PHP debug statements found 22

  • Critical
  • Security

More information: https://insight.sensiolabs.com/what-we-analyse/php.debug_statements

in web/check.php, line 4
  1. <?php
  2. if (is_cli()) {
  3. echo "********************************\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  4. echo "* *\n";
  5. echo "* Symfony requirements check *\n";
  6. echo "* *\n";
  7. echo "********************************\n\n";
  8. echo sprintf("php.ini used by PHP: %s\n\n", get_ini_path());
in web/check.php, line 5
  1. <?php
  2. if (is_cli()) {
  3. echo "********************************\n";
  4. echo "* *\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. echo "* Symfony requirements check *\n";
  6. echo "* *\n";
  7. echo "********************************\n\n";
  8. echo sprintf("php.ini used by PHP: %s\n\n", get_ini_path());
in web/check.php, line 6
  1. <?php
  2. if (is_cli()) {
  3. echo "********************************\n";
  4. echo "* *\n";
  5. echo "* Symfony requirements check *\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. echo "* *\n";
  7. echo "********************************\n\n";
  8. echo sprintf("php.ini used by PHP: %s\n\n", get_ini_path());
  9. echo "** WARNING **\n";
in web/check.php, line 7
  1. if (is_cli()) {
  2. echo "********************************\n";
  3. echo "* *\n";
  4. echo "* Symfony requirements check *\n";
  5. echo "* *\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. echo "********************************\n\n";
  7. echo sprintf("php.ini used by PHP: %s\n\n", get_ini_path());
  8. echo "** WARNING **\n";
  9. echo "* The PHP CLI can use a different php.ini file\n";
in web/check.php, line 8
  1. if (is_cli()) {
  2. echo "********************************\n";
  3. echo "* *\n";
  4. echo "* Symfony requirements check *\n";
  5. echo "* *\n";
  6. echo "********************************\n\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. echo sprintf("php.ini used by PHP: %s\n\n", get_ini_path());
  8. echo "** WARNING **\n";
  9. echo "* The PHP CLI can use a different php.ini file\n";
  10. echo "* than the one used with your web server.\n";
in web/check.php, line 9
  1. echo "********************************\n";
  2. echo "* *\n";
  3. echo "* Symfony requirements check *\n";
  4. echo "* *\n";
  5. echo "********************************\n\n";
  6. echo sprintf("php.ini used by PHP: %s\n\n", get_ini_path());

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. echo "** WARNING **\n";
  8. echo "* The PHP CLI can use a different php.ini file\n";
  9. echo "* than the one used with your web server.\n";
  10. if ('\\' == DIRECTORY_SEPARATOR) {
in web/check.php, line 11
  1. echo "* Symfony requirements check *\n";
  2. echo "* *\n";
  3. echo "********************************\n\n";
  4. echo sprintf("php.ini used by PHP: %s\n\n", get_ini_path());
  5. echo "** WARNING **\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. echo "* The PHP CLI can use a different php.ini file\n";
  7. echo "* than the one used with your web server.\n";
  8. if ('\\' == DIRECTORY_SEPARATOR) {
  9. echo "* (especially on the Windows platform)\n";
  10. }
in web/check.php, line 12
  1. echo "* *\n";
  2. echo "********************************\n\n";
  3. echo sprintf("php.ini used by PHP: %s\n\n", get_ini_path());
  4. echo "** WARNING **\n";
  5. echo "* The PHP CLI can use a different php.ini file\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. echo "* than the one used with your web server.\n";
  7. if ('\\' == DIRECTORY_SEPARATOR) {
  8. echo "* (especially on the Windows platform)\n";
  9. }
  10. echo "* If this is the case, please ALSO launch this\n";
in web/check.php, line 13
  1. echo "********************************\n\n";
  2. echo sprintf("php.ini used by PHP: %s\n\n", get_ini_path());
  3. echo "** WARNING **\n";
  4. echo "* The PHP CLI can use a different php.ini file\n";
  5. echo "* than the one used with your web server.\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. if ('\\' == DIRECTORY_SEPARATOR) {
  7. echo "* (especially on the Windows platform)\n";
  8. }
  9. echo "* If this is the case, please ALSO launch this\n";
  10. echo "* utility from your web server.\n";
in web/check.php, line 15
  1. echo "** WARNING **\n";
  2. echo "* The PHP CLI can use a different php.ini file\n";
  3. echo "* than the one used with your web server.\n";
  4. if ('\\' == DIRECTORY_SEPARATOR) {
  5. echo "* (especially on the Windows platform)\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. }
  7. echo "* If this is the case, please ALSO launch this\n";
  8. echo "* utility from your web server.\n";
  9. echo "** WARNING **\n";
  10. } else {
in web/check.php, line 17
  1. echo "* The PHP CLI can use a different php.ini file\n";
  2. echo "* than the one used with your web server.\n";
  3. if ('\\' == DIRECTORY_SEPARATOR) {
  4. echo "* (especially on the Windows platform)\n";
  5. }
  6. echo "* If this is the case, please ALSO launch this\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. echo "* utility from your web server.\n";
  8. echo "** WARNING **\n";
  9. } else {
  10. echo <<<EOF
  11. <html>
in web/check.php, line 18
  1. echo "* than the one used with your web server.\n";
  2. if ('\\' == DIRECTORY_SEPARATOR) {
  3. echo "* (especially on the Windows platform)\n";
  4. }
  5. echo "* If this is the case, please ALSO launch this\n";
  6. echo "* utility from your web server.\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. echo "** WARNING **\n";
  8. } else {
  9. echo <<<EOF
  10. <html>
  11. <head>
in web/check.php, line 19
  1. if ('\\' == DIRECTORY_SEPARATOR) {
  2. echo "* (especially on the Windows platform)\n";
  3. }
  4. echo "* If this is the case, please ALSO launch this\n";
  5. echo "* utility from your web server.\n";
  6. echo "** WARNING **\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. } else {
  8. echo <<<EOF
  9. <html>
  10. <head>
  11. <style>
in web/check.php, line 21
  1. }
  2. echo "* If this is the case, please ALSO launch this\n";
  3. echo "* utility from your web server.\n";
  4. echo "** WARNING **\n";
  5. } else {
  6. echo <<<EOF

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. <html>
  8. <head>
  9. <style>
  10. body {
  11. padding: 30px;
in web/check.php, line 38
  1. <body>
  2. <h1><img alt="symfony" style="vertical-align: middle" src="data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAMgAAAA2CAMAAAC1HibFAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAADBQTFRFpJiKd2RP0svE9PLwa1dAVD0j3djT6OXiv7atgnFdYEoxjX5sr6SYmYt7////STAUazUpiQAAA91JREFUeNrcmteWgyAQQOkg9f//dlWkW4ImZg0Pe9Yow1wZpiDATo0D4h7aiOEzApj/uEc3sIBg4h7eCJ5BHs8xkkwgxv1AAxbwm4YSjH5SPAc3TYi29qMk5ia/CyfH8kkScpPn9b5++OQquYVD2Y+Hq3tA2MSB3ONB5Dwh8PkgZl7q7vkg+oaErhE/aIQtRzq6ZQjGVpjF9MPSj3iPqhCzDKmwtAUbJQAZO6AJRIydwhOOKjEOw/KHgjBpxPg8QnlgkHs6rIIo7yfntQnz3DJ/aL69ZGtTbBhCJz51gVGEoDlItt4pwGkYklK/URjVduUW3NFhDYQimzdND0CmrJNRk3VR/vGlhQhYgRBWDGNSCstgeUudAyHYlm1WZBtEzs/zEr4UsAbSDCNcFFY3dQaE8kYO2gWhzB410IKQVmOxLYycABGLoRsIB+1HQ3TXtGjUSQxwSHY5XXlpmEYQhhDSSWGUDTPnLuk9jt2hErkxdoHAbJ6dX3TmeLHnFmAKe1Dpf5TFQ7+G8JJ20Yx3EcZIYeiwG2R5oWGI0YGRQ681lWYJfhGh8xlGFYifxKy6FskEvTCalX1BdheIDEaq10r7LSHz/yEYDO0Vr0BMk62g+FitnY53Ohe7CL5GdoJECaX4eJWBoHwGs0SMrGhH4nVvHAlGjodzIO4YBCdXVEyJWdMuzl4viIO4Na/3gjQK5APUN9lpkOTNk3m9H4S/CoLOg8Rokszr/SD4HAjqA1n8fzIv0yzPy6ZF21f3AgjrBHGEFzkfTBH6DSA8zwVdWv/DLggt/PqrICkJxjD2AW8C0c0iMWmSNkE8v34dROahKLwoUcXiSyCDrSzVZyLC7YOAejtpH0TFF69wSj59EpZIxBWQZYdLV6UDPACRVXwDuyA61oWhhBN5FubL0lAOngWBef0pQVE5boOEek3MOkBkX0njEYqlK3VFtj5m4jFxPwsSzRYjFIJWcCU7II4lHXilQw3SVDbRmlZqofMgMVK14+yBrBVeR0ljYCfbRfAVEKc3OHZB1ki2k0bcbD2sb0tcAynHQdS9BFJssByApH0arGX9YSDMFy9CwSmQcZxg5wLuBIe6nwylsddhPyASCAxc/2gCh/GW9KHg8o60hAYM/dvBs3rSu2N8cctUrJSR938zrBPAfhBo29ro7uY3wdQlEL9rg77K4R0YvrQbvzhB+FUQYdscGpziEF/l0Hble0snyGCb6uRLC6Q+eNL7eXrA3z+8MucZqvqt+8AAwd8/hDOSqPrrXv8RDvIPDuGQ5os9B08/rBUC5A8dc/qdg2c/cxTw4Yczl4rgT4ABAEs+U8HAd4FjAAAAAElFTkSuQmCC" />
  3. REQUIREMENTS CHECK</h1>
  4. EOF
  5. ;
  6. echo sprintf("<p><small>php.ini used by PHP: %s</small></p>", get_ini_path());

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. }
  8. // mandatory
  9. echo_title("Mandatory requirements");
  10. check(version_compare(phpversion(), '5.3.2', '>='), sprintf('Checking that PHP version is at least 5.3.2 (%s installed)', phpversion()), 'Install PHP 5.3.1 or newer (current version is '.phpversion(), true);
in web/check.php, line 82
  1. $drivers = PDO::getAvailableDrivers();
  2. check(count($drivers), 'Checking that PDO has some drivers installed: '.implode(', ', $drivers), 'Install PDO drivers (mandatory for Doctrine)');
  3. }
  4. if (!is_cli()) {
  5. echo '</body></html>';

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. }
  7. /**
  8. * Checks a configuration.
  9. */
in web/check.php, line 91
  1. * Checks a configuration.
  2. */
  3. function check($boolean, $message, $help = '', $fatal = false)
  4. {
  5. if (is_cli()) {
  6. echo $boolean ? " OK " : sprintf("\n\n[[%s]] ", $fatal ? ' ERROR ' : 'WARNING');

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. echo sprintf("$message%s\n", $boolean ? '' : ': FAILED');
  8. if (!$boolean) {
  9. echo " *** $help ***\n";
  10. if ($fatal) {
in web/check.php, line 92
  1. */
  2. function check($boolean, $message, $help = '', $fatal = false)
  3. {
  4. if (is_cli()) {
  5. echo $boolean ? " OK " : sprintf("\n\n[[%s]] ", $fatal ? ' ERROR ' : 'WARNING');
  6. echo sprintf("$message%s\n", $boolean ? '' : ': FAILED');

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. if (!$boolean) {
  8. echo " *** $help ***\n";
  9. if ($fatal) {
  10. die("You must fix this problem before resuming the check.\n");
in web/check.php, line 95
  1. if (is_cli()) {
  2. echo $boolean ? " OK " : sprintf("\n\n[[%s]] ", $fatal ? ' ERROR ' : 'WARNING');
  3. echo sprintf("$message%s\n", $boolean ? '' : ': FAILED');
  4. if (!$boolean) {
  5. echo " *** $help ***\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. if ($fatal) {
  7. die("You must fix this problem before resuming the check.\n");
  8. }
  9. }
  10. } else {
in web/check.php, line 115
  1. $color = '#6a9ee6';
  2. $image = 'iVBORw0KGgoAAAANSUhEUgAAACkAAAAsCAYAAAD4rZFFAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAColJREFUeNqsWXmMVVcd/u599y3zNmBggGHrVFaHOpSwpI2UAGVCozRtorFoKwVtNCUqoQ2NMfiH1KiRGvjDQGpq2hCVqMRAbSst2GJsqbZhEWJooVCgkGlnY7a33s3v3HfPnTN33psB5Ca/d+5ylu/89t95Gm7x+h3QrAGrDGAF2/k2MIGvk+Ibn3Ns2klnLOBN9nlzHXDhVtfSbqbzH4BJDrCJi34nAqQmJpPGuGy2LhWPIxaNIqppcG0bNqlYLCJfKqEjl8t3mabDTXRx7B5O85tHgeu3HeSLwNg64BdcZP2UdFqb0diYyDY0AASB3l4gn6/cW1ZlQoIFQXvEDbiOg+v9/bjc11dotyyHX3/dB2z/LkfeFpAU61d14IXGTCY+e/bsRCydhvvJJ3A//RQauaX7k2hVJnMlEazLcUgmkS8UcK6nJ99p2zmqwrr1VIVbBvknIEIR7Y7o+qML5s1LjZ0yBfb583CvXoVOzghwkrQqQF2/dfx70TpCHcQm6+rQNTCA/1IVuMbOrwM/1gaH3BhIAoxx8F/HJBJf/MLSpakId2+fPg2tXA6ARUSbSkFvbYV+zz3QZs4ExozhUq6nAtqFC3CPHYNz5AhcjnckUEGRCNxMBiVu9j99fbmC6x7kfOu/Btg3BNLn4N8mpFLLmpctq3MuXoT90UcVUD4ZixfDeOopaKtWQSdXNK0yjWw9TroVxrjUV+fwYTg7dsDhRiVQgcal+G3DwGkC7XPdP9OgNt4QyH1U6mw8vqFl5cqU/cEHcC5fDgAaU6ci+uyzMB5+GJque6BUCl8CaEC0eGf/fljbtsFubx/kaiIBi5w9k8v151z3Z9+ggY4IkkayNq5pv1+yYkXWvXIFNrkoAUaXLkVi715oEydCVwDK+/b33sP5fftg05gm3H03Pv/EE9C4uEORqmAd6rT52GOwT53yuOkBpQcoc46ThUI/fUQrjenfVUFSzGkOutAyf/7EJHXNfP/9QPdia9ci/vzz0LlrCUptHdPEaw8+CCs/6FEWPvMMmvjOA+YDDVr2MzdsgCnUQIqec/fShX1gmh9PBuaspEOTc+nyhm9+OimTyabvuAOlEyeCxSLkSnz3bmjcbVi8kkrd3UMAimuAkqjW1+MM9dgQm25uHlQN+tk09XMc0NAGbFHn0v1IIkLaxukLFyZKZ87AtSqb0OrrEXuRrlwxDtVAZBujpYavKF1NuN8QoPQE0ZdeAvyxnqFx3WmGkWaPH1KydWFOPj157Ni4wQFlOmrp5+JbtkCnfxzR0XJRATIu3I9yZaZPH2bxw8beeScimzYNcpMgDfbnTHGqwLcCkG4liH170ty58RKdtQSoz5iB6OOP33B8TU2bNuQ5SwA3ckWffJIZwaTBCEW9Ha/rKWL6fgCSol4S0bRYkrpYpruRbj+2kS4rFht1EekPUyrHue20D1p+D98Hl9DP9esHQyhBpkVkAqbSHTZJTrbWNzTU2QxTDpVXdjbWrKm5QOColTbV2Bh8T5IzukgsQv2qjfWMU6xVeVlxVbxNV9zTCg8klXI1M5qYSQcrh+nz5kEjZ6tNXItSdPSBPnJsrX7VgOrz50OjDrtKUpIiTop8pTScWULpLcZb2SHS0jIi11TAwvcJqlM4maY+y/eqMx9pHp1rBskIn2PCBwMeEJ0fJgh3YedyAUhvVyNwrRolVZA3Od67VE7yXaRy71kUk2wkdDpRETVkSgVGHLlL4ULUtpoBiOcYfapOQ3OYKaUobsnBMNdril+kcIq4tUqbDPykW7GmgMRCI+1cFWWwsDCYyZMDd6SGwrDYq+m4MFo1nXOVsG3wt2iZZkKk+gFIhrnRuBfmpOgrRF66fh1R6ngtMLW46nDcEEZVps5LcV83c7lGjbmd/wGmyMBVfRGDRDau6zUBiraOnCyzlhF9w+naSN7BW/PcuUFOcr5y5X27BHm+2NvbmBK793dRYtolAr7ITNRLLF4taZBAhYVbzMJrWXAtsvv6UD55MlhfBIOy4DRLYunM/97f3m5GmCcGO6Gll95+u6qiV9NNeT9p+XI0PfLIsPejzVN66y24tANVJwus3YntHxLkkb7OzpzOJMEV1ik7HTw4KsAwWIPSENysZli1wIp3xQMHhojarYB0+XzEA3kB+BdZa+eY/8WFE/Y7519+GaYoH0ILVltYPhc7O9HLeii8kWobkmRSzEUWa4FVU++Loh/1kRn6x17YPMr3XwEms8BfPK6lJVLkIr4ieal+4qGHRkwsZNvJTP44s/Frr77qWXg9i7WRIoxHBNm7eTOsa9cGLZo++7pt51lG/PwvZGDgJ/lxR3d3d95ifWIwmwlEfvQo8qxrRtJD2baxFHAZEMTV9vrrsHlfrZ86Prdnj2ekARdZE1l8P0DbZf71wpCk95ucV5Q5bSdOlFMsFyAKKH9gz/btKL3zTtXF1Pssk5IgwZg920tdRtLJIjfV99xzg8WY0EX6anJRGMwu1uADwwoxVopZIr7QtGDBhChZPnD8uPdR9w8Bxu/ahcTq1cNKiOCeC3e++y7KXV2YdP/9iCSTNdO04iuvoGfrVq+yDMIgU7siy94Oy7pGUc9iNlsMUjl5Q/mXvgxcKXR0rBnf3BwX+mL19FQmp+jy1DWdO40vWlTJ5cP1tchfGQ4zc+d6ehUOBt5FEH07d3rScVgqqABtzvlZudx/hWUDU/LLanSMKFNEDgIXv+S684ptbbMaliyJ2nTMFiOINKTisWMoHDoEgxmL0dR0U2eMBeppN+sZMX5IIkGAYlOfFYu5TmDv08AfFQl71a7KEhFeEjOpUtuA/fXZbMu0e+9NFD78EMVLl4YdSsXvugt1DzyAZGsronPmVAVmnj2LwhtvIE9gwp2p4GRpq1E67QMDxU7HObYZ+F7Zc5GeqAPSFLEnJH0OqP8RdzUumZw3fenShM2EOMdSV54/aopCe3pLJ24wPRMBQTw7DHMm6yXRInTK5vr1gJ7NwqZKdfT3F7pd9wQZs7Ub6PeBqUDzcj1DBSmIhXj2J/RVY3V9+bTm5kSyoQF5crXc1uaJPnweOdJBZwBQZNs0qAgNscDQ25HLla4Bhwhwp1XJeMIAPZBDdFIlMeI1xs65rtsba29fXOrp0TJNTXrCr32EvspsJyxGV9F613fQgssGE2NhIJ09PWZPqVT8J/CrX1IH2bcstKMGlVUGxBROxlWuLgQaNwA/qAfuy4wZExnb2BiJc0GRiIjayM7nK1mTbQ+eVBCYxlxAVI1CvCWKvq+/3yyYpkvuHd0N/JaW3CWSLp9U7sln8QeBHZZSPAQyrtJ9wAy6qXWsZlbrRJJOp2N1mYwRJZAIDcBL+QlUkEnQJv1gIZ+3CqWSSfjmJSYMNN0DZyt5ogBSVkCqYEU74Ft3VVWKhgDGlFZQlB/jBEv7xiJWSgv5PJVKneFkMeHWBSCKsJerXLsKnDoNnDzMvNWqIkoFqGwLPjmj6bsWAhnzwatk+PprVDk+R6gScCoHdx5nLFQHW/LLBetm/33QfBAqUEMhaWgSYLi+UM/1bQWkpLIv3rLKuf/rzyaFc4YPWD1K12v8S6Iek5shkO5t/0dslDnCrtMNif2Wr/8JMADxEJDtoSp7OAAAAABJRU5ErkJggg==';
  3. $alt = 'warning';
  4. }
  5. echo sprintf('

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. <div style="background-color: %s; padding: 4px; margin: 3px; border: 1px #ddd solid; font-size: 18px">
  7. <div style="float: left"><img alt="%s" style="width: 60%%; vertical-align: middle; margin-right: 10px" src="data:image/png;base64,%s" /></div>
  8. <div style="float: left; margin-top: 7px; text-align: left;">%s%s</div>
  9. <div style="clear: both"></div>
  10. </div>', $color, $alt, $image, $message, !$boolean ? '<div style="background-color: #fff; padding:5px">What to do'.($fatal ? '' : ' (<em>optional</em>)').': '.$help.'</div>' : '');
in web/check.php, line 127
  1. }
  2. function echo_title($title)
  3. {
  4. if (is_cli()) {
  5. echo "\n** $title **\n\n";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. } else {
  7. echo "<h2>$title</h2>";
  8. }
  9. }
in web/check.php, line 129
  1. function echo_title($title)
  2. {
  3. if (is_cli()) {
  4. echo "\n** $title **\n\n";
  5. } else {
  6. echo "<h2>$title</h2>";

    echo() should only be used for debug, and not committed to the source code repository.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  7. }
  8. }
  9. /**
  10. * Gets the php.ini path used by the current PHP interpretor.

Sensitive data should not be present in non-parameter configuration files

  • Critical
  • Security

More information: https://insight.sensiolabs.com/what-we-analyse/symfony.app.sensitive_data_found_in_application_configuration

  1. doctrine:
  2. dbal:
  3. driver: %database_driver%
  4. host: %database_host%
  5. dbname: %database_name%_test

    A sensitive data has been detected in your configuration file (dbname parameter). You should consider storing it in a single parameter file.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  6. user: %database_user%
  7. password: %database_password%
  8. charset: UTF8
  9. web_profiler:

Global variable or function should never be used 4

  • Major
  • Architecture

More information: https://insight.sensiolabs.com/what-we-analyse/php.use_global_variable_or_function

in web/check.php, line 88
  1. }
  2. /**
  3. * Checks a configuration.
  4. */
  5. function check($boolean, $message, $help = '', $fatal = false)

    check adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Collective
  6. {
  7. if (is_cli()) {
  8. echo $boolean ? " OK " : sprintf("\n\n[[%s]] ", $fatal ? ' ERROR ' : 'WARNING');
  9. echo sprintf("$message%s\n", $boolean ? '' : ': FAILED');
in web/check.php, line 124
  1. <div style="clear: both"></div>
  2. </div>', $color, $alt, $image, $message, !$boolean ? '<div style="background-color: #fff; padding:5px">What to do'.($fatal ? '' : ' (<em>optional</em>)').': '.$help.'</div>' : '');
  3. }
  4. }
  5. function echo_title($title)

    echo_title adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Collective
  6. {
  7. if (is_cli()) {
  8. echo "\n** $title **\n\n";
  9. } else {
  10. echo "<h2>$title</h2>";
in web/check.php, line 138
  1. /**
  2. * Gets the php.ini path used by the current PHP interpretor.
  3. *
  4. * @return string the php.ini path
  5. */
  6. function get_ini_path()

    get_ini_path adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Collective
  7. {
  8. if ($path = get_cfg_var('cfg_file_path')) {
  9. return $path;
  10. }
in web/check.php, line 147
  1. }
  2. return 'WARNING: not using a php.ini file';
  3. }
  4. function is_cli()

    is_cli adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Collective
  5. {
  6. return !isset($_SERVER['HTTP_HOST']);
  7. }

Symfony controller action method should not be too long

  • Major
  • Readability

More information: https://insight.sensiolabs.com/what-we-analyse/symfony.controller.action_method_too_long

22% of all actions have more than 20 lines. This violation is raised when more than 10% actions are too long.

Time to fix: about 2 hours
Open Issue Permalink
Collective

Occurences of the rule violations:

exit() and die() functions should be avoided

  • Major
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/php.use_exit_function

in web/check.php, line 97
  1. echo sprintf("$message%s\n", $boolean ? '' : ': FAILED');
  2. if (!$boolean) {
  3. echo " *** $help ***\n";
  4. if ($fatal) {
  5. die("You must fix this problem before resuming the check.\n");

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Collective
  6. }
  7. }
  8. } else {
  9. if ($boolean) {
  10. $color = '#60b111';

Absolute path constants __DIR__ and __FILE__ should not be used 4

  • Major
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/symfony.dependency_injection.use_dir_file_constant

  1. /**
  2. * {@inheritdoc}
  3. */
  4. public function getPath()
  5. {
  6. return strtr(__DIR__, '\\', '/');

    __DIR__ and __FILE__ constants may conflict with the Symfony resource overriding system

    Time to fix: about 2 hours
    Open Issue Permalink
    Collective
  7. }
  8. }
  1. }
  2. protected function getUploadRootDir()
  3. {
  4. // the absolute directory path where uploaded documents should be saved
  5. return __DIR__.'/../../../../../web/'.$this->getUploadDir();

    __DIR__ and __FILE__ constants may conflict with the Symfony resource overriding system

    Time to fix: about 2 hours
    Open Issue Permalink
    Collective
  6. }
  7. public function getThumbnailRootDir()
  8. {
  9. return __DIR__.'/../../../../../web/'.$this->getUploadDir().'/thumbnail';
  1. return __DIR__.'/../../../../../web/'.$this->getUploadDir();
  2. }
  3. public function getThumbnailRootDir()
  4. {
  5. return __DIR__.'/../../../../../web/'.$this->getUploadDir().'/thumbnail';

    __DIR__ and __FILE__ constants may conflict with the Symfony resource overriding system

    Time to fix: about 2 hours
    Open Issue Permalink
    Collective
  6. }
  7. }
  1. }
  2. }
  3. public function getThumbnailRootDir()
  4. {
  5. return __DIR__.'/../../../../web/'.$this->document->getUploadDir().'/thumbnail';

    __DIR__ and __FILE__ constants may conflict with the Symfony resource overriding system

    Time to fix: about 2 hours
    Open Issue Permalink
    Collective
  6. }
  7. public function getMimeType()
  8. {
  9. return;

Web bundles/ folder should not be present in repository

  • Major
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/symfony.web.web_bundle_folder_present_in_repository

in web

Web bundles/ folder is present in repository

Time to fix: about 1 hour
Open Issue Permalink
Collective
  • web
    • bundles
    • images
    • js
    • app.php
    • app_dev.php
    • app_test.php
    • check.php
    • robots.txt

Files should be encoded in UTF-8 2

  • Major
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/web.non_utf8_encoding

This file uses iso-8859-1 text encoding. Prefer UTF-8 to avoid cross-encoding issues.

Time to fix: about 30 minutes
Open Issue Permalink
Collective

This file uses iso-8859-1 text encoding. Prefer UTF-8 to avoid cross-encoding issues.

Time to fix: about 30 minutes
Open Issue Permalink
Collective

Web applications should contain a favicon

  • Major
  • Performance

More information: https://insight.sensiolabs.com/what-we-analyse/web.missing_favicon

in web

No favicon found in the web root directory

Time to fix: about 1 hour
Open Issue Permalink
Collective
  • web
    • bundles
    • images
    • js
    • app.php
    • app_dev.php
    • app_test.php
    • check.php
    • robots.txt

Files should not be executable

  • Major
  • Security

More information: https://insight.sensiolabs.com/what-we-analyse/php.too_permissive_file_permissions

Your project contains files with permissive permissions. In order to avoid opening a security breach, you should restrict execution rights on following files:

Time to fix: about 30 minutes
Open Issue Permalink
Collective

Object parameters should be type hinted 2

  • Minor
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/php.object_parameter_not_type_hinted

  1. ;
  2. return $query->getResult();
  3. }
  4. public function fetchAllByCategory($category)

    The parameter category, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  5. {
  6. $query = $this
  7. ->createQueryBuilder('P')
  8. ->innerJoin('P.categories', 'C')
  9. ->where('C.id = :category')
  1. use Symfony\Component\Form\Util\PropertyPath;
  2. class PhotosetBuilder
  3. {
  4. static function buildPhotoset($data)

    The parameter data, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Collective
  5. {
  6. $photoset = new Photoset();
  7. foreach ($data->photoset as $photosetKey => $photosetValue) {
  8. $propertyPath = new PropertyPath($photosetKey);
  9. switch($photosetKey)

Unused use statement should be avoided 10

  • Minor
  • Deadcode

More information: https://insight.sensiolabs.com/what-we-analyse/php.unused_use_statement

  1. namespace Didier\Bundle\BlogBundle\Entity;
  2. use Doctrine\ORM\Mapping as ORM;
  3. use Symfony\Component\Validator\Constraints as Assert;
  4. use Didier\Bundle\SiteBundle\Entity\User;

    The class Didier\Bundle\SiteBundle\Entity\User is declared but never used. You should remove the use statement.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. /**
  6. * @ORM\Entity
  7. * @ORM\Table(name="blog_post_comment")
  8. * @ORM\HasLifecycleCallbacks()
  1. <?php
  2. namespace Didier\Bundle\BlogBundle\Entity;
  3. use Doctrine\Common\Collections\ArrayCollection;

    The class Doctrine\Common\Collections\ArrayCollection is declared but never used. You should remove the use statement.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  4. use Doctrine\ORM\Mapping as ORM;
  5. use Didier\Bundle\SiteBundle\Entity\User;
  6. /**
  7. * @ORM\Entity(repositoryClass="Didier\Bundle\BlogBundle\Repository\PostRepository")
  1. namespace Didier\Bundle\BlogBundle\Entity;
  2. use Doctrine\Common\Collections\ArrayCollection;
  3. use Doctrine\ORM\Mapping as ORM;
  4. use Didier\Bundle\SiteBundle\Entity\User;

    The class Didier\Bundle\SiteBundle\Entity\User is declared but never used. You should remove the use statement.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. /**
  6. * @ORM\Entity(repositoryClass="Didier\Bundle\BlogBundle\Repository\PostRepository")
  7. * @ORM\Table(name="blog_post")
  8. * @ORM\HasLifecycleCallbacks()
  1. namespace Didier\Bundle\SiteBundle\Controller;
  2. use Symfony\Bundle\FrameworkBundle\Controller\Controller;
  3. use Didier\Bundle\SiteBundle\Entity;
  4. use Didier\Bundle\SiteBundle\Form;

    The class Didier\Bundle\SiteBundle\Form is declared but never used. You should remove the use statement.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. use Didier\Bundle\SiteBundle\Twig\MailGenerator;
  6. class PageController extends Controller
  7. {
  8. public function blogAction()
  1. use Symfony\Bundle\FrameworkBundle\Controller\Controller;
  2. use Didier\Bundle\SiteBundle\Entity;
  3. use Didier\Bundle\SiteBundle\Form;
  4. use Didier\Bundle\SiteBundle\Twig\MailGenerator;

    The class Didier\Bundle\SiteBundle\Twig\MailGenerator is declared but never used. You should remove the use statement.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. class PageController extends Controller
  6. {
  7. public function blogAction()
  8. {
  1. <?php
  2. namespace Didier\Bundle\SiteBundle\DependencyInjection;
  3. use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition;

    The class Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition is declared but never used. You should remove the use statement.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  4. use Symfony\Component\Config\Definition\Builder\TreeBuilder;
  5. use Symfony\Component\Config\Definition\ConfigurationInterface;
  6. class Configuration implements ConfigurationInterface
  7. {
  1. namespace Didier\Bundle\SiteBundle\Form;
  2. use Symfony\Component\Form\AbstractType;
  3. use Symfony\Component\Form\FormBuilderInterface;
  4. use Symfony\Component\Form\FormInterface;

    The class Symfony\Component\Form\FormInterface is declared but never used. You should remove the use statement.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. use Symfony\Component\Form\FormView;
  6. use Symfony\Component\OptionsResolver\OptionsResolverInterface;
  7. class UserType extends AbstractType
  8. {
  1. namespace Didier\Bundle\SiteBundle\Form;
  2. use Symfony\Component\Form\AbstractType;
  3. use Symfony\Component\Form\FormBuilderInterface;
  4. use Symfony\Component\Form\FormInterface;
  5. use Symfony\Component\Form\FormView;

    The class Symfony\Component\Form\FormView is declared but never used. You should remove the use statement.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  6. use Symfony\Component\OptionsResolver\OptionsResolverInterface;
  7. class UserType extends AbstractType
  8. {
  9. public function buildForm(FormBuilderInterface $builder, array $options)
  1. <?php
  2. namespace Didier\Bundle\SiteBundle\Mail;
  3. use Didier\Bundle\SiteBundle\Entity as SiteEntity;
  4. use Didier\Bundle\BlogBundle\Entity as BlogEntity;

    The class Didier\Bundle\BlogBundle\Entity is declared but never used. You should remove the use statement.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. class MailSender
  6. {
  7. protected $mailer;
  8. protected $mailFrom;
  1. namespace Didier\Twig;
  2. use Twig_Extension;
  3. use Twig_Filter_Method;
  4. use Twig_Function_Method;

    The class Twig_Function_Method is declared but never used. You should remove the use statement.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Collective
  5. use Symfony\Component\Process\Process;
  6. class Rst2htmlExtension extends Twig_Extension
  7. {

Cache or log files should not be committed

  • Minor
  • Deadcode

More information: https://insight.sensiolabs.com/what-we-analyse/symfony.app.cache_or_log_file_in_repository

Cache or log files found in repository

Time to fix: about 30 minutes
Open Issue Permalink
Collective
  • app/cache
    • dev
    • prod

Default session cookie's name should be changed.

  • Minor
  • Security

More information: https://insight.sensiolabs.com/what-we-analyse/symfony.request.session_cookie_default_name

The session cookie name is the default one, PHPSESSID. You should consider overwriting it thanks to session.name parameter (see the official documentation).

Time to fix: about 1 hour
Open Issue Permalink
Collective

The composer.json file should not raise warnings

  • Info
  • Bugrisk

More information: https://insight.sensiolabs.com/what-we-analyse/composer.warning

No license specified, it is recommended to do so

Time to fix: about 1 hour
Open Issue Permalink
Collective