Issues in Calendar.php (master) - Issues in master - sunnysideup/silverstripe-calendar - Measure and Improve Code Quality continuously with Scrutinizer

Issues (156)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

code/Calendar.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

class Calendar extends ViewableData
{

    // Static

    private static $names = array();

    public static $session_calendars = 'Calendars';

    // Attributes

    protected $controller;

    protected $name;

    protected $initDone = false;

    protected $views = array();

    protected $view;

    protected $year;
    protected $month;
    protected $day;

    protected $defaultView;
    protected $defaultYear;
    protected $defaultMonth;
    protected $defaultDay;

    protected $sessionMode = false;

    protected $navigationBarTemplate;
    protected $viewBarTemplate;

    // Constructor

    public function __construct($controller, $name, $views = null)
    {
        parent::__construct();

        // 1) Controller Setting

        $this->controller = $controller;

        // 2) Name Setting

        if (is_string($name)) {
            if (! in_array($name, self::$names)) {
                $this->name = $name;
                self::$names[] = $name;
            } else {
                user_error("Calendar::__construct() : you cannot set the \$name attribute with the value '$name' because an other calendar with this name already exists", E_USER_ERROR);
            }
        } else {
            user_error('Calendar::__construct() : you cannot set the $name attribute with a non string value', E_USER_ERROR);
        }

        // 3) Views Setting

        if ($views != null) {
            $this->addViews($views);
        }
    }

    public function initValues()
    {
        if ($this->initDone) {
            return;
        }

        $sessionName = self::$session_calendars . ".$this->name";
        $sessionValues = Session::get($sessionName);
        if ($sessionValues) {
            $sessionValues = unserialize($sessionValues);
        }

        // 1) View Setting

        $views = array();
        if (isset($_REQUEST[$this->name]['view'])) {
            $views[] = $_REQUEST[$this->name]['view'];
        }
        if ($this->sessionMode && $sessionValues && isset($sessionValues['view'])) {
            $views[] = $sessionValues['view'];
        }
        if ($this->defaultView) {
            $views[] = is_a($this->defaultView, 'CalendarAbstractView') ? $this->defaultView->getName() : $this->defaultView;
        }
        foreach ($views as $view) {
            $view = $this->getView($view);
            if ($view) {
                $this->view = $view;
                break;
            }
        }
        if (! $this->view) {
            if (count($this->views) > 0) {
                $this->view = $this->views[0];
            } else {
                return;
            }
        }

        // 2) Year Setting

        $years = array();
        if (isset($_REQUEST[$this->name]['year'])) {
            $years[] = $_REQUEST[$this->name]['year'];
        }
        if ($this->sessionMode && $sessionValues && isset($sessionValues['year'])) {
            $years[] = $sessionValues['year'];
        }
        if ($this->defaultYear) {
            $years[] = $this->defaultYear;
        }
        foreach ($years as $year) {
            if (is_numeric($year) && is_int($year + 0) && $year >= 1) {
                $this->year = $year;
                break;
            }
        }
        if (! $this->year) {
            $this->year = date('Y');
        }

        // 3) Month Setting

        if ($this->view->needsMonth()) {
            $months = array();
            if (isset($_REQUEST[$this->name]['month'])) {
                $months[] = $_REQUEST[$this->name]['month'];
            }
            if ($this->sessionMode && $sessionValues && isset($sessionValues['month'])) {
                $months[] = $sessionValues['month'];
            }
            if ($this->defaultMonth) {
                $months[] = $this->defaultMonth;
            }
            foreach ($months as $month) {
                if (is_numeric($month) && is_int($month + 0)) {
                    if ($month >= 1 && $month <= 12) {
                        $this->month = $month;
                    } elseif ($month < 1) {
                        $this->year = $this->year > 1 ?    $this->year - 1 : date('Y');
                        $this->month = 12;
                    } else {
                        $this->year++;
                        $this->month = 1;
                    }
                    break;
                }
            }
            if (! $this->month) {
                $this->month = date('n');
            }
        }

        // 4) Day Setting

        if ($this->view->needsDay()) {
            if (isset($_REQUEST[$this->name]['day'])) {
                $days[] = $_REQUEST[$this->name]['day'];
            }
            if ($this->sessionMode && $sessionValues && isset($sessionValues['day'])) {
                $days[] = $sessionValues['day'];
            }
            if ($this->defaultDay) {
                $days[] = $this->defaultDay;
            }
            $days[] = date('j');
            foreach ($days as $day) {
                if (is_numeric($day) && is_int($day + 0)) {
                    if ($day >= 1 && $day <= 28) {
                        $this->day = $day;
                    } elseif ($day < 1) {
                        if ($this->month == 1) {
                            $this->year = $this->year > 1 ?    $this->year - 1 : date('Y');
                            $this->month = 12;
                        } else {
                            $this->month--;
                        }
                        $dayAfter = mktime(0, 0, 0, $this->month + 1, 1, $this->year);
                        $this->day = date('j', mktime(0, 0, 0, date('n', $dayAfter), date('j', $dayAfter) - 1, date('Y', $dayAfter)));
                    } else {
                        $date = mktime(0, 0, 0, $this->month, $day, $this->year);
                        if (date('n', $date) == $this->month && date('j', $date) == $day && date('Y', $date) == $this->year) {
                            $this->day = $day;
                        } else {
                            if ($this->month == 12) {
                                $this->year++;
                                $this->month = 1;
                            } else {
                                $this->month++;
                            }
                            $this->day = 1;
                        }
                    }
                    break;
                }
            }
        }

        $this->initDone = true;

        // Session Mode

        if ($this->sessionMode) {
            list($sessionValues, $title) = $this->view->viewLinkParamsAndTitle($this);
<?php

function returnThreeValues() {
    return array('a', 'b', 'c');
}

list($a, $b, $c) = returnThreeValues();

print $a . " - " . $c;
            $sessionValues = array_merge(array('view' => $this->view->getName()), $sessionValues);
            $sessionValues = serialize($sessionValues);
            Session::set($sessionName, $sessionValues);
        } else {
            Session::clear($sessionName);
        }

        // Css Requirements
        Requirements::javascript(SAPPHIRE_DIR .'/thirdparty/jquery/jquery.js');
        Requirements::javascript('calendar/javascript/Calendar.js');
        Requirements::themedCSS('calendar', 'calendar');
    }

    // Field Functions

    public function addViews($views)
    {
        if (! is_array($views)) {
            $views = array($views);
        }
        foreach ($views as $view) {
            if (is_a($view, 'CalendarAbstractView')) {
                if (! in_array($view, $this->views)) {
                    $this->views[] = $view;
                }
            } else {
                user_error('Calendar::addViews() : you cannot add a view which class does not extend \'CalendarAbstractView\'', E_USER_ERROR);
            }
        }
    }

    private function getView($viewName)
    {
        foreach ($this->views as $view) {
            if ($view->getName() == $viewName) {
                return $view;
            }
        }
    }

    public function removeViews($views)
    {
        if (! is_array($views)) {
            $views = array($views);
        }
        foreach ($views as $view) {
            if (is_a($view, 'CalendarAbstractView')) {
                $index = array_search($view, $this->views);
                if ($index) {
                    unset($this->views[$index]);
                }
            } else {
                user_error('Calendar::removeViews() : you cannot remove a view which class does not extend \'CalendarAbstractView\'', E_USER_ERROR);
            }
        }
    }

    public function forTemplate()
    {
        $this->initValues();
        if ($this->view) {
            return $this->view->showCalendar($this);
        }
    }

    public function NavigationBar()
    {
        if ($this->navigationBarTemplate) {
            $templates[] = $this->navigationBarTemplate;
        }
        $templates[] = 'CalendarNavigationBar';
        return $this->renderWith($templates);
    }

    public function ViewBar()
    {
        if ($this->viewBarTemplate) {
            $templates[] = $this->viewBarTemplate;
        }
        $templates[] = 'CalendarViewBar';
        return $this->renderWith($templates);
    }

    public function ID()
    {
        return "{$this->class}_{$this->name}";
    }
    public function NavigationBarID()
    {
        return "{$this->ID()}_NavigationBar";
    }
    public function ViewBarID()
    {
        return "{$this->ID()}_ViewBar";
    }

    public function ViewTitle()
    {
        return $this->view->title();
    }
    public function ViewDateTitle()
    {
        $this->initValues();
        return $this->view->DateTitle($this);
    }

    public function Views()
    {
        $this->initValues();
        foreach ($this->views as $view) {
            list($params, $title) = $view->viewLinkParamsAndTitle($this);
            $link = $this->Link($this->controller, $view, $params);
            $views[] = new ArrayData(array('Title' => $title, 'Link' => $link, 'Current' => $view->getName() == $this->view->getName()));
        }
        return new ArrayList($views);
    }

    public function PrevLink()
    {
        $this->initValues();
        $params = $this->view->prevLinkParams($this);
        return $this->Link($this->controller, $this->view, $params);
    }

    public function NextLink()
    {
        $this->initValues();
        $params = $this->view->nextLinkParams($this);
        return $this->Link($this->controller, $this->view, $params);
    }

    public function Link($controller, CalendarAbstractView $view, array $params)
    {
        $link = is_string($controller) ? $controller : $controller->URLSegment;
        $params = array_merge(array('view' => $view->getName()), $params);
        foreach ($params as $id => $val) {
            $link = HTTP::RAW_setGetVar("$this->name[$id]", $val, $link);
        }
        return $link;
    }

    public function getController()
    {
        return $this->controller;
    }
    public function getYear()
    {
        return $this->year;
    }
    public function getMonth()
    {
        return $this->month;
    }
    public function getDay()
    {
        return $this->day;
    }

    public function setDefaultView($view)
    {
        $this->defaultView = $view;
    }
    public function setDefaultYear($year)
    {
        $this->defaultYear = $year;
    }
    public function setDefaultMonth($month)
    {
        $this->defaultMonth = $month;
    }
    public function setDefaultDay($day)
    {
        $this->defaultDay = $day;
    }

    public function setSessionMode($value)
    {
        $this->sessionMode = $value;
    }

    public function setNavigationBarTemplate($template)
    {
        $this->navigationBarTemplate = $template;
    }
    public function setViewBarTemplate($template)
    {
        $this->viewBarTemplate = $template;
    }
}


1		<?php
2
3		class Calendar extends ViewableData
4		{
5
6		// Static
7
8		private static $names = array();
9
10		public static $session_calendars = 'Calendars';
11
12		// Attributes
13
14		protected $controller;
15
16		protected $name;
17
18		protected $initDone = false;
19
20		protected $views = array();
21
22		protected $view;
23
24		protected $year;
25		protected $month;
26		protected $day;
27
28		protected $defaultView;
29		protected $defaultYear;
30		protected $defaultMonth;
31		protected $defaultDay;
32
33		protected $sessionMode = false;
34
35		protected $navigationBarTemplate;
36		protected $viewBarTemplate;
37
38		// Constructor
39
40		public function __construct($controller, $name, $views = null)
41		{
42		parent::__construct();
43
44		// 1) Controller Setting
45
46		$this->controller = $controller;
47
48		// 2) Name Setting
49
50	View Code Duplication	if (is_string($name)) {
51		if (! in_array($name, self::$names)) {
52		$this->name = $name;
53		self::$names[] = $name;
54		} else {
55		user_error("Calendar::__construct() : you cannot set the \$name attribute with the value '$name' because an other calendar with this name already exists", E_USER_ERROR);
56		}
57		} else {
58		user_error('Calendar::__construct() : you cannot set the $name attribute with a non string value', E_USER_ERROR);
59		}
60
61		// 3) Views Setting
62
63		if ($views != null) {
64		$this->addViews($views);
65		}
66		}
67
68		public function initValues()
69		{
70		if ($this->initDone) {
71		return;
72		}
73
74		$sessionName = self::$session_calendars . ".$this->name";
75		$sessionValues = Session::get($sessionName);
76		if ($sessionValues) {
77		$sessionValues = unserialize($sessionValues);
78		}
79
80		// 1) View Setting
81
82		$views = array();
83		if (isset($_REQUEST[$this->name]['view'])) {
84		$views[] = $_REQUEST[$this->name]['view'];
85		}
86		if ($this->sessionMode && $sessionValues && isset($sessionValues['view'])) {
87		$views[] = $sessionValues['view'];
88		}
89		if ($this->defaultView) {
90		$views[] = is_a($this->defaultView, 'CalendarAbstractView') ? $this->defaultView->getName() : $this->defaultView;
91		}
92		foreach ($views as $view) {
93		$view = $this->getView($view);
94		if ($view) {
95		$this->view = $view;
96		break;
97		}
98		}
99		if (! $this->view) {
100		if (count($this->views) > 0) {
101		$this->view = $this->views[0];
102		} else {
103		return;
104		}
105		}
106
107		// 2) Year Setting
108
109		$years = array();
110	View Code Duplication	if (isset($_REQUEST[$this->name]['year'])) {
111		$years[] = $_REQUEST[$this->name]['year'];
112		}
113	View Code Duplication	if ($this->sessionMode && $sessionValues && isset($sessionValues['year'])) {
114		$years[] = $sessionValues['year'];
115		}
116		if ($this->defaultYear) {
117		$years[] = $this->defaultYear;
118		}
119		foreach ($years as $year) {
120		if (is_numeric($year) && is_int($year + 0) && $year >= 1) {
121		$this->year = $year;
122		break;
123		}
124		}
125		if (! $this->year) {
126		$this->year = date('Y');
127		}
128
129		// 3) Month Setting
130
131		if ($this->view->needsMonth()) {
132		$months = array();
133		if (isset($_REQUEST[$this->name]['month'])) {
134		$months[] = $_REQUEST[$this->name]['month'];
135		}
136		if ($this->sessionMode && $sessionValues && isset($sessionValues['month'])) {
137		$months[] = $sessionValues['month'];
138		}
139		if ($this->defaultMonth) {
140		$months[] = $this->defaultMonth;
141		}
142		foreach ($months as $month) {
143		if (is_numeric($month) && is_int($month + 0)) {
144		if ($month >= 1 && $month <= 12) {
145		$this->month = $month;
146		} elseif ($month < 1) {
147		$this->year = $this->year > 1 ? $this->year - 1 : date('Y');
148		$this->month = 12;
149		} else {
150		$this->year++;
151		$this->month = 1;
152		}
153		break;
154		}
155		}
156		if (! $this->month) {
157		$this->month = date('n');
158		}
159		}
160
161		// 4) Day Setting
162
163		if ($this->view->needsDay()) {
164	View Code Duplication	if (isset($_REQUEST[$this->name]['day'])) {
165		$days[] = $_REQUEST[$this->name]['day'];
166		}
167	View Code Duplication	if ($this->sessionMode && $sessionValues && isset($sessionValues['day'])) {
168		$days[] = $sessionValues['day'];
169		}
170		if ($this->defaultDay) {
171		$days[] = $this->defaultDay;
172		}
173		$days[] = date('j');
174		foreach ($days as $day) {
175		if (is_numeric($day) && is_int($day + 0)) {
176		if ($day >= 1 && $day <= 28) {
177		$this->day = $day;
178		} elseif ($day < 1) {
179		if ($this->month == 1) {
180		$this->year = $this->year > 1 ? $this->year - 1 : date('Y');
181		$this->month = 12;
182		} else {
183		$this->month--;
184		}
185		$dayAfter = mktime(0, 0, 0, $this->month + 1, 1, $this->year);
186		$this->day = date('j', mktime(0, 0, 0, date('n', $dayAfter), date('j', $dayAfter) - 1, date('Y', $dayAfter)));
187		} else {
188		$date = mktime(0, 0, 0, $this->month, $day, $this->year);
189		if (date('n', $date) == $this->month && date('j', $date) == $day && date('Y', $date) == $this->year) {
190		$this->day = $day;
191		} else {
192		if ($this->month == 12) {
193		$this->year++;
194		$this->month = 1;
195		} else {
196		$this->month++;
197		}
198		$this->day = 1;
199		}
200		}
201		break;
202		}
203		}
204		}
205
206		$this->initDone = true;
207
208		// Session Mode
209
210		if ($this->sessionMode) {
211		list($sessionValues, $title) = $this->view->viewLinkParamsAndTitle($this);
		0 ignored issues – show Unused Code introduced 2017-01-03 00:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$title` is unused. Consider omitting it like so `list($first,,$third)`. This checks looks for assignemnts to variables using the `list(...)` function, where not all assigned variables are subsequently used. Consider the following code example. <?php function returnThreeValues() { return array('a', 'b', 'c'); } list($a, $b, $c) = returnThreeValues(); print $a . " - " . $c; Only the variables `$a` and `$c` are used. There was no need to assign `$b`. Instead, the list call could have been. list($a,, $c) = returnThreeValues(); Loading history...
212		$sessionValues = array_merge(array('view' => $this->view->getName()), $sessionValues);
213		$sessionValues = serialize($sessionValues);
214		Session::set($sessionName, $sessionValues);
215		} else {
216		Session::clear($sessionName);
217		}
218
219		// Css Requirements
220		Requirements::javascript(SAPPHIRE_DIR .'/thirdparty/jquery/jquery.js');
221		Requirements::javascript('calendar/javascript/Calendar.js');
222		Requirements::themedCSS('calendar', 'calendar');
223		}
224
225		// Field Functions
226
227	View Code Duplication	public function addViews($views)
228		{
229		if (! is_array($views)) {
230		$views = array($views);
231		}
232		foreach ($views as $view) {
233		if (is_a($view, 'CalendarAbstractView')) {
234		if (! in_array($view, $this->views)) {
235		$this->views[] = $view;
236		}
237		} else {
238		user_error('Calendar::addViews() : you cannot add a view which class does not extend \'CalendarAbstractView\'', E_USER_ERROR);
239		}
240		}
241		}
242
243		private function getView($viewName)
244		{
245		foreach ($this->views as $view) {
246		if ($view->getName() == $viewName) {
247		return $view;
248		}
249		}
250		}
251
252	View Code Duplication	public function removeViews($views)
253		{
254		if (! is_array($views)) {
255		$views = array($views);
256		}
257		foreach ($views as $view) {
258		if (is_a($view, 'CalendarAbstractView')) {
259		$index = array_search($view, $this->views);
260		if ($index) {
261		unset($this->views[$index]);
262		}
263		} else {
264		user_error('Calendar::removeViews() : you cannot remove a view which class does not extend \'CalendarAbstractView\'', E_USER_ERROR);
265		}
266		}
267		}
268
269		public function forTemplate()
270		{
271		$this->initValues();
272		if ($this->view) {
273		return $this->view->showCalendar($this);
274		}
275		}
276
277		public function NavigationBar()
278		{
279		if ($this->navigationBarTemplate) {
280		$templates[] = $this->navigationBarTemplate;
281		}
282		$templates[] = 'CalendarNavigationBar';
283		return $this->renderWith($templates);
284		}
285
286		public function ViewBar()
287		{
288		if ($this->viewBarTemplate) {
289		$templates[] = $this->viewBarTemplate;
290		}
291		$templates[] = 'CalendarViewBar';
292		return $this->renderWith($templates);
293		}
294
295		public function ID()
296		{
297		return "{$this->class}_{$this->name}";
298		}
299		public function NavigationBarID()
300		{
301		return "{$this->ID()}_NavigationBar";
302		}
303		public function ViewBarID()
304		{
305		return "{$this->ID()}_ViewBar";
306		}
307
308		public function ViewTitle()
309		{
310		return $this->view->title();
311		}
312		public function ViewDateTitle()
313		{
314		$this->initValues();
315		return $this->view->DateTitle($this);
316		}
317
318		public function Views()
319		{
320		$this->initValues();
321		foreach ($this->views as $view) {
322		list($params, $title) = $view->viewLinkParamsAndTitle($this);
323		$link = $this->Link($this->controller, $view, $params);
324		$views[] = new ArrayData(array('Title' => $title, 'Link' => $link, 'Current' => $view->getName() == $this->view->getName()));
325		}
326		return new ArrayList($views);
327		}
328
329		public function PrevLink()
330		{
331		$this->initValues();
332		$params = $this->view->prevLinkParams($this);
333		return $this->Link($this->controller, $this->view, $params);
334		}
335
336		public function NextLink()
337		{
338		$this->initValues();
339		$params = $this->view->nextLinkParams($this);
340		return $this->Link($this->controller, $this->view, $params);
341		}
342
343		public function Link($controller, CalendarAbstractView $view, array $params)
344		{
345		$link = is_string($controller) ? $controller : $controller->URLSegment;
346		$params = array_merge(array('view' => $view->getName()), $params);
347		foreach ($params as $id => $val) {
348		$link = HTTP::RAW_setGetVar("$this->name[$id]", $val, $link);
349		}
350		return $link;
351		}
352
353		public function getController()
354		{
355		return $this->controller;
356		}
357		public function getYear()
358		{
359		return $this->year;
360		}
361		public function getMonth()
362		{
363		return $this->month;
364		}
365		public function getDay()
366		{
367		return $this->day;
368		}
369
370		public function setDefaultView($view)
371		{
372		$this->defaultView = $view;
373		}
374		public function setDefaultYear($year)
375		{
376		$this->defaultYear = $year;
377		}
378		public function setDefaultMonth($month)
379		{
380		$this->defaultMonth = $month;
381		}
382		public function setDefaultDay($day)
383		{
384		$this->defaultDay = $day;
385		}
386
387		public function setSessionMode($value)
388		{
389		$this->sessionMode = $value;
390		}
391
392		public function setNavigationBarTemplate($template)
393		{
394		$this->navigationBarTemplate = $template;
395		}
396		public function setViewBarTemplate($template)
397		{
398		$this->viewBarTemplate = $template;
399		}
400		}
401

sunnysideup / silverstripe-calendar

Issues (156)

Security Analysis not enabled

code/Calendar.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like