Issues in userOptions.inc (master) - Issues in master - wikimedia/mediawiki - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4122)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

maintenance/userOptions.inc (4 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Helper class for userOptions.php script.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License along
 * with this program; if not, write to the Free Software Foundation, Inc.,
 * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 * http://www.gnu.org/copyleft/gpl.html
 *
 * @file
 * @ingroup Maintenance
 */

// Options we will use
$options = [ 'list', 'nowarn', 'quiet', 'usage', 'dry' ];
$optionsWithArgs = [ 'old', 'new' ];

require_once __DIR__ . '/commandLine.inc';

/**
 * @ingroup Maintenance
 */
class UserOptions {
	public $mQuick;
	public $mQuiet;
	public $mDry;
	public $mAnOption;
	public $mOldValue;
	public $mNewValue;

	private $mMode, $mReady;

	/**
	 * Constructor. Will show usage and exit if script options are not correct
	 * @param array $opts
	 * @param array $args
	 */
	function __construct( $opts, $args ) {
		if ( !$this->checkOpts( $opts, $args ) ) {
			UserOptions::showUsageAndExit();
		} else {
			$this->mReady = $this->initializeOpts( $opts, $args );
		}
	}

	/**
	 * This is used to check options. Only needed on construction
	 *
	 * @param array $opts
	 * @param array $args
	 *
	 * @return bool
	 */
	private function checkOpts( $opts, $args ) {
		// The three possible ways to run the script:
		$list = isset( $opts['list'] );
		$usage = isset( $opts['usage'] ) && ( count( $args ) <= 1 );
		$change = isset( $opts['old'] ) && isset( $opts['new'] ) && ( count( $args ) <= 1 );

		// We want only one of them
		$isValid = ( ( $list + $usage + $change ) == 1 );

		return $isValid;
	}

	/**
	 * load script options in the object
	 *
	 * @param array $opts
	 * @param array $args
	 *
	 * @return bool
	 */
	private function initializeOpts( $opts, $args ) {

		$this->mQuick = isset( $opts['nowarn'] );
		$this->mQuiet = isset( $opts['quiet'] );
		$this->mDry = isset( $opts['dry'] );

		// Set object properties, specially 'mMode' used by run()
		if ( isset( $opts['list'] ) ) {
			$this->mMode = 'LISTER';
		} elseif ( isset( $opts['usage'] ) ) {
			$this->mMode = 'USAGER';
			$this->mAnOption = isset( $args[0] ) ? $args[0] : false;
		} elseif ( isset( $opts['old'] ) && isset( $opts['new'] ) ) {
			$this->mMode = 'CHANGER';
			$this->mOldValue = $opts['old'];
			$this->mNewValue = $opts['new'];
			$this->mAnOption = $args[0];
		} else {
			die( "There is a bug in the software, this should never happen\n" );
		}

		return true;
	}

	/**
	 * Dumb stuff to run a mode.
	 */
	public function run() {
		if ( !$this->mReady ) {
			return false;
		}

		$this->{$this->mMode}();

		return true;
	}

	/**
	 * List default options and their value
	 */
	private function LISTER() {
		$def = User::getDefaultOptions();
		ksort( $def );
		$maxOpt = 0;
		foreach ( $def as $opt => $value ) {
			$maxOpt = max( $maxOpt, strlen( $opt ) );
		}
		foreach ( $def as $opt => $value ) {
			printf( "%-{$maxOpt}s: %s\n", $opt, $value );
		}
	}

	/**
	 * List options usage
	 */
	private function USAGER() {
		$ret = [];
		$defaultOptions = User::getDefaultOptions();

		// We list user by user_id from one of the replica DBs
		$dbr = wfGetDB( DB_REPLICA );
		$result = $dbr->select( 'user',
			[ 'user_id' ],
			[],
			__METHOD__
		);

		foreach ( $result as $id ) {

			$user = User::newFromId( $id->user_id );

			// Get the options and update stats
			if ( $this->mAnOption ) {

				if ( !array_key_exists( $this->mAnOption, $defaultOptions ) ) {
					print "Invalid user option. Use --list to see valid choices\n";
					exit;
				}

				$userValue = $user->getOption( $this->mAnOption );
				if ( $userValue <> $defaultOptions[$this->mAnOption] ) {
					// @codingStandardsIgnoreStart Ignore silencing errors is discouraged warning
					@$ret[$this->mAnOption][$userValue]++;
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
					// @codingStandardsIgnoreEnd
				}
			} else {

				foreach ( $defaultOptions as $name => $defaultValue ) {
$collection = json_decode($data, true);
if ( ! is_array($collection)) {
    throw new \RuntimeException('$collection must be an array.');
}

foreach ($collection as $item) { /** ... */ }
					$userValue = $user->getOption( $name );
					if ( $userValue <> $defaultValue ) {
						// @codingStandardsIgnoreStart Ignore silencing errors is discouraged warning
						@$ret[$name][$userValue]++;
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
						// @codingStandardsIgnoreEnd
					}
				}
			}
		}

		foreach ( $ret as $optionName => $usageStats ) {
			print "Usage for <$optionName> (default: '{$defaultOptions[$optionName]}'):\n";
			foreach ( $usageStats as $value => $count ) {
				print " $count user(s): '$value'\n";
			}
			print "\n";
		}
	}

	/**
	 * Change our users options
	 */
	private function CHANGER() {
		$this->warn();

		// We list user by user_id from one of the replica DBs
		$dbr = wfGetDB( DB_REPLICA );
		$result = $dbr->select( 'user',
			[ 'user_id' ],
			[],
			__METHOD__
		);

		foreach ( $result as $id ) {

			$user = User::newFromId( $id->user_id );

			$curValue = $user->getOption( $this->mAnOption );
			$username = $user->getName();

			if ( $curValue == $this->mOldValue ) {

				if ( !$this->mQuiet ) {
					print "Setting {$this->mAnOption} for $username from '{$this->mOldValue}' " .
						"to '{$this->mNewValue}'): ";
				}

				// Change value
				$user->setOption( $this->mAnOption, $this->mNewValue );

				// Will not save the settings if run with --dry
				if ( !$this->mDry ) {
					$user->saveSettings();
				}
				if ( !$this->mQuiet ) {
					print " OK\n";
				}
			} elseif ( !$this->mQuiet ) {
				print "Not changing '$username' using <{$this->mAnOption}> = '$curValue'\n";
			}
		}
	}

	/**
	 * Return an array of option names
	 * @return array
	 */
	public static function getDefaultOptionsNames() {
		$def = User::getDefaultOptions();
		$ret = [];
		foreach ( $def as $optname => $defaultValue ) {
$collection = json_decode($data, true);
if ( ! is_array($collection)) {
    throw new \RuntimeException('$collection must be an array.');
}

foreach ($collection as $item) { /** ... */ }
			array_push( $ret, $optname );
		}

		return $ret;
	}

	public static function showUsageAndExit() {
		print <<<USAGE

This script pass through all users and change one of their options.
The new option is NOT validated.

Usage:
	php userOptions.php --list
	php userOptions.php [user option] --usage
	php userOptions.php [options] <user option> --old <old value> --new <new value>

Switchs:
	--list : list available user options and their default value

	--usage : report all options statistics or just one if you specify it.

	--old <old value> : the value to look for
	--new <new value> : new value to update users with

Options:
	--nowarn: hides the 5 seconds warning
	--quiet : do not print what is happening
	--dry   : do not save user settings back to database

USAGE;
		exit( 0 );
	}

	/**
	 * The warning message and countdown
	 * @return bool
	 */
	public function warn() {

		if ( $this->mQuick ) {
			return true;
		}

		print <<<WARN
The script is about to change the skin for ALL USERS in the database.
Users with option <$this->mAnOption> = '$this->mOldValue' will be made to use '$this->mNewValue'.

Abort with control-c in the next five seconds....
WARN;
		wfCountDown( 5 );

		return true;
	}
}


1			<?php
2			/**
3			* Helper class for userOptions.php script.
4			*
5			* This program is free software; you can redistribute it and/or modify
6			* it under the terms of the GNU General Public License as published by
7			* the Free Software Foundation; either version 2 of the License, or
8			* (at your option) any later version.
9			*
10			* This program is distributed in the hope that it will be useful,
11			* but WITHOUT ANY WARRANTY; without even the implied warranty of
12			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13			* GNU General Public License for more details.
14			*
15			* You should have received a copy of the GNU General Public License along
16			* with this program; if not, write to the Free Software Foundation, Inc.,
17			* 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
18			* http://www.gnu.org/copyleft/gpl.html
19			*
20			* @file
21			* @ingroup Maintenance
22			*/
23
24			// Options we will use
25			$options = [ 'list', 'nowarn', 'quiet', 'usage', 'dry' ];
26			$optionsWithArgs = [ 'old', 'new' ];
27
28			require_once __DIR__ . '/commandLine.inc';
29
30			/**
31			* @ingroup Maintenance
32			*/
33			class UserOptions {
34			public $mQuick;
35			public $mQuiet;
36			public $mDry;
37			public $mAnOption;
38			public $mOldValue;
39			public $mNewValue;
40
41			private $mMode, $mReady;
42
43			/**
44			* Constructor. Will show usage and exit if script options are not correct
45			* @param array $opts
46			* @param array $args
47			*/
48			function __construct( $opts, $args ) {
49			if ( !$this->checkOpts( $opts, $args ) ) {
50			UserOptions::showUsageAndExit();
51			} else {
52			$this->mReady = $this->initializeOpts( $opts, $args );
53			}
54			}
55
56			/**
57			* This is used to check options. Only needed on construction
58			*
59			* @param array $opts
60			* @param array $args
61			*
62			* @return bool
63			*/
64			private function checkOpts( $opts, $args ) {
65			// The three possible ways to run the script:
66			$list = isset( $opts['list'] );
67			$usage = isset( $opts['usage'] ) && ( count( $args ) <= 1 );
68			$change = isset( $opts['old'] ) && isset( $opts['new'] ) && ( count( $args ) <= 1 );
69
70			// We want only one of them
71			$isValid = ( ( $list + $usage + $change ) == 1 );
72
73			return $isValid;
74			}
75
76			/**
77			* load script options in the object
78			*
79			* @param array $opts
80			* @param array $args
81			*
82			* @return bool
83			*/
84			private function initializeOpts( $opts, $args ) {
85
86			$this->mQuick = isset( $opts['nowarn'] );
87			$this->mQuiet = isset( $opts['quiet'] );
88			$this->mDry = isset( $opts['dry'] );
89
90			// Set object properties, specially 'mMode' used by run()
91			if ( isset( $opts['list'] ) ) {
92			$this->mMode = 'LISTER';
93			} elseif ( isset( $opts['usage'] ) ) {
94			$this->mMode = 'USAGER';
95			$this->mAnOption = isset( $args[0] ) ? $args[0] : false;
96			} elseif ( isset( $opts['old'] ) && isset( $opts['new'] ) ) {
97			$this->mMode = 'CHANGER';
98			$this->mOldValue = $opts['old'];
99			$this->mNewValue = $opts['new'];
100			$this->mAnOption = $args[0];
101			} else {
102			die( "There is a bug in the software, this should never happen\n" );
103			}
104
105			return true;
106			}
107
108			/**
109			* Dumb stuff to run a mode.
110			*/
111			public function run() {
112			if ( !$this->mReady ) {
113			return false;
114			}
115
116			$this->{$this->mMode}();
117
118			return true;
119			}
120
121			/**
122			* List default options and their value
123			*/
124			private function LISTER() {
125			$def = User::getDefaultOptions();
126			ksort( $def );
127			$maxOpt = 0;
128			foreach ( $def as $opt => $value ) {
129			$maxOpt = max( $maxOpt, strlen( $opt ) );
130			}
131			foreach ( $def as $opt => $value ) {
132			printf( "%-{$maxOpt}s: %s\n", $opt, $value );
133			}
134			}
135
136			/**
137			* List options usage
138			*/
139			private function USAGER() {
140			$ret = [];
141			$defaultOptions = User::getDefaultOptions();
142
143			// We list user by user_id from one of the replica DBs
144			$dbr = wfGetDB( DB_REPLICA );
145			$result = $dbr->select( 'user',
146			[ 'user_id' ],
147			[],
148			__METHOD__
149			);
150
151			foreach ( $result as $id ) {
152
153			$user = User::newFromId( $id->user_id );
154
155			// Get the options and update stats
156			if ( $this->mAnOption ) {
157
158			if ( !array_key_exists( $this->mAnOption, $defaultOptions ) ) {
159			print "Invalid user option. Use --list to see valid choices\n";
160			exit;
161			}
162
163			$userValue = $user->getOption( $this->mAnOption );
164			if ( $userValue <> $defaultOptions[$this->mAnOption] ) {
165			// @codingStandardsIgnoreStart Ignore silencing errors is discouraged warning
166			@$ret[$this->mAnOption][$userValue]++;
			0 ignored issues – show Security Best Practice introduced 2016-05-12 17:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
167			// @codingStandardsIgnoreEnd
168			}
169			} else {
170
171			foreach ( $defaultOptions as $name => $defaultValue ) {
			0 ignored issues – show Bug introduced 2016-05-12 17:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$defaultOptions` of type `null\|array<?,?,{"skin":"string"}>` is not guaranteed to be traversable. How about adding an additional type check? There are different options of fixing this problem. If you want to be on the safe side, you can add an additional type-check: $collection = json_decode($data, true); if ( ! is_array($collection)) { throw new \RuntimeException('$collection must be an array.'); } foreach ($collection as $item) { /** ... / } If you are sure that the expression is traversable, you might want to add a doc comment cast* to improve IDE auto-completion and static analysis: /** @var array $collection / $collection = json_decode($data, true); foreach ($collection as $item) { /* .. / } Mark the issue as a false-positive*: Just hover the remove button, in the top-right corner of this issue for more options. Loading history...
172			$userValue = $user->getOption( $name );
173			if ( $userValue <> $defaultValue ) {
174			// @codingStandardsIgnoreStart Ignore silencing errors is discouraged warning
175			@$ret[$name][$userValue]++;
			0 ignored issues – show Security Best Practice introduced 2016-05-12 17:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
176			// @codingStandardsIgnoreEnd
177			}
178			}
179			}
180			}
181
182			foreach ( $ret as $optionName => $usageStats ) {
183			print "Usage for <$optionName> (default: '{$defaultOptions[$optionName]}'):\n";
184			foreach ( $usageStats as $value => $count ) {
185			print " $count user(s): '$value'\n";
186			}
187			print "\n";
188			}
189			}
190
191			/**
192			* Change our users options
193			*/
194			private function CHANGER() {
195			$this->warn();
196
197			// We list user by user_id from one of the replica DBs
198			$dbr = wfGetDB( DB_REPLICA );
199			$result = $dbr->select( 'user',
200			[ 'user_id' ],
201			[],
202			__METHOD__
203			);
204
205			foreach ( $result as $id ) {
206
207			$user = User::newFromId( $id->user_id );
208
209			$curValue = $user->getOption( $this->mAnOption );
210			$username = $user->getName();
211
212			if ( $curValue == $this->mOldValue ) {
213
214			if ( !$this->mQuiet ) {
215			print "Setting {$this->mAnOption} for $username from '{$this->mOldValue}' " .
216			"to '{$this->mNewValue}'): ";
217			}
218
219			// Change value
220			$user->setOption( $this->mAnOption, $this->mNewValue );
221
222			// Will not save the settings if run with --dry
223			if ( !$this->mDry ) {
224			$user->saveSettings();
225			}
226			if ( !$this->mQuiet ) {
227			print " OK\n";
228			}
229			} elseif ( !$this->mQuiet ) {
230			print "Not changing '$username' using <{$this->mAnOption}> = '$curValue'\n";
231			}
232			}
233			}
234
235			/**
236			* Return an array of option names
237			* @return array
238			*/
239			public static function getDefaultOptionsNames() {
240			$def = User::getDefaultOptions();
241			$ret = [];
242			foreach ( $def as $optname => $defaultValue ) {
			0 ignored issues – show Bug introduced 2016-05-12 17:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$def` of type `null\|array<?,?,{"skin":"string"}>` is not guaranteed to be traversable. How about adding an additional type check? There are different options of fixing this problem. If you want to be on the safe side, you can add an additional type-check: $collection = json_decode($data, true); if ( ! is_array($collection)) { throw new \RuntimeException('$collection must be an array.'); } foreach ($collection as $item) { /** ... / } If you are sure that the expression is traversable, you might want to add a doc comment cast* to improve IDE auto-completion and static analysis: /** @var array $collection / $collection = json_decode($data, true); foreach ($collection as $item) { /* .. / } Mark the issue as a false-positive*: Just hover the remove button, in the top-right corner of this issue for more options. Loading history...
243			array_push( $ret, $optname );
244			}
245
246			return $ret;
247			}
248
249			public static function showUsageAndExit() {
250			print <<<USAGE
251
252			This script pass through all users and change one of their options.
253			The new option is NOT validated.
254
255			Usage:
256			php userOptions.php --list
257			php userOptions.php [user option] --usage
258			php userOptions.php [options] <user option> --old <old value> --new <new value>
259
260			Switchs:
261			--list : list available user options and their default value
262
263			--usage : report all options statistics or just one if you specify it.
264
265			--old <old value> : the value to look for
266			--new <new value> : new value to update users with
267
268			Options:
269			--nowarn: hides the 5 seconds warning
270			--quiet : do not print what is happening
271			--dry : do not save user settings back to database
272
273			USAGE;
274			exit( 0 );
275			}
276
277			/**
278			* The warning message and countdown
279			* @return bool
280			*/
281			public function warn() {
282
283			if ( $this->mQuick ) {
284			return true;
285			}
286
287			print <<<WARN
288			The script is about to change the skin for ALL USERS in the database.
289			Users with option <$this->mAnOption> = '$this->mOldValue' will be made to use '$this->mNewValue'.
290
291			Abort with control-c in the next five seconds....
292			WARN;
293			wfCountDown( 5 );
294
295			return true;
296			}
297			}
298

wikimedia / mediawiki

Issues (4122)

Security Analysis not enabled

maintenance/userOptions.inc (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like