Issues in Bootstrap.php (3.0) - Issues in 3.0 - thorsten/phpMyFAQ - Measure and Improve Code Quality continuously with Scrutinizer

Issues (421)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

phpmyfaq/src/Bootstrap.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Bootstrap phpMyFAQ.
 *
 * This Source Code Form is subject to the terms of the Mozilla Public License,
 * v. 2.0. If a copy of the MPL was not distributed with this file, You can
 * obtain one at http://mozilla.org/MPL/2.0/.
 *
 * @package phpMyFAQ
 * @author Thorsten Rinne <[email protected]>
 * @copyright 2012-2019 phpMyFAQ Team
 * @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
 * @link https://www.phpmyfaq.de
 * @since 2012-03-07
 */

use Composer\Autoload\ClassLoader;
use Elasticsearch\ClientBuilder;
use phpMyFAQ\Configuration;
use phpMyFAQ\Db;
use phpMyFAQ\Init;
use phpMyFAQ\Exception;
.
|-- OtherDir
|   |-- Bar.php
|   `-- Foo.php
`-- SomeDir
    `-- Foo.php

//
// Debug mode:
// - false      debug mode disabled
// - true       debug mode enabled
//
define('DEBUG', false);
if (DEBUG) {
    ini_set('display_errors', 1);
    ini_set('display_startup_errors', 1);
    error_reporting(E_ALL | E_STRICT);
} else {
    error_reporting(0);
}

if (!defined('IS_VALID_PHPMYFAQ')) {
    exit();
}

//
// Fix the PHP include path if PMF is running under a "strange" PHP configuration
//
$foundCurrPath = false;
$includePaths = explode(PATH_SEPARATOR, ini_get('include_path'));
$i = 0;
while ((!$foundCurrPath) && ($i < count($includePaths))) {
    if ('.' == $includePaths[$i]) {
        $foundCurrPath = true;
    }
    ++$i;
}
if (!$foundCurrPath) {
    ini_set('include_path', '.'.PATH_SEPARATOR.ini_get('include_path'));
}

//
// Tweak some PHP configuration values
// Warning: be sure the server has enough memory and stack for PHP
//
ini_set('pcre.backtrack_limit', 100000000);
ini_set('pcre.recursion_limit', 100000000);

//
// The root directory
//
if (!defined('PMF_ROOT_DIR')) {
    define('PMF_ROOT_DIR', dirname(__DIR__));
}

//
// Check if multisite/multisite.php exist for Multisite support
//
if (file_exists(PMF_ROOT_DIR.'/multisite/multisite.php') && 'cli' !== PHP_SAPI) {
    require PMF_ROOT_DIR.'/multisite/multisite.php';
}

//
// Read configuration and constants
//
if (!defined('PMF_MULTI_INSTANCE_CONFIG_DIR')) {
    define('PMF_CONFIG_DIR', PMF_ROOT_DIR.'/config'); // Single instance configuration
} else {
    define('PMF_CONFIG_DIR', PMF_MULTI_INSTANCE_CONFIG_DIR); // Multi instance configuration
}

//
// Check if config/database.php exist -> if not, redirect to installer
//
if (!file_exists(PMF_CONFIG_DIR.'/database.php')) {
    header('Location: setup/index.php');
    exit();
}

require PMF_CONFIG_DIR.'/database.php';
require PMF_CONFIG_DIR.'/constants.php';

/*
 * The /src directory
 */
define('PMF_SRC_DIR', __DIR__);

/*
 * The directory where the translations reside
 */
define('LANGUAGE_DIR', dirname(__DIR__).'/lang');

//
// Setting up PSR-0 autoloader
//
require PMF_SRC_DIR.'/libs/autoload.php';

$loader = new ClassLoader();
$loader->add('phpMyFAQ', PMF_SRC_DIR);
$loader->addPsr4('Abraham\\TwitterOAuth\\', PMF_SRC_DIR.'/libs/abraham/twitteroauth/src');
$loader->register();

require PMF_SRC_DIR.'/libs/parsedown/Parsedown.php';
require PMF_SRC_DIR.'/libs/parsedown/ParsedownExtra.php';

//
// Set the error handler to our pmf_error_handler() function
//
set_error_handler('pmf_error_handler');

//
// Create a database connection
//
try {
    Db::setTablePrefix($DB['prefix']);
    $db = Db::factory($DB['type']);
    $db->connect($DB['server'], $DB['user'], $DB['password'], $DB['db']);
} catch (Exception $e) {
    Db::errorPage($e->getMessage());
    exit(-1);
}

//
// Fetch the configuration and add the database connection
//
$faqConfig = new Configuration($db);
$faqConfig->getAll();

//
// We always need a valid session!
//
ini_set('session.use_only_cookies', 1); // Avoid any PHP version to move sessions on URLs
ini_set('session.auto_start', 0); // Prevent error to use session_start() if it's active in php.ini
ini_set('session.use_trans_sid', 0);
ini_set('url_rewriter.tags', '');

//
// Start the PHP session
//
Init::cleanRequest();
if (defined('PMF_SESSION_SAVE_PATH') && !empty(PMF_SESSION_SAVE_PATH)) {
    session_save_path(PMF_SESSION_SAVE_PATH);
}
session_start();

//
// Connect to LDAP server, when LDAP support is enabled
//
if ($faqConfig->get('ldap.ldapSupport') && file_exists(PMF_CONFIG_DIR.'/ldap.php') && extension_loaded('ldap')) {
    require PMF_CONFIG_DIR.'/ldap.php';
    $faqConfig->setLdapConfig($PMF_LDAP);
} else {
    $ldap = null;
}
//
// Connect to Elasticsearch if enabled
//
if ($faqConfig->get('search.enableElasticsearch') && file_exists(PMF_CONFIG_DIR.'/elasticsearch.php')) {

    require PMF_CONFIG_DIR.'/elasticsearch.php';
    require PMF_CONFIG_DIR.'/constants_elasticsearch.php';

    $psr4Loader = new ClassLoader();
    $psr4Loader->addPsr4('Elasticsearch\\', PMF_SRC_DIR.'/libs/elasticsearch/src/Elasticsearch');
    $psr4Loader->addPsr4('GuzzleHttp\\Ring\\', PMF_SRC_DIR.'/libs/guzzlehttp/ringphp/src');
    $psr4Loader->addPsr4('Monolog\\', PMF_SRC_DIR.'/libs/monolog/src/Monolog');
    $psr4Loader->addPsr4('Psr\\', PMF_SRC_DIR.'/libs/psr/log/Psr');
    $psr4Loader->addPsr4('React\\Promise\\', PMF_SRC_DIR.'/libs/react/promise/src');
    $psr4Loader->register();

    $esClient = ClientBuilder::create()
        ->setHosts($PMF_ES['hosts'])
        ->build();

    $faqConfig->setElasticsearch($esClient);
    $faqConfig->setElasticsearchConfig($PMF_ES);
}

//
// Build attachments path
//
$confAttachmentsPath = trim($faqConfig->get('records.attachmentsPath'));
if ('/' == $confAttachmentsPath[0] || preg_match('%^[a-z]:(\\\\|/)%i', $confAttachmentsPath)) {
    // If we're here, some windows or unix style absolute path was detected.
    define('PMF_ATTACHMENTS_DIR', $confAttachmentsPath);
} else {
    // otherwise build the absolute path
    $tmp = dirname(__DIR__).DIRECTORY_SEPARATOR.$confAttachmentsPath;

    // Check that nobody is traversing
    if (0 === strpos((string)$tmp, dirname(__DIR__))) {
        define('PMF_ATTACHMENTS_DIR', $tmp);
    } else {
        define('PMF_ATTACHMENTS_DIR', false);
    }
}

//
// Fix if phpMyFAQ is running behind a proxy server
//
if (!isset($_SERVER['HTTP_HOST'])) {
    if (isset($_SERVER['HTTP_X_FORWARDED_SERVER'])) {
        $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_SERVER'];
    } else {
        $_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
    };
}

//
// Fix undefined server variables in Windows IIS & CGI mode
//
if (!isset($_SERVER['SCRIPT_NAME'])) {
    if (isset($_SERVER['SCRIPT_FILENAME'])) {
        $_SERVER['SCRIPT_NAME'] = $_SERVER['SCRIPT_FILENAME'];
    } elseif (isset($_SERVER['PATH_TRANSLATED'])) {
        $_SERVER['SCRIPT_NAME'] = $_SERVER['PATH_TRANSLATED'];
    } elseif (isset($_SERVER['PATH_INFO'])) {
        $_SERVER['SCRIPT_NAME'] = $_SERVER['PATH_INFO'];
    } elseif (isset($_SERVER['SCRIPT_URL'])) {
        $_SERVER['SCRIPT_NAME'] = $_SERVER['SCRIPT_URL'];
    }
}

//
// phpMyFAQ exception log
//
$pmfExceptions = [];

/**
 * phpMyFAQ custom error handler function, also to prevent the disclosure of
 * potential sensitive data.
 *
 * @param int    $level    The level of the error raised.
 * @param string $message  The error message.
 * @param string $filename The filename that the error was raised in.
 * @param int    $line     The line number the error was raised at.
 * @param mixed  $context  It optionally contains an array of every variable
 *                         that existed in the scope the error was triggered in.
 *
 * @return boolean|null
 */
function pmf_error_handler($level, $message, $filename, $line, $context)
{
    // Sanity check
    // Note: when DEBUG mode is true we want to track any error!
    if (
        // 1. the @ operator sets the PHP's error_reporting() value to 0
        (!DEBUG && (0 == error_reporting()))
        // 2. Honor the value of PHP's error_reporting() function
        || (!DEBUG && (0 == ($level & error_reporting())))
    ) {
        // Do nothing
        return true;
    }

    // Cleanup potential sensitive data
    $filename = (DEBUG ? $filename : basename($filename));

    $errorTypes = array(
        E_ERROR => 'error',
        E_WARNING => 'warning',
        E_PARSE => 'parse error',
        E_NOTICE => 'notice',
        E_CORE_ERROR => 'code error',
        E_CORE_WARNING => 'core warning',
        E_COMPILE_ERROR => 'compile error',
        E_COMPILE_WARNING => 'compile warning',
        E_USER_ERROR => 'user error',
        E_USER_WARNING => 'user warning',
        E_USER_NOTICE => 'user notice',
        E_STRICT => 'strict warning',
        E_RECOVERABLE_ERROR => 'recoverable error',
        E_DEPRECATED => 'deprecated warning',
        E_USER_DEPRECATED => 'user deprecated warning',
    );
    $errorType = 'unknown error';
    if (isset($errorTypes[$level])) {
        $errorType = $errorTypes[$level];
    }

    // Custom error message
    $errorMessage = sprintf(
        '<br><strong>phpMyFAQ %s</strong> [%s]: %s in <strong>%s</strong> on line <strong>%d</strong><br>',
        $errorType,
        $level,
        $message,
        $filename,
        $line
    );

    if (ini_get('display_errors')) {
        print $errorMessage;
    }
    if (ini_get('log_errors')) {
        error_log(sprintf('phpMyFAQ %s:  %s in %s on line %d',
            $errorType,
            $message,
            $filename,
            $line)
        );
    }

    switch ($level) {
        // Blocking errors
        case E_ERROR:
        case E_PARSE:
        case E_CORE_ERROR:
        case E_COMPILE_ERROR:
        case E_USER_ERROR:
            // Prevent processing any more PHP scripts
            exit();
            break;
        // Not blocking errors
        default:
            break;
    }

    return true;
}


GitHub Access Token became invalid

Issues (421)

Security Analysis not enabled

phpmyfaq/src/Bootstrap.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2
3			/**
4			* Bootstrap phpMyFAQ.
5			*
6			* This Source Code Form is subject to the terms of the Mozilla Public License,
7			* v. 2.0. If a copy of the MPL was not distributed with this file, You can
8			* obtain one at http://mozilla.org/MPL/2.0/.
9			*
10			* @package phpMyFAQ
11			* @author Thorsten Rinne <[email protected]>
12			* @copyright 2012-2019 phpMyFAQ Team
13			* @license http://www.mozilla.org/MPL/2.0/ Mozilla Public License Version 2.0
14			* @link https://www.phpmyfaq.de
15			* @since 2012-03-07
16			*/
17
18			use Composer\Autoload\ClassLoader;
19			use Elasticsearch\ClientBuilder;
20			use phpMyFAQ\Configuration;
21			use phpMyFAQ\Db;
22			use phpMyFAQ\Init;
23			use phpMyFAQ\Exception;
			0 ignored issues – show Bug introduced 2019-02-23 08:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this This use statement conflicts with another class in this namespace, `Exception`. Let’s assume that you have a directory layout like this: . \|-- OtherDir \| \|-- Bar.php \| `-- Foo.php `-- SomeDir `-- Foo.php and let’s assume the following content of `Bar.php`: // Bar.php namespace OtherDir; use SomeDir\Foo; // This now conflicts the class OtherDir\Foo If both files `OtherDir/Foo.php` and `SomeDir/Foo.php` are loaded in the same runtime, you will see a PHP error such as the following: PHP Fatal error: Cannot use SomeDir\Foo as Foo because the name is already in use in OtherDir/Foo.php However, as `OtherDir/Foo.php` does not necessarily have to be loaded and the error is only triggered if it is loaded before `OtherDir/Bar.php`, this problem might go unnoticed for a while. In order to prevent this error from surfacing, you must import the namespace with a different alias: // Bar.php namespace OtherDir; use SomeDir\Foo as SomeDirFoo; // There is no conflict anymore. Loading history...
24
25			//
26			// Debug mode:
27			// - false debug mode disabled
28			// - true debug mode enabled
29			//
30			define('DEBUG', false);
31			if (DEBUG) {
32			ini_set('display_errors', 1);
33			ini_set('display_startup_errors', 1);
34			error_reporting(E_ALL \| E_STRICT);
35			} else {
36			error_reporting(0);
37			}
38
39			if (!defined('IS_VALID_PHPMYFAQ')) {
40			exit();
41			}
42
43			//
44			// Fix the PHP include path if PMF is running under a "strange" PHP configuration
45			//
46			$foundCurrPath = false;
47			$includePaths = explode(PATH_SEPARATOR, ini_get('include_path'));
48			$i = 0;
49			while ((!$foundCurrPath) && ($i < count($includePaths))) {
50			if ('.' == $includePaths[$i]) {
51			$foundCurrPath = true;
52			}
53			++$i;
54			}
55			if (!$foundCurrPath) {
56			ini_set('include_path', '.'.PATH_SEPARATOR.ini_get('include_path'));
57			}
58
59			//
60			// Tweak some PHP configuration values
61			// Warning: be sure the server has enough memory and stack for PHP
62			//
63			ini_set('pcre.backtrack_limit', 100000000);
64			ini_set('pcre.recursion_limit', 100000000);
65
66			//
67			// The root directory
68			//
69			if (!defined('PMF_ROOT_DIR')) {
70			define('PMF_ROOT_DIR', dirname(__DIR__));
71			}
72
73			//
74			// Check if multisite/multisite.php exist for Multisite support
75			//
76			if (file_exists(PMF_ROOT_DIR.'/multisite/multisite.php') && 'cli' !== PHP_SAPI) {
77			require PMF_ROOT_DIR.'/multisite/multisite.php';
78			}
79
80			//
81			// Read configuration and constants
82			//
83			if (!defined('PMF_MULTI_INSTANCE_CONFIG_DIR')) {
84			define('PMF_CONFIG_DIR', PMF_ROOT_DIR.'/config'); // Single instance configuration
85			} else {
86			define('PMF_CONFIG_DIR', PMF_MULTI_INSTANCE_CONFIG_DIR); // Multi instance configuration
87			}
88
89			//
90			// Check if config/database.php exist -> if not, redirect to installer
91			//
92			if (!file_exists(PMF_CONFIG_DIR.'/database.php')) {
93			header('Location: setup/index.php');
94			exit();
95			}
96
97			require PMF_CONFIG_DIR.'/database.php';
98			require PMF_CONFIG_DIR.'/constants.php';
99
100			/*
101			* The /src directory
102			*/
103			define('PMF_SRC_DIR', __DIR__);
104
105			/*
106			* The directory where the translations reside
107			*/
108			define('LANGUAGE_DIR', dirname(__DIR__).'/lang');
109
110			//
111			// Setting up PSR-0 autoloader
112			//
113			require PMF_SRC_DIR.'/libs/autoload.php';
114
115			$loader = new ClassLoader();
116			$loader->add('phpMyFAQ', PMF_SRC_DIR);
117			$loader->addPsr4('Abraham\\TwitterOAuth\\', PMF_SRC_DIR.'/libs/abraham/twitteroauth/src');
118			$loader->register();
119
120			require PMF_SRC_DIR.'/libs/parsedown/Parsedown.php';
121			require PMF_SRC_DIR.'/libs/parsedown/ParsedownExtra.php';
122
123			//
124			// Set the error handler to our pmf_error_handler() function
125			//
126			set_error_handler('pmf_error_handler');
127
128			//
129			// Create a database connection
130			//
131			try {
132			Db::setTablePrefix($DB['prefix']);
133			$db = Db::factory($DB['type']);
134			$db->connect($DB['server'], $DB['user'], $DB['password'], $DB['db']);
135			} catch (Exception $e) {
136			Db::errorPage($e->getMessage());
137			exit(-1);
138			}
139
140			//
141			// Fetch the configuration and add the database connection
142			//
143			$faqConfig = new Configuration($db);
144			$faqConfig->getAll();
145
146			//
147			// We always need a valid session!
148			//
149			ini_set('session.use_only_cookies', 1); // Avoid any PHP version to move sessions on URLs
150			ini_set('session.auto_start', 0); // Prevent error to use session_start() if it's active in php.ini
151			ini_set('session.use_trans_sid', 0);
152			ini_set('url_rewriter.tags', '');
153
154			//
155			// Start the PHP session
156			//
157			Init::cleanRequest();
158			if (defined('PMF_SESSION_SAVE_PATH') && !empty(PMF_SESSION_SAVE_PATH)) {
159			session_save_path(PMF_SESSION_SAVE_PATH);
160			}
161			session_start();
162
163			//
164			// Connect to LDAP server, when LDAP support is enabled
165			//
166			if ($faqConfig->get('ldap.ldapSupport') && file_exists(PMF_CONFIG_DIR.'/ldap.php') && extension_loaded('ldap')) {
167			require PMF_CONFIG_DIR.'/ldap.php';
168			$faqConfig->setLdapConfig($PMF_LDAP);
169			} else {
170			$ldap = null;
171			}
172			//
173			// Connect to Elasticsearch if enabled
174			//
175			if ($faqConfig->get('search.enableElasticsearch') && file_exists(PMF_CONFIG_DIR.'/elasticsearch.php')) {
176
177			require PMF_CONFIG_DIR.'/elasticsearch.php';
178			require PMF_CONFIG_DIR.'/constants_elasticsearch.php';
179
180			$psr4Loader = new ClassLoader();
181			$psr4Loader->addPsr4('Elasticsearch\\', PMF_SRC_DIR.'/libs/elasticsearch/src/Elasticsearch');
182			$psr4Loader->addPsr4('GuzzleHttp\\Ring\\', PMF_SRC_DIR.'/libs/guzzlehttp/ringphp/src');
183			$psr4Loader->addPsr4('Monolog\\', PMF_SRC_DIR.'/libs/monolog/src/Monolog');
184			$psr4Loader->addPsr4('Psr\\', PMF_SRC_DIR.'/libs/psr/log/Psr');
185			$psr4Loader->addPsr4('React\\Promise\\', PMF_SRC_DIR.'/libs/react/promise/src');
186			$psr4Loader->register();
187
188			$esClient = ClientBuilder::create()
189			->setHosts($PMF_ES['hosts'])
190			->build();
191
192			$faqConfig->setElasticsearch($esClient);
193			$faqConfig->setElasticsearchConfig($PMF_ES);
194			}
195
196			//
197			// Build attachments path
198			//
199			$confAttachmentsPath = trim($faqConfig->get('records.attachmentsPath'));
200			if ('/' == $confAttachmentsPath[0] \|\| preg_match('%^[a-z]:(\\\\\|/)%i', $confAttachmentsPath)) {
201			// If we're here, some windows or unix style absolute path was detected.
202			define('PMF_ATTACHMENTS_DIR', $confAttachmentsPath);
203			} else {
204			// otherwise build the absolute path
205			$tmp = dirname(__DIR__).DIRECTORY_SEPARATOR.$confAttachmentsPath;
206
207			// Check that nobody is traversing
208			if (0 === strpos((string)$tmp, dirname(__DIR__))) {
209			define('PMF_ATTACHMENTS_DIR', $tmp);
210			} else {
211			define('PMF_ATTACHMENTS_DIR', false);
212			}
213			}
214
215			//
216			// Fix if phpMyFAQ is running behind a proxy server
217			//
218			if (!isset($_SERVER['HTTP_HOST'])) {
219			if (isset($_SERVER['HTTP_X_FORWARDED_SERVER'])) {
220			$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_SERVER'];
221			} else {
222			$_SERVER['HTTP_HOST'] = $_SERVER['HTTP_X_FORWARDED_HOST'];
223			};
224			}
225
226			//
227			// Fix undefined server variables in Windows IIS & CGI mode
228			//
229			if (!isset($_SERVER['SCRIPT_NAME'])) {
230			if (isset($_SERVER['SCRIPT_FILENAME'])) {
231			$_SERVER['SCRIPT_NAME'] = $_SERVER['SCRIPT_FILENAME'];
232			} elseif (isset($_SERVER['PATH_TRANSLATED'])) {
233			$_SERVER['SCRIPT_NAME'] = $_SERVER['PATH_TRANSLATED'];
234			} elseif (isset($_SERVER['PATH_INFO'])) {
235			$_SERVER['SCRIPT_NAME'] = $_SERVER['PATH_INFO'];
236			} elseif (isset($_SERVER['SCRIPT_URL'])) {
237			$_SERVER['SCRIPT_NAME'] = $_SERVER['SCRIPT_URL'];
238			}
239			}
240
241			//
242			// phpMyFAQ exception log
243			//
244			$pmfExceptions = [];
245
246			/**
247			* phpMyFAQ custom error handler function, also to prevent the disclosure of
248			* potential sensitive data.
249			*
250			* @param int $level The level of the error raised.
251			* @param string $message The error message.
252			* @param string $filename The filename that the error was raised in.
253			* @param int $line The line number the error was raised at.
254			* @param mixed $context It optionally contains an array of every variable
255			* that existed in the scope the error was triggered in.
256			*
257			* @return boolean\|null
258			*/
259			function pmf_error_handler($level, $message, $filename, $line, $context)
260			{
261			// Sanity check
262			// Note: when DEBUG mode is true we want to track any error!
263			if (
264			// 1. the @ operator sets the PHP's error_reporting() value to 0
265			(!DEBUG && (0 == error_reporting()))
266			// 2. Honor the value of PHP's error_reporting() function
267			\|\| (!DEBUG && (0 == ($level & error_reporting())))
268			) {
269			// Do nothing
270			return true;
271			}
272
273			// Cleanup potential sensitive data
274			$filename = (DEBUG ? $filename : basename($filename));
275
276			$errorTypes = array(
277			E_ERROR => 'error',
278			E_WARNING => 'warning',
279			E_PARSE => 'parse error',
280			E_NOTICE => 'notice',
281			E_CORE_ERROR => 'code error',
282			E_CORE_WARNING => 'core warning',
283			E_COMPILE_ERROR => 'compile error',
284			E_COMPILE_WARNING => 'compile warning',
285			E_USER_ERROR => 'user error',
286			E_USER_WARNING => 'user warning',
287			E_USER_NOTICE => 'user notice',
288			E_STRICT => 'strict warning',
289			E_RECOVERABLE_ERROR => 'recoverable error',
290			E_DEPRECATED => 'deprecated warning',
291			E_USER_DEPRECATED => 'user deprecated warning',
292			);
293			$errorType = 'unknown error';
294			if (isset($errorTypes[$level])) {
295			$errorType = $errorTypes[$level];
296			}
297
298			// Custom error message
299			$errorMessage = sprintf(
300			'<br><strong>phpMyFAQ %s</strong> [%s]: %s in <strong>%s</strong> on line <strong>%d</strong><br>',
301			$errorType,
302			$level,
303			$message,
304			$filename,
305			$line
306			);
307
308			if (ini_get('display_errors')) {
309			print $errorMessage;
310			}
311			if (ini_get('log_errors')) {
312			error_log(sprintf('phpMyFAQ %s: %s in %s on line %d',
313			$errorType,
314			$message,
315			$filename,
316			$line)
317			);
318			}
319
320			switch ($level) {
321			// Blocking errors
322			case E_ERROR:
323			case E_PARSE:
324			case E_CORE_ERROR:
325			case E_COMPILE_ERROR:
326			case E_USER_ERROR:
327			// Prevent processing any more PHP scripts
328			exit();
329			break;
330			// Not blocking errors
331			default:
332			break;
333			}
334
335			return true;
336			}
337

thorsten / phpMyFAQ

GitHub Access Token became invalid

Issues (421)

Security Analysis not enabled

phpmyfaq/src/Bootstrap.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like