Issues in SpecialLog.php (master) - Issues in master - wikimedia/mediawiki - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4122)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

includes/specials/SpecialLog.php (4 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Implements Special:Log
 *
 * Copyright © 2008 Aaron Schulz
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 * @ingroup SpecialPage
 */

/**
 * A special page that lists log entries
 *
 * @ingroup SpecialPage
 */
class SpecialLog extends SpecialPage {
	public function __construct() {
		parent::__construct( 'Log' );
	}

	public function execute( $par ) {
		$this->setHeaders();
		$this->outputHeader();
		$this->getOutput()->addModules( 'mediawiki.userSuggest' );
		$this->addHelpLink( 'Help:Log' );

		$opts = new FormOptions;
		$opts->add( 'type', '' );
		$opts->add( 'user', '' );
		$opts->add( 'page', '' );
		$opts->add( 'pattern', false );
		$opts->add( 'year', null, FormOptions::INTNULL );
		$opts->add( 'month', null, FormOptions::INTNULL );
		$opts->add( 'tagfilter', '' );
		$opts->add( 'offset', '' );
		$opts->add( 'dir', '' );
		$opts->add( 'offender', '' );
		$opts->add( 'subtype', '' );

		// Set values
		$opts->fetchValuesFromRequest( $this->getRequest() );
		if ( $par !== null ) {
			$this->parseParams( $opts, (string)$par );
		}

		# Don't let the user get stuck with a certain date
		if ( $opts->getValue( 'offset' ) || $opts->getValue( 'dir' ) == 'prev' ) {
			$opts->setValue( 'year', '' );
			$opts->setValue( 'month', '' );
		}

		// If the user doesn't have the right permission to view the specific
		// log type, throw a PermissionsError
		// If the log type is invalid, just show all public logs
		$logRestrictions = $this->getConfig()->get( 'LogRestrictions' );
		$type = $opts->getValue( 'type' );
		if ( !LogPage::isLogType( $type ) ) {
			$opts->setValue( 'type', '' );
		} elseif ( isset( $logRestrictions[$type] )
			&& !$this->getUser()->isAllowed( $logRestrictions[$type] )
		) {
			throw new PermissionsError( $logRestrictions[$type] );
		}

		# Handle type-specific inputs
		$qc = [];
		if ( $opts->getValue( 'type' ) == 'suppress' ) {
			$offender = User::newFromName( $opts->getValue( 'offender' ), false );
			if ( $offender && $offender->getId() > 0 ) {
				$qc = [ 'ls_field' => 'target_author_id', 'ls_value' => $offender->getId() ];
			} elseif ( $offender && IP::isIPAddress( $offender->getName() ) ) {
				$qc = [ 'ls_field' => 'target_author_ip', 'ls_value' => $offender->getName() ];
			}
		} else {
			// Allow extensions to add relations to their search types
			Hooks::run(
				'SpecialLogAddLogSearchRelations',
				[ $opts->getValue( 'type' ), $this->getRequest(), &$qc ]
			);
		}

		# Some log types are only for a 'User:' title but we might have been given
		# only the username instead of the full title 'User:username'. This part try
		# to lookup for a user by that name and eventually fix user input. See bug 1697.
		if ( in_array( $opts->getValue( 'type' ), self::getLogTypesOnUser() ) ) {
			# ok we have a type of log which expect a user title.
			$target = Title::newFromText( $opts->getValue( 'page' ) );
			if ( $target && $target->getNamespace() === NS_MAIN ) {
				# User forgot to add 'User:', we are adding it for him
				$opts->setValue( 'page',
					Title::makeTitleSafe( NS_USER, $opts->getValue( 'page' ) )
				);
			}
		}

		$this->show( $opts, $qc );
	}

	/**
	 * List log type for which the target is a user
	 * Thus if the given target is in NS_MAIN we can alter it to be an NS_USER
	 * Title user instead.
	 *
	 * @since 1.25
	 * @return array
	 */
	public static function getLogTypesOnUser() {
		static $types = null;
		if ( $types !== null ) {
			return $types;
		}
		$types = [
			'block',
			'newusers',
			'rights',
		];

		Hooks::run( 'GetLogTypesOnUser', [ &$types ] );
		return $types;
	}

	/**
	 * Return an array of subpages that this special page will accept.
	 *
	 * @return string[] subpages
	 */
	public function getSubpagesForPrefixSearch() {
		$subpages = $this->getConfig()->get( 'LogTypes' );
		$subpages[] = 'all';
		sort( $subpages );
		return $subpages;
	}

	private function parseParams( FormOptions $opts, $par ) {
		# Get parameters
		$par = $par !== null ? $par : '';
		$parms = explode( '/', $par );
		$symsForAll = [ '*', 'all' ];
		if ( $parms[0] != '' &&
			( in_array( $par, $this->getConfig()->get( 'LogTypes' ) ) || in_array( $par, $symsForAll ) )
		) {
			$opts->setValue( 'type', $par );
		} elseif ( count( $parms ) == 2 ) {
			$opts->setValue( 'type', $parms[0] );
			$opts->setValue( 'user', $parms[1] );
		} elseif ( $par != '' ) {
			$opts->setValue( 'user', $par );
		}
	}

	private function show( FormOptions $opts, array $extraConds ) {
		# Create a LogPager item to get the results and a LogEventsList item to format them...
		$loglist = new LogEventsList(
			$this->getContext(),
			null,
			LogEventsList::USE_CHECKBOXES
		);

		$pager = new LogPager(
			$loglist,
			$opts->getValue( 'type' ),
			$opts->getValue( 'user' ),
			$opts->getValue( 'page' ),
			$opts->getValue( 'pattern' ),
			$extraConds,
			$opts->getValue( 'year' ),
			$opts->getValue( 'month' ),
			$opts->getValue( 'tagfilter' ),
			$opts->getValue( 'subtype' )
		);

		$this->addHeader( $opts->getValue( 'type' ) );

		# Set relevant user
		if ( $pager->getPerformer() ) {
			$performerUser = User::newFromName( $pager->getPerformer(), false );
			$this->getSkin()->setRelevantUser( $performerUser );
<?php

function getDate($date)
{
    if ($date !== null) {
        return new DateTime($date);
    }

    return false;
}
		}

		# Show form options
		$loglist->showOptions(
			$pager->getType(),
			$pager->getPerformer(),
			$pager->getPage(),

			$pager->getPattern(),
			$pager->getYear(),

			$pager->getMonth(),

			$pager->getFilterParams(),
			$pager->getTagFilter(),
			$pager->getAction()
		);

		# Insert list
		$logBody = $pager->getBody();
		if ( $logBody ) {
			$this->getOutput()->addHTML(
				$pager->getNavigationBar() .
					$this->getActionButtons(
						$loglist->beginLogEventsList() .
							$logBody .
							$loglist->endLogEventsList()
					) .
					$pager->getNavigationBar()
			);
		} else {
			$this->getOutput()->addWikiMsg( 'logempty' );
		}
	}

	private function getActionButtons( $formcontents ) {
		$user = $this->getUser();
		$canRevDelete = $user->isAllowedAll( 'deletedhistory', 'deletelogentry' );
		$showTagEditUI = ChangeTags::showTagEditingUI( $user );
		# If the user doesn't have the ability to delete log entries nor edit tags,
		# don't bother showing them the button(s).
		if ( !$canRevDelete && !$showTagEditUI ) {
			return $formcontents;
		}

		# Show button to hide log entries and/or edit change tags
		$s = Html::openElement(
			'form',
			[ 'action' => wfScript(), 'id' => 'mw-log-deleterevision-submit' ]
		) . "\n";
		$s .= Html::hidden( 'action', 'historysubmit' ) . "\n";
		$s .= Html::hidden( 'type', 'logging' ) . "\n";

		$buttons = '';
		if ( $canRevDelete ) {
			$buttons .= Html::element(
				'button',
				[
					'type' => 'submit',
					'name' => 'revisiondelete',
					'value' => '1',
					'class' => "deleterevision-log-submit mw-log-deleterevision-button"
				],
				$this->msg( 'showhideselectedlogentries' )->text()
			) . "\n";
		}
		if ( $showTagEditUI ) {
			$buttons .= Html::element(
				'button',
				[
					'type' => 'submit',
					'name' => 'editchangetags',
					'value' => '1',
					'class' => "editchangetags-log-submit mw-log-editchangetags-button"
				],
				$this->msg( 'log-edit-tags' )->text()
			) . "\n";
		}

		$buttons .= ( new ListToggle( $this->getOutput() ) )->getHTML();

		$s .= $buttons . $formcontents . $buttons;
		$s .= Html::closeElement( 'form' );

		return $s;
	}

	/**
	 * Set page title and show header for this log type
	 * @param string $type
	 * @since 1.19
	 */
	protected function addHeader( $type ) {
		$page = new LogPage( $type );
		$this->getOutput()->setPageTitle( $page->getName() );
		$this->getOutput()->addHTML( $page->getDescription()
			->setContext( $this->getContext() )->parseAsBlock() );
	}

	protected function getGroupName() {
		return 'changes';
	}
}


1		<?php
2		/**
3		* Implements Special:Log
4		*
5		* Copyright © 2008 Aaron Schulz
6		*
7		* This program is free software; you can redistribute it and/or modify
8		* it under the terms of the GNU General Public License as published by
9		* the Free Software Foundation; either version 2 of the License, or
10		* (at your option) any later version.
11		*
12		* This program is distributed in the hope that it will be useful,
13		* but WITHOUT ANY WARRANTY; without even the implied warranty of
14		* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15		* GNU General Public License for more details.
16		*
17		* You should have received a copy of the GNU General Public License along
18		* with this program; if not, write to the Free Software Foundation, Inc.,
19		* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
20		* http://www.gnu.org/copyleft/gpl.html
21		*
22		* @file
23		* @ingroup SpecialPage
24		*/
25
26		/**
27		* A special page that lists log entries
28		*
29		* @ingroup SpecialPage
30		*/
31		class SpecialLog extends SpecialPage {
32		public function __construct() {
33		parent::__construct( 'Log' );
34		}
35
36		public function execute( $par ) {
37		$this->setHeaders();
38		$this->outputHeader();
39		$this->getOutput()->addModules( 'mediawiki.userSuggest' );
40		$this->addHelpLink( 'Help:Log' );
41
42		$opts = new FormOptions;
43		$opts->add( 'type', '' );
44		$opts->add( 'user', '' );
45		$opts->add( 'page', '' );
46		$opts->add( 'pattern', false );
47		$opts->add( 'year', null, FormOptions::INTNULL );
48		$opts->add( 'month', null, FormOptions::INTNULL );
49		$opts->add( 'tagfilter', '' );
50		$opts->add( 'offset', '' );
51		$opts->add( 'dir', '' );
52		$opts->add( 'offender', '' );
53		$opts->add( 'subtype', '' );
54
55		// Set values
56		$opts->fetchValuesFromRequest( $this->getRequest() );
57		if ( $par !== null ) {
58		$this->parseParams( $opts, (string)$par );
59		}
60
61		# Don't let the user get stuck with a certain date
62		if ( $opts->getValue( 'offset' ) \|\| $opts->getValue( 'dir' ) == 'prev' ) {
63		$opts->setValue( 'year', '' );
64		$opts->setValue( 'month', '' );
65		}
66
67		// If the user doesn't have the right permission to view the specific
68		// log type, throw a PermissionsError
69		// If the log type is invalid, just show all public logs
70		$logRestrictions = $this->getConfig()->get( 'LogRestrictions' );
71		$type = $opts->getValue( 'type' );
72		if ( !LogPage::isLogType( $type ) ) {
73		$opts->setValue( 'type', '' );
74		} elseif ( isset( $logRestrictions[$type] )
75		&& !$this->getUser()->isAllowed( $logRestrictions[$type] )
76		) {
77		throw new PermissionsError( $logRestrictions[$type] );
78		}
79
80		# Handle type-specific inputs
81		$qc = [];
82		if ( $opts->getValue( 'type' ) == 'suppress' ) {
83		$offender = User::newFromName( $opts->getValue( 'offender' ), false );
84		if ( $offender && $offender->getId() > 0 ) {
85		$qc = [ 'ls_field' => 'target_author_id', 'ls_value' => $offender->getId() ];
86		} elseif ( $offender && IP::isIPAddress( $offender->getName() ) ) {
87		$qc = [ 'ls_field' => 'target_author_ip', 'ls_value' => $offender->getName() ];
88		}
89		} else {
90		// Allow extensions to add relations to their search types
91		Hooks::run(
92		'SpecialLogAddLogSearchRelations',
93		[ $opts->getValue( 'type' ), $this->getRequest(), &$qc ]
94		);
95		}
96
97		# Some log types are only for a 'User:' title but we might have been given
98		# only the username instead of the full title 'User:username'. This part try
99		# to lookup for a user by that name and eventually fix user input. See bug 1697.
100		if ( in_array( $opts->getValue( 'type' ), self::getLogTypesOnUser() ) ) {
101		# ok we have a type of log which expect a user title.
102		$target = Title::newFromText( $opts->getValue( 'page' ) );
103		if ( $target && $target->getNamespace() === NS_MAIN ) {
104		# User forgot to add 'User:', we are adding it for him
105		$opts->setValue( 'page',
106		Title::makeTitleSafe( NS_USER, $opts->getValue( 'page' ) )
107		);
108		}
109		}
110
111		$this->show( $opts, $qc );
112		}
113
114		/**
115		* List log type for which the target is a user
116		* Thus if the given target is in NS_MAIN we can alter it to be an NS_USER
117		* Title user instead.
118		*
119		* @since 1.25
120		* @return array
121		*/
122		public static function getLogTypesOnUser() {
123		static $types = null;
124		if ( $types !== null ) {
125		return $types;
126		}
127		$types = [
128		'block',
129		'newusers',
130		'rights',
131		];
132
133		Hooks::run( 'GetLogTypesOnUser', [ &$types ] );
134		return $types;
135		}
136
137		/**
138		* Return an array of subpages that this special page will accept.
139		*
140		* @return string[] subpages
141		*/
142		public function getSubpagesForPrefixSearch() {
143		$subpages = $this->getConfig()->get( 'LogTypes' );
144		$subpages[] = 'all';
145		sort( $subpages );
146		return $subpages;
147		}
148
149		private function parseParams( FormOptions $opts, $par ) {
150		# Get parameters
151		$par = $par !== null ? $par : '';
152		$parms = explode( '/', $par );
153		$symsForAll = [ '*', 'all' ];
154		if ( $parms[0] != '' &&
155		( in_array( $par, $this->getConfig()->get( 'LogTypes' ) ) \|\| in_array( $par, $symsForAll ) )
156		) {
157		$opts->setValue( 'type', $par );
158		} elseif ( count( $parms ) == 2 ) {
159		$opts->setValue( 'type', $parms[0] );
160		$opts->setValue( 'user', $parms[1] );
161		} elseif ( $par != '' ) {
162		$opts->setValue( 'user', $par );
163		}
164		}
165
166		private function show( FormOptions $opts, array $extraConds ) {
167		# Create a LogPager item to get the results and a LogEventsList item to format them...
168		$loglist = new LogEventsList(
169		$this->getContext(),
170		null,
171		LogEventsList::USE_CHECKBOXES
172		);
173
174		$pager = new LogPager(
175		$loglist,
176		$opts->getValue( 'type' ),
177		$opts->getValue( 'user' ),
178		$opts->getValue( 'page' ),
179		$opts->getValue( 'pattern' ),
180		$extraConds,
181		$opts->getValue( 'year' ),
182		$opts->getValue( 'month' ),
183		$opts->getValue( 'tagfilter' ),
184		$opts->getValue( 'subtype' )
185		);
186
187		$this->addHeader( $opts->getValue( 'type' ) );
188
189		# Set relevant user
190		if ( $pager->getPerformer() ) {
191		$performerUser = User::newFromName( $pager->getPerformer(), false );
192		$this->getSkin()->setRelevantUser( $performerUser );
		0 ignored issues – show Security Bug introduced 2016-04-13 17:40 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$performerUser` defined by `\User::newFromName($pager->getPerformer(), false)` on line `191` can also be of type `false`; however, `Skin::setRelevantUser()` does only seem to accept `object<User>`, did you maybe forget to handle an error condition? This check looks for type mismatches where the missing type is `false`. This is usually indicative of an error condtion. Consider the follow example <?php function getDate($date) { if ($date !== null) { return new DateTime($date); } return false; } This function either returns a new `DateTime` object or false, if there was an error. This is a typical pattern in PHP programming to show that an error has occurred without raising an exception. The calling code should check for this returned `false` before passing on the value to another function or method that may not be able to handle a `false`. Loading history...
193		}
194
195		# Show form options
196		$loglist->showOptions(
197		$pager->getType(),
198		$pager->getPerformer(),
199		$pager->getPage(),
		0 ignored issues – show Bug introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$pager->getPage()` targeting `LogPager::getPage()` can also be of type `object<Title>`; however, `LogEventsList::showOptions()` does only seem to accept `string`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
200		$pager->getPattern(),
201		$pager->getYear(),
		0 ignored issues – show Security Bug introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$pager->getYear()` targeting `LogPager::getYear()` can also be of type `false`; however, `LogEventsList::showOptions()` does only seem to accept `integer`, did you maybe forget to handle an error condition? Loading history...
202		$pager->getMonth(),
		0 ignored issues – show Security Bug introduced 2016-01-16 18:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$pager->getMonth()` targeting `LogPager::getMonth()` can also be of type `false`; however, `LogEventsList::showOptions()` does only seem to accept `integer`, did you maybe forget to handle an error condition? Loading history...
203		$pager->getFilterParams(),
204		$pager->getTagFilter(),
205		$pager->getAction()
206		);
207
208		# Insert list
209		$logBody = $pager->getBody();
210		if ( $logBody ) {
211		$this->getOutput()->addHTML(
212		$pager->getNavigationBar() .
213		$this->getActionButtons(
214		$loglist->beginLogEventsList() .
215		$logBody .
216		$loglist->endLogEventsList()
217		) .
218		$pager->getNavigationBar()
219		);
220		} else {
221		$this->getOutput()->addWikiMsg( 'logempty' );
222		}
223		}
224
225		private function getActionButtons( $formcontents ) {
226		$user = $this->getUser();
227		$canRevDelete = $user->isAllowedAll( 'deletedhistory', 'deletelogentry' );
228		$showTagEditUI = ChangeTags::showTagEditingUI( $user );
229		# If the user doesn't have the ability to delete log entries nor edit tags,
230		# don't bother showing them the button(s).
231		if ( !$canRevDelete && !$showTagEditUI ) {
232		return $formcontents;
233		}
234
235		# Show button to hide log entries and/or edit change tags
236		$s = Html::openElement(
237		'form',
238		[ 'action' => wfScript(), 'id' => 'mw-log-deleterevision-submit' ]
239		) . "\n";
240		$s .= Html::hidden( 'action', 'historysubmit' ) . "\n";
241		$s .= Html::hidden( 'type', 'logging' ) . "\n";
242
243		$buttons = '';
244	View Code Duplication	if ( $canRevDelete ) {
245		$buttons .= Html::element(
246		'button',
247		[
248		'type' => 'submit',
249		'name' => 'revisiondelete',
250		'value' => '1',
251		'class' => "deleterevision-log-submit mw-log-deleterevision-button"
252		],
253		$this->msg( 'showhideselectedlogentries' )->text()
254		) . "\n";
255		}
256	View Code Duplication	if ( $showTagEditUI ) {
257		$buttons .= Html::element(
258		'button',
259		[
260		'type' => 'submit',
261		'name' => 'editchangetags',
262		'value' => '1',
263		'class' => "editchangetags-log-submit mw-log-editchangetags-button"
264		],
265		$this->msg( 'log-edit-tags' )->text()
266		) . "\n";
267		}
268
269		$buttons .= ( new ListToggle( $this->getOutput() ) )->getHTML();
270
271		$s .= $buttons . $formcontents . $buttons;
272		$s .= Html::closeElement( 'form' );
273
274		return $s;
275		}
276
277		/**
278		* Set page title and show header for this log type
279		* @param string $type
280		* @since 1.19
281		*/
282		protected function addHeader( $type ) {
283		$page = new LogPage( $type );
284		$this->getOutput()->setPageTitle( $page->getName() );
285		$this->getOutput()->addHTML( $page->getDescription()
286		->setContext( $this->getContext() )->parseAsBlock() );
287		}
288
289		protected function getGroupName() {
290		return 'changes';
291		}
292		}
293

wikimedia / mediawiki

Issues (4122)

Security Analysis not enabled

includes/specials/SpecialLog.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like