Issues in Image.php (master) - Issues in master - vijinho/kohana2-legacy - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1240)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

system/libraries/drivers/Image.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php defined('SYSPATH') or die('No direct access allowed.');
/**
 * Image API driver.
 *
 * $Id: Image.php 3769 2008-12-15 00:48:56Z zombor $
 *
 * @package    Image
 * @author     Kohana Team
 * @copyright  (c) 2007-2008 Kohana Team
 * @license    http://kohanaphp.com/license.html
 */
abstract class Image_Driver
{

    // Reference to the current image
    protected $image;

    // Reference to the temporary processing image
    protected $tmp_image;

    // Processing errors
    protected $errors = array();

    /**
     * Executes a set of actions, defined in pairs.
     *
     * @param   array    actions
     * @return  boolean
     */
    public function execute($actions)
    {
        foreach ($actions as $func => $args) {
            if (! $this->$func($args)) {
                return false;
            }
        }

        return true;
    }

    /**
     * Sanitize and normalize a geometry array based on the temporary image
     * width and height. Valid properties are: width, height, top, left.
     *
     * @param   array  geometry properties
     * @return  void
     */
    protected function sanitize_geometry(& $geometry)
    {
        list($width, $height) = $this->properties();

        // Turn off error reporting
        $reporting = error_reporting(0);

        // Width and height cannot exceed current image size
        $geometry['width']  = min($geometry['width'], $width);
        $geometry['height'] = min($geometry['height'], $height);

        // Set standard coordinates if given, otherwise use pixel values
        if ($geometry['top'] === 'center') {

            $geometry['top'] = floor(($height / 2) - ($geometry['height'] / 2));
        } elseif ($geometry['top'] === 'top') {
            $geometry['top'] = 0;
        } elseif ($geometry['top'] === 'bottom') {
            $geometry['top'] = $height - $geometry['height'];
        }

        // Set standard coordinates if given, otherwise use pixel values
        if ($geometry['left'] === 'center') {

            $geometry['left'] = floor(($width / 2) - ($geometry['width'] / 2));
        } elseif ($geometry['left'] === 'left') {
            $geometry['left'] = 0;
        } elseif ($geometry['left'] === 'right') {
            $geometry['left'] = $width - $geometry['height'];
        }

        // Restore error reporting
        error_reporting($reporting);
    }

    /**
     * Return the current width and height of the temporary image. This is mainly
     * needed for sanitizing the geometry.
     *
     * @return  array  width, height
     */
    abstract protected function properties();

    /**
     * Process an image with a set of actions.
     *
     * @param   string   image filename
     * @param   array    actions to execute
     * @param   string   destination directory path
     * @param   string   destination filename
     * @return  boolean
     */
    abstract public function process($image, $actions, $dir, $file);

    /**
     * Flip an image. Valid directions are horizontal and vertical.
     *
     * @param   integer   direction to flip
     * @return  boolean
     */
    abstract public function flip($direction);

    /**
     * Crop an image. Valid properties are: width, height, top, left.
     *
     * @param   array     new properties
     * @return  boolean
     */
    abstract public function crop($properties);

    /**
     * Resize an image. Valid properties are: width, height, and master.
     *
     * @param   array     new properties
     * @return  boolean
     */
    abstract public function resize($properties);

    /**
     * Rotate an image. Valid amounts are -180 to 180.
     *
     * @param   integer   amount to rotate
     * @return  boolean
     */
    abstract public function rotate($amount);

    /**
     * Sharpen and image. Valid amounts are 1 to 100.
     *
     * @param   integer  amount to sharpen
     * @return  boolean
     */
    abstract public function sharpen($amount);
} // End Image Driver


1		<?php defined('SYSPATH') or die('No direct access allowed.');
2		/**
3		* Image API driver.
4		*
5		* $Id: Image.php 3769 2008-12-15 00:48:56Z zombor $
6		*
7		* @package Image
8		* @author Kohana Team
9		* @copyright (c) 2007-2008 Kohana Team
10		* @license http://kohanaphp.com/license.html
11		*/
12		abstract class Image_Driver
13		{
14
15		// Reference to the current image
16		protected $image;
17
18		// Reference to the temporary processing image
19		protected $tmp_image;
20
21		// Processing errors
22		protected $errors = array();
23
24		/**
25		* Executes a set of actions, defined in pairs.
26		*
27		* @param array actions
28		* @return boolean
29		*/
30		public function execute($actions)
31		{
32		foreach ($actions as $func => $args) {
33		if (! $this->$func($args)) {
34		return false;
35		}
36		}
37
38		return true;
39		}
40
41		/**
42		* Sanitize and normalize a geometry array based on the temporary image
43		* width and height. Valid properties are: width, height, top, left.
44		*
45		* @param array geometry properties
46		* @return void
47		*/
48		protected function sanitize_geometry(& $geometry)
49		{
50		list($width, $height) = $this->properties();
51
52		// Turn off error reporting
53		$reporting = error_reporting(0);
54
55		// Width and height cannot exceed current image size
56		$geometry['width'] = min($geometry['width'], $width);
57		$geometry['height'] = min($geometry['height'], $height);
58
59		// Set standard coordinates if given, otherwise use pixel values
60	View Code Duplication	if ($geometry['top'] === 'center') {
		0 ignored issues – show Duplication introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
61		$geometry['top'] = floor(($height / 2) - ($geometry['height'] / 2));
62		} elseif ($geometry['top'] === 'top') {
63		$geometry['top'] = 0;
64		} elseif ($geometry['top'] === 'bottom') {
65		$geometry['top'] = $height - $geometry['height'];
66		}
67
68		// Set standard coordinates if given, otherwise use pixel values
69	View Code Duplication	if ($geometry['left'] === 'center') {
		0 ignored issues – show Duplication introduced 2016-08-25 15:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
70		$geometry['left'] = floor(($width / 2) - ($geometry['width'] / 2));
71		} elseif ($geometry['left'] === 'left') {
72		$geometry['left'] = 0;
73		} elseif ($geometry['left'] === 'right') {
74		$geometry['left'] = $width - $geometry['height'];
75		}
76
77		// Restore error reporting
78		error_reporting($reporting);
79		}
80
81		/**
82		* Return the current width and height of the temporary image. This is mainly
83		* needed for sanitizing the geometry.
84		*
85		* @return array width, height
86		*/
87		abstract protected function properties();
88
89		/**
90		* Process an image with a set of actions.
91		*
92		* @param string image filename
93		* @param array actions to execute
94		* @param string destination directory path
95		* @param string destination filename
96		* @return boolean
97		*/
98		abstract public function process($image, $actions, $dir, $file);
99
100		/**
101		* Flip an image. Valid directions are horizontal and vertical.
102		*
103		* @param integer direction to flip
104		* @return boolean
105		*/
106		abstract public function flip($direction);
107
108		/**
109		* Crop an image. Valid properties are: width, height, top, left.
110		*
111		* @param array new properties
112		* @return boolean
113		*/
114		abstract public function crop($properties);
115
116		/**
117		* Resize an image. Valid properties are: width, height, and master.
118		*
119		* @param array new properties
120		* @return boolean
121		*/
122		abstract public function resize($properties);
123
124		/**
125		* Rotate an image. Valid amounts are -180 to 180.
126		*
127		* @param integer amount to rotate
128		* @return boolean
129		*/
130		abstract public function rotate($amount);
131
132		/**
133		* Sharpen and image. Valid amounts are 1 to 100.
134		*
135		* @param integer amount to sharpen
136		* @return boolean
137		*/
138		abstract public function sharpen($amount);
139		} // End Image Driver
140

vijinho / kohana2-legacy

Issues (1240)

Security Analysis not enabled

system/libraries/drivers/Image.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like