Global variable or function should never be used

  • Major
  • Architecture

More information: https://insight.sensiolabs.com/what-we-analyse/php.use_global_variable_or_function

  1. if (!function_exists('dump')) {
  2. /**
  3. * @author Nicolas Grekas <p@tchwork.com>
  4. */
  5. function dump($var)

    dump() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Permalink
    Last edited by Nicolas Grekas
  6. {
  7. foreach (func_get_args() as $var) {
  8. VarDumper::dump($var);
  9. }
  • fabpot

    Ignored on Tue, 02 Feb 2016 14:02:45 GMT

Missing use statement should be avoided

  • Major
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/php.missing_use_statement

  1. // Can be removed in 4.0, when validator.mapping.cache.doctrine.apc is removed
  2. ->setDeprecated('The "%path%.%node%" option is deprecated since Symfony 3.2 and will be removed in 4.0. Configure the "cache.validator" service under "framework.cache.pools" instead.')
  3. ->beforeNormalization()
  4. ->ifString()->then(function ($v) {
  5. if ('validator.mapping.cache.doctrine.apc' === $v && !class_exists('Doctrine\Common\Cache\ApcCache')) {
  6. throw new LogicException('Doctrine APC cache for the validator cannot be enabled as the Doctrine Cache package is not installed.');

    The LogicException class resolves to the following classes: Symfony\Component\Asset\Exception\LogicException or Symfony\Component\Console\Exception\LogicException or Symfony\Component\DependencyInjection\Exception\LogicException or Symfony\Component\Form\Exception\LogicException or Symfony\Component\Process\Exception\LogicException or Symfony\Component\Security\Core\Exception\LogicException or Symfony\Component\Serializer\Exception\LogicException or Symfony\Component\Translation\Exception\LogicException or Symfony\Component\Workflow\Exception\LogicException.
    Did you forget to add a corresponding use statement for one of them?

    Time to fix: about 15 minutes
    Permalink
    Last edited by Fabien Potencier
  7. }
  8. return $v;
  9. })
  10. ->end()

Code should not be duplicated 3

  • Minor
  • Architecture

More information: https://insight.sensiolabs.com/what-we-analyse/php.duplicated_code

  1. * @final since version 3.4
  2. */
  3. class RouterDebugCommand extends ContainerAwareCommand
  4. {
  5. protected static $defaultName = 'debug:router';
  6. private $router;

    The next 49 lines appear both in src/Symfony/Bundle/FrameworkBundle/Command/RouterDebugCommand.php:36 and src/Symfony/Bundle/FrameworkBundle/Command/RouterMatchCommand.php:34.

    Time to fix: about 4 hours
    Permalink
    Last edited by Roland Franssen
  7. /**
  8. * @param RouterInterface $router
  9. */
  10. public function __construct($router = null)
  1. */
  2. class XliffLintCommand extends BaseLintCommand
  3. {
  4. protected static $defaultName = 'lint:xliff';
  5. public function __construct($name = null, $directoryIteratorProvider = null, $isReadableProvider = null)

    The next 39 lines appear both in src/Symfony/Bundle/FrameworkBundle/Command/XliffLintCommand.php:29 and src/Symfony/Bundle/FrameworkBundle/Command/YamlLintCommand.php:28.

    Time to fix: about 4 hours
    Permalink
    Last edited by Roland Franssen
  6. {
  7. if (func_num_args()) {
  8. @trigger_error(sprintf('Passing a constructor argument in "%s" is deprecated since Symfony 3.4 and will be removed in 4.0. If the command was registered by convention, make it a service instead.', __METHOD__), E_USER_DEPRECATED);
  9. }
  1. * @author Kévin Dunglas <dunglas@gmail.com>
  2. */
  3. class GetSetMethodNormalizer extends AbstractObjectNormalizer
  4. {
  5. private static $setterAccessibleCache = array();
  6. private $cache = array();

    The next 28 lines appear both in src/Symfony/Component/Serializer/Normalizer/GetSetMethodNormalizer.php:38 and src/Symfony/Component/Serializer/Normalizer/PropertyNormalizer.php:33.

    Time to fix: about 4 hours
    Permalink
    Last edited by Nicolas Grekas
  7. /**
  8. * {@inheritdoc}
  9. */
  10. public function supportsNormalization($data, $format = null)

Error silenced by the at sign (@) 4

  • Minor
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/php.silenced_error

  1. if (\PHP_VERSION_ID < 70000) {
  2. // Bug in PHP5: https://bugs.php.net/bug.php?id=64761
  3. // This means that we cannot bind static closures and therefore we must
  4. // ignore any errors here. There is no way to test if the closure is
  5. // bindable.
  6. $code = @\Closure::bind($code, $this);

    Adding "@" before \Closure::bind($code, $this) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Permalink
    Last edited by Andy Raines
  7. } else {
  8. $code = \Closure::bind($code, $this);
  9. }
  10. }
  11. }
  1. }
  2. if ($tty) {
  3. static $isTtySupported;
  4. if (null === $isTtySupported) {
  5. $isTtySupported = (bool) @proc_open('echo 1 >/dev/null', array(array('file', '/dev/tty', 'r'), array('file', '/dev/tty', 'w'), array('file', '/dev/tty', 'w')), $pipes);

    Adding "@" before proc_open('echo 1 >/dev/null', array(array('file', '/dev/tty', 'r'), array('file', '/dev/tty', 'w'), array('file', '/dev/tty', 'w')), $pipes) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Permalink
    Last edited by Nicolas Grekas
  6. }
  7. if (!$isTtySupported) {
  8. throw new RuntimeException('TTY mode requires /dev/tty to be read/writable.');
  9. }
  1. *
  2. * @deprecated since version 3.3. Use array or object access instead.
  3. */
  4. public function getRawData()
  5. {
  6. @trigger_error(sprintf('The %s() method is deprecated since Symfony 3.3 and will be removed in 4.0. Use the array or object access instead.', __METHOD__));

    Adding "@" before trigger_error(sprintf('The %s() method is deprecated since Symfony 3.3 and will be removed in 4.0. Use the array or object access instead.', __METHOD__)) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Permalink
    Last edited by Fabien Potencier
  7. return $this->data;
  8. }
  9. /**
  1. $data = json_encode($data, $this->encodingOptions);
  2. } else {
  3. if (!interface_exists('JsonSerializable', false)) {
  4. set_error_handler(function () { return false; });
  5. try {
  6. $data = @json_encode($data, $this->encodingOptions);

    Adding "@" before json_encode($data, $this->encodingOptions) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Permalink
    Last edited by Nicolas Grekas
  7. } finally {
  8. restore_error_handler();
  9. }
  10. } else {
  11. try {

Object parameters should be type hinted 2

  • Minor
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/php.object_parameter_not_type_hinted

  1. *
  2. * @return \ArrayObject The dependencies for the given node
  3. *
  4. * @throws \RuntimeException if a circular dependency is detected
  5. */
  6. private static function resolveDependencies(array $tree, $node, \ArrayObject $resolved = null, \ArrayObject $unresolved = null)

    The parameter node, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Permalink
    Last edited by Victor Berchet
  7. {
  8. if (null === $resolved) {
  9. $resolved = new \ArrayObject();
  10. }
  11. if (null === $unresolved) {
  1. }
  2. return $matched;
  3. }
  4. private function supports(Workflow $workflow, $supportStrategy, $subject, $workflowName)

    The parameter supportStrategy, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Permalink
    Last edited by Andreas Kleemann
  5. {
  6. if (null !== $workflowName && $workflowName !== $workflow->getName()) {
  7. return false;
  8. }

Commented code should not be committed 2

  • Minor
  • Deadcode

More information: https://insight.sensiolabs.com/what-we-analyse/php.commented_out_code

  1. $this->loadedList = $this->loader->loadChoiceList($this->value);
  2. $this->loaded = true;
  3. return $this->loadedList->getOriginalKeys();
  4. // In 4.0 keep the following line only:
  5. // return $this->loader->loadChoiceList($this->value)->getOriginalKeys();

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Permalink
    Last edited by Jules Pietri
  6. }
  7. /**
  8. * {@inheritdoc}
  9. */
  1. $this->loadedList = $this->loader->loadChoiceList($this->value);
  2. $this->loaded = true;
  3. return $this->loadedList->getStructuredValues();
  4. // In 4.0 keep the following line only:
  5. // return $this->loader->loadChoiceList($this->value)->getStructuredValues();

    Commented out code reduces readability and lowers the code confidence for other developers. If it's common usage for debug, it should not be committed. Using a version control system, such code can be safely removed.

    Time to fix: about 30 minutes
    Permalink
    Last edited by Jules Pietri
  6. }
  7. /**
  8. * {@inheritdoc}
  9. */

Unused method, property, variable or parameter 6

  • Minor
  • Deadcode

More information: https://insight.sensiolabs.com/what-we-analyse/php.unused_local_variable_or_private_member

  1. class FirewallMap extends _FirewallMap implements FirewallMapInterface
  2. {
  3. /**
  4. * @deprecated since version 3.3, to be removed in 4.0 alongside with magic methods below
  5. */
  6. private $container;

    This container attribute is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Permalink
    Last edited by Robin Chalas
  7. /**
  8. * @deprecated since version 3.3, to be removed in 4.0 alongside with magic methods below
  9. */
  10. private $map;
  1. *
  2. * @param ResourceInterface $resource
  3. *
  4. * @return $this
  5. */
  6. private function addResource(ResourceInterface $resource)

    This addResource method is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Permalink
    Last edited by Ryan Weaver
  7. {
  8. $this->resources[] = $resource;
  9. return $this;
  10. }
  1. /**
  2. * Gets the progress bar step width.
  3. *
  4. * @return int The progress bar step width
  5. */
  6. private function getStepWidth()

    This getStepWidth method is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Permalink
    Last edited by Saro0h
  7. {
  8. return $this->stepWidth;
  9. }
  10. /**
  1. *
  2. * @deprecated since version 3.4, to be removed in 4.0.
  3. */
  4. class MongoCaster
  5. {
  6. public static function castCursor(\MongoCursorInterface $cursor, array $a, Stub $stub, $isNested)

    This isNested argument is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Permalink
    Last edited by Nicolas Grekas
  7. {
  8. if ($info = $cursor->info()) {
  9. foreach ($info as $k => $v) {
  10. $a[Caster::PREFIX_VIRTUAL.$k] = $v;
  11. }
  1. *
  2. * @deprecated since version 3.4, to be removed in 4.0.
  3. */
  4. class MongoCaster
  5. {
  6. public static function castCursor(\MongoCursorInterface $cursor, array $a, Stub $stub, $isNested)

    This stub argument is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Permalink
    Last edited by Nicolas Grekas
  7. {
  8. if ($info = $cursor->info()) {
  9. foreach ($info as $k => $v) {
  10. $a[Caster::PREFIX_VIRTUAL.$k] = $v;
  11. }
  1. }
  2. }
  3. }
  4. }
  5. private function shouldBeInlined()

    This shouldBeInlined method is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Permalink
    Last edited by Frank de Jonge
  6. {
  7. if (count($this->items) >= 3) {
  8. return false;
  9. }

Usage of a function in loops should be avoided

  • Minor
  • Performance

More information: https://insight.sensiolabs.com/what-we-analyse/php.for_loop_uses_test_function

  1. */
  2. protected function parseTokens($tokens, MessageCatalogue $catalog)
  3. {
  4. $tokenIterator = new \ArrayIterator($tokens);
  5. for ($key = 0; $key < $tokenIterator->count(); ++$key) {

    This loop uses a function. To avoid the overhead of executing the function n times, you should precalculate it before the loop.

    Time to fix: about 15 minutes
    Permalink
    Last edited by Tobias Nyholm
  6. foreach ($this->sequences as $sequence) {
  7. $message = '';
  8. $domain = 'messages';
  9. $tokenIterator->seek($key);

Deprecated class usage found 12

  • Info
  • Architecture

More information: https://insight.sensiolabs.com/what-we-analyse/third_party.use_deprecated_class

  1. *
  2. * @param RoleInterface[] $roles An array of directly assigned roles
  3. *
  4. * @return RoleInterface[] An array of all reachable roles
  5. */
  6. public function getReachableRoles(array $roles);

    The Symfony\Component\Security\Core\Role\RoleInterface class has been deprecated in Symfony 3.3. Use the Symfony\Component\Security\Core\Role\Role class instead.

    Time to fix: about 2 hours
    Permalink
    Last edited by Fabien Potencier
  7. }
  1. {
  2. throw new BadMethodCallException('A ChildDefinition cannot have bindings set on it.');
  3. }
  4. }
  5. class_alias(ChildDefinition::class, DefinitionDecorator::class);

    The Symfony\Component\DependencyInjection\DefinitionDecorator class has been deprecated in Symfony 3.3. Use the Symfony\Component\DependencyInjection\ChildDefinition class instead.

    Time to fix: about 2 hours
    Permalink
    Last edited by Christian Flothmann
  1. public function __construct(array $roles = array())
  2. {
  3. foreach ($roles as $role) {
  4. if (is_string($role)) {
  5. $role = new Role($role);
  6. } elseif (!$role instanceof RoleInterface) {

    The Symfony\Component\Security\Core\Role\RoleInterface class has been deprecated in Symfony 3.3. Use the Symfony\Component\Security\Core\Role\Role class instead.

    Time to fix: about 2 hours
    Permalink
    Last edited by Fabien Potencier
  7. throw new \InvalidArgumentException(sprintf('$roles must be an array of strings, Role instances or RoleInterface instances, but got %s.', gettype($role)));
  8. }
  9. $this->roles[] = $role;
  10. }
  1. if (null === $lightTrace) {
  2. return;
  3. }
  4. } else {
  5. if ($scope) {
  6. $errorAsException = new ContextErrorException($logMessage, 0, $type, $file, $line, $context);

    The Symfony\Component\Debug\Exception\ContextErrorException class has been deprecated in Symfony 3.3. Use the \ErrorException class instead.

    Time to fix: about 2 hours
    Permalink
    Last edited by Nicolas Grekas
  7. } else {
  8. $errorAsException = new \ErrorException($logMessage, 0, $type, $file, $line);
  9. }
  10. // Clean the trace by removing function arguments and the first frames added by the error handler itself.
  1. {
  2. $result = VoterInterface::ACCESS_ABSTAIN;
  3. $roles = $this->extractRoles($token);
  4. foreach ($attributes as $attribute) {
  5. if ($attribute instanceof RoleInterface) {

    The Symfony\Component\Security\Core\Role\RoleInterface class has been deprecated in Symfony 3.3. Use the Symfony\Component\Security\Core\Role\Role class instead.

    Time to fix: about 2 hours
    Permalink
    Last edited by Jonatan Männchen
  6. $attribute = $attribute->getRole();
  7. }
  8. if (!is_string($attribute) || 0 !== strpos($attribute, $this->prefix)) {
  9. continue;
  1. $r = new \ReflectionClass($class = $parameterBag->resolveValue($definition->getClass()));
  2. $service = null === $r->getConstructor() ? $r->newInstance() : $r->newInstanceArgs($arguments);
  3. // don't trigger deprecations for internal uses
  4. // @deprecated since version 3.3, to be removed in 4.0 along with the deprecated class
  5. $deprecationWhitelist = array('event_dispatcher' => ContainerAwareEventDispatcher::class);

    The Symfony\Component\EventDispatcher\ContainerAwareEventDispatcher class has been deprecated in Symfony 3.3. Use the Symfony\Component\EventDispatcher\EventDispatcher class instead.

    Time to fix: about 2 hours
    Permalink
    Last edited by Robin Chalas
  6. if (!$definition->isDeprecated() && 0 < strpos($r->getDocComment(), "\n * @deprecated ") && (!isset($deprecationWhitelist[$id]) || $deprecationWhitelist[$id] !== $class)) {
  7. @trigger_error(sprintf('The "%s" service relies on the deprecated "%s" class. It should either be deprecated or its implementation upgraded.', $id, $r->name), E_USER_DEPRECATED);
  8. }
  9. }
  1. /**
  2. * Role is a simple implementation representing a role identified by a string.
  3. *
  4. * @author Fabien Potencier <fabien@symfony.com>
  5. */
  6. class Role implements RoleInterface

    The Symfony\Component\Security\Core\Role\RoleInterface class has been deprecated in Symfony 3.3. Use the Symfony\Component\Security\Core\Role\Role class instead.

    Time to fix: about 2 hours
    Permalink
    Last edited by Fabien Potencier
  7. {
  8. private $role;
  9. /**
  10. * @param string $role The role name
  1. * file that was distributed with this source code.
  2. */
  3. namespace Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler;
  4. @trigger_error(sprintf('%s is deprecated since Symfony 3.3 and will be removed in 4.0. Use Symfony\Component\Console\DependencyInjection\AddConsoleCommandPass instead.', AddConsoleCommandPass::class), E_USER_DEPRECATED);

    The Symfony\Bundle\FrameworkBundle\DependencyInjection\Compiler\AddConsoleCommandPass class has been deprecated in Symfony 3.3. Use the Symfony\Component\Console\DependencyInjection\AddConsoleCommandPass class instead.

    Time to fix: about 2 hours
    Permalink
    Last edited by Fabien Potencier
  5. use Symfony\Component\Console\DependencyInjection\AddConsoleCommandPass as BaseAddConsoleCommandPass;
  6. /**
  7. * Registers console commands.
  1. /**
  2. * Returns the user roles.
  3. *
  4. * @return RoleInterface[] An array of RoleInterface instances
  5. */
  6. public function getRoles();

    The Symfony\Component\Security\Core\Role\RoleInterface class has been deprecated in Symfony 3.3. Use the Symfony\Component\Security\Core\Role\Role class instead.

    Time to fix: about 2 hours
    Permalink
    Last edited by Fabien Potencier
  7. /**
  8. * Returns the user credentials.
  9. *
  10. * @return mixed The user credentials
  1. // fail silently when the logout URL cannot be generated
  2. }
  3. $extractRoles = function ($role) {
  4. if (!$role instanceof RoleInterface && !$role instanceof Role) {
  5. throw new \InvalidArgumentException(sprintf('Roles must be instances of %s or %s (%s given).', RoleInterface::class, Role::class, is_object($role) ? get_class($role) : gettype($role)));

    The Symfony\Component\Security\Core\Role\RoleInterface class has been deprecated in Symfony 3.3. Use the Symfony\Component\Security\Core\Role\Role class instead.

    Time to fix: about 2 hours
    Permalink
    Last edited by Christian Flothmann
  6. }
  7. return $role->getRole();
  8. };
  1. } catch (\Exception $e) {
  2. // fail silently when the logout URL cannot be generated
  3. }
  4. $extractRoles = function ($role) {
  5. if (!$role instanceof RoleInterface && !$role instanceof Role) {

    The Symfony\Component\Security\Core\Role\RoleInterface class has been deprecated in Symfony 3.3. Use the Symfony\Component\Security\Core\Role\Role class instead.

    Time to fix: about 2 hours
    Permalink
    Last edited by Christian Flothmann
  6. throw new \InvalidArgumentException(sprintf('Roles must be instances of %s or %s (%s given).', RoleInterface::class, Role::class, is_object($role) ? get_class($role) : gettype($role)));
  7. }
  8. return $role->getRole();
  9. };
  1. $container->getDefinition('streamed_response_listener')->setPrivate(true);
  2. $container->getDefinition('locale_listener')->setPrivate(true);
  3. $container->getDefinition('validate_request_listener')->setPrivate(true);
  4. // forward compatibility with Symfony 4.0 where the ContainerAwareEventDispatcher class is removed
  5. if (!class_exists(ContainerAwareEventDispatcher::class)) {

    The Symfony\Component\EventDispatcher\ContainerAwareEventDispatcher class has been deprecated in Symfony 3.3. Use the Symfony\Component\EventDispatcher\EventDispatcher class instead.

    Time to fix: about 2 hours
    Permalink
    Last edited by Nicolas Grekas
  6. $definition = $container->getDefinition('event_dispatcher');
  7. $definition->setClass(EventDispatcher::class);
  8. $definition->setArguments(array());
  9. }

Class should be unique per PHP file 4

  • Info
  • Codestyle

More information: https://insight.sensiolabs.com/what-we-analyse/php.file_contains_more_than_one_class

This file contains 3 classes. Keeping only one class per file is a standard in the PHP community, since it promotes interoperability and maintainability.

Time to fix: about 6 hours
Permalink
Last edited by Nicolas Grekas
  • ReflectionClassResource (defined at line 17)
  • ReflectionMethodHhvmWrapper (defined at line 158)
  • ReflectionParameterHhvmWrapper (defined at line 175)

This file contains 2 classes. Keeping only one class per file is a standard in the PHP community, since it promotes interoperability and maintainability.

Time to fix: about 4 hours
Permalink
Collective

This file contains 2 classes. Keeping only one class per file is a standard in the PHP community, since it promotes interoperability and maintainability.

Time to fix: about 4 hours
Permalink
Collective
  • RegisterListenersPass (defined at line 25)
  • ExtractingEventDispatcher (defined at line 122)

This file contains 2 classes. Keeping only one class per file is a standard in the PHP community, since it promotes interoperability and maintainability.

Time to fix: about 4 hours
Permalink
Collective
  • DigestAuthenticationListener (defined at line 34)
  • DigestData (defined at line 145)

PHP code should follow PSR-1 basic coding standard 2

  • Info
  • Codestyle

More information: https://insight.sensiolabs.com/what-we-analyse/php.psr1

  1. }
  2. /**
  3. * @internal to be removed in 4.0
  4. */
  5. class _FirewallMap

    Class names should be declared in StudlyCaps.
    You should rename this class to comply with PSR-1.

    Time to fix: about 15 minutes
    Permalink
    Last edited by Robin Chalas
  6. {
  7. private $container;
  8. private $map;
  9. private $contexts;
  1. *
  2. * @see preg_last_error()
  3. *
  4. * @internal
  5. */
  6. public static function preg_match($pattern, $subject, &$matches = null, $flags = 0, $offset = 0)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Permalink
    Last edited by Richard Bradley
  7. {
  8. if (false === $ret = preg_match($pattern, $subject, $matches, $flags, $offset)) {
  9. switch (preg_last_error()) {
  10. case PREG_INTERNAL_ERROR:
  11. $error = 'Internal PCRE error.';