Issues in PoiApi.php (master) - Issues in master - tianye/WechatMpSDK - Measure and Improve Code Quality continuously with Scrutinizer

Issues (233)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/API/PoiApi.php (4 issues)

Labels

Duplication 4

Severity

Informational 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Wechat\API;

/**
 * 门店相关接口.
 *
 * @author Tian.
 */
class PoiApi extends BaseApi
{
    /**
     * 创建门店
     *
     * @param  array $base_info 基本信息
     *
     * 必填:
     * $base_info ->business_name     门店名称（仅为商户名，如：国美、麦当劳，不应包含地区、地址、分店名等信息，错误示例：北京国美
     * $base_info ->branch_name       分店名称（不应包含地区信息，不应与门店名有重复，错误示例：北京王府井店
     * $base_info ->province          门店所在的省份（直辖市填城市名,如：北京市）
     * $base_info ->city              门店所在的城市
     * $base_info ->district          门店所在地区
     * $base_info ->address           门店所在的详细街道地址（不要填写省市信息
     * $base_info ->telephone         门店的电话（纯数字，区号、分机号均由“-”隔开）
     * $base_info ->categories        门店的类型（不同级分类用“,”隔开，如：美食，川菜，火锅。详细分类参见附件：微信门店类目表）
     * $base_info ->offset_type       坐标类型，1 为火星坐标（目前只能选1）
     * $base_info ->longitude         门店所在地理位置的经度
     * $base_info ->latitude          门店所在地理位置的纬度（经纬度均为火星坐标，最好选用腾讯地图标记的坐标
     *
     * 非必填:
     * $base_info ->photo_list        图片列表，url 形式，可以有多张图片，尺寸为
     * $base_info ->special           特色服务，如免费wifi，免费停车，送货上门等商户能提供的特色功能或服务
     * $base_info ->open_time         营业时间，24 小时制表示，用“-”连接，如 8:00-20:00
     * $base_info ->avg_price         人均价格，大于0 的整数
     * $base_info ->sid               商户自己的id，用于后续审核通过收到poi_id 的通知时，做对应关系。请商户自己保证唯一识别性
     * $base_info ->introduction      商户简介，主要介绍商户信息等
     * $base_info ->recommend         推荐品，餐厅可为推荐菜；酒店为推荐套房；景点为推荐游玩景点等，针对自己行业的推荐内容
     *
     * @return bool|array
     */
    public function addpoi($base_info = [])

    {
        if (empty($base_info) || !is_array($base_info)) {
            $this->setError('参数错误');

            return false;
        }

        $queryStr                          = [];
        $queryStr['business']['base_info'] = $base_info;

        $res = $this->_post('addpoi', $queryStr);

        return $res;
    }

    /**
     * 查询门店信息
     *
     * @param  int $poi_id 创建门店后获取poi_id
     *
     * @return bool|array
     */
    public function getpoi($poi_id)

    {
        if (empty($poi_id) || !is_numeric($poi_id)) {
            $this->setError('参数错误');

            return false;
        }

        $queryStr           = [];
        $queryStr['poi_id'] = $poi_id;

        $res = $this->_post('getpoi', $queryStr);

        return $res;
    }

    /**
     * 查询门店列表
     *
     * @param  integer $begin 开始位置，0 即为从第一条开始查询
     * @param  integer $limit 返回数据条数，最大允许50，默认为20
     *
     * @return  bool|array
     */
    public function getpoilist($begin = 0, $limit = 20)
    {
        if (!is_numeric($begin) || $begin < 0 || !is_numeric($limit) || $limit > 50 || $limit < 0) {
            $this->setError('参数错误');

            return false;
        }

        $queryStr          = [];
        $queryStr['begin'] = $begin;
        $queryStr['limit'] = $limit;

        $res = $this->_post('getpoilist', $queryStr);

        return $res;
    }

    /**
     * 修改门店服务信息
     *
     * @param  array $base_info 基本信息
     *
     * @return  bool|array
     */
    public function updatepoi($base_info = [])

    {
        if (empty($base_info) || !is_array($base_info) || empty($base_info['poi_id'])) {
            $this->setError('参数错误');

            return false;
        }

        $queryStr                          = [];
        $queryStr['business']['base_info'] = $base_info;

        $res = $this->_post('updatepoi', $queryStr);

        return $res;
    }

    /**
     * 删除门店
     *
     * @param  int $poi_id 创建门店后获取poi_id
     *
     * @return bool|array
     */
    public function delpoi($poi_id)

    {
        if (empty($poi_id) || !is_numeric($poi_id)) {
            $this->setError('参数错误');

            return false;
        }

        $queryStr           = [];
        $queryStr['poi_id'] = $poi_id;

        $res = $this->_post('delpoi', $queryStr);

        return $res;
    }

    /**
     * 门店类目表
     *
     * @return array
     */
    public function getwxcategory()
    {
        $queryStr = [];

        $res = $this->_get('getwxcategory', $queryStr);

        return $res;
    }
}


1		<?php
2		namespace Wechat\API;
3
4		/**
5		* 门店相关接口.
6		*
7		* @author Tian.
8		*/
9		class PoiApi extends BaseApi
10		{
11		/**
12		* 创建门店
13		*
14		* @param array $base_info 基本信息
15		*
16		* 必填:
17		* $base_info ->business_name 门店名称（仅为商户名，如：国美、麦当劳，不应包含地区、地址、分店名等信息，错误示例：北京国美
18		* $base_info ->branch_name 分店名称（不应包含地区信息，不应与门店名有重复，错误示例：北京王府井店
19		* $base_info ->province 门店所在的省份（直辖市填城市名,如：北京市）
20		* $base_info ->city 门店所在的城市
21		* $base_info ->district 门店所在地区
22		* $base_info ->address 门店所在的详细街道地址（不要填写省市信息
23		* $base_info ->telephone 门店的电话（纯数字，区号、分机号均由“-”隔开）
24		* $base_info ->categories 门店的类型（不同级分类用“,”隔开，如：美食，川菜，火锅。详细分类参见附件：微信门店类目表）
25		* $base_info ->offset_type 坐标类型，1 为火星坐标（目前只能选1）
26		* $base_info ->longitude 门店所在地理位置的经度
27		* $base_info ->latitude 门店所在地理位置的纬度（经纬度均为火星坐标，最好选用腾讯地图标记的坐标
28		*
29		* 非必填:
30		* $base_info ->photo_list 图片列表，url 形式，可以有多张图片，尺寸为
31		* $base_info ->special 特色服务，如免费wifi，免费停车，送货上门等商户能提供的特色功能或服务
32		* $base_info ->open_time 营业时间，24 小时制表示，用“-”连接，如 8:00-20:00
33		* $base_info ->avg_price 人均价格，大于0 的整数
34		* $base_info ->sid 商户自己的id，用于后续审核通过收到poi_id 的通知时，做对应关系。请商户自己保证唯一识别性
35		* $base_info ->introduction 商户简介，主要介绍商户信息等
36		* $base_info ->recommend 推荐品，餐厅可为推荐菜；酒店为推荐套房；景点为推荐游玩景点等，针对自己行业的推荐内容
37		*
38		* @return bool\|array
39		*/
40	View Code Duplication	public function addpoi($base_info = [])
		0 ignored issues – show Duplication introduced 2017-08-29 08:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
41		{
42		if (empty($base_info) \|\| !is_array($base_info)) {
43		$this->setError('参数错误');
44
45		return false;
46		}
47
48		$queryStr = [];
49		$queryStr['business']['base_info'] = $base_info;
50
51		$res = $this->_post('addpoi', $queryStr);
52
53		return $res;
54		}
55
56		/**
57		* 查询门店信息
58		*
59		* @param int $poi_id 创建门店后获取poi_id
60		*
61		* @return bool\|array
62		*/
63	View Code Duplication	public function getpoi($poi_id)
		0 ignored issues – show Duplication introduced 2017-08-29 08:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
64		{
65		if (empty($poi_id) \|\| !is_numeric($poi_id)) {
66		$this->setError('参数错误');
67
68		return false;
69		}
70
71		$queryStr = [];
72		$queryStr['poi_id'] = $poi_id;
73
74		$res = $this->_post('getpoi', $queryStr);
75
76		return $res;
77		}
78
79		/**
80		* 查询门店列表
81		*
82		* @param integer $begin 开始位置，0 即为从第一条开始查询
83		* @param integer $limit 返回数据条数，最大允许50，默认为20
84		*
85		* @return bool\|array
86		*/
87		public function getpoilist($begin = 0, $limit = 20)
88		{
89		if (!is_numeric($begin) \|\| $begin < 0 \|\| !is_numeric($limit) \|\| $limit > 50 \|\| $limit < 0) {
90		$this->setError('参数错误');
91
92		return false;
93		}
94
95		$queryStr = [];
96		$queryStr['begin'] = $begin;
97		$queryStr['limit'] = $limit;
98
99		$res = $this->_post('getpoilist', $queryStr);
100
101		return $res;
102		}
103
104		/**
105		* 修改门店服务信息
106		*
107		* @param array $base_info 基本信息
108		*
109		* @return bool\|array
110		*/
111	View Code Duplication	public function updatepoi($base_info = [])
		0 ignored issues – show Duplication introduced 2017-08-29 08:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
112		{
113		if (empty($base_info) \|\| !is_array($base_info) \|\| empty($base_info['poi_id'])) {
114		$this->setError('参数错误');
115
116		return false;
117		}
118
119		$queryStr = [];
120		$queryStr['business']['base_info'] = $base_info;
121
122		$res = $this->_post('updatepoi', $queryStr);
123
124		return $res;
125		}
126
127		/**
128		* 删除门店
129		*
130		* @param int $poi_id 创建门店后获取poi_id
131		*
132		* @return bool\|array
133		*/
134	View Code Duplication	public function delpoi($poi_id)
		0 ignored issues – show Duplication introduced 2017-08-29 08:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
135		{
136		if (empty($poi_id) \|\| !is_numeric($poi_id)) {
137		$this->setError('参数错误');
138
139		return false;
140		}
141
142		$queryStr = [];
143		$queryStr['poi_id'] = $poi_id;
144
145		$res = $this->_post('delpoi', $queryStr);
146
147		return $res;
148		}
149
150		/**
151		* 门店类目表
152		*
153		* @return array
154		*/
155		public function getwxcategory()
156		{
157		$queryStr = [];
158
159		$res = $this->_get('getwxcategory', $queryStr);
160
161		return $res;
162		}
163		}
164

tianye / WechatMpSDK

Issues (233)

Security Analysis not enabled

src/API/PoiApi.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like