Issues in CreditsAction.php (master) - Issues in master - wikimedia/mediawiki - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4122)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/actions/CreditsAction.php (3 issues)

Labels

Severity

Major 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Formats credits for articles
 *
 * Copyright 2004, Evan Prodromou <[email protected]>.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
 *
 * @file
 * @ingroup Actions
 * @author <[email protected]>
 */

/**
 * @ingroup Actions
 */
class CreditsAction extends FormlessAction {

	public function getName() {
		return 'credits';
	}

	protected function getDescription() {
		return $this->msg( 'creditspage' )->escaped();
	}

	/**
	 * This is largely cadged from PageHistory::history
	 *
	 * @return string HTML
	 */
	public function onView() {

		if ( $this->page->getID() == 0 ) {
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
			$s = $this->msg( 'nocredits' )->parse();
		} else {
			$s = $this->getCredits( -1 );
		}

		return Html::rawElement( 'div', [ 'id' => 'mw-credits' ], $s );
	}

	/**
	 * Get a list of contributors
	 *
	 * @param int $cnt Maximum list of contributors to show
	 * @param bool $showIfMax Whether to contributors if there more than $cnt
	 * @return string Html
	 */
	public function getCredits( $cnt, $showIfMax = true ) {
		$s = '';

		if ( $cnt != 0 ) {
			$s = $this->getAuthor( $this->page );
			if ( $cnt > 1 || $cnt < 0 ) {
				$s .= ' ' . $this->getContributors( $cnt - 1, $showIfMax );
			}
		}

		return $s;
	}

	/**
	 * Get the last author with the last modification time
	 * @param Page $page
	 * @return string HTML
	 */
	protected function getAuthor( Page $page ) {
		$user = User::newFromName( $page->getUserText(), false );

		$timestamp = $page->getTimestamp();
		if ( $timestamp ) {
			$lang = $this->getLanguage();
			$d = $lang->date( $page->getTimestamp(), true );
			$t = $lang->time( $page->getTimestamp(), true );
		} else {
			$d = '';
			$t = '';
		}

		return $this->msg( 'lastmodifiedatby', $d, $t )->rawParams(
			$this->userLink( $user ) )->params( $user->getName() )->escaped();
<?php

function getDate($date)
{
    if ($date !== null) {
        return new DateTime($date);
    }

    return false;
}
	}

	/**
	 * Whether we can display the user's real name (not a hidden pref)
	 *
	 * @since 1.24
	 * @return bool
	 */
	protected function canShowRealUserName() {
		$hiddenPrefs = $this->context->getConfig()->get( 'HiddenPrefs' );
		return !in_array( 'realname', $hiddenPrefs );
	}

	/**
	 * Get a list of contributors of $article
	 * @param int $cnt Maximum list of contributors to show
	 * @param bool $showIfMax Whether to contributors if there more than $cnt
	 * @return string Html
	 */
	protected function getContributors( $cnt, $showIfMax ) {
		$contributors = $this->page->getContributors();
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}

		$others_link = false;

		# Hmm... too many to fit!
		if ( $cnt > 0 && $contributors->count() > $cnt ) {
			$others_link = $this->othersLink();
			if ( !$showIfMax ) {
				return $this->msg( 'othercontribs' )->rawParams(
					$others_link )->params( $contributors->count() )->escaped();
			}
		}

		$real_names = [];
		$user_names = [];
		$anon_ips = [];

		# Sift for real versus user names
		/** @var $user User */
		foreach ( $contributors as $user ) {
			$cnt--;
			if ( $user->isLoggedIn() ) {
				$link = $this->link( $user );
				if ( $this->canShowRealUserName() && $user->getRealName() ) {
					$real_names[] = $link;
				} else {
					$user_names[] = $link;
				}
			} else {
				$anon_ips[] = $this->link( $user );
			}

			if ( $cnt == 0 ) {
				break;
			}
		}

		$lang = $this->getLanguage();

		if ( count( $real_names ) ) {
			$real = $lang->listToText( $real_names );
		} else {
			$real = false;
		}

		# "ThisSite user(s) A, B and C"
		if ( count( $user_names ) ) {
			$user = $this->msg( 'siteusers' )->rawParams( $lang->listToText( $user_names ) )->params(
				count( $user_names ) )->escaped();
		} else {
			$user = false;
		}

		if ( count( $anon_ips ) ) {
			$anon = $this->msg( 'anonusers' )->rawParams( $lang->listToText( $anon_ips ) )->params(
				count( $anon_ips ) )->escaped();
		} else {
			$anon = false;
		}

		# This is the big list, all mooshed together. We sift for blank strings
		$fulllist = [];
		foreach ( [ $real, $user, $anon, $others_link ] as $s ) {
			if ( $s !== false ) {
				array_push( $fulllist, $s );
			}
		}

		$count = count( $fulllist );

		# "Based on work by ..."
		return $count
			? $this->msg( 'othercontribs' )->rawParams(
				$lang->listToText( $fulllist ) )->params( $count )->escaped()
			: '';
	}

	/**
	 * Get a link to $user's user page
	 * @param User $user
	 * @return string Html
	 */
	protected function link( User $user ) {
		if ( $this->canShowRealUserName() && !$user->isAnon() ) {
			$real = $user->getRealName();
		} else {
			$real = false;
		}

		$page = $user->isAnon()
			? SpecialPage::getTitleFor( 'Contributions', $user->getName() )
			: $user->getUserPage();

		return Linker::link( $page, htmlspecialchars( $real ? $real : $user->getName() ) );
	}

	/**
	 * Get a link to $user's user page
	 * @param User $user
	 * @return string Html
	 */
	protected function userLink( User $user ) {
		$link = $this->link( $user );
		if ( $user->isAnon() ) {
			return $this->msg( 'anonuser' )->rawParams( $link )->parse();
		} else {
			if ( $this->canShowRealUserName() && $user->getRealName() ) {
				return $link;
			} else {
				return $this->msg( 'siteuser' )->rawParams( $link )->params( $user->getName() )->escaped();
			}
		}
	}

	/**
	 * Get a link to action=credits of $article page
	 * @return string HTML link
	 */
	protected function othersLink() {
		return Linker::linkKnown(
			$this->getTitle(),
			$this->msg( 'others' )->escaped(),
			[],
			[ 'action' => 'credits' ]
		);
	}
}


Issues (4122)

Security Analysis not enabled

includes/actions/CreditsAction.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

1		<?php
2		/**
3		* Formats credits for articles
4		*
5		* Copyright 2004, Evan Prodromou <[email protected]>.
6		*
7		* This program is free software; you can redistribute it and/or modify
8		* it under the terms of the GNU General Public License as published by
9		* the Free Software Foundation; either version 2 of the License, or
10		* (at your option) any later version.
11		*
12		* This program is distributed in the hope that it will be useful,
13		* but WITHOUT ANY WARRANTY; without even the implied warranty of
14		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15		* GNU General Public License for more details.
16		*
17		* You should have received a copy of the GNU General Public License
18		* along with this program; if not, write to the Free Software
19		* Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA
20		*
21		* @file
22		* @ingroup Actions
23		* @author <[email protected]>
24		*/
25
26		/**
27		* @ingroup Actions
28		*/
29		class CreditsAction extends FormlessAction {
30
31		public function getName() {
32		return 'credits';
33		}
34
35		protected function getDescription() {
36		return $this->msg( 'creditspage' )->escaped();
37		}
38
39		/**
40		* This is largely cadged from PageHistory::history
41		*
42		* @return string HTML
43		*/
44		public function onView() {
45
46		if ( $this->page->getID() == 0 ) {
		0 ignored issues – show Bug introduced 2016-02-23 18:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getID` does only exist in `Article and CategoryPage... ImagePage and WikiPage`, but not in `Page`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
47		$s = $this->msg( 'nocredits' )->parse();
48		} else {
49		$s = $this->getCredits( -1 );
50		}
51
52		return Html::rawElement( 'div', [ 'id' => 'mw-credits' ], $s );
53		}
54
55		/**
56		* Get a list of contributors
57		*
58		* @param int $cnt Maximum list of contributors to show
59		* @param bool $showIfMax Whether to contributors if there more than $cnt
60		* @return string Html
61		*/
62		public function getCredits( $cnt, $showIfMax = true ) {
63		$s = '';
64
65		if ( $cnt != 0 ) {
66		$s = $this->getAuthor( $this->page );
67		if ( $cnt > 1 \|\| $cnt < 0 ) {
68		$s .= ' ' . $this->getContributors( $cnt - 1, $showIfMax );
69		}
70		}
71
72		return $s;
73		}
74
75		/**
76		* Get the last author with the last modification time
77		* @param Page $page
78		* @return string HTML
79		*/
80		protected function getAuthor( Page $page ) {
81		$user = User::newFromName( $page->getUserText(), false );
82
83		$timestamp = $page->getTimestamp();
84		if ( $timestamp ) {
85		$lang = $this->getLanguage();
86		$d = $lang->date( $page->getTimestamp(), true );
87		$t = $lang->time( $page->getTimestamp(), true );
88		} else {
89		$d = '';
90		$t = '';
91		}
92
93		return $this->msg( 'lastmodifiedatby', $d, $t )->rawParams(
94		$this->userLink( $user ) )->params( $user->getName() )->escaped();
		0 ignored issues – show Security Bug introduced 2016-02-23 18:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$user` defined by `\User::newFromName($page->getUserText(), false)` on line `81` can also be of type `false`; however, `CreditsAction::userLink()` does only seem to accept `object<User>`, did you maybe forget to handle an error condition? This check looks for type mismatches where the missing type is `false`. This is usually indicative of an error condtion. Consider the follow example <?php function getDate($date) { if ($date !== null) { return new DateTime($date); } return false; } This function either returns a new `DateTime` object or false, if there was an error. This is a typical pattern in PHP programming to show that an error has occurred without raising an exception. The calling code should check for this returned `false` before passing on the value to another function or method that may not be able to handle a `false`. Loading history...
95		}
96
97		/**
98		* Whether we can display the user's real name (not a hidden pref)
99		*
100		* @since 1.24
101		* @return bool
102		*/
103		protected function canShowRealUserName() {
104		$hiddenPrefs = $this->context->getConfig()->get( 'HiddenPrefs' );
105		return !in_array( 'realname', $hiddenPrefs );
106		}
107
108		/**
109		* Get a list of contributors of $article
110		* @param int $cnt Maximum list of contributors to show
111		* @param bool $showIfMax Whether to contributors if there more than $cnt
112		* @return string Html
113		*/
114		protected function getContributors( $cnt, $showIfMax ) {
115		$contributors = $this->page->getContributors();
		0 ignored issues – show Bug introduced 2016-02-23 18:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getContributors` does only exist in `Article and CategoryPage... ImagePage and WikiPage`, but not in `Page`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
116
117		$others_link = false;
118
119		# Hmm... too many to fit!
120		if ( $cnt > 0 && $contributors->count() > $cnt ) {
121		$others_link = $this->othersLink();
122		if ( !$showIfMax ) {
123		return $this->msg( 'othercontribs' )->rawParams(
124		$others_link )->params( $contributors->count() )->escaped();
125		}
126		}
127
128		$real_names = [];
129		$user_names = [];
130		$anon_ips = [];
131
132		# Sift for real versus user names
133		/** @var $user User */
134		foreach ( $contributors as $user ) {
135		$cnt--;
136		if ( $user->isLoggedIn() ) {
137		$link = $this->link( $user );
138		if ( $this->canShowRealUserName() && $user->getRealName() ) {
139		$real_names[] = $link;
140		} else {
141		$user_names[] = $link;
142		}
143		} else {
144		$anon_ips[] = $this->link( $user );
145		}
146
147		if ( $cnt == 0 ) {
148		break;
149		}
150		}
151
152		$lang = $this->getLanguage();
153
154		if ( count( $real_names ) ) {
155		$real = $lang->listToText( $real_names );
156		} else {
157		$real = false;
158		}
159
160		# "ThisSite user(s) A, B and C"
161	View Code Duplication	if ( count( $user_names ) ) {
162		$user = $this->msg( 'siteusers' )->rawParams( $lang->listToText( $user_names ) )->params(
163		count( $user_names ) )->escaped();
164		} else {
165		$user = false;
166		}
167
168	View Code Duplication	if ( count( $anon_ips ) ) {
169		$anon = $this->msg( 'anonusers' )->rawParams( $lang->listToText( $anon_ips ) )->params(
170		count( $anon_ips ) )->escaped();
171		} else {
172		$anon = false;
173		}
174
175		# This is the big list, all mooshed together. We sift for blank strings
176		$fulllist = [];
177	View Code Duplication	foreach ( [ $real, $user, $anon, $others_link ] as $s ) {
178		if ( $s !== false ) {
179		array_push( $fulllist, $s );
180		}
181		}
182
183		$count = count( $fulllist );
184
185		# "Based on work by ..."
186		return $count
187		? $this->msg( 'othercontribs' )->rawParams(
188		$lang->listToText( $fulllist ) )->params( $count )->escaped()
189		: '';
190		}
191
192		/**
193		* Get a link to $user's user page
194		* @param User $user
195		* @return string Html
196		*/
197		protected function link( User $user ) {
198		if ( $this->canShowRealUserName() && !$user->isAnon() ) {
199		$real = $user->getRealName();
200		} else {
201		$real = false;
202		}
203
204		$page = $user->isAnon()
205		? SpecialPage::getTitleFor( 'Contributions', $user->getName() )
206		: $user->getUserPage();
207
208		return Linker::link( $page, htmlspecialchars( $real ? $real : $user->getName() ) );
209		}
210
211		/**
212		* Get a link to $user's user page
213		* @param User $user
214		* @return string Html
215		*/
216		protected function userLink( User $user ) {
217		$link = $this->link( $user );
218		if ( $user->isAnon() ) {
219		return $this->msg( 'anonuser' )->rawParams( $link )->parse();
220		} else {
221		if ( $this->canShowRealUserName() && $user->getRealName() ) {
222		return $link;
223		} else {
224		return $this->msg( 'siteuser' )->rawParams( $link )->params( $user->getName() )->escaped();
225		}
226		}
227		}
228
229		/**
230		* Get a link to action=credits of $article page
231		* @return string HTML link
232		*/
233		protected function othersLink() {
234		return Linker::linkKnown(
235		$this->getTitle(),
236		$this->msg( 'others' )->escaped(),
237		[],
238		[ 'action' => 'credits' ]
239		);
240		}
241		}
242

wikimedia / mediawiki

Issues (4122)

Security Analysis not enabled

includes/actions/CreditsAction.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Duplication Side-by-Side

Filter issues like