Issues in upload.php (master) - Issues in master - typicalname0/4grounds - Measure and Improve Code Quality continuously with Scrutinizer

Issues (20)

func/upload.php (7 issues)

Labels

Severity

Minor 7

<?php
return function($type, $allowedFileTypes, $conn) {
    if(isset($_SESSION['user'])) {
        $fileType = strtolower(pathinfo($_FILES["fileToUpload"]["name"], PATHINFO_EXTENSION));
        $target_dir = __DIR__ . "/../dynamic/" . $type . "/";
        $target_name = md5_file($_FILES["fileToUpload"]["tmp_name"]) . "." . $fileType;
        $target_file = $target_dir . $target_name;
        $uploadOk = true;
        $movedFile = 0;
        
    
        if (file_exists($target_file)) {
            $movedFile = true;
        } else {
            $movedFile = move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file);
        }

        if(!in_array($fileType, $allowedFileTypes)) {
            echo 'unsupported file type. must be one of ' . join(", ", $allowedFileTypes) . '<hr>';
            $uploadOk = false;
        }

        if ($uploadOk) {
            if ($movedFile) {
                $stmt = $conn->prepare("INSERT INTO files (type, title, extrainfo, author, filename) VALUES (?, ?, ?, ?, ?)");
                $stmt->bind_param("sssss", $type, $title, $description, $_SESSION['user'], $filename);

    
                $filename = htmlspecialchars($target_name);

                $title = htmlspecialchars($_POST['title']);

                $description = htmlspecialchars($_POST['description']);
                $description = str_replace(PHP_EOL, "<br>", $description);

    
                $stmt->execute();
                $stmt->close();
            } else {
                echo 'fatal error<hr>';
            }
        }
    } else {
        echo "You aren't logged in.";
    }
}

?>


1			<?php
2			return function($type, $allowedFileTypes, $conn) {
3			if(isset($_SESSION['user'])) {
4			$fileType = strtolower(pathinfo($_FILES["fileToUpload"]["name"], PATHINFO_EXTENSION));
5			$target_dir = __DIR__ . "/../dynamic/" . $type . "/";
6			$target_name = md5_file($_FILES["fileToUpload"]["tmp_name"]) . "." . $fileType;
7			$target_file = $target_dir . $target_name;
8			$uploadOk = true;
9			$movedFile = 0;
10
11
12			if (file_exists($target_file)) {
13			$movedFile = true;
14			} else {
15			$movedFile = move_uploaded_file($_FILES["fileToUpload"]["tmp_name"], $target_file);
16			}
17
18			if(!in_array($fileType, $allowedFileTypes)) {
19			echo 'unsupported file type. must be one of ' . join(", ", $allowedFileTypes) . '<hr>';
20			$uploadOk = false;
21			}
22
23			if ($uploadOk) {
24			if ($movedFile) {
25			$stmt = $conn->prepare("INSERT INTO files (type, title, extrainfo, author, filename) VALUES (?, ?, ?, ?, ?)");
26			$stmt->bind_param("sssss", $type, $title, $description, $_SESSION['user'], $filename);
			0 ignored issues – show Comprehensibility Best Practice introduced 2020-08-16 04:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$title` seems to be never defined. Loading history... Comprehensibility Best Practice introduced 2020-08-16 04:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$description` seems to be never defined. Loading history... Comprehensibility Best Practice introduced 2020-08-16 04:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$filename` seems to be never defined. Loading history...
27
28			$filename = htmlspecialchars($target_name);
			0 ignored issues – show Unused Code introduced 2020-08-16 04:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$filename` is dead and can be removed. Loading history...
29			$title = htmlspecialchars($_POST['title']);
			0 ignored issues – show Unused Code introduced 2020-08-16 04:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$title` is dead and can be removed. Loading history...
30			$description = htmlspecialchars($_POST['description']);
31			$description = str_replace(PHP_EOL, "<br>", $description);
			0 ignored issues – show Unused Code introduced 2020-08-16 04:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$description` is dead and can be removed. Loading history...
32
33			$stmt->execute();
34			$stmt->close();
35			} else {
36			echo 'fatal error<hr>';
37			}
38			}
39			} else {
40			echo "You aren't logged in.";
41			}
42			}
43
44			?>
			0 ignored issues – show Best Practice introduced 2020-08-16 04:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is not recommended to use PHP's closing tag `?>` in files other than templates. Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore. A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever. Loading history...

typicalname0 / 4grounds

Issues (20)

func/upload.php (7 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like