Issues in helper0.php (master) - Issues in master - txmodxoops/tdmcreate - Measure and Improve Code Quality continuously with Scrutinizer

Issues (964)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/helper0.php (1 issue)

Severity

<?php

/*
 You may not change or alter any portion of this comment or credits
 of supporting developers from this source code or any supporting source code
 which is considered copyrighted (c) material of the original comment or credit authors.

 This program is distributed in the hope that it will be useful,
 but WITHOUT ANY WARRANTY; without even the implied warranty of
 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
 */

/**
 * tdmcreate module.
 *
 * @copyright       XOOPS Project (https://xoops.org)
 * @license         GNU GPL 2 (http://www.gnu.org/licenses/old-licenses/gpl-2.0.html)
 *
 * @since           2.5.0
 *
 * @author          trabis <[email protected]>
 *
 */

/**
 * Class TDMCreateHelper.
 */
class TDMCreateHelper
{
    /**
     * @var string
     */
    private $dirname;
    /**
     * @var string
     */
    private $module;
    /**
     * @var string
     */
    private $handler;
    /**
     * @var string
     */
    private $config;
    /**
     * @var string
     */
    private $debug;
    /*
    *  @protected function constructor class
    *  @param mixed $debug
    */

    /**
     * @param $debug
     */
    public function __construct($debug)
    {
        $this->debug   = $debug;
        $this->dirname = basename(dirname(__DIR__));
    }

    /*
    *  @static function getInstance
    *  @param mixed $debug
    */

    /**
     * @param bool $debug
     *
     * @return bool|\TDMCreateHelper
     */
    public static function getInstance($debug = false)
    {
        static $instance = false;
        if (!$instance) {
            $instance = new self($debug);
        }

        return $instance;
    }

    /*
    *  @static function getModule
    *  @param null
    */

    /**
     * @return string
     */
    public function &getModule()
    {
        if (null === $this->module) {
            $this->initModule();
        }

        return $this->module;
    }

    /*
    *  @static function getConfig
    *  @param string $name
    */

    /**
     * @param null $name
     *
     * @return null|string
     */
    public function getConfig($name = null)
    {
        if (null === $this->config) {
            $this->initConfig();
        }
        if (!$name) {

            $this->addLog('Getting all config');

            return $this->config;
        }
        if (!isset($this->config[$name])) {
            $this->addLog("ERROR :: CONFIG '{$name}' does not exist");

            return false;
        }
        $this->addLog("Getting config '{$name}' : " . $this->config[$name]);

        return $this->config[$name];
    }

    /*
    *  @static function setConfig
    *  @param string $name
    *  @param mixed $value
    */

    /**
     * @param null $name
     * @param null $value
     *
     * @return mixed
     */
    public function setConfig($name = null, $value = null)
    {
        if (null === $this->config) {
            $this->initConfig();
        }
        $this->config[$name] = $value;
        $this->addLog("Setting config '{$name}' : " . $this->config[$name]);

        return $this->config[$name];
    }

    /*
    *  @static function getHandler
    *  @param string $name
    */

    /**
     * @param $name
     *
     * @return mixed
     */
    public function &getHandler($name)
    {
        if (!isset($this->handler[$name . 'Handler'])) {
            $this->initHandler($name);
        }
        $this->addLog("Getting handler '{$name}'");

        return $this->handler[$name . 'Handler'];
    }

    /*
    *  @static function initModule
    *  @param null
    */
    public function initModule()
    {
        global $xoopsModule;
        if (isset($xoopsModule) && is_object($xoopsModule) && $xoopsModule->getVar('dirname') == $this->dirname) {
            $this->module = $xoopsModule;
        } else {
            $hModule      = xoops_getHandler('module');
            $this->module = $hModule->getByDirname($this->dirname);
        }
        $this->addLog('INIT MODULE');
    }

    /*
    *  @static function initConfig
    *  @param null
    */
    public function initConfig()
    {
        $this->addLog('INIT CONFIG');
        $hModConfig   = xoops_getHandler('config');
        $this->config = $hModConfig->getConfigsByCat(0, $this->getModule()->getVar('mid'));
    }

    /*
    *  @static function initHandler
    *  @param string $name
    */

    /**
     * @param $name
     */
    public function initHandler($name)
    {
        $this->addLog('INIT ' . $name . ' HANDLER');
        $this->handler[$name . 'Handler'] = xoops_getModuleHandler($name, $this->dirname);
    }

    /*
    *  @static function addLog
    *  @param string $log
    */

    /**
     * @param $log
     */
    public function addLog($log)
    {
        if ($this->debug && is_object($GLOBALS['xoopsLogger'])) {
            $GLOBALS['xoopsLogger']->addExtra($this->module->name(), $log);
        }
    }
}


1			<?php
2
3			/*
4			You may not change or alter any portion of this comment or credits
5			of supporting developers from this source code or any supporting source code
6			which is considered copyrighted (c) material of the original comment or credit authors.
7
8			This program is distributed in the hope that it will be useful,
9			but WITHOUT ANY WARRANTY; without even the implied warranty of
10			MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
11			*/
12
13			/**
14			* tdmcreate module.
15			*
16			* @copyright XOOPS Project (https://xoops.org)
17			* @license GNU GPL 2 (http://www.gnu.org/licenses/old-licenses/gpl-2.0.html)
18			*
19			* @since 2.5.0
20			*
21			* @author trabis <[email protected]>
22			*
23			*/
24
25			/**
26			* Class TDMCreateHelper.
27			*/
28			class TDMCreateHelper
29			{
30			/**
31			* @var string
32			*/
33			private $dirname;
34			/**
35			* @var string
36			*/
37			private $module;
38			/**
39			* @var string
40			*/
41			private $handler;
42			/**
43			* @var string
44			*/
45			private $config;
46			/**
47			* @var string
48			*/
49			private $debug;
50			/*
51			* @protected function constructor class
52			* @param mixed $debug
53			*/
54
55			/**
56			* @param $debug
57			*/
58			public function __construct($debug)
59			{
60			$this->debug = $debug;
61			$this->dirname = basename(dirname(__DIR__));
62			}
63
64			/*
65			* @static function getInstance
66			* @param mixed $debug
67			*/
68
69			/**
70			* @param bool $debug
71			*
72			* @return bool\|\TDMCreateHelper
73			*/
74			public static function getInstance($debug = false)
75			{
76			static $instance = false;
77			if (!$instance) {
78			$instance = new self($debug);
79			}
80
81			return $instance;
82			}
83
84			/*
85			* @static function getModule
86			* @param null
87			*/
88
89			/**
90			* @return string
91			*/
92			public function &getModule()
93			{
94			if (null === $this->module) {
95			$this->initModule();
96			}
97
98			return $this->module;
99			}
100
101			/*
102			* @static function getConfig
103			* @param string $name
104			*/
105
106			/**
107			* @param null $name
108			*
109			* @return null\|string
110			*/
111			public function getConfig($name = null)
112			{
113			if (null === $this->config) {
114			$this->initConfig();
115			}
116			if (!$name) {
			0 ignored issues – show introduced 2020-01-02 04:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$name` is of type `null`, thus it always evaluated to `false`. Loading history...
117			$this->addLog('Getting all config');
118
119			return $this->config;
120			}
121			if (!isset($this->config[$name])) {
122			$this->addLog("ERROR :: CONFIG '{$name}' does not exist");
123
124			return false;
125			}
126			$this->addLog("Getting config '{$name}' : " . $this->config[$name]);
127
128			return $this->config[$name];
129			}
130
131			/*
132			* @static function setConfig
133			* @param string $name
134			* @param mixed $value
135			*/
136
137			/**
138			* @param null $name
139			* @param null $value
140			*
141			* @return mixed
142			*/
143			public function setConfig($name = null, $value = null)
144			{
145			if (null === $this->config) {
146			$this->initConfig();
147			}
148			$this->config[$name] = $value;
149			$this->addLog("Setting config '{$name}' : " . $this->config[$name]);
150
151			return $this->config[$name];
152			}
153
154			/*
155			* @static function getHandler
156			* @param string $name
157			*/
158
159			/**
160			* @param $name
161			*
162			* @return mixed
163			*/
164			public function &getHandler($name)
165			{
166			if (!isset($this->handler[$name . 'Handler'])) {
167			$this->initHandler($name);
168			}
169			$this->addLog("Getting handler '{$name}'");
170
171			return $this->handler[$name . 'Handler'];
172			}
173
174			/*
175			* @static function initModule
176			* @param null
177			*/
178			public function initModule()
179			{
180			global $xoopsModule;
181			if (isset($xoopsModule) && is_object($xoopsModule) && $xoopsModule->getVar('dirname') == $this->dirname) {
182			$this->module = $xoopsModule;
183			} else {
184			$hModule = xoops_getHandler('module');
185			$this->module = $hModule->getByDirname($this->dirname);
186			}
187			$this->addLog('INIT MODULE');
188			}
189
190			/*
191			* @static function initConfig
192			* @param null
193			*/
194			public function initConfig()
195			{
196			$this->addLog('INIT CONFIG');
197			$hModConfig = xoops_getHandler('config');
198			$this->config = $hModConfig->getConfigsByCat(0, $this->getModule()->getVar('mid'));
199			}
200
201			/*
202			* @static function initHandler
203			* @param string $name
204			*/
205
206			/**
207			* @param $name
208			*/
209			public function initHandler($name)
210			{
211			$this->addLog('INIT ' . $name . ' HANDLER');
212			$this->handler[$name . 'Handler'] = xoops_getModuleHandler($name, $this->dirname);
213			}
214
215			/*
216			* @static function addLog
217			* @param string $log
218			*/
219
220			/**
221			* @param $log
222			*/
223			public function addLog($log)
224			{
225			if ($this->debug && is_object($GLOBALS['xoopsLogger'])) {
226			$GLOBALS['xoopsLogger']->addExtra($this->module->name(), $log);
227			}
228			}
229			}
230

txmodxoops / tdmcreate

Issues (964)

Security Analysis not enabled

class/helper0.php (1 issue)

Severity

Introduced By

Duplication Side-by-Side

Filter issues like