Issues in holt45.php - Fixed Issues - Inspection of "<?php" - w3l/holt45 - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( c00da8...a8e8d1 )

by w3l

created 2016-01-19 13:10 UTC

holt45.php (1 issue)

Labels

Severity

Critical 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?

/**
 * Check $_GET
 *
 * @example if(chk_get("s") == "a") instead of if(isset($_GET["s"]) && $_GET["s"] == "a")
 */
function chk_get($key) {
    if (!isset($_GET[$key])) {
        return false;
    }
    return $_GET[$key];
}

/**
 * Check $_POST
 *
 * @example if(chk_post("s") == "a") instead of if(isset($_POST["s"]) && $_POST["s"] == "a")
 */
function chk_post($key) {
    if (!isset($_POST[$key])) {
        return false;
    }
    return $_POST[$key];
}

/**
 * Check multiple $_GET-keys
 *
 * @example if(chk_get_all(array("a","b"))) instead of if(!empty($_GET["a"]) && !empty($_GET["b"]))
 */
function chk_get_all($keys) {
	$s = true;

	foreach($keys AS $key) {
	
		if (empty($_GET[$key])) {
			$s = false;
		}
	}
	return $s;
}

/**
 * Check multiple $_POST-keys
 *
 * @example if(chk_post_all(array("a","b"))) instead of if(!empty($_POST["a"]) && !empty($_POST["b"]))
 */
function chk_post_all($keys) {
	$s = true;

	foreach($keys AS $key) {
	
		if (empty($_POST[$key])) {
			$s = false;
		}
	}
	return $s;
}

/**
 * Convert timestamp to HTTP-date (RFC2616)
 *
 * For use in "Last-Modified" headers.
 */
function timestamp_to_http_date($timestamp) {
	if($timestamp == NULL) { return NULL; }
	return gmdate("D, d M Y H:i:s T", strtotime($timestamp));
}

/**
 * Get client ip-address
 *
 * @return string User ip-address
 */
function get_client_ip_address() {

	if (getenv('HTTP_CLIENT_IP'))
		return getenv('HTTP_CLIENT_IP');
	else if(getenv('HTTP_X_FORWARDED_FOR'))
		return getenv('HTTP_X_FORWARDED_FOR');
	else if(getenv('HTTP_X_FORWARDED'))
		return getenv('HTTP_X_FORWARDED');
	else if(getenv('HTTP_FORWARDED_FOR'))
		return getenv('HTTP_FORWARDED_FOR');
	else if(getenv('HTTP_FORWARDED'))
		return getenv('HTTP_FORWARDED');
	else if(getenv('REMOTE_ADDR'))
		return getenv('REMOTE_ADDR');
	else
		return '127.0.0.1'; // Unknown IP
}

/**
 * parse url, try to correct errors and return valid url + display-url.
 *
 * @example http:/wwww.example.com/lorum.html => http://www.example.com/lorum.html
 * @example gopher:/ww.example.com => gopher://www.example.com
 * @example http:/www3.example.com/?q=asd&f=#asd =>http://www3.example.com/?q=asd&f=#asd
 * @example asd://.example.com/folder/folder/ =>http://example.com/folder/folder/
 * @example .example.com/ => http://example.com/
 * @example example.com =>http://example.com
 * @example subdomain.example.com => http://subdomain.example.com
 *
 * @param string $url Any somewhat valid url.
 * @return string[] "url" contains an auto-corrected url. "url_display" host.tld or subdomain.host.tld
 */
function url_parser($url) {
	
	// multiple /// messes up parse_url, replace 3 or more with 2
	$url = preg_replace('/(\/{2,})/','//',$url);
	
	$parse_url = parse_url($url);
	
	if(empty($parse_url["scheme"])) {
		$parse_url["scheme"] = "http";
	}
	if(empty($parse_url["host"]) && !empty($parse_url["path"])) {
		// Strip slash from the beginning of path
		$parse_url["host"] = ltrim($parse_url["path"], '\/');
		$parse_url["path"] = "";
	}

	$url_array = array("url" => "", "url_display" => "");
	
	// Check if scheme is correct
	if(!in_array($parse_url["scheme"], array("http", "https", "gopher"))) {
		$url_array["url"] .= 'http'.'://';
	} else {
		$url_array["url"] .= $parse_url["scheme"].'://';
	}
	
	// Check if the right amount of "www" is set.
	$explode_host = explode(".", $parse_url["host"]);
	
	// Remove empty entries
	$explode_host = array_filter($explode_host);
	// And reassign indexes
	$explode_host = array_values($explode_host);
	
	// Contains subdomain
	if(count($explode_host) > 2) {
		// Check if subdomain only contains the letter w(then not any other subdomain).
		if(substr_count($explode_host[0], 'w') == strlen($explode_host[0])) {
			// Replace with "www" to avoid "ww" or "wwww", etc.
			$explode_host[0] = "www";
			
		}
	}

	$url_array["url"] .= implode(".",$explode_host);
	$url_array["url_display"] = trim(implode(".",$explode_host), '\/'); // Removes trailing slash
	
	if(!empty($parse_url["port"])) {
		$url_array["url"] .= ":".$parse_url["port"];
	}
	if(!empty($parse_url["path"])) {
		$url_array["url"] .= $parse_url["path"];
	}
	if(!empty($parse_url["query"])) {
		$url_array["url"] .= '?'.$parse_url["query"];
	}
	if(!empty($parse_url["fragment"])) {
		$url_array["url"] .= '#'.$parse_url["fragment"];
	}

	
	return $url_array;
}

1			<?
			0 ignored issues – show Security Best Practice introduced 2016-01-19 11:58 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is not recommend to use PHP's short opening tag `<?`, better use `<?php`, or `<?=` in case of outputting. Short opening tags are disabled in PHP’s default configuration. In such a case, all content of this file is output verbatim to the browser without being parsed, or executed. As a precaution to avoid these problems better use the long opening tag `<?php`. Loading history...
2			/**
3			* Check $_GET
4			*
5			* @example if(chk_get("s") == "a") instead of if(isset($_GET["s"]) && $_GET["s"] == "a")
6			*/
7			function chk_get($key) {
8			if (!isset($_GET[$key])) {
9			return false;
10			}
11			return $_GET[$key];
12			}
13
14			/**
15			* Check $_POST
16			*
17			* @example if(chk_post("s") == "a") instead of if(isset($_POST["s"]) && $_POST["s"] == "a")
18			*/
19			function chk_post($key) {
20			if (!isset($_POST[$key])) {
21			return false;
22			}
23			return $_POST[$key];
24			}
25
26			/**
27			* Check multiple $_GET-keys
28			*
29			* @example if(chk_get_all(array("a","b"))) instead of if(!empty($_GET["a"]) && !empty($_GET["b"]))
30			*/
31			function chk_get_all($keys) {
32			$s = true;
33
34			foreach($keys AS $key) {
35
36			if (empty($_GET[$key])) {
37			$s = false;
38			}
39			}
40			return $s;
41			}
42
43			/**
44			* Check multiple $_POST-keys
45			*
46			* @example if(chk_post_all(array("a","b"))) instead of if(!empty($_POST["a"]) && !empty($_POST["b"]))
47			*/
48			function chk_post_all($keys) {
49			$s = true;
50
51			foreach($keys AS $key) {
52
53			if (empty($_POST[$key])) {
54			$s = false;
55			}
56			}
57			return $s;
58			}
59
60			/**
61			* Convert timestamp to HTTP-date (RFC2616)
62			*
63			* For use in "Last-Modified" headers.
64			*/
65			function timestamp_to_http_date($timestamp) {
66			if($timestamp == NULL) { return NULL; }
67			return gmdate("D, d M Y H:i:s T", strtotime($timestamp));
68			}
69
70			/**
71			* Get client ip-address
72			*
73			* @return string User ip-address
74			*/
75			function get_client_ip_address() {
76
77			if (getenv('HTTP_CLIENT_IP'))
78			return getenv('HTTP_CLIENT_IP');
79			else if(getenv('HTTP_X_FORWARDED_FOR'))
80			return getenv('HTTP_X_FORWARDED_FOR');
81			else if(getenv('HTTP_X_FORWARDED'))
82			return getenv('HTTP_X_FORWARDED');
83			else if(getenv('HTTP_FORWARDED_FOR'))
84			return getenv('HTTP_FORWARDED_FOR');
85			else if(getenv('HTTP_FORWARDED'))
86			return getenv('HTTP_FORWARDED');
87			else if(getenv('REMOTE_ADDR'))
88			return getenv('REMOTE_ADDR');
89			else
90			return '127.0.0.1'; // Unknown IP
91			}
92
93			/**
94			* parse url, try to correct errors and return valid url + display-url.
95			*
96			* @example http:/wwww.example.com/lorum.html => http://www.example.com/lorum.html
97			* @example gopher:/ww.example.com => gopher://www.example.com
98			* @example http:/www3.example.com/?q=asd&f=#asd =>http://www3.example.com/?q=asd&f=#asd
99			* @example asd://.example.com/folder/folder/ =>http://example.com/folder/folder/
100			* @example .example.com/ => http://example.com/
101			* @example example.com =>http://example.com
102			* @example subdomain.example.com => http://subdomain.example.com
103			*
104			* @param string $url Any somewhat valid url.
105			* @return string[] "url" contains an auto-corrected url. "url_display" host.tld or subdomain.host.tld
106			*/
107			function url_parser($url) {
108
109			// multiple /// messes up parse_url, replace 3 or more with 2
110			$url = preg_replace('/(\/{2,})/','//',$url);
111
112			$parse_url = parse_url($url);
113
114			if(empty($parse_url["scheme"])) {
115			$parse_url["scheme"] = "http";
116			}
117			if(empty($parse_url["host"]) && !empty($parse_url["path"])) {
118			// Strip slash from the beginning of path
119			$parse_url["host"] = ltrim($parse_url["path"], '\/');
120			$parse_url["path"] = "";
121			}
122
123			$url_array = array("url" => "", "url_display" => "");
124
125			// Check if scheme is correct
126			if(!in_array($parse_url["scheme"], array("http", "https", "gopher"))) {
127			$url_array["url"] .= 'http'.'://';
128			} else {
129			$url_array["url"] .= $parse_url["scheme"].'://';
130			}
131
132			// Check if the right amount of "www" is set.
133			$explode_host = explode(".", $parse_url["host"]);
134
135			// Remove empty entries
136			$explode_host = array_filter($explode_host);
137			// And reassign indexes
138			$explode_host = array_values($explode_host);
139
140			// Contains subdomain
141			if(count($explode_host) > 2) {
142			// Check if subdomain only contains the letter w(then not any other subdomain).
143			if(substr_count($explode_host[0], 'w') == strlen($explode_host[0])) {
144			// Replace with "www" to avoid "ww" or "wwww", etc.
145			$explode_host[0] = "www";
146
147			}
148			}
149
150			$url_array["url"] .= implode(".",$explode_host);
151			$url_array["url_display"] = trim(implode(".",$explode_host), '\/'); // Removes trailing slash
152
153			if(!empty($parse_url["port"])) {
154			$url_array["url"] .= ":".$parse_url["port"];
155			}
156			if(!empty($parse_url["path"])) {
157			$url_array["url"] .= $parse_url["path"];
158			}
159			if(!empty($parse_url["query"])) {
160			$url_array["url"] .= '?'.$parse_url["query"];
161			}
162			if(!empty($parse_url["fragment"])) {
163			$url_array["url"] .= '#'.$parse_url["fragment"];
164			}
165
166
167			return $url_array;
168			}

GitHub Access Token became invalid

Push — master ( c00da8...a8e8d1 )

holt45.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

w3l / holt45

GitHub Access Token became invalid

Push — master ( c00da8...a8e8d1 )

holt45.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like