Issues in Captcha.php (master) - Issues in master - vijinho/kohana2-legacy - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1240)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

system/libraries/drivers/Captcha.php (16 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php defined('SYSPATH') or die('No direct access allowed.');
/**
 * Captcha driver class.
 *
 * $Id: Captcha.php 3769 2008-12-15 00:48:56Z zombor $
 *
 * @package    Captcha
 * @author     Kohana Team
 * @copyright  (c) 2007-2008 Kohana Team
 * @license    http://kohanaphp.com/license.html
 */
abstract class Captcha_Driver
{

    // The correct Captcha challenge answer
    protected $response;

    // Image resource identifier and type ("png", "gif" or "jpeg")
    protected $image;
    protected $image_type = 'png';

    /**
     * Constructs a new challenge.
     *
     * @return  void

     */
    public function __construct()
    {
        // Generate a new challenge
        $this->response = $this->generate_challenge();

        // Store the correct Captcha response in a session
        Event::add('system.post_controller', array($this, 'update_response_session'));
    }

    /**
     * Generate a new Captcha challenge.
     *
     * @return  string  the challenge answer
     */
    abstract public function generate_challenge();

    /**
     * Output the Captcha challenge.
     *
     * @param   boolean  html output
     * @return  mixed    the rendered Captcha (e.g. an image, riddle, etc.)
     */
    abstract public function render($html);

    /**
     * Stores the response for the current Captcha challenge in a session so it is available
     * on the next page load for Captcha::valid(). This method is called after controller
     * execution (in the system.post_controller event) in order not to overwrite itself too soon.
     *
     * @return  void
     */
    public function update_response_session()
    {
        Session::instance()->set('captcha_response', sha1(strtoupper($this->response)));
    }

    /**
     * Validates a Captcha response from a user.
     *
     * @param   string   captcha response
     * @return  boolean
     */
    public function valid($response)
    {
        return (sha1(strtoupper($response)) === Session::instance()->get('captcha_response'));
    }

    /**
     * Returns the image type.
     *
     * @param   string        filename
     * @return  string|FALSE  image type ("png", "gif" or "jpeg")
     */
    public function image_type($filename)
    {
        switch (strtolower(substr(strrchr($filename, '.'), 1))) {
            case 'png':
                return 'png';

            case 'gif':
                return 'gif';

            case 'jpg':
            case 'jpeg':
                // Return "jpeg" and not "jpg" because of the GD2 function names
                return 'jpeg';

            default:
                return false;
        }
    }

    /**
     * Creates an image resource with the dimensions specified in config.
     * If a background image is supplied, the image dimensions are used.
     *
     * @throws  Kohana_Exception  if no GD2 support
     * @param   string  path to the background image file
     * @return  void
     */
    public function image_create($background = null)
    {
        // Check for GD2 support
        if (! function_exists('imagegd2')) {
            throw new Kohana_Exception('captcha.requires_GD2');
        }

        // Create a new image (black)
        $this->image = imagecreatetruecolor(Captcha::$config['width'], Captcha::$config['height']);

        // Use a background image
        if (! empty($background)) {
            // Create the image using the right function for the filetype
            $function = 'imagecreatefrom'.$this->image_type($background);
            $this->background_image = $function($background);
class MyClass { }

$x = new MyClass();
$x->foo = true;

            // Resize the image if needed
            if (imagesx($this->background_image) !== Captcha::$config['width']
                or imagesy($this->background_image) !== Captcha::$config['height']) {
                imagecopyresampled(
                    $this->image, $this->background_image, 0, 0, 0, 0,
                    Captcha::$config['width'], Captcha::$config['height'],
                    imagesx($this->background_image), imagesy($this->background_image)
                );
            }

            // Free up resources
            imagedestroy($this->background_image);
        }
    }

    /**
     * Fills the background with a gradient.
     *
     * @param   resource  gd image color identifier for start color
     * @param   resource  gd image color identifier for end color
     * @param   string    direction: 'horizontal' or 'vertical', 'random' by default
     * @param integer $color1
     * @param integer $color2
     * @return  void
     */
    public function image_gradient($color1, $color2, $direction = null)
    {
        $directions = array('horizontal', 'vertical');

        // Pick a random direction if needed
        if (! in_array($direction, $directions)) {
            $direction = $directions[array_rand($directions)];

            // Switch colors
            if (mt_rand(0, 1) === 1) {
                $temp = $color1;
                $color1 = $color2;
                $color2 = $temp;
            }
        }

        // Extract RGB values
        $color1 = imagecolorsforindex($this->image, $color1);
        $color2 = imagecolorsforindex($this->image, $color2);

        // Preparations for the gradient loop
        $steps = ($direction === 'horizontal') ? Captcha::$config['width'] : Captcha::$config['height'];

        $r1 = ($color1['red'] - $color2['red']) / $steps;

        $g1 = ($color1['green'] - $color2['green']) / $steps;

        $b1 = ($color1['blue'] - $color2['blue']) / $steps;


        if ($direction === 'horizontal') {
            $x1 =& $i;
function someFunction() {
    $x = 5;
    echo $x;
}
            $y1 = 0;

            $x2 =& $i;
function someFunction() {
    $x = 5;
    echo $x;
}
            $y2 = Captcha::$config['height'];

        } else {
            $x1 = 0;
            $y1 =& $i;
function someFunction() {
    $x = 5;
    echo $x;
}
            $x2 = Captcha::$config['width'];
            $y2 =& $i;
function someFunction() {
    $x = 5;
    echo $x;
}
        }

        // Execute the gradient loop
        for ($i = 0; $i <= $steps; $i++) {
            $r2 = $color1['red'] - floor($i * $r1);

            $g2 = $color1['green'] - floor($i * $g1);

            $b2 = $color1['blue'] - floor($i * $b1);

            $color = imagecolorallocate($this->image, $r2, $g2, $b2);

            imageline($this->image, $x1, $y1, $x2, $y2, $color);
        }
    }

    /**
     * Returns the img html element or outputs the image to the browser.
     *
     * @param   boolean  html output
     * @return  string|null    html string or void
     */
    public function image_render($html)
    {
        // Output html element
        if ($html) {
            return '<img alt="Captcha" src="'.url::site('captcha/'.Captcha::$config['group']).'" width="'.Captcha::$config['width'].'" height="'.Captcha::$config['height'].'" />';
        }

        // Send the correct HTTP header
        header('Content-Type: image/'.$this->image_type);

        // Pick the correct output function
        $function = 'image'.$this->image_type;
        $function($this->image);

        // Free up resources
        imagedestroy($this->image);
    }
} // End Captcha Driver


1			<?php defined('SYSPATH') or die('No direct access allowed.');
2			/**
3			* Captcha driver class.
4			*
5			* $Id: Captcha.php 3769 2008-12-15 00:48:56Z zombor $
6			*
7			* @package Captcha
8			* @author Kohana Team
9			* @copyright (c) 2007-2008 Kohana Team
10			* @license http://kohanaphp.com/license.html
11			*/
12			abstract class Captcha_Driver
13			{
14
15			// The correct Captcha challenge answer
16			protected $response;
17
18			// Image resource identifier and type ("png", "gif" or "jpeg")
19			protected $image;
20			protected $image_type = 'png';
21
22			/**
23			* Constructs a new challenge.
24			*
25			* @return void
			0 ignored issues – show Comprehensibility Best Practice introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Adding a `@return` annotation to a constructor is not recommended, since a constructor does not have a meaningful return value. Please refer to the PHP core documentation on constructors. Loading history...
26			*/
27			public function __construct()
28			{
29			// Generate a new challenge
30			$this->response = $this->generate_challenge();
31
32			// Store the correct Captcha response in a session
33			Event::add('system.post_controller', array($this, 'update_response_session'));
34			}
35
36			/**
37			* Generate a new Captcha challenge.
38			*
39			* @return string the challenge answer
40			*/
41			abstract public function generate_challenge();
42
43			/**
44			* Output the Captcha challenge.
45			*
46			* @param boolean html output
47			* @return mixed the rendered Captcha (e.g. an image, riddle, etc.)
48			*/
49			abstract public function render($html);
50
51			/**
52			* Stores the response for the current Captcha challenge in a session so it is available
53			* on the next page load for Captcha::valid(). This method is called after controller
54			* execution (in the system.post_controller event) in order not to overwrite itself too soon.
55			*
56			* @return void
57			*/
58			public function update_response_session()
59			{
60			Session::instance()->set('captcha_response', sha1(strtoupper($this->response)));
61			}
62
63			/**
64			* Validates a Captcha response from a user.
65			*
66			* @param string captcha response
67			* @return boolean
68			*/
69			public function valid($response)
70			{
71			return (sha1(strtoupper($response)) === Session::instance()->get('captcha_response'));
72			}
73
74			/**
75			* Returns the image type.
76			*
77			* @param string filename
78			* @return string\|FALSE image type ("png", "gif" or "jpeg")
79			*/
80			public function image_type($filename)
81			{
82			switch (strtolower(substr(strrchr($filename, '.'), 1))) {
83			case 'png':
84			return 'png';
85
86			case 'gif':
87			return 'gif';
88
89			case 'jpg':
90			case 'jpeg':
91			// Return "jpeg" and not "jpg" because of the GD2 function names
92			return 'jpeg';
93
94			default:
95			return false;
96			}
97			}
98
99			/**
100			* Creates an image resource with the dimensions specified in config.
101			* If a background image is supplied, the image dimensions are used.
102			*
103			* @throws Kohana_Exception if no GD2 support
104			* @param string path to the background image file
105			* @return void
106			*/
107			public function image_create($background = null)
108			{
109			// Check for GD2 support
110			if (! function_exists('imagegd2')) {
111			throw new Kohana_Exception('captcha.requires_GD2');
112			}
113
114			// Create a new image (black)
115			$this->image = imagecreatetruecolor(Captcha::$config['width'], Captcha::$config['height']);
116
117			// Use a background image
118			if (! empty($background)) {
119			// Create the image using the right function for the filetype
120			$function = 'imagecreatefrom'.$this->image_type($background);
121			$this->background_image = $function($background);
			0 ignored issues – show Bug introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `background_image` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
122
123			// Resize the image if needed
124			if (imagesx($this->background_image) !== Captcha::$config['width']
125			or imagesy($this->background_image) !== Captcha::$config['height']) {
126			imagecopyresampled(
127			$this->image, $this->background_image, 0, 0, 0, 0,
128			Captcha::$config['width'], Captcha::$config['height'],
129			imagesx($this->background_image), imagesy($this->background_image)
130			);
131			}
132
133			// Free up resources
134			imagedestroy($this->background_image);
135			}
136			}
137
138			/**
139			* Fills the background with a gradient.
140			*
141			* @param resource gd image color identifier for start color
142			* @param resource gd image color identifier for end color
143			* @param string direction: 'horizontal' or 'vertical', 'random' by default
144			* @param integer $color1
145			* @param integer $color2
146			* @return void
147			*/
148			public function image_gradient($color1, $color2, $direction = null)
149			{
150			$directions = array('horizontal', 'vertical');
151
152			// Pick a random direction if needed
153			if (! in_array($direction, $directions)) {
154			$direction = $directions[array_rand($directions)];
155
156			// Switch colors
157			if (mt_rand(0, 1) === 1) {
158			$temp = $color1;
159			$color1 = $color2;
160			$color2 = $temp;
161			}
162			}
163
164			// Extract RGB values
165			$color1 = imagecolorsforindex($this->image, $color1);
166			$color2 = imagecolorsforindex($this->image, $color2);
167
168			// Preparations for the gradient loop
169			$steps = ($direction === 'horizontal') ? Captcha::$config['width'] : Captcha::$config['height'];
170
171			$r1 = ($color1['red'] - $color2['red']) / $steps;
			0 ignored issues – show Comprehensibility introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this Avoid variables with short names like $r1. Configured minimum length is 3. Short variable names may make your code harder to understand. Variable names should be self-descriptive. This check looks for variable names who are shorter than a configured minimum. Loading history...
172			$g1 = ($color1['green'] - $color2['green']) / $steps;
			0 ignored issues – show Comprehensibility introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this Avoid variables with short names like $g1. Configured minimum length is 3. Short variable names may make your code harder to understand. Variable names should be self-descriptive. This check looks for variable names who are shorter than a configured minimum. Loading history...
173			$b1 = ($color1['blue'] - $color2['blue']) / $steps;
			0 ignored issues – show Comprehensibility introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this Avoid variables with short names like $b1. Configured minimum length is 3. Short variable names may make your code harder to understand. Variable names should be self-descriptive. This check looks for variable names who are shorter than a configured minimum. Loading history...
174
175			if ($direction === 'horizontal') {
176			$x1 =& $i;
			0 ignored issues – show Bug introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$i` seems only to be defined at a later point. Did you maybe move this code here without moving the variable definition? This error can happen if you refactor code and forget to move the variable initialization. Let’s take a look at a simple example: function someFunction() { $x = 5; echo $x; } The above code is perfectly fine. Now imagine that we re-order the statements: function someFunction() { echo $x; $x = 5; } In that case, `$x` would be read before it is initialized. This was a very basic example, however the principle is the same for the found issue. Loading history... Comprehensibility introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this Avoid variables with short names like $x1. Configured minimum length is 3. Short variable names may make your code harder to understand. Variable names should be self-descriptive. This check looks for variable names who are shorter than a configured minimum. Loading history...
177			$y1 = 0;
			0 ignored issues – show Comprehensibility introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this Avoid variables with short names like $y1. Configured minimum length is 3. Short variable names may make your code harder to understand. Variable names should be self-descriptive. This check looks for variable names who are shorter than a configured minimum. Loading history...
178			$x2 =& $i;
			0 ignored issues – show Bug introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$i` seems only to be defined at a later point. Did you maybe move this code here without moving the variable definition? This error can happen if you refactor code and forget to move the variable initialization. Let’s take a look at a simple example: function someFunction() { $x = 5; echo $x; } The above code is perfectly fine. Now imagine that we re-order the statements: function someFunction() { echo $x; $x = 5; } In that case, `$x` would be read before it is initialized. This was a very basic example, however the principle is the same for the found issue. Loading history... Comprehensibility introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this Avoid variables with short names like $x2. Configured minimum length is 3. Short variable names may make your code harder to understand. Variable names should be self-descriptive. This check looks for variable names who are shorter than a configured minimum. Loading history...
179			$y2 = Captcha::$config['height'];
			0 ignored issues – show Comprehensibility introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this Avoid variables with short names like $y2. Configured minimum length is 3. Short variable names may make your code harder to understand. Variable names should be self-descriptive. This check looks for variable names who are shorter than a configured minimum. Loading history...
180			} else {
181			$x1 = 0;
182			$y1 =& $i;
			0 ignored issues – show Bug introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$i` seems only to be defined at a later point. Did you maybe move this code here without moving the variable definition? This error can happen if you refactor code and forget to move the variable initialization. Let’s take a look at a simple example: function someFunction() { $x = 5; echo $x; } The above code is perfectly fine. Now imagine that we re-order the statements: function someFunction() { echo $x; $x = 5; } In that case, `$x` would be read before it is initialized. This was a very basic example, however the principle is the same for the found issue. Loading history...
183			$x2 = Captcha::$config['width'];
184			$y2 =& $i;
			0 ignored issues – show Bug introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$i` seems only to be defined at a later point. Did you maybe move this code here without moving the variable definition? This error can happen if you refactor code and forget to move the variable initialization. Let’s take a look at a simple example: function someFunction() { $x = 5; echo $x; } The above code is perfectly fine. Now imagine that we re-order the statements: function someFunction() { echo $x; $x = 5; } In that case, `$x` would be read before it is initialized. This was a very basic example, however the principle is the same for the found issue. Loading history...
185			}
186
187			// Execute the gradient loop
188			for ($i = 0; $i <= $steps; $i++) {
189			$r2 = $color1['red'] - floor($i * $r1);
			0 ignored issues – show Comprehensibility introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this Avoid variables with short names like $r2. Configured minimum length is 3. Short variable names may make your code harder to understand. Variable names should be self-descriptive. This check looks for variable names who are shorter than a configured minimum. Loading history...
190			$g2 = $color1['green'] - floor($i * $g1);
			0 ignored issues – show Comprehensibility introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this Avoid variables with short names like $g2. Configured minimum length is 3. Short variable names may make your code harder to understand. Variable names should be self-descriptive. This check looks for variable names who are shorter than a configured minimum. Loading history...
191			$b2 = $color1['blue'] - floor($i * $b1);
			0 ignored issues – show Comprehensibility introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this Avoid variables with short names like $b2. Configured minimum length is 3. Short variable names may make your code harder to understand. Variable names should be self-descriptive. This check looks for variable names who are shorter than a configured minimum. Loading history...
192			$color = imagecolorallocate($this->image, $r2, $g2, $b2);
193
194			imageline($this->image, $x1, $y1, $x2, $y2, $color);
195			}
196			}
197
198			/**
199			* Returns the img html element or outputs the image to the browser.
200			*
201			* @param boolean html output
202			* @return string\|null html string or void
203			*/
204			public function image_render($html)
205			{
206			// Output html element
207			if ($html) {
208			return '<img alt="Captcha" src="'.url::site('captcha/'.Captcha::$config['group']).'" width="'.Captcha::$config['width'].'" height="'.Captcha::$config['height'].'" />';
209			}
210
211			// Send the correct HTTP header
212			header('Content-Type: image/'.$this->image_type);
213
214			// Pick the correct output function
215			$function = 'image'.$this->image_type;
216			$function($this->image);
217
218			// Free up resources
219			imagedestroy($this->image);
220			}
221			} // End Captcha Driver
222

vijinho / kohana2-legacy

Issues (1240)

Security Analysis not enabled

system/libraries/drivers/Captcha.php (16 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like