Twig templates should not have syntax errors 15

  • Critical
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/twig.twig_syntax_error

  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <head>
  4. <title>{#advhr.advhr_desc}</title>

    Unclosed comment

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
  6. <script type="text/javascript" src="js/rule.js"></script>
  7. <script type="text/javascript" src="../../utils/mctabs.js"></script>
  8. <script type="text/javascript" src="../../utils/form_utils.js"></script>
  9. <link href="css/advhr.css" rel="stylesheet" type="text/css" />
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <head>
  4. <title>{#advimage_dlg.dialog_title}</title>

    Unclosed comment

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
  6. <script type="text/javascript" src="../../utils/mctabs.js"></script>
  7. <script type="text/javascript" src="../../utils/form_utils.js"></script>
  8. <script type="text/javascript" src="../../utils/validate.js"></script>
  9. <script type="text/javascript" src="../../utils/editable_selects.js"></script>
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <head>
  4. <title>{#advlink_dlg.title}</title>

    Unclosed comment

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
  6. <script type="text/javascript" src="../../utils/mctabs.js"></script>
  7. <script type="text/javascript" src="../../utils/form_utils.js"></script>
  8. <script type="text/javascript" src="../../utils/validate.js"></script>
  9. <script type="text/javascript" src="js/advlink.js"></script>
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <head>
  4. <title>{#emotions_dlg.title}</title>

    Unclosed comment

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
  6. <script type="text/javascript" src="js/emotions.js"></script>
  7. </head>
  8. <body style="display: none" role="application" aria-labelledby="app_title">
  9. <span style="display:none;" id="app_title">{#emotions_dlg.title}</span>
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <head>
  4. <title>{#example_dlg.title}</title>

    Unclosed comment

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
  6. <script type="text/javascript" src="js/dialog.js"></script>
  7. </head>
  8. <body>
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <head>
  4. <title>{#fullpage_dlg.title}</title>

    Unclosed comment

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
  6. <script type="text/javascript" src="../../utils/mctabs.js"></script>
  7. <script type="text/javascript" src="../../utils/form_utils.js"></script>
  8. <script type="text/javascript" src="js/fullpage.js"></script>
  9. <link href="css/fullpage.css" rel="stylesheet" type="text/css" />
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <head>
  4. <title>{#media_dlg.title}</title>

    Unclosed comment

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
  6. <script type="text/javascript" src="js/media.js"></script>
  7. <script type="text/javascript" src="../../utils/mctabs.js"></script>
  8. <script type="text/javascript" src="../../utils/validate.js"></script>
  9. <script type="text/javascript" src="../../utils/form_utils.js"></script>
  1. <html xmlns="http://www.w3.org/1999/xhtml">
  2. <head>
  3. <title>{#paste.paste_text_desc}</title>

    Unclosed comment

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  4. <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
  5. <script type="text/javascript" src="js/pastetext.js"></script>
  6. </head>
  7. <body onresize="PasteTextDialog.resize();" style="display:none; overflow:hidden;">
  8. <form name="source" onsubmit="return PasteTextDialog.insert();" action="#">
  1. <script type="text/javascript" src="jscripts/embed.js"></script>
  2. <script type="text/javascript"><!--
  3. document.write('<base href="' + tinyMCEPopup.getWindowArg("base") + '">');
  4. // -->
  5. </script>
  6. <title>{#preview.preview_desc}</title>

    Unclosed comment

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. </head>
  8. <body id="content">
  9. <script type="text/javascript">
  10. document.write(tinyMCEPopup.editor.getContent());
  11. </script>
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <head>
  4. <title>{#searchreplace_dlg.replace_title}</title>

    Unclosed comment

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
  6. <script type="text/javascript" src="../../utils/mctabs.js"></script>
  7. <script type="text/javascript" src="../../utils/form_utils.js"></script>
  8. <script type="text/javascript" src="js/searchreplace.js"></script>
  9. <link rel="stylesheet" type="text/css" href="css/searchreplace.css" />
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <head>
  4. <title>{#style_dlg.title}</title>

    Unclosed comment

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
  6. <script type="text/javascript" src="../../utils/mctabs.js"></script>
  7. <script type="text/javascript" src="../../utils/editable_selects.js"></script>
  8. <script type="text/javascript" src="../../utils/form_utils.js"></script>
  9. <script type="text/javascript" src="js/props.js"></script>
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <head>
  4. <title>{#table_dlg.cell_title}</title>

    Unclosed comment

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
  6. <script type="text/javascript" src="../../utils/mctabs.js"></script>
  7. <script type="text/javascript" src="../../utils/form_utils.js"></script>
  8. <script type="text/javascript" src="../../utils/validate.js"></script>
  9. <script type="text/javascript" src="../../utils/editable_selects.js"></script>
  1. <html xmlns="http://www.w3.org/1999/xhtml">
  2. <head>
  3. <title>{#template_dlg.title}</title>

    Unclosed comment

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  4. <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
  5. <script type="text/javascript" src="js/template.js"></script>
  6. <link href="css/template.css" rel="stylesheet" type="text/css" />
  7. </head>
  8. <body onresize="TemplateDialog.resize();">
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <head>
  4. <title>{#xhtmlxtras_dlg.title_abbr_element}</title>

    Unclosed comment

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
  6. <script type="text/javascript" src="../../utils/mctabs.js"></script>
  7. <script type="text/javascript" src="../../utils/form_utils.js"></script>
  8. <script type="text/javascript" src="../../utils/editable_selects.js"></script>
  9. <script type="text/javascript" src="js/element_common.js"></script>
  1. <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
  2. <html xmlns="http://www.w3.org/1999/xhtml">
  3. <head>
  4. <title>{#advanced_dlg.about_title}</title>

    Unclosed comment

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. <script type="text/javascript" src="../../tiny_mce_popup.js"></script>
  6. <script type="text/javascript" src="../../utils/mctabs.js"></script>
  7. <script type="text/javascript" src="js/about.js"></script>
  8. </head>
  9. <body id="about" style="display: none">

PHP debug statements found 44

  • Critical
  • Security

More information: https://insight.sensiolabs.com/what-we-analyse/php.debug_statements

  1. /**
  2. * Runs the installation script.
  3. */
  4. public function actionIndex()
  5. {
  6. echo 'Installing ' . Yii::app()->name . "...\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. $this->status = true;
  8. $this->changeDirectoryPermission();
  9. $this->deleteTestingFiles();
  10. $this->setDatabase();
  1. $this->changeDirectoryPermission();
  2. $this->deleteTestingFiles();
  3. $this->setDatabase();
  4. $this->switchMode();
  5. echo "\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. echo $this->status ? "Installation successful.\n" : "Installation failed.\n";
  7. }
  8. /**
  1. $this->deleteTestingFiles();
  2. $this->setDatabase();
  3. $this->switchMode();
  4. echo "\n";
  5. echo $this->status ? "Installation successful.\n" : "Installation failed.\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. }
  7. /**
  8. * Changes directory permissions to 777.
  1. 'photos',
  2. );
  3. foreach ($dirs as $dir)
  4. {
  5. echo "Changing permission of $dir... ";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. if ( ! @chmod($dir, 0777))
  7. {
  8. echo "[FAILED]\n";
  9. $this->status = false;
  10. break;
  1. foreach ($dirs as $dir)
  2. {
  3. echo "Changing permission of $dir... ";
  4. if ( ! @chmod($dir, 0777))
  5. {
  6. echo "[FAILED]\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. $this->status = false;
  8. break;
  9. }
  10. echo "[OK]\n";
  11. }
  1. {
  2. echo "[FAILED]\n";
  3. $this->status = false;
  4. break;
  5. }
  6. echo "[OK]\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. }
  8. }
  9. /**
  1. 'protected/config/travis.php',
  2. );
  3. foreach ($files as $file)
  4. {
  5. echo "Deleting $file... ";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. @unlink($file);
  7. echo "[OK]\n";
  8. }
  9. }
  1. foreach ($files as $file)
  2. {
  3. echo "Deleting $file... ";
  4. @unlink($file);
  5. echo "[OK]\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. }
  7. }
  8. /**
  9. * Creates schema and inserts initial data.
  1. 'protected/data/bk_badge.sql',
  2. );
  3. foreach ($sqls as $sql)
  4. {
  5. echo "Executing $sql... ";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. $content = @file_get_contents($sql);
  7. $cmd = Yii::app()->db->createCommand($content);
  8. try
  9. {
  1. {
  2. $cmd->execute();
  3. }
  4. catch (CException $e)
  5. {
  6. echo "[FAILED]\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. $this->status = false;
  8. break;
  9. }
  10. echo "[OK]\n";
  11. }
  1. {
  2. echo "[FAILED]\n";
  3. $this->status = false;
  4. break;
  5. }
  6. echo "[OK]\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. }
  8. }
  9. /**
  10. * Switches the application to production mode.
  1. /**
  2. * Switches the application to production mode.
  3. */
  4. private function switchMode()
  5. {
  6. echo "Switching to production mode... ";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. if ( ! @rename('index-production.php', 'index.php'))
  8. {
  9. echo "[FAILED]\n";
  10. $this->status = false;
  11. break;
  1. private function switchMode()
  2. {
  3. echo "Switching to production mode... ";
  4. if ( ! @rename('index-production.php', 'index.php'))
  5. {
  6. echo "[FAILED]\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. $this->status = false;
  8. break;
  9. }
  10. echo "[OK]\n";
  11. }
  1. {
  2. echo "[FAILED]\n";
  3. $this->status = false;
  4. break;
  5. }
  6. echo "[OK]\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. }
  8. }
  1. */
  2. public function actionUpdateCourses()
  3. {
  4. $courses = Course::model()->findAll('faculty_id=:X', array(':X' => (int) $_POST['faculty_id']));
  5. echo CHtml::label('Mata Kuliah', false);

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. echo CHtml::dropDownList('Note[course_id]', '',
  7. CHtml::listData($courses, 'id', 'name'),
  8. array('prompt' => '(semua)'));
  9. }
  10. }
  1. public function actionUpdateCourses()
  2. {
  3. $courses = Course::model()->findAll('faculty_id=:X', array(':X' => (int) $_POST['faculty_id']));
  4. echo CHtml::label('Mata Kuliah', false);
  5. echo CHtml::dropDownList('Note[course_id]', '',

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. CHtml::listData($courses, 'id', 'name'),
  7. array('prompt' => '(semua)'));
  8. }
  9. }
  1. $totalRating = $model->getTotalRating();
  2. $ratersCount = $model->getRatersCount();
  3. if ( ! $totalRating)
  4. echo 'N/A';

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. else
  6. echo '' . ((double)$totalRating / $ratersCount) . ' (dari ' . $ratersCount . ' pengguna)';
  7. }
  8. /**
  1. $ratersCount = $model->getRatersCount();
  2. if ( ! $totalRating)
  3. echo 'N/A';
  4. else
  5. echo '' . ((double)$totalRating / $ratersCount) . ' (dari ' . $ratersCount . ' pengguna)';

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. }
  7. /**
  8. * AJAX response for review AJAX request.
  9. */
  1. $noteId = $_POST['note_id'];
  2. $model = $this->loadModel($noteId);
  3. $model->addReview($review, Yii::app()->user->id);
  4. echo $this->renderPartial('_review', array('data'=>$review), true);

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. }
  6. }
  7. /**
  1. */
  2. public function actionUpdateCourses()
  3. {
  4. $courses = Course::model()->findAll('faculty_id=:X', array(':X' => (int) $_POST['faculty_id']));
  5. echo CHtml::dropDownList('Note[course_id]', '',

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. CHtml::listData($courses, 'id', 'name'),
  7. array('prompt' => 'Pilih mata kuliah'));
  8. }
  9. /**
  1. public function actionError()
  2. {
  3. if($error=Yii::app()->errorHandler->error)
  4. {
  5. if(Yii::app()->request->isAjaxRequest)
  6. echo $error['message'];

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. else
  8. $this->render('error', $error);
  9. }
  10. }
  1. /**
  2. * Renders the data item list. This method overrides {@link renderItems()} of {@link CListView}
  3. */
  4. public function renderItems()
  5. {
  6. echo CHtml::openTag($this->itemsTagName,array('class'=>$this->itemsCssClass))."\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. $data=$this->dataProvider->getData();
  8. if(($n=count($data))>0)
  9. {
  10. $owner=$this->getOwner();
  11. $viewFile=$owner->getViewFile($this->itemView);
  1. $viewFile=$owner->getViewFile($this->itemView);
  2. $j=0;
  3. foreach($data as $i=>$item)
  4. {
  5. if ($j % $this->numColumns == 0)
  6. echo CHtml::openTag('tr', array('class' => $this->rowCssClass)) . "\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. $data=$this->viewData;
  8. $data['index']=$i;
  9. $data['data']=$item;
  10. $data['widget']=$this;
  11. echo CHtml::openTag('td', array('class' => $this->dataCssClass)) . "\n";
  1. echo CHtml::openTag('tr', array('class' => $this->rowCssClass)) . "\n";
  2. $data=$this->viewData;
  3. $data['index']=$i;
  4. $data['data']=$item;
  5. $data['widget']=$this;
  6. echo CHtml::openTag('td', array('class' => $this->dataCssClass)) . "\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. $owner->renderFile($viewFile,$data);
  8. echo CHtml::closeTag('td') . "\n";
  9. if ($j % $this->numColumns == ($this->numColumns-1) || $j == $n-1)
  10. echo CHtml::closeTag('tr') . "\n";
  11. $j++;
  1. $data['index']=$i;
  2. $data['data']=$item;
  3. $data['widget']=$this;
  4. echo CHtml::openTag('td', array('class' => $this->dataCssClass)) . "\n";
  5. $owner->renderFile($viewFile,$data);
  6. echo CHtml::closeTag('td') . "\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. if ($j % $this->numColumns == ($this->numColumns-1) || $j == $n-1)
  8. echo CHtml::closeTag('tr') . "\n";
  9. $j++;
  10. }
  11. }
  1. $data['widget']=$this;
  2. echo CHtml::openTag('td', array('class' => $this->dataCssClass)) . "\n";
  3. $owner->renderFile($viewFile,$data);
  4. echo CHtml::closeTag('td') . "\n";
  5. if ($j % $this->numColumns == ($this->numColumns-1) || $j == $n-1)
  6. echo CHtml::closeTag('tr') . "\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. $j++;
  8. }
  9. }
  10. else
  11. $this->renderEmptyText();
  1. $j++;
  2. }
  3. }
  4. else
  5. $this->renderEmptyText();
  6. echo CHtml::closeTag($this->itemsTagName);

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. }
  8. }
  1. 'Daftar Berkas',
  2. );
  3. if (Yii::app()->user->hasShareMessages())
  4. {
  5. echo '<div id="' . Yii::app()->fbApi->divRoot . '"></div>' . "\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. $script = Yii::app()->fbApi->getInitScript();
  7. Yii::app()->clientScript->registerScript('fb_init', $script);
  8. }
  9. ?>
  1. <?php $this->renderPartial('_advanced', array(
  2. 'model' => $model,
  3. 'usernames' => $usernames,
  4. )); ?>
  5. <?php if (Yii::app()->user->isAdmin) echo CHtml::beginForm(array('batchDelete')); ?>

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. <br />
  7. <br />
  8. <?php echo Yii::app()->user->getNotification(); ?>
  1. 'class' => 'btn btn-danger',
  2. )); ?>
  3. </div>
  4. <?php endif; ?>
  5. <?php if (Yii::app()->user->isAdmin) echo CHtml::endForm(); ?>

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. </div><!-- span9 -->
  7. </div><!-- row-fluid -->
  1. /* @var $data Note */
  2. $baseUrl = Yii::app()->request->baseUrl;
  3. ?>
  4. <?php if (Yii::app()->user->isAdmin) echo CHtml::checkBox('deleteNote[' . $data->id . ']'); ?>

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. <div id="iconBerkas">
  6. <?php echo CHtml::link(CHtml::image($baseUrl . '/' . $data->typeIcon, 'note icon', array('class' => 'noteIcon')),
  7. array('note/view', 'id'=>$data->id)
  1. <td width="150px">
  2. <?php
  3. $baseUrl = Yii::app()->baseUrl;
  4. $photosDir = Yii::app()->params['photosDir'];
  5. $photo = ($data->student->photo === null) ? 'user.png' : $data->student->photo;
  6. echo CHtml::image($baseUrl . '/' . $photosDir . $photo, $data->student->name, array('width'=>60));

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. ?>
  8. </td>
  9. <td width="800px">
  10. <blockquote class="pull-left">
  1. <td>
  2. <?php
  3. $totalRating = $model->getTotalRating();
  4. $ratersCount = $model->getRatersCount();
  5. echo '<span id="total_rating">';

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. if ( ! $totalRating)
  7. echo 'N/A';
  8. else
  9. echo '' . ((double)$totalRating / $ratersCount) . ' (dari ' . $ratersCount . ' pengguna)';
  10. echo '</span>';
  1. $totalRating = $model->getTotalRating();
  2. $ratersCount = $model->getRatersCount();
  3. echo '<span id="total_rating">';
  4. if ( ! $totalRating)
  5. echo 'N/A';

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. else
  7. echo '' . ((double)$totalRating / $ratersCount) . ' (dari ' . $ratersCount . ' pengguna)';
  8. echo '</span>';
  9. ?>
  10. </td>
  1. echo '<span id="total_rating">';
  2. if ( ! $totalRating)
  3. echo 'N/A';
  4. else
  5. echo '' . ((double)$totalRating / $ratersCount) . ' (dari ' . $ratersCount . ' pengguna)';

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. echo '</span>';
  7. ?>
  8. </td>
  9. </tr>
  10. <tr>
  1. echo '<span id="total_rating">';
  2. if ( ! $totalRating)
  3. echo 'N/A';
  4. else
  5. echo '' . ((double)$totalRating / $ratersCount) . ' (dari ' . $ratersCount . ' pengguna)';
  6. echo '</span>';

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. ?>
  8. </td>
  9. </tr>
  10. <tr>
  11. <td><i class="icon icon-star"></i> Beri Rating</td>
  1. </td>
  2. <td>
  3. <?php
  4. echo Chtml::link('Tweets by @BerKuliah', 'https://twitter.com/BerKuliah', array(

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. 'class' => 'twitter-timeline',
  6. 'data-dnt' => 'true',
  7. 'data-widget-id' => '321252419063390209'
  8. ));
  1. <tr>
  2. <td>
  3. <div id="fotoArtikel">
  4. <?php
  5. $photo = ($model->student->photo === null) ? 'user.png' : $model->student->photo;
  6. echo CHtml::image(Yii::app()->baseUrl . '/photos/' . $photo, $model->student->name, array('max-width'=>'150','align'=>'left',));

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. ?>
  8. </div>
  9. <p><?php echo $model->content; ?></p>
  10. <br />
  11. </td>
  1. if (Yii::app()->user->isAdmin)
  2. {
  3. if ($model->status == Testimonial::STATUS_PENDING)
  4. {
  5. echo CHtml::link('<i class="icon icon-ok icon-white"></i> Terima', '#', array(

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. 'class'=>'btn btn-primary',
  7. 'confirm'=>'Apakah Anda yakin ingin menerima testimoni ini?',
  8. 'submit'=>array('approve', 'id'=>$model->id),
  9. ));
  1. 'class'=>'btn btn-primary',
  2. 'confirm'=>'Apakah Anda yakin ingin menerima testimoni ini?',
  3. 'submit'=>array('approve', 'id'=>$model->id),
  4. ));
  5. echo ' ';

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. echo CHtml::link('<i class="icon icon-remove icon-white"></i> Tolak', '#', array(
  7. 'class'=>'btn btn-danger',
  8. 'confirm'=>'Apakah Anda yakin ingin menolak testimoni ini?',
  9. 'submit'=>array('reject', 'id'=>$model->id),
  10. ));
  1. 'confirm'=>'Apakah Anda yakin ingin menerima testimoni ini?',
  2. 'submit'=>array('approve', 'id'=>$model->id),
  3. ));
  4. echo ' ';
  5. echo CHtml::link('<i class="icon icon-remove icon-white"></i> Tolak', '#', array(

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. 'class'=>'btn btn-danger',
  7. 'confirm'=>'Apakah Anda yakin ingin menolak testimoni ini?',
  8. 'submit'=>array('reject', 'id'=>$model->id),
  9. ));
  10. }
  1. }
  2. else if (Yii::app()->user->id == $model->student_id)
  3. {
  4. if ($model->status == Testimonial::STATUS_NEW || $model->status == Testimonial::STATUS_REJECTED)
  5. {
  6. echo CHtml::link('<i class="icon-search icon-pencil icon-white"></i> Sunting', array('update', 'id' => $model->id), array('class' => 'btn btn-primary'));

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. echo ' ';
  8. echo CHtml::link('<i class="icon-search icon-share icon-white"></i> Usulkan', '#', array(
  9. 'class' => 'btn btn-success',
  10. 'confirm' => 'Apakah Anda yakin ingin mengusulkan testimoni ini?',
  11. 'submit' => array('propose', 'id'=>$model->id),
  1. else if (Yii::app()->user->id == $model->student_id)
  2. {
  3. if ($model->status == Testimonial::STATUS_NEW || $model->status == Testimonial::STATUS_REJECTED)
  4. {
  5. echo CHtml::link('<i class="icon-search icon-pencil icon-white"></i> Sunting', array('update', 'id' => $model->id), array('class' => 'btn btn-primary'));
  6. echo ' ';

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. echo CHtml::link('<i class="icon-search icon-share icon-white"></i> Usulkan', '#', array(
  8. 'class' => 'btn btn-success',
  9. 'confirm' => 'Apakah Anda yakin ingin mengusulkan testimoni ini?',
  10. 'submit' => array('propose', 'id'=>$model->id),
  11. ));
  1. {
  2. if ($model->status == Testimonial::STATUS_NEW || $model->status == Testimonial::STATUS_REJECTED)
  3. {
  4. echo CHtml::link('<i class="icon-search icon-pencil icon-white"></i> Sunting', array('update', 'id' => $model->id), array('class' => 'btn btn-primary'));
  5. echo ' ';
  6. echo CHtml::link('<i class="icon-search icon-share icon-white"></i> Usulkan', '#', array(

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. 'class' => 'btn btn-success',
  8. 'confirm' => 'Apakah Anda yakin ingin mengusulkan testimoni ini?',
  9. 'submit' => array('propose', 'id'=>$model->id),
  10. ));
  11. }

PHP configuration should not be changed dynamically

  • Major
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/php.dynamically_change_configuration

  1. * @return string 20-byte random binary string or false on error
  2. */
  3. public static function sessionBlock()
  4. {
  5. // session.entropy_length must be set for session_id be crypto-strong
  6. ini_set('session.entropy_length', 20);

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Collective
  7. if (ini_get('session.entropy_length') != 20) {
  8. return false;
  9. }
  10. // These calls are (supposed to be, according to PHP manual) safe even if there is

Files should be encoded in UTF-8 2

  • Major
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/web.non_utf8_encoding

This file uses iso-8859-1 text encoding. Prefer UTF-8 to avoid cross-encoding issues.

Time to fix: about 30 minutes
Open Issue Permalink
Collective

This file uses iso-8859-1 text encoding. Prefer UTF-8 to avoid cross-encoding issues.

Time to fix: about 30 minutes
Open Issue Permalink
Collective

Files should not be executable

  • Major
  • Security

More information: https://insight.sensiolabs.com/what-we-analyse/php.too_permissive_file_permissions

Your project contains files with permissive permissions. In order to avoid opening a security breach, you should restrict execution rights on following files:

Time to fix: about 30 minutes
Open Issue Permalink
Collective

Object parameters should be type hinted 16

  • Minor
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/php.object_parameter_not_type_hinted

  1. /**
  2. * A filter to ensure only the note owner can update the note.
  3. * @param CFilterChain $filterChain the filter chain
  4. */
  5. public function filterCheckNoteOwner($filterChain)

    The parameter filterChain, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  6. {
  7. if (isset($_GET['id']))
  8. {
  9. $model = $this->loadModel($_GET['id']);
  10. if ($model->student_id !== Yii::app()->user->id)
  1. /**
  2. * A filter to ensure that an action only available in debug mode.
  3. * @param CFilterChain $filterChain the filter chain
  4. */
  5. public function filterCheckDebugMode($filterChain)

    The parameter filterChain, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  6. {
  7. if (! YII_DEBUG)
  8. throw new CHttpException(404, 'Fitur ini tidak tersedia.');
  9. $filterChain->run();
  1. /**
  2. * A filter to ensure only the owner can access a testimonial
  3. * @param CFilterChain $filterChain the filter chain
  4. */
  5. public function filterCheckOwner($filterChain)

    The parameter filterChain, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  6. {
  7. if (isset($_GET['id']))
  8. {
  9. $model = $this->loadModel($_GET['id']);
  10. if ($model->student_id !== Yii::app()->user->id)
  1. /**
  2. * A filter to ensure only admin can grant testimonial.
  3. * @param CFilterChain $filterChain the filter chain
  4. */
  5. public function filterCheckAdmin($filterChain)

    The parameter filterChain, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  6. {
  7. if ( ! Yii::app()->user->isAdmin)
  8. throw new CHttpException(403, 'Anda bukan administrator.');
  9. $filterChain->run();
  1. /**
  2. * A filter to ensure only new testimonial can be updated.
  3. * @param CFilterChain $filterChain the filter chain
  4. */
  5. public function filterCheckNewStatus($filterChain)

    The parameter filterChain, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  6. {
  7. if (isset($_GET['id']))
  8. {
  9. $model = $this->loadModel($_GET['id']);
  10. if ($model->status != Testimonial::STATUS_NEW && $model->status != Testimonial::STATUS_REJECTED)
  1. * @param string $icon the icon
  2. * @param array $htmlOptions the HTML option values
  3. * @param array $otherOptions otherOptions
  4. * @return string the HTML of the set of the input field
  5. */
  6. public function formatInputField($form, $type, $model, $attribute, $icon, $htmlOptions = array(), $otherOptions = array())

    The parameter form, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  7. {
  8. return '<tr>
  9. <td>
  10. <div class="control-group attribute-' . $attribute . '">
  11. <i class="icon ' . $icon . '"></i> ' . $form->labelEx($model, $attribute, array('class' => 'control-label')) . '
  1. {
  2. /**
  3. * Handles new upload event.
  4. * @param BkCounterEvent $event the event
  5. */
  6. public function newUpload($event)

    The parameter event, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  7. {
  8. $conditions = $event->conditions();
  9. foreach ($conditions as $condition)
  10. $this->checkUploads($event->student, $condition);
  11. }
  1. /**
  2. * Handles new download event.
  3. * @param BkCounterEvent $event the event
  4. */
  5. public function newDownload($event)

    The parameter event, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  6. {
  7. $conditions = $event->conditions();
  8. foreach ($conditions as $condition)
  9. $this->checkDownloads($event->student, $condition);
  10. }
  1. * Checks whether the given student satisfies the given condition for an upload badge.
  2. * @param Student $student the student
  3. * @param array $condition the condition
  4. * @return boolean whether the student satisfies the condition
  5. */
  6. public function checkUploads($student, $condition)

    The parameter student, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  7. {
  8. $badge = $condition['badge'];
  9. $count = $condition['count'];
  10. if (!$student->hasBadge($badge) && count($student->notes) === $count)
  1. * Checks whether the given student satisfies the given condition for a download badge.
  2. * @param Student $student the student
  3. * @param array $condition the condition
  4. * @return boolean whether the student satisfies the condition
  5. */
  6. public function checkDownloads($student, $condition)

    The parameter student, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  7. {
  8. $badge = $condition['badge'];
  9. $count = $condition['count'];
  10. if (!$student->hasBadge($badge) && count($student->downloadInfos) === $count)
  1. /**
  2. * Adds share message for a certain badge.
  3. * @param Badge $badge the badge
  4. */
  5. private function addBadgeShareMessage($badge)

    The parameter badge, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  6. {
  7. $message['text'] = '';
  8. $message['type'] = 'badge';
  9. $message['default_text'] = 'Saya baru saja mendapatkan lencana ' . $badge->name . ' pada BerKuliah!';
  10. $message['name'] = $badge->name;
  1. /**
  2. * A filter to ensure a student will not be able to update other students profile.
  3. * @param CFilterChain $filterChain the filter chain
  4. */
  5. public function filterCheckAuthorized($filterChain)

    The parameter filterChain, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  6. {
  7. if (isset($_GET['id']))
  8. {
  9. if ($_GET['id'] != Yii::app()->user->id)
  10. {
  1. /**
  2. * Adds a review to this note.
  3. * @param Review $review the review object
  4. * @param integer $studentId the reviewer id
  5. */
  6. public function addReview($review, $studentId)

    The parameter review, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  7. {
  8. $review->note_id = $this->id;
  9. $review->student_id = $studentId;
  10. $review->timestamp = date('Y-m-d H:i:s');
  1. /**
  2. * Checks whether this student has the given badge.
  3. * @param Badge $badge the badge
  4. * @return boolean whether this student has the badge
  5. */
  6. public function hasBadge($badge)

    The parameter badge, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  7. {
  8. $badges = $this->badges;
  9. foreach ($badges as $val)
  10. {
  11. if ($val->id === $badge->id)
  1. /**
  2. * Adds a badge to a student.
  3. * @param Badge $badge the badge to be added
  4. * @return boolean whether the addition is successful
  5. */
  6. public function addBadge($badge)

    The parameter badge, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  7. {
  8. $res = Yii::app()->db->createCommand()
  9. ->insert('bk_student_badge', array(
  10. 'student_id'=>$this->id,
  11. 'badge_id'=>$badge->id,
  1. /**
  2. * Grants this testimonial to a student.
  3. * @param Student $student the student
  4. * @return boolean whether the grant is successful
  5. */
  6. public function grantTo($student)

    The parameter student, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  7. {
  8. $this->content = 'Silakan isi testimoni Anda di sini.';
  9. $this->status = self::STATUS_NEW;
  10. $this->student_id = $student->id;
  11. $this->timestamp = date('Y-m-d H:i:s');

No absolute path should be hard-coded

  • Minor
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/php.absolute_path_present

  1. ) {
  2. return self::substr($s, 0, $length);
  3. }
  4. // Try /dev/random directly. On Linux it may block so deal with that.
  5. if (false !== ($f = @fopen('/dev/random', 'r'))

    An absolute path has been found in your source code. It may cause some deployment issues, as the production path is unlikely the same as the development one. You should consider using a configuration parameter or __DIR__ instead.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  6. && stream_set_blocking($f, 0)
  7. && false !== ($s = @fread($f, $length))
  8. && (fclose($f) || true)
  9. && self::strlen($s) >= $length
  10. ) {

User specific files should not appear in .gitignore

  • Minor
  • Codestyle

More information: https://insight.sensiolabs.com/what-we-analyse/git.user_specific_ignored_file

in .gitignore, line 22
  1. # Ignore code coverage report directory except .gitignore
  2. protected/test/report/!.gitignore
  3. # For Mac OSX
  4. .DS_Store

    .DS_Store is user-specific and should not appear in a project .gitignore. Consider adding it to the user global .gitignore instead.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. protected/.DS_Store
  6. # Ignore log file
  7. *.log