function utf8_ltrim($str, $charlist = '')
118			{
119			dbg_deprecated(PhpString::class . '::ltrim()');
120			return PhpString::ltrim($str, $charlist);
121			}
122			}
123
124			if (!function_exists('utf8_rtrim')) {
125			/** @deprecated 2019-06-09 */
126			function utf8_rtrim($str, $charlist = '')
127			{
128			dbg_deprecated(PhpString::class . '::rtrim()');
129			return PhpString::rtrim($str, $charlist);
130			}
131			}
132
133			if (!function_exists('utf8_trim')) {
134			/** @deprecated 2019-06-09 */
135			function utf8_trim($str, $charlist = '')
136			{
137			dbg_deprecated(PhpString::class . '::trim()');
138			return PhpString::trim($str, $charlist);
139			}
140			}
141
142			if (!function_exists('utf8_strtolower')) {
143			/** @deprecated 2019-06-09 */
144			function utf8_strtolower($str)
145			{
146			dbg_deprecated(PhpString::class . '::strtolower()');
147			return PhpString::strtolower($str);
148			}
149			}
150
151			if (!function_exists('utf8_strtoupper')) {
152			/** @deprecated 2019-06-09 */
153			function utf8_strtoupper($str)
154			{
155			dbg_deprecated(PhpString::class . '::strtoupper()');
156			return PhpString::strtoupper($str);
157			}
158			}
159
160			if (!function_exists('utf8_ucfirst')) {
161			/** @deprecated 2019-06-09 */
162			function utf8_ucfirst($str)
163			{
164			dbg_deprecated(PhpString::class . '::ucfirst()');
165			return PhpString::ucfirst($str);
166			}
167			}
168
169			if (!function_exists('utf8_ucwords')) {
170			/** @deprecated 2019-06-09 */
171			function utf8_ucwords($str)
172			{
173			dbg_deprecated(PhpString::class . '::ucwords()');
174			return PhpString::ucwords($str);
175			}
176			}
177
178			if (!function_exists('utf8_deaccent')) {
179			/** @deprecated 2019-06-09 */
180			function utf8_deaccent($str, $case = 0)
181			{
182			dbg_deprecated(Clean::class . '::deaccent()');
183			return Clean::deaccent($str, $case);
184			}
185			}
186
187			if (!function_exists('utf8_romanize')) {
188			/** @deprecated 2019-06-09 */
189			function utf8_romanize($str)
190			{
191			dbg_deprecated(Clean::class . '::romanize()');
192			return Clean::romanize($str);
193			}
194			}
195
196			if (!function_exists('utf8_stripspecials')) {
197			/** @deprecated 2019-06-09 */
198			function utf8_stripspecials($str, $repl = '', $additional = '')
199			{
200			dbg_deprecated(Clean::class . '::stripspecials()');
201			return Clean::stripspecials($str, $repl, $additional);
202			}
203			}
204
205			if (!function_exists('utf8_strpos')) {
206			/** @deprecated 2019-06-09 */
207			function utf8_strpos($haystack, $needle, $offset = 0)
208			{
209			dbg_deprecated(PhpString::class . '::strpos()');
210			return PhpString::strpos($haystack, $needle, $offset);
211			}
212			}
213
214			if (!function_exists('utf8_tohtml')) {
215			/** @deprecated 2019-06-09 */
216			function utf8_tohtml($str, $all = false)
			0 ignored issues – show Best Practice introduced 2019-10-10 07:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
217			{
218			dbg_deprecated(Conversion::class . '::toHtml()');
219			return Conversion::toHtml($str, $all);
220			}
221			}
222
223			if (!function_exists('utf8_unhtml')) {
224			/** @deprecated 2019-06-09 */
225			function utf8_unhtml($str, $enties = false)
226			{
227			dbg_deprecated(Conversion::class . '::fromHtml()');
228			return Conversion::fromHtml($str, $enties);
229			}
230			}
231
232			if (!function_exists('utf8_to_unicode')) {
233			/** @deprecated 2019-06-09 */
234			function utf8_to_unicode($str, $strict = false)
235			{
236			dbg_deprecated(Unicode::class . '::fromUtf8()');
237			return Unicode::fromUtf8($str, $strict);
238			}
239			}
240
241			if (!function_exists('unicode_to_utf8')) {
242			/** @deprecated 2019-06-09 */
243			function unicode_to_utf8($arr, $strict = false)
244			{
245			dbg_deprecated(Unicode::class . '::toUtf8()');
246			return Unicode::toUtf8($arr, $strict);
247			}
248			}
249
250			if (!function_exists('utf8_to_utf16be')) {
251			/** @deprecated 2019-06-09 */
252			function utf8_to_utf16be($str, $bom = false)
253			{
254			dbg_deprecated(Conversion::class . '::toUtf16be()');
255			return Conversion::toUtf16be($str, $bom);
256			}
257			}
258
259			if (!function_exists('utf16be_to_utf8')) {
260			/** @deprecated 2019-06-09 */
261			function utf16be_to_utf8($str)
262			{
263			dbg_deprecated(Conversion::class . '::fromUtf16be()');
264			return Conversion::fromUtf16be($str);
265			}
266			}
267
268			if (!function_exists('utf8_bad_replace')) {
269			/** @deprecated 2019-06-09 */
270			function utf8_bad_replace($str, $replace = '')
271			{
272			dbg_deprecated(Clean::class . '::replaceBadBytes()');
273			return Clean::replaceBadBytes($str, $replace);
274			}
275			}
276
277			if (!function_exists('utf8_correctIdx')) {
278			/** @deprecated 2019-06-09 */
279			function utf8_correctIdx($str, $i, $next = false)
280			{
281			dbg_deprecated(Clean::class . '::correctIdx()');
282			return Clean::correctIdx($str, $i, $next);
283			}
284			}
285

splitbrain / dokuwiki

Issues (847)

Security Analysis not enabled

inc/utf8.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like