' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 561, "line_to": 561, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$moduleName = $this->getByType('module', 'Alnum');", "selected_text": "$moduleName", "from": 12794, "to": 12805, "snippet_from": 12792, "snippet_to": 12844, "column_from": 3, "column_to": 14 }, { "line_from": 559, "line_to": 559, "label": "App\\Request::getModule", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getModule($raw = true)", "selected_text": "getModule", "from": 12766, "to": 12775, "snippet_from": 12749, "snippet_to": 12788, "column_from": 18, "column_to": 27 }, { "line_from": 37, "line_to": 37, "label": "call to App\\ConfigFile::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/OSSMail/actions/Save.php", "file_path": "/app/modules/Settings/OSSMail/actions/Save.php", "snippet": "\t\t$configFile = new \\App\\ConfigFile('module', $request->getModule(true));", "selected_text": "$request->getModule(true)", "from": 1042, "to": 1067, "snippet_from": 996, "snippet_to": 1069, "column_from": 47, "column_to": 72 }, { "line_from": 66, "line_to": 66, "label": "App\\ConfigFile::__construct#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\tpublic function __construct(string $type, ?string $component = '')", "selected_text": "$component", "from": 1367, "to": 1377, "snippet_from": 1316, "snippet_to": 1383, "column_from": 52, "column_to": 62 }, { "line_from": 81, "line_to": 81, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "$component", "from": 2127, "to": 2137, "snippet_from": 2036, "snippet_to": 2144, "column_from": 92, "column_to": 102 }, { "line_from": 81, "line_to": 81, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\"", "from": 2053, "to": 2143, "snippet_from": 2036, "snippet_to": 2144, "column_from": 18, "column_to": 108 }, { "line_from": 81, "line_to": 81, "label": "App\\ConfigFile::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "$this->path", "from": 2039, "to": 2050, "snippet_from": 2036, "snippet_to": 2144, "column_from": 4, "column_to": 15 }, { "label": "App\\ConfigFile::$path", "entry_path_type": "property-assignment" }, { "line_from": 246, "line_to": 246, "label": "App\\ConfigFile::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\tif (false === file_put_contents($this->path, $file, LOCK_EX)) {", "selected_text": "path", "from": 7104, "to": 7108, "snippet_from": 7063, "snippet_to": 7128, "column_from": 42, "column_to": 46 }, { "line_from": 246, "line_to": 246, "label": "call to file_put_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\tif (false === file_put_contents($this->path, $file, LOCK_EX)) {", "selected_text": "$this->path", "from": 7097, "to": 7108, "snippet_from": 7063, "snippet_to": 7128, "column_from": 35, "column_to": 46 } ] }, { "severity": "error", "line_from": 246, "line_to": 246, "type": "TaintedInput", "message": "Detected tainted shell", "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\tif (false === file_put_contents($this->path, $file, LOCK_EX)) {", "selected_text": "$this->path", "from": 7097, "to": 7108, "snippet_from": 7063, "snippet_to": 7128, "column_from": 35, "column_to": 46, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 1643, "line_to": 1643, "label": "call to App\\Purifier::purifyHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Chat.php", "file_path": "/app/app/Chat.php", "snippet": "\t\treturn nl2br(\\App\\Utils\\Completions::decode(\\App\\Purifier::purifyHtml(\\App\\Purifier::decodeHtml($message))));", "selected_text": "\\App\\Purifier::decodeHtml($message)", "from": 48182, "to": 48217, "snippet_from": 48110, "snippet_to": 48221, "column_from": 73, "column_to": 108 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "$input", "from": 4265, "to": 4271, "snippet_from": 4230, "snippet_to": 4286, "column_from": 36, "column_to": 42 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "purifyHtml", "from": 4254, "to": 4264, "snippet_from": 4230, "snippet_to": 4286, "column_from": 25, "column_to": 35 }, { "line_from": 416, "line_to": 416, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purifyHtml($input);", "selected_text": "$value", "from": 13323, "to": 13329, "snippet_from": 13318, "snippet_to": 13357, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 561, "line_to": 561, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$moduleName = $this->getByType('module', 'Alnum');", "selected_text": "$moduleName", "from": 12794, "to": 12805, "snippet_from": 12792, "snippet_to": 12844, "column_from": 3, "column_to": 14 }, { "line_from": 559, "line_to": 559, "label": "App\\Request::getModule", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getModule($raw = true)", "selected_text": "getModule", "from": 12766, "to": 12775, "snippet_from": 12749, "snippet_to": 12788, "column_from": 18, "column_to": 27 }, { "line_from": 37, "line_to": 37, "label": "call to App\\ConfigFile::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/OSSMail/actions/Save.php", "file_path": "/app/modules/Settings/OSSMail/actions/Save.php", "snippet": "\t\t$configFile = new \\App\\ConfigFile('module', $request->getModule(true));", "selected_text": "$request->getModule(true)", "from": 1042, "to": 1067, "snippet_from": 996, "snippet_to": 1069, "column_from": 47, "column_to": 72 }, { "line_from": 66, "line_to": 66, "label": "App\\ConfigFile::__construct#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\tpublic function __construct(string $type, ?string $component = '')", "selected_text": "$component", "from": 1367, "to": 1377, "snippet_from": 1316, "snippet_to": 1383, "column_from": 52, "column_to": 62 }, { "line_from": 81, "line_to": 81, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "$component", "from": 2127, "to": 2137, "snippet_from": 2036, "snippet_to": 2144, "column_from": 92, "column_to": 102 }, { "line_from": 81, "line_to": 81, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\"", "from": 2053, "to": 2143, "snippet_from": 2036, "snippet_to": 2144, "column_from": 18, "column_to": 108 }, { "line_from": 81, "line_to": 81, "label": "App\\ConfigFile::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "$this->path", "from": 2039, "to": 2050, "snippet_from": 2036, "snippet_to": 2144, "column_from": 4, "column_to": 15 }, { "label": "App\\ConfigFile::$path", "entry_path_type": "property-assignment" }, { "line_from": 246, "line_to": 246, "label": "App\\ConfigFile::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\tif (false === file_put_contents($this->path, $file, LOCK_EX)) {", "selected_text": "path", "from": 7104, "to": 7108, "snippet_from": 7063, "snippet_to": 7128, "column_from": 42, "column_to": 46 }, { "line_from": 246, "line_to": 246, "label": "call to file_put_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\tif (false === file_put_contents($this->path, $file, LOCK_EX)) {", "selected_text": "$this->path", "from": 7097, "to": 7108, "snippet_from": 7063, "snippet_to": 7128, "column_from": 35, "column_to": 46 } ] }, { "severity": "error", "line_from": 246, "line_to": 246, "type": "TaintedInput", "message": "Detected tainted shell", "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\tif (false === file_put_contents($this->path, $file, LOCK_EX)) {", "selected_text": "$this->path", "from": 7097, "to": 7108, "snippet_from": 7063, "snippet_to": 7128, "column_from": 35, "column_to": 46, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 113, "line_to": 113, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\t\t$value = \\App\\Purifier::decodeHtml($value);", "selected_text": "$value", "from": 3058, "to": 3064, "snippet_from": 3055, "snippet_to": 3101, "column_from": 4, "column_to": 10 }, { "line_from": 115, "line_to": 115, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\tif (!is_numeric($value) && (\\is_string($value) && $value !== \\App\\Purifier::decodeHtml(\\App\\Purifier::purify($value)))) {", "selected_text": "$value", "from": 3217, "to": 3223, "snippet_from": 3106, "snippet_to": 3229, "column_from": 112, "column_to": 118 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 456, "line_to": 456, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purify($input);", "selected_text": "$value", "from": 14732, "to": 14738, "snippet_from": 14727, "snippet_to": 14762, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 561, "line_to": 561, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$moduleName = $this->getByType('module', 'Alnum');", "selected_text": "$moduleName", "from": 12794, "to": 12805, "snippet_from": 12792, "snippet_to": 12844, "column_from": 3, "column_to": 14 }, { "line_from": 559, "line_to": 559, "label": "App\\Request::getModule", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getModule($raw = true)", "selected_text": "getModule", "from": 12766, "to": 12775, "snippet_from": 12749, "snippet_to": 12788, "column_from": 18, "column_to": 27 }, { "line_from": 37, "line_to": 37, "label": "call to App\\ConfigFile::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/OSSMail/actions/Save.php", "file_path": "/app/modules/Settings/OSSMail/actions/Save.php", "snippet": "\t\t$configFile = new \\App\\ConfigFile('module', $request->getModule(true));", "selected_text": "$request->getModule(true)", "from": 1042, "to": 1067, "snippet_from": 996, "snippet_to": 1069, "column_from": 47, "column_to": 72 }, { "line_from": 66, "line_to": 66, "label": "App\\ConfigFile::__construct#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\tpublic function __construct(string $type, ?string $component = '')", "selected_text": "$component", "from": 1367, "to": 1377, "snippet_from": 1316, "snippet_to": 1383, "column_from": 52, "column_to": 62 }, { "line_from": 81, "line_to": 81, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "$component", "from": 2127, "to": 2137, "snippet_from": 2036, "snippet_to": 2144, "column_from": 92, "column_to": 102 }, { "line_from": 81, "line_to": 81, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\"", "from": 2053, "to": 2143, "snippet_from": 2036, "snippet_to": 2144, "column_from": 18, "column_to": 108 }, { "line_from": 81, "line_to": 81, "label": "App\\ConfigFile::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "$this->path", "from": 2039, "to": 2050, "snippet_from": 2036, "snippet_to": 2144, "column_from": 4, "column_to": 15 }, { "label": "App\\ConfigFile::$path", "entry_path_type": "property-assignment" }, { "line_from": 246, "line_to": 246, "label": "App\\ConfigFile::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\tif (false === file_put_contents($this->path, $file, LOCK_EX)) {", "selected_text": "path", "from": 7104, "to": 7108, "snippet_from": 7063, "snippet_to": 7128, "column_from": 42, "column_to": 46 }, { "line_from": 246, "line_to": 246, "label": "call to file_put_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\tif (false === file_put_contents($this->path, $file, LOCK_EX)) {", "selected_text": "$this->path", "from": 7097, "to": 7108, "snippet_from": 7063, "snippet_to": 7128, "column_from": 35, "column_to": 46 } ] }, { "severity": "error", "line_from": 409, "line_to": 409, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 8512, "to": 8523, "snippet_from": 8474, "snippet_to": 8525, "column_from": 39, "column_to": 50, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 460, "line_to": 460, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->rawValues[$key];", "selected_text": "rawValues", "from": 10586, "to": 10595, "snippet_from": 10569, "snippet_to": 10602, "column_from": 18, "column_to": 27 }, { "line_from": 460, "line_to": 460, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->rawValues[$key];", "selected_text": "$this->rawValues", "from": 10579, "to": 10595, "snippet_from": 10569, "snippet_to": 10602, "column_from": 11, "column_to": 27 }, { "line_from": 457, "line_to": 457, "label": "App\\Request::getRaw", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getRaw($key, $defaultValue = '')", "selected_text": "getRaw", "from": 10494, "to": 10500, "snippet_from": 10477, "snippet_to": 10526, "column_from": 18, "column_to": 24 }, { "line_from": 28, "line_to": 28, "label": "call to Settings_WebserviceApps_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/WebserviceApps/actions/SaveAjax.php", "file_path": "/app/modules/Settings/WebserviceApps/actions/SaveAjax.php", "snippet": "\t\t$recordModel->set('pass', $request->getRaw('pass'));", "selected_text": "$request->getRaw('pass')", "from": 916, "to": 940, "snippet_from": 888, "snippet_to": 942, "column_from": 29, "column_to": 53 }, { "line_from": 33, "line_to": 33, "label": "Settings_WebserviceApps_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PickListDependency/models/ListView.php", "file_path": "/app/modules/Settings/PickListDependency/models/ListView.php", "snippet": "\t\t$field2->set('sort', false);", "selected_text": "false", "from": 1205, "to": 1210, "snippet_from": 1182, "snippet_to": 1212, "column_from": 24, "column_to": 29 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 30, "line_to": 30, "label": "$templateId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$templateId = $pdfModel->getId();", "selected_text": "$templateId", "from": 781, "to": 792, "snippet_from": 779, "snippet_to": 814, "column_from": 3, "column_to": 14 }, { "line_from": 31, "line_to": 31, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetDir . (string) $templateId", "from": 831, "to": 864, "snippet_from": 815, "snippet_to": 865, "column_from": 17, "column_to": 50 }, { "line_from": 31, "line_to": 31, "label": "$targetFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetFile", "from": 817, "to": 828, "snippet_from": 815, "snippet_to": 865, "column_from": 3, "column_to": 14 }, { "line_from": 36, "line_to": 36, "label": "call to App\\Fields\\File::moveFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\tif (!$fileInstance->moveFile($targetFile)) {", "selected_text": "$targetFile", "from": 1134, "to": 1145, "snippet_from": 1103, "snippet_to": 1149, "column_from": 32, "column_to": 43 }, { "line_from": 673, "line_to": 673, "label": "App\\Fields\\File::moveFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic function moveFile($target)", "selected_text": "$target", "from": 14716, "to": 14723, "snippet_from": 14690, "snippet_to": 14724, "column_from": 27, "column_to": 34 }, { "line_from": 680, "line_to": 680, "label": "App\\Fields\\File::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t$this->path = $target;", "selected_text": "$this->path", "from": 14894, "to": 14905, "snippet_from": 14892, "snippet_to": 14916, "column_from": 3, "column_to": 14 }, { "label": "App\\Fields\\File::$path", "entry_path_type": "property-assignment" }, { "line_from": 409, "line_to": 409, "label": "App\\Fields\\File::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "path", "from": 8519, "to": 8523, "snippet_from": 8474, "snippet_to": 8525, "column_from": 46, "column_to": 50 }, { "line_from": 409, "line_to": 409, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 8512, "to": 8523, "snippet_from": 8474, "snippet_to": 8525, "column_from": 39, "column_to": 50 } ] }, { "severity": "error", "line_from": 409, "line_to": 409, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 8512, "to": 8523, "snippet_from": 8474, "snippet_to": 8525, "column_from": 39, "column_to": 50, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 1217, "line_to": 1217, "label": "call to Vtiger_Basic_InventoryField::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/PackageImport.php", "file_path": "/app/vtlib/Vtiger/PackageImport.php", "snippet": "\t\t\t\t\t\t$fieldModel->set($name, \\App\\Purifier::purifyByType((string) $fieldNode->columnname, 'Alnum'));", "selected_text": "\\App\\Purifier::purifyByType((string) $fieldNode->columnname, 'Alnum')", "from": 37189, "to": 37258, "snippet_from": 37159, "snippet_to": 37260, "column_from": 31, "column_to": 100 }, { "line_from": 92, "line_to": 92, "label": "Vtiger_Basic_InventoryField::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1822, "to": 1828, "snippet_from": 1795, "snippet_to": 1829, "column_from": 28, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 30, "line_to": 30, "label": "$templateId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$templateId = $pdfModel->getId();", "selected_text": "$templateId", "from": 781, "to": 792, "snippet_from": 779, "snippet_to": 814, "column_from": 3, "column_to": 14 }, { "line_from": 31, "line_to": 31, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetDir . (string) $templateId", "from": 831, "to": 864, "snippet_from": 815, "snippet_to": 865, "column_from": 17, "column_to": 50 }, { "line_from": 31, "line_to": 31, "label": "$targetFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetFile", "from": 817, "to": 828, "snippet_from": 815, "snippet_to": 865, "column_from": 3, "column_to": 14 }, { "line_from": 36, "line_to": 36, "label": "call to App\\Fields\\File::moveFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\tif (!$fileInstance->moveFile($targetFile)) {", "selected_text": "$targetFile", "from": 1134, "to": 1145, "snippet_from": 1103, "snippet_to": 1149, "column_from": 32, "column_to": 43 }, { "line_from": 673, "line_to": 673, "label": "App\\Fields\\File::moveFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic function moveFile($target)", "selected_text": "$target", "from": 14716, "to": 14723, "snippet_from": 14690, "snippet_to": 14724, "column_from": 27, "column_to": 34 }, { "line_from": 680, "line_to": 680, "label": "App\\Fields\\File::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t$this->path = $target;", "selected_text": "$this->path", "from": 14894, "to": 14905, "snippet_from": 14892, "snippet_to": 14916, "column_from": 3, "column_to": 14 }, { "label": "App\\Fields\\File::$path", "entry_path_type": "property-assignment" }, { "line_from": 409, "line_to": 409, "label": "App\\Fields\\File::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "path", "from": 8519, "to": 8523, "snippet_from": 8474, "snippet_to": 8525, "column_from": 46, "column_to": 50 }, { "line_from": 409, "line_to": 409, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 8512, "to": 8523, "snippet_from": 8474, "snippet_to": 8525, "column_from": 39, "column_to": 50 } ] }, { "severity": "error", "line_from": 409, "line_to": 409, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 8512, "to": 8523, "snippet_from": 8474, "snippet_to": 8525, "column_from": 39, "column_to": 50, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 75, "line_to": 75, "label": "call to Rss_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Rss/models/Record.php", "file_path": "/app/modules/Rss/models/Record.php", "snippet": "\t\t$this->set('rsstitle', \\App\\Purifier::purifyByType((string) $rss->title, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType((string) $rss->title, 'Text')", "from": 1639, "to": 1696, "snippet_from": 1614, "snippet_to": 1698, "column_from": 26, "column_to": 83 }, { "line_from": 32, "line_to": 32, "label": "Rss_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/MultiImage.php", "file_path": "/app/modules/Vtiger/uitypes/MultiImage.php", "snippet": "\t\t\t$recordModel->set($fieldName, $this->getDBValue($value, $recordModel));", "selected_text": "$this->getDBValue($value, $recordModel)", "from": 1086, "to": 1125, "snippet_from": 1053, "snippet_to": 1127, "column_from": 34, "column_to": 73 }, { "line_from": 67, "line_to": 67, "label": "Vtiger_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/models/Record.php", "file_path": "/app/modules/Vtiger/models/Record.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1526, "to": 1532, "snippet_from": 1499, "snippet_to": 1533, "column_from": 28, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 30, "line_to": 30, "label": "$templateId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$templateId = $pdfModel->getId();", "selected_text": "$templateId", "from": 781, "to": 792, "snippet_from": 779, "snippet_to": 814, "column_from": 3, "column_to": 14 }, { "line_from": 31, "line_to": 31, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetDir . (string) $templateId", "from": 831, "to": 864, "snippet_from": 815, "snippet_to": 865, "column_from": 17, "column_to": 50 }, { "line_from": 31, "line_to": 31, "label": "$targetFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetFile", "from": 817, "to": 828, "snippet_from": 815, "snippet_to": 865, "column_from": 3, "column_to": 14 }, { "line_from": 36, "line_to": 36, "label": "call to App\\Fields\\File::moveFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\tif (!$fileInstance->moveFile($targetFile)) {", "selected_text": "$targetFile", "from": 1134, "to": 1145, "snippet_from": 1103, "snippet_to": 1149, "column_from": 32, "column_to": 43 }, { "line_from": 673, "line_to": 673, "label": "App\\Fields\\File::moveFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic function moveFile($target)", "selected_text": "$target", "from": 14716, "to": 14723, "snippet_from": 14690, "snippet_to": 14724, "column_from": 27, "column_to": 34 }, { "line_from": 680, "line_to": 680, "label": "App\\Fields\\File::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t$this->path = $target;", "selected_text": "$this->path", "from": 14894, "to": 14905, "snippet_from": 14892, "snippet_to": 14916, "column_from": 3, "column_to": 14 }, { "label": "App\\Fields\\File::$path", "entry_path_type": "property-assignment" }, { "line_from": 409, "line_to": 409, "label": "App\\Fields\\File::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "path", "from": 8519, "to": 8523, "snippet_from": 8474, "snippet_to": 8525, "column_from": 46, "column_to": 50 }, { "line_from": 409, "line_to": 409, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 8512, "to": 8523, "snippet_from": 8474, "snippet_to": 8525, "column_from": 39, "column_to": 50 } ] }, { "severity": "error", "line_from": 409, "line_to": 409, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 8512, "to": 8523, "snippet_from": 8474, "snippet_to": 8525, "column_from": 39, "column_to": 50, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 64, "line_to": 64, "label": "call to Vtiger_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/com_vtiger_workflow/tasks/VTUpdateFieldsTask.php", "file_path": "/app/modules/com_vtiger_workflow/tasks/VTUpdateFieldsTask.php", "snippet": "\t\t\t\t$recordModel->set($fieldName, App\\Purifier::decodeHtml($fieldValue));", "selected_text": "App\\Purifier::decodeHtml($fieldValue)", "from": 2463, "to": 2500, "snippet_from": 2429, "snippet_to": 2502, "column_from": 35, "column_to": 72 }, { "line_from": 67, "line_to": 67, "label": "Vtiger_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/models/Record.php", "file_path": "/app/modules/Vtiger/models/Record.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1526, "to": 1532, "snippet_from": 1499, "snippet_to": 1533, "column_from": 28, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 30, "line_to": 30, "label": "$templateId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$templateId = $pdfModel->getId();", "selected_text": "$templateId", "from": 781, "to": 792, "snippet_from": 779, "snippet_to": 814, "column_from": 3, "column_to": 14 }, { "line_from": 31, "line_to": 31, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetDir . (string) $templateId", "from": 831, "to": 864, "snippet_from": 815, "snippet_to": 865, "column_from": 17, "column_to": 50 }, { "line_from": 31, "line_to": 31, "label": "$targetFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetFile", "from": 817, "to": 828, "snippet_from": 815, "snippet_to": 865, "column_from": 3, "column_to": 14 }, { "line_from": 36, "line_to": 36, "label": "call to App\\Fields\\File::moveFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\tif (!$fileInstance->moveFile($targetFile)) {", "selected_text": "$targetFile", "from": 1134, "to": 1145, "snippet_from": 1103, "snippet_to": 1149, "column_from": 32, "column_to": 43 }, { "line_from": 673, "line_to": 673, "label": "App\\Fields\\File::moveFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic function moveFile($target)", "selected_text": "$target", "from": 14716, "to": 14723, "snippet_from": 14690, "snippet_to": 14724, "column_from": 27, "column_to": 34 }, { "line_from": 680, "line_to": 680, "label": "App\\Fields\\File::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t$this->path = $target;", "selected_text": "$this->path", "from": 14894, "to": 14905, "snippet_from": 14892, "snippet_to": 14916, "column_from": 3, "column_to": 14 }, { "label": "App\\Fields\\File::$path", "entry_path_type": "property-assignment" }, { "line_from": 409, "line_to": 409, "label": "App\\Fields\\File::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "path", "from": 8519, "to": 8523, "snippet_from": 8474, "snippet_to": 8525, "column_from": 46, "column_to": 50 }, { "line_from": 409, "line_to": 409, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 8512, "to": 8523, "snippet_from": 8474, "snippet_to": 8525, "column_from": 39, "column_to": 50 } ] }, { "severity": "error", "line_from": 409, "line_to": 409, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 8512, "to": 8523, "snippet_from": 8474, "snippet_to": 8525, "column_from": 39, "column_to": 50, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 64, "line_to": 64, "label": "call to Vtiger_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/com_vtiger_workflow/tasks/VTUpdateFieldsTask.php", "file_path": "/app/modules/com_vtiger_workflow/tasks/VTUpdateFieldsTask.php", "snippet": "\t\t\t\t$recordModel->set($fieldName, App\\Purifier::decodeHtml($fieldValue));", "selected_text": "App\\Purifier::decodeHtml($fieldValue)", "from": 2463, "to": 2500, "snippet_from": 2429, "snippet_to": 2502, "column_from": 35, "column_to": 72 }, { "line_from": 67, "line_to": 67, "label": "Vtiger_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/models/Record.php", "file_path": "/app/modules/Vtiger/models/Record.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1526, "to": 1532, "snippet_from": 1499, "snippet_to": 1533, "column_from": 28, "column_to": 34 }, { "line_from": 32, "line_to": 32, "label": "Assets_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/MultiImage.php", "file_path": "/app/modules/Vtiger/uitypes/MultiImage.php", "snippet": "\t\t\t$recordModel->set($fieldName, $this->getDBValue($value, $recordModel));", "selected_text": "$this->getDBValue($value, $recordModel)", "from": 1086, "to": 1125, "snippet_from": 1053, "snippet_to": 1127, "column_from": 34, "column_to": 73 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 30, "line_to": 30, "label": "$templateId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$templateId = $pdfModel->getId();", "selected_text": "$templateId", "from": 781, "to": 792, "snippet_from": 779, "snippet_to": 814, "column_from": 3, "column_to": 14 }, { "line_from": 31, "line_to": 31, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetDir . (string) $templateId", "from": 831, "to": 864, "snippet_from": 815, "snippet_to": 865, "column_from": 17, "column_to": 50 }, { "line_from": 31, "line_to": 31, "label": "$targetFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetFile", "from": 817, "to": 828, "snippet_from": 815, "snippet_to": 865, "column_from": 3, "column_to": 14 }, { "line_from": 36, "line_to": 36, "label": "call to App\\Fields\\File::moveFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\tif (!$fileInstance->moveFile($targetFile)) {", "selected_text": "$targetFile", "from": 1134, "to": 1145, "snippet_from": 1103, "snippet_to": 1149, "column_from": 32, "column_to": 43 }, { "line_from": 673, "line_to": 673, "label": "App\\Fields\\File::moveFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic function moveFile($target)", "selected_text": "$target", "from": 14716, "to": 14723, "snippet_from": 14690, "snippet_to": 14724, "column_from": 27, "column_to": 34 }, { "line_from": 680, "line_to": 680, "label": "App\\Fields\\File::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t$this->path = $target;", "selected_text": "$this->path", "from": 14894, "to": 14905, "snippet_from": 14892, "snippet_to": 14916, "column_from": 3, "column_to": 14 }, { "label": "App\\Fields\\File::$path", "entry_path_type": "property-assignment" }, { "line_from": 409, "line_to": 409, "label": "App\\Fields\\File::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "path", "from": 8519, "to": 8523, "snippet_from": 8474, "snippet_to": 8525, "column_from": 46, "column_to": 50 }, { "line_from": 409, "line_to": 409, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 8512, "to": 8523, "snippet_from": 8474, "snippet_to": 8525, "column_from": 39, "column_to": 50 } ] }, { "severity": "error", "line_from": 661, "line_to": 661, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 14567, "to": 14578, "snippet_from": 14529, "snippet_to": 14580, "column_from": 39, "column_to": 50, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 460, "line_to": 460, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->rawValues[$key];", "selected_text": "rawValues", "from": 10586, "to": 10595, "snippet_from": 10569, "snippet_to": 10602, "column_from": 18, "column_to": 27 }, { "line_from": 460, "line_to": 460, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->rawValues[$key];", "selected_text": "$this->rawValues", "from": 10579, "to": 10595, "snippet_from": 10569, "snippet_to": 10602, "column_from": 11, "column_to": 27 }, { "line_from": 457, "line_to": 457, "label": "App\\Request::getRaw", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getRaw($key, $defaultValue = '')", "selected_text": "getRaw", "from": 10494, "to": 10500, "snippet_from": 10477, "snippet_to": 10526, "column_from": 18, "column_to": 24 }, { "line_from": 28, "line_to": 28, "label": "call to Settings_WebserviceApps_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/WebserviceApps/actions/SaveAjax.php", "file_path": "/app/modules/Settings/WebserviceApps/actions/SaveAjax.php", "snippet": "\t\t$recordModel->set('pass', $request->getRaw('pass'));", "selected_text": "$request->getRaw('pass')", "from": 916, "to": 940, "snippet_from": 888, "snippet_to": 942, "column_from": 29, "column_to": 53 }, { "line_from": 33, "line_to": 33, "label": "Settings_WebserviceApps_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PickListDependency/models/ListView.php", "file_path": "/app/modules/Settings/PickListDependency/models/ListView.php", "snippet": "\t\t$field2->set('sort', false);", "selected_text": "false", "from": 1205, "to": 1210, "snippet_from": 1182, "snippet_to": 1212, "column_from": 24, "column_to": 29 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 30, "line_to": 30, "label": "$templateId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$templateId = $pdfModel->getId();", "selected_text": "$templateId", "from": 781, "to": 792, "snippet_from": 779, "snippet_to": 814, "column_from": 3, "column_to": 14 }, { "line_from": 31, "line_to": 31, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetDir . (string) $templateId", "from": 831, "to": 864, "snippet_from": 815, "snippet_to": 865, "column_from": 17, "column_to": 50 }, { "line_from": 31, "line_to": 31, "label": "$targetFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetFile", "from": 817, "to": 828, "snippet_from": 815, "snippet_to": 865, "column_from": 3, "column_to": 14 }, { "line_from": 36, "line_to": 36, "label": "call to App\\Fields\\File::moveFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\tif (!$fileInstance->moveFile($targetFile)) {", "selected_text": "$targetFile", "from": 1134, "to": 1145, "snippet_from": 1103, "snippet_to": 1149, "column_from": 32, "column_to": 43 }, { "line_from": 673, "line_to": 673, "label": "App\\Fields\\File::moveFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic function moveFile($target)", "selected_text": "$target", "from": 14716, "to": 14723, "snippet_from": 14690, "snippet_to": 14724, "column_from": 27, "column_to": 34 }, { "line_from": 680, "line_to": 680, "label": "App\\Fields\\File::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t$this->path = $target;", "selected_text": "$this->path", "from": 14894, "to": 14905, "snippet_from": 14892, "snippet_to": 14916, "column_from": 3, "column_to": 14 }, { "label": "App\\Fields\\File::$path", "entry_path_type": "property-assignment" }, { "line_from": 661, "line_to": 661, "label": "App\\Fields\\File::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "path", "from": 14574, "to": 14578, "snippet_from": 14529, "snippet_to": 14580, "column_from": 46, "column_to": 50 }, { "line_from": 661, "line_to": 661, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 14567, "to": 14578, "snippet_from": 14529, "snippet_to": 14580, "column_from": 39, "column_to": 50 } ] }, { "severity": "error", "line_from": 661, "line_to": 661, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 14567, "to": 14578, "snippet_from": 14529, "snippet_to": 14580, "column_from": 39, "column_to": 50, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 1217, "line_to": 1217, "label": "call to Vtiger_Basic_InventoryField::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/PackageImport.php", "file_path": "/app/vtlib/Vtiger/PackageImport.php", "snippet": "\t\t\t\t\t\t$fieldModel->set($name, \\App\\Purifier::purifyByType((string) $fieldNode->columnname, 'Alnum'));", "selected_text": "\\App\\Purifier::purifyByType((string) $fieldNode->columnname, 'Alnum')", "from": 37189, "to": 37258, "snippet_from": 37159, "snippet_to": 37260, "column_from": 31, "column_to": 100 }, { "line_from": 92, "line_to": 92, "label": "Vtiger_Basic_InventoryField::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1822, "to": 1828, "snippet_from": 1795, "snippet_to": 1829, "column_from": 28, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 30, "line_to": 30, "label": "$templateId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$templateId = $pdfModel->getId();", "selected_text": "$templateId", "from": 781, "to": 792, "snippet_from": 779, "snippet_to": 814, "column_from": 3, "column_to": 14 }, { "line_from": 31, "line_to": 31, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetDir . (string) $templateId", "from": 831, "to": 864, "snippet_from": 815, "snippet_to": 865, "column_from": 17, "column_to": 50 }, { "line_from": 31, "line_to": 31, "label": "$targetFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetFile", "from": 817, "to": 828, "snippet_from": 815, "snippet_to": 865, "column_from": 3, "column_to": 14 }, { "line_from": 36, "line_to": 36, "label": "call to App\\Fields\\File::moveFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\tif (!$fileInstance->moveFile($targetFile)) {", "selected_text": "$targetFile", "from": 1134, "to": 1145, "snippet_from": 1103, "snippet_to": 1149, "column_from": 32, "column_to": 43 }, { "line_from": 673, "line_to": 673, "label": "App\\Fields\\File::moveFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic function moveFile($target)", "selected_text": "$target", "from": 14716, "to": 14723, "snippet_from": 14690, "snippet_to": 14724, "column_from": 27, "column_to": 34 }, { "line_from": 680, "line_to": 680, "label": "App\\Fields\\File::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t$this->path = $target;", "selected_text": "$this->path", "from": 14894, "to": 14905, "snippet_from": 14892, "snippet_to": 14916, "column_from": 3, "column_to": 14 }, { "label": "App\\Fields\\File::$path", "entry_path_type": "property-assignment" }, { "line_from": 661, "line_to": 661, "label": "App\\Fields\\File::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "path", "from": 14574, "to": 14578, "snippet_from": 14529, "snippet_to": 14580, "column_from": 46, "column_to": 50 }, { "line_from": 661, "line_to": 661, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 14567, "to": 14578, "snippet_from": 14529, "snippet_to": 14580, "column_from": 39, "column_to": 50 } ] }, { "severity": "error", "line_from": 661, "line_to": 661, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 14567, "to": 14578, "snippet_from": 14529, "snippet_to": 14580, "column_from": 39, "column_to": 50, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 75, "line_to": 75, "label": "call to Rss_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Rss/models/Record.php", "file_path": "/app/modules/Rss/models/Record.php", "snippet": "\t\t$this->set('rsstitle', \\App\\Purifier::purifyByType((string) $rss->title, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType((string) $rss->title, 'Text')", "from": 1639, "to": 1696, "snippet_from": 1614, "snippet_to": 1698, "column_from": 26, "column_to": 83 }, { "line_from": 32, "line_to": 32, "label": "Rss_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/MultiImage.php", "file_path": "/app/modules/Vtiger/uitypes/MultiImage.php", "snippet": "\t\t\t$recordModel->set($fieldName, $this->getDBValue($value, $recordModel));", "selected_text": "$this->getDBValue($value, $recordModel)", "from": 1086, "to": 1125, "snippet_from": 1053, "snippet_to": 1127, "column_from": 34, "column_to": 73 }, { "line_from": 67, "line_to": 67, "label": "Vtiger_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/models/Record.php", "file_path": "/app/modules/Vtiger/models/Record.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1526, "to": 1532, "snippet_from": 1499, "snippet_to": 1533, "column_from": 28, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 30, "line_to": 30, "label": "$templateId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$templateId = $pdfModel->getId();", "selected_text": "$templateId", "from": 781, "to": 792, "snippet_from": 779, "snippet_to": 814, "column_from": 3, "column_to": 14 }, { "line_from": 31, "line_to": 31, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetDir . (string) $templateId", "from": 831, "to": 864, "snippet_from": 815, "snippet_to": 865, "column_from": 17, "column_to": 50 }, { "line_from": 31, "line_to": 31, "label": "$targetFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetFile", "from": 817, "to": 828, "snippet_from": 815, "snippet_to": 865, "column_from": 3, "column_to": 14 }, { "line_from": 36, "line_to": 36, "label": "call to App\\Fields\\File::moveFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\tif (!$fileInstance->moveFile($targetFile)) {", "selected_text": "$targetFile", "from": 1134, "to": 1145, "snippet_from": 1103, "snippet_to": 1149, "column_from": 32, "column_to": 43 }, { "line_from": 673, "line_to": 673, "label": "App\\Fields\\File::moveFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic function moveFile($target)", "selected_text": "$target", "from": 14716, "to": 14723, "snippet_from": 14690, "snippet_to": 14724, "column_from": 27, "column_to": 34 }, { "line_from": 680, "line_to": 680, "label": "App\\Fields\\File::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t$this->path = $target;", "selected_text": "$this->path", "from": 14894, "to": 14905, "snippet_from": 14892, "snippet_to": 14916, "column_from": 3, "column_to": 14 }, { "label": "App\\Fields\\File::$path", "entry_path_type": "property-assignment" }, { "line_from": 661, "line_to": 661, "label": "App\\Fields\\File::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "path", "from": 14574, "to": 14578, "snippet_from": 14529, "snippet_to": 14580, "column_from": 46, "column_to": 50 }, { "line_from": 661, "line_to": 661, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 14567, "to": 14578, "snippet_from": 14529, "snippet_to": 14580, "column_from": 39, "column_to": 50 } ] }, { "severity": "error", "line_from": 661, "line_to": 661, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 14567, "to": 14578, "snippet_from": 14529, "snippet_to": 14580, "column_from": 39, "column_to": 50, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 64, "line_to": 64, "label": "call to Vtiger_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/com_vtiger_workflow/tasks/VTUpdateFieldsTask.php", "file_path": "/app/modules/com_vtiger_workflow/tasks/VTUpdateFieldsTask.php", "snippet": "\t\t\t\t$recordModel->set($fieldName, App\\Purifier::decodeHtml($fieldValue));", "selected_text": "App\\Purifier::decodeHtml($fieldValue)", "from": 2463, "to": 2500, "snippet_from": 2429, "snippet_to": 2502, "column_from": 35, "column_to": 72 }, { "line_from": 67, "line_to": 67, "label": "Vtiger_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/models/Record.php", "file_path": "/app/modules/Vtiger/models/Record.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1526, "to": 1532, "snippet_from": 1499, "snippet_to": 1533, "column_from": 28, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 30, "line_to": 30, "label": "$templateId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$templateId = $pdfModel->getId();", "selected_text": "$templateId", "from": 781, "to": 792, "snippet_from": 779, "snippet_to": 814, "column_from": 3, "column_to": 14 }, { "line_from": 31, "line_to": 31, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetDir . (string) $templateId", "from": 831, "to": 864, "snippet_from": 815, "snippet_to": 865, "column_from": 17, "column_to": 50 }, { "line_from": 31, "line_to": 31, "label": "$targetFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetFile", "from": 817, "to": 828, "snippet_from": 815, "snippet_to": 865, "column_from": 3, "column_to": 14 }, { "line_from": 36, "line_to": 36, "label": "call to App\\Fields\\File::moveFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\tif (!$fileInstance->moveFile($targetFile)) {", "selected_text": "$targetFile", "from": 1134, "to": 1145, "snippet_from": 1103, "snippet_to": 1149, "column_from": 32, "column_to": 43 }, { "line_from": 673, "line_to": 673, "label": "App\\Fields\\File::moveFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic function moveFile($target)", "selected_text": "$target", "from": 14716, "to": 14723, "snippet_from": 14690, "snippet_to": 14724, "column_from": 27, "column_to": 34 }, { "line_from": 680, "line_to": 680, "label": "App\\Fields\\File::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t$this->path = $target;", "selected_text": "$this->path", "from": 14894, "to": 14905, "snippet_from": 14892, "snippet_to": 14916, "column_from": 3, "column_to": 14 }, { "label": "App\\Fields\\File::$path", "entry_path_type": "property-assignment" }, { "line_from": 661, "line_to": 661, "label": "App\\Fields\\File::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "path", "from": 14574, "to": 14578, "snippet_from": 14529, "snippet_to": 14580, "column_from": 46, "column_to": 50 }, { "line_from": 661, "line_to": 661, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 14567, "to": 14578, "snippet_from": 14529, "snippet_to": 14580, "column_from": 39, "column_to": 50 } ] }, { "severity": "error", "line_from": 661, "line_to": 661, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 14567, "to": 14578, "snippet_from": 14529, "snippet_to": 14580, "column_from": 39, "column_to": 50, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 64, "line_to": 64, "label": "call to Vtiger_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/com_vtiger_workflow/tasks/VTUpdateFieldsTask.php", "file_path": "/app/modules/com_vtiger_workflow/tasks/VTUpdateFieldsTask.php", "snippet": "\t\t\t\t$recordModel->set($fieldName, App\\Purifier::decodeHtml($fieldValue));", "selected_text": "App\\Purifier::decodeHtml($fieldValue)", "from": 2463, "to": 2500, "snippet_from": 2429, "snippet_to": 2502, "column_from": 35, "column_to": 72 }, { "line_from": 67, "line_to": 67, "label": "Vtiger_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/models/Record.php", "file_path": "/app/modules/Vtiger/models/Record.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1526, "to": 1532, "snippet_from": 1499, "snippet_to": 1533, "column_from": 28, "column_to": 34 }, { "line_from": 32, "line_to": 32, "label": "Assets_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/MultiImage.php", "file_path": "/app/modules/Vtiger/uitypes/MultiImage.php", "snippet": "\t\t\t$recordModel->set($fieldName, $this->getDBValue($value, $recordModel));", "selected_text": "$this->getDBValue($value, $recordModel)", "from": 1086, "to": 1125, "snippet_from": 1053, "snippet_to": 1127, "column_from": 34, "column_to": 73 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 30, "line_to": 30, "label": "$templateId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$templateId = $pdfModel->getId();", "selected_text": "$templateId", "from": 781, "to": 792, "snippet_from": 779, "snippet_to": 814, "column_from": 3, "column_to": 14 }, { "line_from": 31, "line_to": 31, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetDir . (string) $templateId", "from": 831, "to": 864, "snippet_from": 815, "snippet_to": 865, "column_from": 17, "column_to": 50 }, { "line_from": 31, "line_to": 31, "label": "$targetFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetFile", "from": 817, "to": 828, "snippet_from": 815, "snippet_to": 865, "column_from": 3, "column_to": 14 }, { "line_from": 36, "line_to": 36, "label": "call to App\\Fields\\File::moveFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\tif (!$fileInstance->moveFile($targetFile)) {", "selected_text": "$targetFile", "from": 1134, "to": 1145, "snippet_from": 1103, "snippet_to": 1149, "column_from": 32, "column_to": 43 }, { "line_from": 673, "line_to": 673, "label": "App\\Fields\\File::moveFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic function moveFile($target)", "selected_text": "$target", "from": 14716, "to": 14723, "snippet_from": 14690, "snippet_to": 14724, "column_from": 27, "column_to": 34 }, { "line_from": 680, "line_to": 680, "label": "App\\Fields\\File::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t$this->path = $target;", "selected_text": "$this->path", "from": 14894, "to": 14905, "snippet_from": 14892, "snippet_to": 14916, "column_from": 3, "column_to": 14 }, { "label": "App\\Fields\\File::$path", "entry_path_type": "property-assignment" }, { "line_from": 661, "line_to": 661, "label": "App\\Fields\\File::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "path", "from": 14574, "to": 14578, "snippet_from": 14529, "snippet_to": 14580, "column_from": 46, "column_to": 50 }, { "line_from": 661, "line_to": 661, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t$this->content = file_get_contents($this->path);", "selected_text": "$this->path", "from": 14567, "to": 14578, "snippet_from": 14529, "snippet_to": 14580, "column_from": 39, "column_to": 50 } ] }, { "severity": "error", "line_from": 1023, "line_to": 1023, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t\treturn \"data:$mime;base64,\" . base64_encode(file_get_contents($path));", "selected_text": "$path", "from": 24167, "to": 24172, "snippet_from": 24101, "snippet_to": 24175, "column_from": 67, "column_to": 72, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 460, "line_to": 460, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->rawValues[$key];", "selected_text": "rawValues", "from": 10586, "to": 10595, "snippet_from": 10569, "snippet_to": 10602, "column_from": 18, "column_to": 27 }, { "line_from": 460, "line_to": 460, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->rawValues[$key];", "selected_text": "$this->rawValues", "from": 10579, "to": 10595, "snippet_from": 10569, "snippet_to": 10602, "column_from": 11, "column_to": 27 }, { "line_from": 457, "line_to": 457, "label": "App\\Request::getRaw", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getRaw($key, $defaultValue = '')", "selected_text": "getRaw", "from": 10494, "to": 10500, "snippet_from": 10477, "snippet_to": 10526, "column_from": 18, "column_to": 24 }, { "line_from": 28, "line_to": 28, "label": "call to Settings_WebserviceApps_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/WebserviceApps/actions/SaveAjax.php", "file_path": "/app/modules/Settings/WebserviceApps/actions/SaveAjax.php", "snippet": "\t\t$recordModel->set('pass', $request->getRaw('pass'));", "selected_text": "$request->getRaw('pass')", "from": 916, "to": 940, "snippet_from": 888, "snippet_to": 942, "column_from": 29, "column_to": 53 }, { "line_from": 33, "line_to": 33, "label": "Settings_WebserviceApps_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PickListDependency/models/ListView.php", "file_path": "/app/modules/Settings/PickListDependency/models/ListView.php", "snippet": "\t\t$field2->set('sort', false);", "selected_text": "false", "from": 1205, "to": 1210, "snippet_from": 1182, "snippet_to": 1212, "column_from": 24, "column_to": 29 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 30, "line_to": 30, "label": "$templateId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$templateId = $pdfModel->getId();", "selected_text": "$templateId", "from": 781, "to": 792, "snippet_from": 779, "snippet_to": 814, "column_from": 3, "column_to": 14 }, { "line_from": 31, "line_to": 31, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetDir . (string) $templateId", "from": 831, "to": 864, "snippet_from": 815, "snippet_to": 865, "column_from": 17, "column_to": 50 }, { "line_from": 31, "line_to": 31, "label": "$targetFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetFile", "from": 817, "to": 828, "snippet_from": 815, "snippet_to": 865, "column_from": 3, "column_to": 14 }, { "line_from": 36, "line_to": 36, "label": "call to App\\Fields\\File::moveFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\tif (!$fileInstance->moveFile($targetFile)) {", "selected_text": "$targetFile", "from": 1134, "to": 1145, "snippet_from": 1103, "snippet_to": 1149, "column_from": 32, "column_to": 43 }, { "line_from": 673, "line_to": 673, "label": "App\\Fields\\File::moveFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic function moveFile($target)", "selected_text": "$target", "from": 14716, "to": 14723, "snippet_from": 14690, "snippet_to": 14724, "column_from": 27, "column_to": 34 }, { "line_from": 680, "line_to": 680, "label": "App\\Fields\\File::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t$this->path = $target;", "selected_text": "$this->path", "from": 14894, "to": 14905, "snippet_from": 14892, "snippet_to": 14916, "column_from": 3, "column_to": 14 }, { "label": "App\\Fields\\File::$path", "entry_path_type": "property-assignment" }, { "line_from": 335, "line_to": 335, "label": "App\\Fields\\File::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\treturn $this->path;", "selected_text": "path", "from": 6691, "to": 6695, "snippet_from": 6675, "snippet_to": 6696, "column_from": 17, "column_to": 21 }, { "line_from": 333, "line_to": 333, "label": "App\\Fields\\File::getPath", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic function getPath(): string", "selected_text": "string", "from": 6665, "to": 6671, "snippet_from": 6637, "snippet_to": 6671, "column_from": 29, "column_to": 35 }, { "line_from": 231, "line_to": 231, "label": "call to App\\Fields\\File::getImageBaseData", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/Companies/models/Record.php", "file_path": "/app/modules/Settings/Companies/models/Record.php", "snippet": "\t\t\t\t$this->set('logo', \\App\\Fields\\File::getImageBaseData($fileInstance->getPath()));", "selected_text": "$fileInstance->getPath()", "from": 5904, "to": 5928, "snippet_from": 5846, "snippet_to": 5931, "column_from": 59, "column_to": 83 }, { "line_from": 1017, "line_to": 1017, "label": "App\\Fields\\File::getImageBaseData#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic static function getImageBaseData($path)", "selected_text": "$path", "from": 23838, "to": 23843, "snippet_from": 23797, "snippet_to": 23844, "column_from": 42, "column_to": 47 }, { "line_from": 1023, "line_to": 1023, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t\treturn \"data:$mime;base64,\" . base64_encode(file_get_contents($path));", "selected_text": "$path", "from": 24167, "to": 24172, "snippet_from": 24101, "snippet_to": 24175, "column_from": 67, "column_to": 72 } ] }, { "severity": "error", "line_from": 1023, "line_to": 1023, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t\treturn \"data:$mime;base64,\" . base64_encode(file_get_contents($path));", "selected_text": "$path", "from": 24167, "to": 24172, "snippet_from": 24101, "snippet_to": 24175, "column_from": 67, "column_to": 72, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 1217, "line_to": 1217, "label": "call to Vtiger_Basic_InventoryField::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/PackageImport.php", "file_path": "/app/vtlib/Vtiger/PackageImport.php", "snippet": "\t\t\t\t\t\t$fieldModel->set($name, \\App\\Purifier::purifyByType((string) $fieldNode->columnname, 'Alnum'));", "selected_text": "\\App\\Purifier::purifyByType((string) $fieldNode->columnname, 'Alnum')", "from": 37189, "to": 37258, "snippet_from": 37159, "snippet_to": 37260, "column_from": 31, "column_to": 100 }, { "line_from": 92, "line_to": 92, "label": "Vtiger_Basic_InventoryField::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1822, "to": 1828, "snippet_from": 1795, "snippet_to": 1829, "column_from": 28, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 30, "line_to": 30, "label": "$templateId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$templateId = $pdfModel->getId();", "selected_text": "$templateId", "from": 781, "to": 792, "snippet_from": 779, "snippet_to": 814, "column_from": 3, "column_to": 14 }, { "line_from": 31, "line_to": 31, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetDir . (string) $templateId", "from": 831, "to": 864, "snippet_from": 815, "snippet_to": 865, "column_from": 17, "column_to": 50 }, { "line_from": 31, "line_to": 31, "label": "$targetFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetFile", "from": 817, "to": 828, "snippet_from": 815, "snippet_to": 865, "column_from": 3, "column_to": 14 }, { "line_from": 36, "line_to": 36, "label": "call to App\\Fields\\File::moveFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\tif (!$fileInstance->moveFile($targetFile)) {", "selected_text": "$targetFile", "from": 1134, "to": 1145, "snippet_from": 1103, "snippet_to": 1149, "column_from": 32, "column_to": 43 }, { "line_from": 673, "line_to": 673, "label": "App\\Fields\\File::moveFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic function moveFile($target)", "selected_text": "$target", "from": 14716, "to": 14723, "snippet_from": 14690, "snippet_to": 14724, "column_from": 27, "column_to": 34 }, { "line_from": 680, "line_to": 680, "label": "App\\Fields\\File::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t$this->path = $target;", "selected_text": "$this->path", "from": 14894, "to": 14905, "snippet_from": 14892, "snippet_to": 14916, "column_from": 3, "column_to": 14 }, { "label": "App\\Fields\\File::$path", "entry_path_type": "property-assignment" }, { "line_from": 335, "line_to": 335, "label": "App\\Fields\\File::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\treturn $this->path;", "selected_text": "path", "from": 6691, "to": 6695, "snippet_from": 6675, "snippet_to": 6696, "column_from": 17, "column_to": 21 }, { "line_from": 333, "line_to": 333, "label": "App\\Fields\\File::getPath", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic function getPath(): string", "selected_text": "string", "from": 6665, "to": 6671, "snippet_from": 6637, "snippet_to": 6671, "column_from": 29, "column_to": 35 }, { "line_from": 231, "line_to": 231, "label": "call to App\\Fields\\File::getImageBaseData", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/Companies/models/Record.php", "file_path": "/app/modules/Settings/Companies/models/Record.php", "snippet": "\t\t\t\t$this->set('logo', \\App\\Fields\\File::getImageBaseData($fileInstance->getPath()));", "selected_text": "$fileInstance->getPath()", "from": 5904, "to": 5928, "snippet_from": 5846, "snippet_to": 5931, "column_from": 59, "column_to": 83 }, { "line_from": 1017, "line_to": 1017, "label": "App\\Fields\\File::getImageBaseData#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic static function getImageBaseData($path)", "selected_text": "$path", "from": 23838, "to": 23843, "snippet_from": 23797, "snippet_to": 23844, "column_from": 42, "column_to": 47 }, { "line_from": 1023, "line_to": 1023, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t\treturn \"data:$mime;base64,\" . base64_encode(file_get_contents($path));", "selected_text": "$path", "from": 24167, "to": 24172, "snippet_from": 24101, "snippet_to": 24175, "column_from": 67, "column_to": 72 } ] }, { "severity": "error", "line_from": 1023, "line_to": 1023, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t\treturn \"data:$mime;base64,\" . base64_encode(file_get_contents($path));", "selected_text": "$path", "from": 24167, "to": 24172, "snippet_from": 24101, "snippet_to": 24175, "column_from": 67, "column_to": 72, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 75, "line_to": 75, "label": "call to Rss_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Rss/models/Record.php", "file_path": "/app/modules/Rss/models/Record.php", "snippet": "\t\t$this->set('rsstitle', \\App\\Purifier::purifyByType((string) $rss->title, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType((string) $rss->title, 'Text')", "from": 1639, "to": 1696, "snippet_from": 1614, "snippet_to": 1698, "column_from": 26, "column_to": 83 }, { "line_from": 32, "line_to": 32, "label": "Rss_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/MultiImage.php", "file_path": "/app/modules/Vtiger/uitypes/MultiImage.php", "snippet": "\t\t\t$recordModel->set($fieldName, $this->getDBValue($value, $recordModel));", "selected_text": "$this->getDBValue($value, $recordModel)", "from": 1086, "to": 1125, "snippet_from": 1053, "snippet_to": 1127, "column_from": 34, "column_to": 73 }, { "line_from": 67, "line_to": 67, "label": "Vtiger_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/models/Record.php", "file_path": "/app/modules/Vtiger/models/Record.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1526, "to": 1532, "snippet_from": 1499, "snippet_to": 1533, "column_from": 28, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 30, "line_to": 30, "label": "$templateId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$templateId = $pdfModel->getId();", "selected_text": "$templateId", "from": 781, "to": 792, "snippet_from": 779, "snippet_to": 814, "column_from": 3, "column_to": 14 }, { "line_from": 31, "line_to": 31, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetDir . (string) $templateId", "from": 831, "to": 864, "snippet_from": 815, "snippet_to": 865, "column_from": 17, "column_to": 50 }, { "line_from": 31, "line_to": 31, "label": "$targetFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\t$targetFile = $targetDir . (string) $templateId;", "selected_text": "$targetFile", "from": 817, "to": 828, "snippet_from": 815, "snippet_to": 865, "column_from": 3, "column_to": 14 }, { "line_from": 36, "line_to": 36, "label": "call to App\\Fields\\File::moveFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/Save.php", "file_path": "/app/modules/Settings/PDF/actions/Save.php", "snippet": "\t\tif (!$fileInstance->moveFile($targetFile)) {", "selected_text": "$targetFile", "from": 1134, "to": 1145, "snippet_from": 1103, "snippet_to": 1149, "column_from": 32, "column_to": 43 }, { "line_from": 673, "line_to": 673, "label": "App\\Fields\\File::moveFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic function moveFile($target)", "selected_text": "$target", "from": 14716, "to": 14723, "snippet_from": 14690, "snippet_to": 14724, "column_from": 27, "column_to": 34 }, { "line_from": 680, "line_to": 680, "label": "App\\Fields\\File::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t$this->path = $target;", "selected_text": "$this->path", "from": 14894, "to": 14905, "snippet_from": 14892, "snippet_to": 14916, "column_from": 3, "column_to": 14 }, { "label": "App\\Fields\\File::$path", "entry_path_type": "property-assignment" }, { "line_from": 335, "line_to": 335, "label": "App\\Fields\\File::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\treturn $this->path;", "selected_text": "path", "from": 6691, "to": 6695, "snippet_from": 6675, "snippet_to": 6696, "column_from": 17, "column_to": 21 }, { "line_from": 333, "line_to": 333, "label": "App\\Fields\\File::getPath", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic function getPath(): string", "selected_text": "string", "from": 6665, "to": 6671, "snippet_from": 6637, "snippet_to": 6671, "column_from": 29, "column_to": 35 }, { "line_from": 231, "line_to": 231, "label": "call to App\\Fields\\File::getImageBaseData", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/Companies/models/Record.php", "file_path": "/app/modules/Settings/Companies/models/Record.php", "snippet": "\t\t\t\t$this->set('logo', \\App\\Fields\\File::getImageBaseData($fileInstance->getPath()));", "selected_text": "$fileInstance->getPath()", "from": 5904, "to": 5928, "snippet_from": 5846, "snippet_to": 5931, "column_from": 59, "column_to": 83 }, { "line_from": 1017, "line_to": 1017, "label": "App\\Fields\\File::getImageBaseData#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\tpublic static function getImageBaseData($path)", "selected_text": "$path", "from": 23838, "to": 23843, "snippet_from": 23797, "snippet_to": 23844, "column_from": 42, "column_to": 47 }, { "line_from": 1023, "line_to": 1023, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Fields/File.php", "file_path": "/app/app/Fields/File.php", "snippet": "\t\t\t\treturn \"data:$mime;base64,\" . base64_encode(file_get_contents($path));", "selected_text": "$path", "from": 24167, "to": 24172, "snippet_from": 24101, "snippet_to": 24175, "column_from": 67, "column_to": 72 } ] }, { "severity": "error", "line_from": 101, "line_to": 101, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Json.php", "file_path": "/app/app/Json.php", "snippet": "\t\treturn static::decode(file_get_contents($path), true) ?? [];", "selected_text": "$path", "from": 2585, "to": 2590, "snippet_from": 2543, "snippet_to": 2605, "column_from": 43, "column_to": 48, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 168, "line_to": 168, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "rawValues", "from": 3205, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 84, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues", "from": 3198, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "call to App\\Purifier::purifyByType", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues[$key]", "from": 3198, "to": 3220, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 99 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "$input", "from": 10137, "to": 10143, "snippet_from": 10100, "snippet_to": 10169, "column_from": 38, "column_to": 44 }, { "line_from": 452, "line_to": 452, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = $input && Validator::sql($input) ? $input : null;", "selected_text": "$value", "from": 14626, "to": 14632, "snippet_from": 14621, "snippet_to": 14684, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 17, "line_to": 17, "label": "$componentName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/ShowWidget.php", "file_path": "/app/modules/Vtiger/views/ShowWidget.php", "snippet": "\t\t$componentName = $request->getByType('name');", "selected_text": "$componentName", "from": 720, "to": 734, "snippet_from": 718, "snippet_to": 765, "column_from": 3, "column_to": 17 }, { "line_from": 19, "line_to": 19, "label": "call to Vtiger_Loader::getComponentClassName", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/ShowWidget.php", "file_path": "/app/modules/Vtiger/views/ShowWidget.php", "snippet": "\t\t\t$className = Vtiger_Loader::getComponentClassName('Dashboard', $componentName, $moduleName);", "selected_text": "$componentName", "from": 864, "to": 878, "snippet_from": 798, "snippet_to": 893, "column_from": 67, "column_to": 81 }, { "line_from": 110, "line_to": 110, "label": "Vtiger_Loader::getComponentClassName#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function getComponentClassName($componentType, $componentName, $moduleName = 'Vtiger', $throwException = true)", "selected_text": "$componentName", "from": 3039, "to": 3053, "snippet_from": 2977, "snippet_to": 3102, "column_from": 63, "column_to": 77 }, { "line_from": 142, "line_to": 142, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t\tif (file_exists(self::resolveNameToPath(\"$dir$classDir.$componentTypeDirectory.$componentName\"))) {", "selected_text": "$componentName", "from": 4423, "to": 4437, "snippet_from": 4340, "snippet_to": 4443, "column_from": 84, "column_to": 98 }, { "line_from": 142, "line_to": 142, "label": "call to Vtiger_Loader::resolveNameToPath", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t\tif (file_exists(self::resolveNameToPath(\"$dir$classDir.$componentTypeDirectory.$componentName\"))) {", "selected_text": "\"$dir$classDir.$componentTypeDirectory.$componentName\"", "from": 4384, "to": 4438, "snippet_from": 4340, "snippet_to": 4443, "column_from": 45, "column_to": 99 }, { "line_from": 29, "line_to": 29, "label": "Vtiger_Loader::resolveNameToPath#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function resolveNameToPath($qualifiedName, $fileExtension = 'php')", "selected_text": "$qualifiedName", "from": 996, "to": 1010, "snippet_from": 954, "snippet_to": 1035, "column_from": 43, "column_to": 57 }, { "line_from": 42, "line_to": 42, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$qualifiedName", "from": 1395, "to": 1409, "snippet_from": 1363, "snippet_to": 1411, "column_from": 33, "column_to": 47 }, { "line_from": 42, "line_to": 42, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$qualifiedName", "from": 1395, "to": 1409, "snippet_from": 1363, "snippet_to": 1411, "column_from": 33, "column_to": 47 }, { "line_from": 42, "line_to": 42, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "str_replace('~', '', $qualifiedName)", "from": 1374, "to": 1410, "snippet_from": 1363, "snippet_to": 1411, "column_from": 12, "column_to": 48 }, { "line_from": 42, "line_to": 42, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$file", "from": 1366, "to": 1371, "snippet_from": 1363, "snippet_to": 1411, "column_from": 4, "column_to": 9 }, { "line_from": 43, "line_to": 43, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file;", "selected_text": "ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file", "from": 1423, "to": 1477, "snippet_from": 1412, "snippet_to": 1478, "column_from": 12, "column_to": 66 }, { "line_from": 43, "line_to": 43, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file;", "selected_text": "$file", "from": 1415, "to": 1420, "snippet_from": 1412, "snippet_to": 1478, "column_from": 4, "column_to": 9 }, { "line_from": 29, "line_to": 29, "label": "Vtiger_Loader::resolveNameToPath", "entry_path_type": "return", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function resolveNameToPath($qualifiedName, $fileExtension = 'php')", "selected_text": "resolveNameToPath", "from": 978, "to": 995, "snippet_from": 954, "snippet_to": 1035, "column_from": 25, "column_to": 42 }, { "line_from": 450, "line_to": 450, "label": "$resolvedDir", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Pdf/YetiForcePDF.php", "file_path": "/app/app/Pdf/YetiForcePDF.php", "snippet": "\t\t$resolvedDir = \\Vtiger_Loader::resolveNameToPath('~' . $fontsDir, 'css');", "selected_text": "$resolvedDir", "from": 8623, "to": 8635, "snippet_from": 8621, "snippet_to": 8696, "column_from": 3, "column_to": 15 }, { "line_from": 451, "line_to": 451, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Pdf/YetiForcePDF.php", "file_path": "/app/app/Pdf/YetiForcePDF.php", "snippet": "\t\t$customFonts = \\App\\Json::read($resolvedDir . 'fonts.json');", "selected_text": "$resolvedDir . 'fonts.json'", "from": 8730, "to": 8757, "snippet_from": 8697, "snippet_to": 8759, "column_from": 34, "column_to": 61 }, { "line_from": 451, "line_to": 451, "label": "call to App\\Json::read", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Pdf/YetiForcePDF.php", "file_path": "/app/app/Pdf/YetiForcePDF.php", "snippet": "\t\t$customFonts = \\App\\Json::read($resolvedDir . 'fonts.json');", "selected_text": "$resolvedDir . 'fonts.json'", "from": 8730, "to": 8757, "snippet_from": 8697, "snippet_to": 8759, "column_from": 34, "column_to": 61 }, { "line_from": 99, "line_to": 99, "label": "App\\Json::read#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Json.php", "file_path": "/app/app/Json.php", "snippet": "\tpublic static function read(string $path)", "selected_text": "$path", "from": 2533, "to": 2538, "snippet_from": 2497, "snippet_to": 2539, "column_from": 37, "column_to": 42 }, { "line_from": 101, "line_to": 101, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Json.php", "file_path": "/app/app/Json.php", "snippet": "\t\treturn static::decode(file_get_contents($path), true) ?? [];", "selected_text": "$path", "from": 2585, "to": 2590, "snippet_from": 2543, "snippet_to": 2605, "column_from": 43, "column_to": 48 } ] }, { "severity": "error", "line_from": 101, "line_to": 101, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Json.php", "file_path": "/app/app/Json.php", "snippet": "\t\treturn static::decode(file_get_contents($path), true) ?? [];", "selected_text": "$path", "from": 2585, "to": 2590, "snippet_from": 2543, "snippet_to": 2605, "column_from": 43, "column_to": 48, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 17, "line_to": 17, "label": "$componentName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/ShowWidget.php", "file_path": "/app/modules/Vtiger/views/ShowWidget.php", "snippet": "\t\t$componentName = $request->getByType('name');", "selected_text": "$componentName", "from": 720, "to": 734, "snippet_from": 718, "snippet_to": 765, "column_from": 3, "column_to": 17 }, { "line_from": 19, "line_to": 19, "label": "call to Vtiger_Loader::getComponentClassName", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/ShowWidget.php", "file_path": "/app/modules/Vtiger/views/ShowWidget.php", "snippet": "\t\t\t$className = Vtiger_Loader::getComponentClassName('Dashboard', $componentName, $moduleName);", "selected_text": "$componentName", "from": 864, "to": 878, "snippet_from": 798, "snippet_to": 893, "column_from": 67, "column_to": 81 }, { "line_from": 110, "line_to": 110, "label": "Vtiger_Loader::getComponentClassName#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function getComponentClassName($componentType, $componentName, $moduleName = 'Vtiger', $throwException = true)", "selected_text": "$componentName", "from": 3039, "to": 3053, "snippet_from": 2977, "snippet_to": 3102, "column_from": 63, "column_to": 77 }, { "line_from": 142, "line_to": 142, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t\tif (file_exists(self::resolveNameToPath(\"$dir$classDir.$componentTypeDirectory.$componentName\"))) {", "selected_text": "$componentName", "from": 4423, "to": 4437, "snippet_from": 4340, "snippet_to": 4443, "column_from": 84, "column_to": 98 }, { "line_from": 142, "line_to": 142, "label": "call to Vtiger_Loader::resolveNameToPath", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t\tif (file_exists(self::resolveNameToPath(\"$dir$classDir.$componentTypeDirectory.$componentName\"))) {", "selected_text": "\"$dir$classDir.$componentTypeDirectory.$componentName\"", "from": 4384, "to": 4438, "snippet_from": 4340, "snippet_to": 4443, "column_from": 45, "column_to": 99 }, { "line_from": 29, "line_to": 29, "label": "Vtiger_Loader::resolveNameToPath#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function resolveNameToPath($qualifiedName, $fileExtension = 'php')", "selected_text": "$qualifiedName", "from": 996, "to": 1010, "snippet_from": 954, "snippet_to": 1035, "column_from": 43, "column_to": 57 }, { "line_from": 42, "line_to": 42, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$qualifiedName", "from": 1395, "to": 1409, "snippet_from": 1363, "snippet_to": 1411, "column_from": 33, "column_to": 47 }, { "line_from": 42, "line_to": 42, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$qualifiedName", "from": 1395, "to": 1409, "snippet_from": 1363, "snippet_to": 1411, "column_from": 33, "column_to": 47 }, { "line_from": 42, "line_to": 42, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "str_replace('~', '', $qualifiedName)", "from": 1374, "to": 1410, "snippet_from": 1363, "snippet_to": 1411, "column_from": 12, "column_to": 48 }, { "line_from": 42, "line_to": 42, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$file", "from": 1366, "to": 1371, "snippet_from": 1363, "snippet_to": 1411, "column_from": 4, "column_to": 9 }, { "line_from": 43, "line_to": 43, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file;", "selected_text": "ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file", "from": 1423, "to": 1477, "snippet_from": 1412, "snippet_to": 1478, "column_from": 12, "column_to": 66 }, { "line_from": 43, "line_to": 43, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file;", "selected_text": "$file", "from": 1415, "to": 1420, "snippet_from": 1412, "snippet_to": 1478, "column_from": 4, "column_to": 9 }, { "line_from": 29, "line_to": 29, "label": "Vtiger_Loader::resolveNameToPath", "entry_path_type": "return", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function resolveNameToPath($qualifiedName, $fileExtension = 'php')", "selected_text": "resolveNameToPath", "from": 978, "to": 995, "snippet_from": 954, "snippet_to": 1035, "column_from": 25, "column_to": 42 }, { "line_from": 450, "line_to": 450, "label": "$resolvedDir", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Pdf/YetiForcePDF.php", "file_path": "/app/app/Pdf/YetiForcePDF.php", "snippet": "\t\t$resolvedDir = \\Vtiger_Loader::resolveNameToPath('~' . $fontsDir, 'css');", "selected_text": "$resolvedDir", "from": 8623, "to": 8635, "snippet_from": 8621, "snippet_to": 8696, "column_from": 3, "column_to": 15 }, { "line_from": 451, "line_to": 451, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Pdf/YetiForcePDF.php", "file_path": "/app/app/Pdf/YetiForcePDF.php", "snippet": "\t\t$customFonts = \\App\\Json::read($resolvedDir . 'fonts.json');", "selected_text": "$resolvedDir . 'fonts.json'", "from": 8730, "to": 8757, "snippet_from": 8697, "snippet_to": 8759, "column_from": 34, "column_to": 61 }, { "line_from": 451, "line_to": 451, "label": "call to App\\Json::read", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Pdf/YetiForcePDF.php", "file_path": "/app/app/Pdf/YetiForcePDF.php", "snippet": "\t\t$customFonts = \\App\\Json::read($resolvedDir . 'fonts.json');", "selected_text": "$resolvedDir . 'fonts.json'", "from": 8730, "to": 8757, "snippet_from": 8697, "snippet_to": 8759, "column_from": 34, "column_to": 61 }, { "line_from": 99, "line_to": 99, "label": "App\\Json::read#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Json.php", "file_path": "/app/app/Json.php", "snippet": "\tpublic static function read(string $path)", "selected_text": "$path", "from": 2533, "to": 2538, "snippet_from": 2497, "snippet_to": 2539, "column_from": 37, "column_to": 42 }, { "line_from": 101, "line_to": 101, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Json.php", "file_path": "/app/app/Json.php", "snippet": "\t\treturn static::decode(file_get_contents($path), true) ?? [];", "selected_text": "$path", "from": 2585, "to": 2590, "snippet_from": 2543, "snippet_to": 2605, "column_from": 43, "column_to": 48 } ] }, { "severity": "error", "line_from": 353, "line_to": 353, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t\tstatic::$languageContainer[$language][$moduleName] = Json::decode(file_get_contents($langFile), true) ?? [];", "selected_text": "$langFile", "from": 10173, "to": 10182, "snippet_from": 10084, "snippet_to": 10197, "column_from": 90, "column_to": 99, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "translate", "from": 3438, "to": 3447, "snippet_from": 3414, "snippet_to": 3511, "column_from": 25, "column_to": 34 }, { "line_from": 119, "line_to": 119, "label": "call to App\\Language::translate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/CustomView/actions/SaveAjax.php", "file_path": "/app/modules/Settings/CustomView/actions/SaveAjax.php", "snippet": "\t\t\t\t'message' => \\App\\Language::translate('LBL_EXISTS_PERMISSION_IN_CONFIG', $request->getModule(false), \\App\\Language::translate($result, $tabid)),", "selected_text": "\\App\\Language::translate($result, $tabid)", "from": 3523, "to": 3564, "snippet_from": 3418, "snippet_to": 3566, "column_from": 106, "column_to": 147 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "$language", "from": 3477, "to": 3486, "snippet_from": 3414, "snippet_to": 3511, "column_from": 64, "column_to": 73 }, { "line_from": 200, "line_to": 200, "label": "call to App\\Language::loadLanguageFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\tstatic::loadLanguageFile($language);", "selected_text": "$language", "from": 4992, "to": 5001, "snippet_from": 4965, "snippet_to": 5003, "column_from": 28, "column_to": 37 }, { "line_from": 343, "line_to": 343, "label": "App\\Language::loadLanguageFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function loadLanguageFile($language, $moduleName = '_Base')", "selected_text": "$language", "from": 9515, "to": 9524, "snippet_from": 9474, "snippet_to": 9548, "column_from": 42, "column_to": 51 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language", "from": 9879, "to": 9948, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 82 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR", "from": 9879, "to": 9971, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 105 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName", "from": 9879, "to": 9985, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 119 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.'", "from": 9879, "to": 9991, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 125 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT", "from": 9879, "to": 10008, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 142 }, { "line_from": 350, "line_to": 350, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "$file", "from": 9871, "to": 9876, "snippet_from": 9867, "snippet_to": 10009, "column_from": 5, "column_to": 10 }, { "line_from": 351, "line_to": 351, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$langFile = ROOT_DIRECTORY . $file;", "selected_text": "ROOT_DIRECTORY . $file", "from": 10026, "to": 10048, "snippet_from": 10010, "snippet_to": 10049, "column_from": 17, "column_to": 39 }, { "line_from": 351, "line_to": 351, "label": "$langFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$langFile = ROOT_DIRECTORY . $file;", "selected_text": "$langFile", "from": 10014, "to": 10023, "snippet_from": 10010, "snippet_to": 10049, "column_from": 5, "column_to": 14 }, { "line_from": 353, "line_to": 353, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t\tstatic::$languageContainer[$language][$moduleName] = Json::decode(file_get_contents($langFile), true) ?? [];", "selected_text": "$langFile", "from": 10173, "to": 10182, "snippet_from": 10084, "snippet_to": 10197, "column_from": 90, "column_to": 99 } ] }, { "severity": "error", "line_from": 353, "line_to": 353, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t\tstatic::$languageContainer[$language][$moduleName] = Json::decode(file_get_contents($langFile), true) ?? [];", "selected_text": "$langFile", "from": 10173, "to": 10182, "snippet_from": 10084, "snippet_to": 10197, "column_from": 90, "column_to": 99, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 168, "line_to": 168, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "rawValues", "from": 3205, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 84, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues", "from": 3198, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "call to App\\Purifier::purifyByType", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues[$key]", "from": 3198, "to": 3220, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 99 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "$input", "from": 10137, "to": 10143, "snippet_from": 10100, "snippet_to": 10169, "column_from": 38, "column_to": 44 }, { "line_from": 452, "line_to": 452, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = $input && Validator::sql($input) ? $input : null;", "selected_text": "$value", "from": 14626, "to": 14632, "snippet_from": 14621, "snippet_to": 14684, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 108, "line_to": 108, "label": "call to App\\Language::translate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/LayoutEditor/actions/Field.php", "file_path": "/app/modules/Settings/LayoutEditor/actions/Field.php", "snippet": "\t\t\t\t'label' => \\App\\Language::translate($fieldInstance->get('label'), $request->getByType('sourceModule', 2)), ]);", "selected_text": "$request->getByType('sourceModule', 2)", "from": 4107, "to": 4145, "snippet_from": 4037, "snippet_to": 4151, "column_from": 71, "column_to": 109 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "$moduleName", "from": 3454, "to": 3465, "snippet_from": 3414, "snippet_to": 3511, "column_from": 41, "column_to": 52 }, { "line_from": 180, "line_to": 180, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t$moduleName = str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName);", "selected_text": "$moduleName", "from": 4052, "to": 4063, "snippet_from": 3965, "snippet_to": 4065, "column_from": 88, "column_to": 99 }, { "line_from": 180, "line_to": 180, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t$moduleName = str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName);", "selected_text": "$moduleName", "from": 4052, "to": 4063, "snippet_from": 3965, "snippet_to": 4065, "column_from": 88, "column_to": 99 }, { "line_from": 180, "line_to": 180, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t$moduleName = str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName);", "selected_text": "str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName)", "from": 3982, "to": 4064, "snippet_from": 3965, "snippet_to": 4065, "column_from": 18, "column_to": 100 }, { "line_from": 180, "line_to": 180, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t$moduleName = str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName);", "selected_text": "$moduleName", "from": 3968, "to": 3979, "snippet_from": 3965, "snippet_to": 4065, "column_from": 4, "column_to": 15 }, { "line_from": 182, "line_to": 182, "label": "call to App\\Language::loadLanguageFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\tstatic::loadLanguageFile($language, $moduleName);", "selected_text": "$moduleName", "from": 4108, "to": 4119, "snippet_from": 4070, "snippet_to": 4121, "column_from": 39, "column_to": 50 }, { "line_from": 343, "line_to": 343, "label": "App\\Language::loadLanguageFile#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function loadLanguageFile($language, $moduleName = '_Base')", "selected_text": "$moduleName", "from": 9526, "to": 9537, "snippet_from": 9474, "snippet_to": 9548, "column_from": 53, "column_to": 64 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName", "from": 9879, "to": 9985, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 119 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.'", "from": 9879, "to": 9991, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 125 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT", "from": 9879, "to": 10008, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 142 }, { "line_from": 350, "line_to": 350, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "$file", "from": 9871, "to": 9876, "snippet_from": 9867, "snippet_to": 10009, "column_from": 5, "column_to": 10 }, { "line_from": 351, "line_to": 351, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$langFile = ROOT_DIRECTORY . $file;", "selected_text": "ROOT_DIRECTORY . $file", "from": 10026, "to": 10048, "snippet_from": 10010, "snippet_to": 10049, "column_from": 17, "column_to": 39 }, { "line_from": 351, "line_to": 351, "label": "$langFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$langFile = ROOT_DIRECTORY . $file;", "selected_text": "$langFile", "from": 10014, "to": 10023, "snippet_from": 10010, "snippet_to": 10049, "column_from": 5, "column_to": 14 }, { "line_from": 353, "line_to": 353, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t\tstatic::$languageContainer[$language][$moduleName] = Json::decode(file_get_contents($langFile), true) ?? [];", "selected_text": "$langFile", "from": 10173, "to": 10182, "snippet_from": 10084, "snippet_to": 10197, "column_from": 90, "column_to": 99 } ] }, { "severity": "error", "line_from": 353, "line_to": 353, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t\tstatic::$languageContainer[$language][$moduleName] = Json::decode(file_get_contents($langFile), true) ?? [];", "selected_text": "$langFile", "from": 10173, "to": 10182, "snippet_from": 10084, "snippet_to": 10197, "column_from": 90, "column_to": 99, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 168, "line_to": 168, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "rawValues", "from": 3205, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 84, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues", "from": 3198, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "call to App\\Purifier::purifyByType", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues[$key]", "from": 3198, "to": 3220, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 99 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "$input", "from": 10137, "to": 10143, "snippet_from": 10100, "snippet_to": 10169, "column_from": 38, "column_to": 44 }, { "line_from": 452, "line_to": 452, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = $input && Validator::sql($input) ? $input : null;", "selected_text": "$value", "from": 14626, "to": 14632, "snippet_from": 14621, "snippet_to": 14684, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 44, "line_to": 44, "label": "$selectedModule", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/ModTracker/views/UpdatesDetail.php", "file_path": "/app/modules/ModTracker/views/UpdatesDetail.php", "snippet": "\t\t$selectedModule = $request->getByType('sourceModule', \\App\\Purifier::ALNUM);", "selected_text": "$selectedModule", "from": 929, "to": 944, "snippet_from": 927, "snippet_to": 1005, "column_from": 3, "column_to": 18 }, { "line_from": 46, "line_to": 46, "label": "call to App\\Language::translate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/ModTracker/views/UpdatesDetail.php", "file_path": "/app/modules/ModTracker/views/UpdatesDetail.php", "snippet": "\t\t\": \" . \\App\\Language::translate($selectedModule, $selectedModule);", "selected_text": "$selectedModule", "from": 1211, "to": 1226, "snippet_from": 1088, "snippet_to": 1228, "column_from": 124, "column_to": 139 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "$moduleName", "from": 3454, "to": 3465, "snippet_from": 3414, "snippet_to": 3511, "column_from": 41, "column_to": 52 }, { "line_from": 180, "line_to": 180, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t$moduleName = str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName);", "selected_text": "$moduleName", "from": 4052, "to": 4063, "snippet_from": 3965, "snippet_to": 4065, "column_from": 88, "column_to": 99 }, { "line_from": 180, "line_to": 180, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t$moduleName = str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName);", "selected_text": "$moduleName", "from": 4052, "to": 4063, "snippet_from": 3965, "snippet_to": 4065, "column_from": 88, "column_to": 99 }, { "line_from": 180, "line_to": 180, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t$moduleName = str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName);", "selected_text": "str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName)", "from": 3982, "to": 4064, "snippet_from": 3965, "snippet_to": 4065, "column_from": 18, "column_to": 100 }, { "line_from": 180, "line_to": 180, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t$moduleName = str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName);", "selected_text": "$moduleName", "from": 3968, "to": 3979, "snippet_from": 3965, "snippet_to": 4065, "column_from": 4, "column_to": 15 }, { "line_from": 182, "line_to": 182, "label": "call to App\\Language::loadLanguageFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\tstatic::loadLanguageFile($language, $moduleName);", "selected_text": "$moduleName", "from": 4108, "to": 4119, "snippet_from": 4070, "snippet_to": 4121, "column_from": 39, "column_to": 50 }, { "line_from": 343, "line_to": 343, "label": "App\\Language::loadLanguageFile#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function loadLanguageFile($language, $moduleName = '_Base')", "selected_text": "$moduleName", "from": 9526, "to": 9537, "snippet_from": 9474, "snippet_to": 9548, "column_from": 53, "column_to": 64 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName", "from": 9879, "to": 9985, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 119 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.'", "from": 9879, "to": 9991, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 125 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT", "from": 9879, "to": 10008, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 142 }, { "line_from": 350, "line_to": 350, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "$file", "from": 9871, "to": 9876, "snippet_from": 9867, "snippet_to": 10009, "column_from": 5, "column_to": 10 }, { "line_from": 351, "line_to": 351, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$langFile = ROOT_DIRECTORY . $file;", "selected_text": "ROOT_DIRECTORY . $file", "from": 10026, "to": 10048, "snippet_from": 10010, "snippet_to": 10049, "column_from": 17, "column_to": 39 }, { "line_from": 351, "line_to": 351, "label": "$langFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$langFile = ROOT_DIRECTORY . $file;", "selected_text": "$langFile", "from": 10014, "to": 10023, "snippet_from": 10010, "snippet_to": 10049, "column_from": 5, "column_to": 14 }, { "line_from": 353, "line_to": 353, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t\tstatic::$languageContainer[$language][$moduleName] = Json::decode(file_get_contents($langFile), true) ?? [];", "selected_text": "$langFile", "from": 10173, "to": 10182, "snippet_from": 10084, "snippet_to": 10197, "column_from": 90, "column_to": 99 } ] }, { "severity": "error", "line_from": 353, "line_to": 353, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t\tstatic::$languageContainer[$language][$moduleName] = Json::decode(file_get_contents($langFile), true) ?? [];", "selected_text": "$langFile", "from": 10173, "to": 10182, "snippet_from": 10084, "snippet_to": 10197, "column_from": 90, "column_to": 99, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 134, "line_to": 134, "label": "call to App\\Language::translate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/actions/QuickExport.php", "file_path": "/app/modules/Vtiger/actions/QuickExport.php", "snippet": "\t\t$filename = \\App\\Language::translate($moduleName, $moduleName) . '-' . \\App\\Language::translate(App\\Purifier::decodeHtml($customView->get('viewname')), $moduleName) . '.xls';", "selected_text": "App\\Purifier::decodeHtml($customView->get('viewname'))", "from": 5796, "to": 5850, "snippet_from": 5698, "snippet_to": 5874, "column_from": 99, "column_to": 153 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "$key", "from": 3448, "to": 3452, "snippet_from": 3414, "snippet_to": 3511, "column_from": 35, "column_to": 39 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "translate", "from": 3438, "to": 3447, "snippet_from": 3414, "snippet_to": 3511, "column_from": 25, "column_to": 34 }, { "line_from": 119, "line_to": 119, "label": "call to App\\Language::translate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/CustomView/actions/SaveAjax.php", "file_path": "/app/modules/Settings/CustomView/actions/SaveAjax.php", "snippet": "\t\t\t\t'message' => \\App\\Language::translate('LBL_EXISTS_PERMISSION_IN_CONFIG', $request->getModule(false), \\App\\Language::translate($result, $tabid)),", "selected_text": "\\App\\Language::translate($result, $tabid)", "from": 3523, "to": 3564, "snippet_from": 3418, "snippet_to": 3566, "column_from": 106, "column_to": 147 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "$language", "from": 3477, "to": 3486, "snippet_from": 3414, "snippet_to": 3511, "column_from": 64, "column_to": 73 }, { "line_from": 200, "line_to": 200, "label": "call to App\\Language::loadLanguageFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\tstatic::loadLanguageFile($language);", "selected_text": "$language", "from": 4992, "to": 5001, "snippet_from": 4965, "snippet_to": 5003, "column_from": 28, "column_to": 37 }, { "line_from": 343, "line_to": 343, "label": "App\\Language::loadLanguageFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function loadLanguageFile($language, $moduleName = '_Base')", "selected_text": "$language", "from": 9515, "to": 9524, "snippet_from": 9474, "snippet_to": 9548, "column_from": 42, "column_to": 51 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language", "from": 9879, "to": 9948, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 82 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR", "from": 9879, "to": 9971, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 105 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName", "from": 9879, "to": 9985, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 119 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.'", "from": 9879, "to": 9991, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 125 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT", "from": 9879, "to": 10008, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 142 }, { "line_from": 350, "line_to": 350, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "$file", "from": 9871, "to": 9876, "snippet_from": 9867, "snippet_to": 10009, "column_from": 5, "column_to": 10 }, { "line_from": 351, "line_to": 351, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$langFile = ROOT_DIRECTORY . $file;", "selected_text": "ROOT_DIRECTORY . $file", "from": 10026, "to": 10048, "snippet_from": 10010, "snippet_to": 10049, "column_from": 17, "column_to": 39 }, { "line_from": 351, "line_to": 351, "label": "$langFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$langFile = ROOT_DIRECTORY . $file;", "selected_text": "$langFile", "from": 10014, "to": 10023, "snippet_from": 10010, "snippet_to": 10049, "column_from": 5, "column_to": 14 }, { "line_from": 353, "line_to": 353, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t\tstatic::$languageContainer[$language][$moduleName] = Json::decode(file_get_contents($langFile), true) ?? [];", "selected_text": "$langFile", "from": 10173, "to": 10182, "snippet_from": 10084, "snippet_to": 10197, "column_from": 90, "column_to": 99 } ] }, { "severity": "error", "line_from": 357, "line_to": 357, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t\t$translation = Json::decode(file_get_contents($langCustomFile), true) ?? [];", "selected_text": "$langCustomFile", "from": 10391, "to": 10406, "snippet_from": 10340, "snippet_to": 10421, "column_from": 52, "column_to": 67, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "translate", "from": 3438, "to": 3447, "snippet_from": 3414, "snippet_to": 3511, "column_from": 25, "column_to": 34 }, { "line_from": 119, "line_to": 119, "label": "call to App\\Language::translate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/CustomView/actions/SaveAjax.php", "file_path": "/app/modules/Settings/CustomView/actions/SaveAjax.php", "snippet": "\t\t\t\t'message' => \\App\\Language::translate('LBL_EXISTS_PERMISSION_IN_CONFIG', $request->getModule(false), \\App\\Language::translate($result, $tabid)),", "selected_text": "\\App\\Language::translate($result, $tabid)", "from": 3523, "to": 3564, "snippet_from": 3418, "snippet_to": 3566, "column_from": 106, "column_to": 147 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "$language", "from": 3477, "to": 3486, "snippet_from": 3414, "snippet_to": 3511, "column_from": 64, "column_to": 73 }, { "line_from": 200, "line_to": 200, "label": "call to App\\Language::loadLanguageFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\tstatic::loadLanguageFile($language);", "selected_text": "$language", "from": 4992, "to": 5001, "snippet_from": 4965, "snippet_to": 5003, "column_from": 28, "column_to": 37 }, { "line_from": 343, "line_to": 343, "label": "App\\Language::loadLanguageFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function loadLanguageFile($language, $moduleName = '_Base')", "selected_text": "$language", "from": 9515, "to": 9524, "snippet_from": 9474, "snippet_to": 9548, "column_from": 42, "column_to": 51 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language", "from": 9879, "to": 9948, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 82 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR", "from": 9879, "to": 9971, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 105 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName", "from": 9879, "to": 9985, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 119 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.'", "from": 9879, "to": 9991, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 125 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT", "from": 9879, "to": 10008, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 142 }, { "line_from": 350, "line_to": 350, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "$file", "from": 9871, "to": 9876, "snippet_from": 9867, "snippet_to": 10009, "column_from": 5, "column_to": 10 }, { "line_from": 355, "line_to": 355, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$langCustomFile = ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR . static::$customDirectory . $file;", "selected_text": "ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR . static::$customDirectory . $file", "from": 10226, "to": 10298, "snippet_from": 10204, "snippet_to": 10299, "column_from": 23, "column_to": 95 }, { "line_from": 355, "line_to": 355, "label": "$langCustomFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$langCustomFile = ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR . static::$customDirectory . $file;", "selected_text": "$langCustomFile", "from": 10208, "to": 10223, "snippet_from": 10204, "snippet_to": 10299, "column_from": 5, "column_to": 20 }, { "line_from": 357, "line_to": 357, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t\t$translation = Json::decode(file_get_contents($langCustomFile), true) ?? [];", "selected_text": "$langCustomFile", "from": 10391, "to": 10406, "snippet_from": 10340, "snippet_to": 10421, "column_from": 52, "column_to": 67 } ] }, { "severity": "error", "line_from": 357, "line_to": 357, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t\t$translation = Json::decode(file_get_contents($langCustomFile), true) ?? [];", "selected_text": "$langCustomFile", "from": 10391, "to": 10406, "snippet_from": 10340, "snippet_to": 10421, "column_from": 52, "column_to": 67, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 168, "line_to": 168, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "rawValues", "from": 3205, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 84, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues", "from": 3198, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "call to App\\Purifier::purifyByType", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues[$key]", "from": 3198, "to": 3220, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 99 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "$input", "from": 10137, "to": 10143, "snippet_from": 10100, "snippet_to": 10169, "column_from": 38, "column_to": 44 }, { "line_from": 452, "line_to": 452, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = $input && Validator::sql($input) ? $input : null;", "selected_text": "$value", "from": 14626, "to": 14632, "snippet_from": 14621, "snippet_to": 14684, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 108, "line_to": 108, "label": "call to App\\Language::translate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/LayoutEditor/actions/Field.php", "file_path": "/app/modules/Settings/LayoutEditor/actions/Field.php", "snippet": "\t\t\t\t'label' => \\App\\Language::translate($fieldInstance->get('label'), $request->getByType('sourceModule', 2)), ]);", "selected_text": "$request->getByType('sourceModule', 2)", "from": 4107, "to": 4145, "snippet_from": 4037, "snippet_to": 4151, "column_from": 71, "column_to": 109 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "$moduleName", "from": 3454, "to": 3465, "snippet_from": 3414, "snippet_to": 3511, "column_from": 41, "column_to": 52 }, { "line_from": 180, "line_to": 180, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t$moduleName = str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName);", "selected_text": "$moduleName", "from": 4052, "to": 4063, "snippet_from": 3965, "snippet_to": 4065, "column_from": 88, "column_to": 99 }, { "line_from": 180, "line_to": 180, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t$moduleName = str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName);", "selected_text": "$moduleName", "from": 4052, "to": 4063, "snippet_from": 3965, "snippet_to": 4065, "column_from": 88, "column_to": 99 }, { "line_from": 180, "line_to": 180, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t$moduleName = str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName);", "selected_text": "str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName)", "from": 3982, "to": 4064, "snippet_from": 3965, "snippet_to": 4065, "column_from": 18, "column_to": 100 }, { "line_from": 180, "line_to": 180, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t$moduleName = str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName);", "selected_text": "$moduleName", "from": 3968, "to": 3979, "snippet_from": 3965, "snippet_to": 4065, "column_from": 4, "column_to": 15 }, { "line_from": 182, "line_to": 182, "label": "call to App\\Language::loadLanguageFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\tstatic::loadLanguageFile($language, $moduleName);", "selected_text": "$moduleName", "from": 4108, "to": 4119, "snippet_from": 4070, "snippet_to": 4121, "column_from": 39, "column_to": 50 }, { "line_from": 343, "line_to": 343, "label": "App\\Language::loadLanguageFile#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function loadLanguageFile($language, $moduleName = '_Base')", "selected_text": "$moduleName", "from": 9526, "to": 9537, "snippet_from": 9474, "snippet_to": 9548, "column_from": 53, "column_to": 64 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName", "from": 9879, "to": 9985, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 119 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.'", "from": 9879, "to": 9991, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 125 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT", "from": 9879, "to": 10008, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 142 }, { "line_from": 350, "line_to": 350, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "$file", "from": 9871, "to": 9876, "snippet_from": 9867, "snippet_to": 10009, "column_from": 5, "column_to": 10 }, { "line_from": 355, "line_to": 355, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$langCustomFile = ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR . static::$customDirectory . $file;", "selected_text": "ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR . static::$customDirectory . $file", "from": 10226, "to": 10298, "snippet_from": 10204, "snippet_to": 10299, "column_from": 23, "column_to": 95 }, { "line_from": 355, "line_to": 355, "label": "$langCustomFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$langCustomFile = ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR . static::$customDirectory . $file;", "selected_text": "$langCustomFile", "from": 10208, "to": 10223, "snippet_from": 10204, "snippet_to": 10299, "column_from": 5, "column_to": 20 }, { "line_from": 357, "line_to": 357, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t\t$translation = Json::decode(file_get_contents($langCustomFile), true) ?? [];", "selected_text": "$langCustomFile", "from": 10391, "to": 10406, "snippet_from": 10340, "snippet_to": 10421, "column_from": 52, "column_to": 67 } ] }, { "severity": "error", "line_from": 357, "line_to": 357, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t\t$translation = Json::decode(file_get_contents($langCustomFile), true) ?? [];", "selected_text": "$langCustomFile", "from": 10391, "to": 10406, "snippet_from": 10340, "snippet_to": 10421, "column_from": 52, "column_to": 67, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 168, "line_to": 168, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "rawValues", "from": 3205, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 84, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues", "from": 3198, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "call to App\\Purifier::purifyByType", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues[$key]", "from": 3198, "to": 3220, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 99 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "$input", "from": 10137, "to": 10143, "snippet_from": 10100, "snippet_to": 10169, "column_from": 38, "column_to": 44 }, { "line_from": 452, "line_to": 452, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = $input && Validator::sql($input) ? $input : null;", "selected_text": "$value", "from": 14626, "to": 14632, "snippet_from": 14621, "snippet_to": 14684, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 44, "line_to": 44, "label": "$selectedModule", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/ModTracker/views/UpdatesDetail.php", "file_path": "/app/modules/ModTracker/views/UpdatesDetail.php", "snippet": "\t\t$selectedModule = $request->getByType('sourceModule', \\App\\Purifier::ALNUM);", "selected_text": "$selectedModule", "from": 929, "to": 944, "snippet_from": 927, "snippet_to": 1005, "column_from": 3, "column_to": 18 }, { "line_from": 46, "line_to": 46, "label": "call to App\\Language::translate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/ModTracker/views/UpdatesDetail.php", "file_path": "/app/modules/ModTracker/views/UpdatesDetail.php", "snippet": "\t\t\": \" . \\App\\Language::translate($selectedModule, $selectedModule);", "selected_text": "$selectedModule", "from": 1211, "to": 1226, "snippet_from": 1088, "snippet_to": 1228, "column_from": 124, "column_to": 139 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "$moduleName", "from": 3454, "to": 3465, "snippet_from": 3414, "snippet_to": 3511, "column_from": 41, "column_to": 52 }, { "line_from": 180, "line_to": 180, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t$moduleName = str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName);", "selected_text": "$moduleName", "from": 4052, "to": 4063, "snippet_from": 3965, "snippet_to": 4065, "column_from": 88, "column_to": 99 }, { "line_from": 180, "line_to": 180, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t$moduleName = str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName);", "selected_text": "$moduleName", "from": 4052, "to": 4063, "snippet_from": 3965, "snippet_to": 4065, "column_from": 88, "column_to": 99 }, { "line_from": 180, "line_to": 180, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t$moduleName = str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName);", "selected_text": "str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName)", "from": 3982, "to": 4064, "snippet_from": 3965, "snippet_to": 4065, "column_from": 18, "column_to": 100 }, { "line_from": 180, "line_to": 180, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t$moduleName = str_replace([':', '.'], [\\DIRECTORY_SEPARATOR, \\DIRECTORY_SEPARATOR], $moduleName);", "selected_text": "$moduleName", "from": 3968, "to": 3979, "snippet_from": 3965, "snippet_to": 4065, "column_from": 4, "column_to": 15 }, { "line_from": 182, "line_to": 182, "label": "call to App\\Language::loadLanguageFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\tstatic::loadLanguageFile($language, $moduleName);", "selected_text": "$moduleName", "from": 4108, "to": 4119, "snippet_from": 4070, "snippet_to": 4121, "column_from": 39, "column_to": 50 }, { "line_from": 343, "line_to": 343, "label": "App\\Language::loadLanguageFile#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function loadLanguageFile($language, $moduleName = '_Base')", "selected_text": "$moduleName", "from": 9526, "to": 9537, "snippet_from": 9474, "snippet_to": 9548, "column_from": 53, "column_to": 64 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName", "from": 9879, "to": 9985, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 119 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.'", "from": 9879, "to": 9991, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 125 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT", "from": 9879, "to": 10008, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 142 }, { "line_from": 350, "line_to": 350, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "$file", "from": 9871, "to": 9876, "snippet_from": 9867, "snippet_to": 10009, "column_from": 5, "column_to": 10 }, { "line_from": 355, "line_to": 355, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$langCustomFile = ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR . static::$customDirectory . $file;", "selected_text": "ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR . static::$customDirectory . $file", "from": 10226, "to": 10298, "snippet_from": 10204, "snippet_to": 10299, "column_from": 23, "column_to": 95 }, { "line_from": 355, "line_to": 355, "label": "$langCustomFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$langCustomFile = ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR . static::$customDirectory . $file;", "selected_text": "$langCustomFile", "from": 10208, "to": 10223, "snippet_from": 10204, "snippet_to": 10299, "column_from": 5, "column_to": 20 }, { "line_from": 357, "line_to": 357, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t\t$translation = Json::decode(file_get_contents($langCustomFile), true) ?? [];", "selected_text": "$langCustomFile", "from": 10391, "to": 10406, "snippet_from": 10340, "snippet_to": 10421, "column_from": 52, "column_to": 67 } ] }, { "severity": "error", "line_from": 357, "line_to": 357, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t\t$translation = Json::decode(file_get_contents($langCustomFile), true) ?? [];", "selected_text": "$langCustomFile", "from": 10391, "to": 10406, "snippet_from": 10340, "snippet_to": 10421, "column_from": 52, "column_to": 67, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 134, "line_to": 134, "label": "call to App\\Language::translate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/actions/QuickExport.php", "file_path": "/app/modules/Vtiger/actions/QuickExport.php", "snippet": "\t\t$filename = \\App\\Language::translate($moduleName, $moduleName) . '-' . \\App\\Language::translate(App\\Purifier::decodeHtml($customView->get('viewname')), $moduleName) . '.xls';", "selected_text": "App\\Purifier::decodeHtml($customView->get('viewname'))", "from": 5796, "to": 5850, "snippet_from": 5698, "snippet_to": 5874, "column_from": 99, "column_to": 153 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "$key", "from": 3448, "to": 3452, "snippet_from": 3414, "snippet_to": 3511, "column_from": 35, "column_to": 39 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "translate", "from": 3438, "to": 3447, "snippet_from": 3414, "snippet_to": 3511, "column_from": 25, "column_to": 34 }, { "line_from": 119, "line_to": 119, "label": "call to App\\Language::translate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/CustomView/actions/SaveAjax.php", "file_path": "/app/modules/Settings/CustomView/actions/SaveAjax.php", "snippet": "\t\t\t\t'message' => \\App\\Language::translate('LBL_EXISTS_PERMISSION_IN_CONFIG', $request->getModule(false), \\App\\Language::translate($result, $tabid)),", "selected_text": "\\App\\Language::translate($result, $tabid)", "from": 3523, "to": 3564, "snippet_from": 3418, "snippet_to": 3566, "column_from": 106, "column_to": 147 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "$language", "from": 3477, "to": 3486, "snippet_from": 3414, "snippet_to": 3511, "column_from": 64, "column_to": 73 }, { "line_from": 200, "line_to": 200, "label": "call to App\\Language::loadLanguageFile", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\tstatic::loadLanguageFile($language);", "selected_text": "$language", "from": 4992, "to": 5001, "snippet_from": 4965, "snippet_to": 5003, "column_from": 28, "column_to": 37 }, { "line_from": 343, "line_to": 343, "label": "App\\Language::loadLanguageFile#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function loadLanguageFile($language, $moduleName = '_Base')", "selected_text": "$language", "from": 9515, "to": 9524, "snippet_from": 9474, "snippet_to": 9548, "column_from": 42, "column_to": 51 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language", "from": 9879, "to": 9948, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 82 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR", "from": 9879, "to": 9971, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 105 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName", "from": 9879, "to": 9985, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 119 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.'", "from": 9879, "to": 9991, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 125 }, { "line_from": 350, "line_to": 350, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "\\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT", "from": 9879, "to": 10008, "snippet_from": 9867, "snippet_to": 10009, "column_from": 13, "column_to": 142 }, { "line_from": 350, "line_to": 350, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$file = \\DIRECTORY_SEPARATOR . 'languages' . \\DIRECTORY_SEPARATOR . $language . \\DIRECTORY_SEPARATOR . $moduleName . '.' . static::FORMAT;", "selected_text": "$file", "from": 9871, "to": 9876, "snippet_from": 9867, "snippet_to": 10009, "column_from": 5, "column_to": 10 }, { "line_from": 355, "line_to": 355, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$langCustomFile = ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR . static::$customDirectory . $file;", "selected_text": "ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR . static::$customDirectory . $file", "from": 10226, "to": 10298, "snippet_from": 10204, "snippet_to": 10299, "column_from": 23, "column_to": 95 }, { "line_from": 355, "line_to": 355, "label": "$langCustomFile", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t$langCustomFile = ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR . static::$customDirectory . $file;", "selected_text": "$langCustomFile", "from": 10208, "to": 10223, "snippet_from": 10204, "snippet_to": 10299, "column_from": 5, "column_to": 20 }, { "line_from": 357, "line_to": 357, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\t\t\t\t\t$translation = Json::decode(file_get_contents($langCustomFile), true) ?? [];", "selected_text": "$langCustomFile", "from": 10391, "to": 10406, "snippet_from": 10340, "snippet_to": 10421, "column_from": 52, "column_to": 67 } ] }, { "severity": "error", "line_from": 117, "line_to": 117, "type": "TaintedInput", "message": "Detected tainted shell", "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t\t$fpw = fopen($file, 'w');", "selected_text": "$file", "from": 2710, "to": 2715, "snippet_from": 2692, "snippet_to": 2722, "column_from": 19, "column_to": 24, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 168, "line_to": 168, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "rawValues", "from": 3205, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 84, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues", "from": 3198, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "call to App\\Purifier::purifyByType", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues[$key]", "from": 3198, "to": 3220, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 99 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "$input", "from": 10137, "to": 10143, "snippet_from": 10100, "snippet_to": 10169, "column_from": 38, "column_to": 44 }, { "line_from": 452, "line_to": 452, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = $input && Validator::sql($input) ? $input : null;", "selected_text": "$value", "from": 14626, "to": 14632, "snippet_from": 14621, "snippet_to": 14684, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 31, "line_to": 31, "label": "$this->extension", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Import/readers/ZipReader.php", "file_path": "/app/modules/Import/readers/ZipReader.php", "snippet": "\t\t$this->extension = $request->getByType('extension');", "selected_text": "$this->extension", "from": 783, "to": 799, "snippet_from": 781, "snippet_to": 835, "column_from": 3, "column_to": 19 }, { "line_from": 71, "line_to": 71, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Import/readers/ZipReader.php", "file_path": "/app/modules/Import/readers/ZipReader.php", "snippet": "\t\t$this->importFolderLocation = \"{$zipfile}_{$this->extension}\";", "selected_text": "$this->extension", "from": 1978, "to": 1994, "snippet_from": 1933, "snippet_to": 1997, "column_from": 46, "column_to": 62 }, { "line_from": 71, "line_to": 71, "label": "$this->importFolderLocation", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Import/readers/ZipReader.php", "file_path": "/app/modules/Import/readers/ZipReader.php", "snippet": "\t\t$this->importFolderLocation = \"{$zipfile}_{$this->extension}\";", "selected_text": "$this->importFolderLocation", "from": 1935, "to": 1962, "snippet_from": 1933, "snippet_to": 1997, "column_from": 3, "column_to": 30 }, { "line_from": 79, "line_to": 79, "label": "call to App\\Zip::unzip", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Import/readers/ZipReader.php", "file_path": "/app/modules/Import/readers/ZipReader.php", "snippet": "\t\t\t$this->filelist = $zip->unzip($this->importFolderLocation);", "selected_text": "$this->importFolderLocation", "from": 2348, "to": 2375, "snippet_from": 2315, "snippet_to": 2377, "column_from": 34, "column_to": 61 }, { "line_from": 92, "line_to": 92, "label": "App\\Zip::unzip#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\tpublic function unzip($toDir, bool $close = true)", "selected_text": "$toDir", "from": 1878, "to": 1884, "snippet_from": 1855, "snippet_to": 1905, "column_from": 24, "column_to": 30 }, { "line_from": 98, "line_to": 98, "label": "array-fetch", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\tforeach ($toDir as $dir => $target) {", "selected_text": "$toDir", "from": 2000, "to": 2006, "snippet_from": 1989, "snippet_to": 2028, "column_from": 12, "column_to": 18 }, { "line_from": 98, "line_to": 98, "label": "$target", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\tforeach ($toDir as $dir => $target) {", "selected_text": "$target", "from": 2018, "to": 2025, "snippet_from": 1989, "snippet_to": 2028, "column_from": 30, "column_to": 37 }, { "line_from": 106, "line_to": 106, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t$file = $target . '/' . (\\is_numeric($dir) ? $path : substr($path, \\strlen($dir) + 1));", "selected_text": "$target . '/'", "from": 2320, "to": 2333, "snippet_from": 2308, "snippet_to": 2399, "column_from": 13, "column_to": 26 }, { "line_from": 106, "line_to": 106, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t$file = $target . '/' . (\\is_numeric($dir) ? $path : substr($path, \\strlen($dir) + 1));", "selected_text": "$target . '/' . (\\is_numeric($dir) ? $path : substr($path, \\strlen($dir) + 1))", "from": 2320, "to": 2398, "snippet_from": 2308, "snippet_to": 2399, "column_from": 13, "column_to": 91 }, { "line_from": 106, "line_to": 106, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t$file = $target . '/' . (\\is_numeric($dir) ? $path : substr($path, \\strlen($dir) + 1));", "selected_text": "$file", "from": 2312, "to": 2317, "snippet_from": 2308, "snippet_to": 2399, "column_from": 5, "column_to": 10 }, { "line_from": 117, "line_to": 117, "label": "call to fopen", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t\t$fpw = fopen($file, 'w');", "selected_text": "$file", "from": 2710, "to": 2715, "snippet_from": 2692, "snippet_to": 2722, "column_from": 19, "column_to": 24 } ] }, { "severity": "error", "line_from": 117, "line_to": 117, "type": "TaintedInput", "message": "Detected tainted shell", "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t\t$fpw = fopen($file, 'w');", "selected_text": "$file", "from": 2710, "to": 2715, "snippet_from": 2692, "snippet_to": 2722, "column_from": 19, "column_to": 24, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 31, "line_to": 31, "label": "$this->extension", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Import/readers/ZipReader.php", "file_path": "/app/modules/Import/readers/ZipReader.php", "snippet": "\t\t$this->extension = $request->getByType('extension');", "selected_text": "$this->extension", "from": 783, "to": 799, "snippet_from": 781, "snippet_to": 835, "column_from": 3, "column_to": 19 }, { "line_from": 71, "line_to": 71, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Import/readers/ZipReader.php", "file_path": "/app/modules/Import/readers/ZipReader.php", "snippet": "\t\t$this->importFolderLocation = \"{$zipfile}_{$this->extension}\";", "selected_text": "$this->extension", "from": 1978, "to": 1994, "snippet_from": 1933, "snippet_to": 1997, "column_from": 46, "column_to": 62 }, { "line_from": 71, "line_to": 71, "label": "$this->importFolderLocation", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Import/readers/ZipReader.php", "file_path": "/app/modules/Import/readers/ZipReader.php", "snippet": "\t\t$this->importFolderLocation = \"{$zipfile}_{$this->extension}\";", "selected_text": "$this->importFolderLocation", "from": 1935, "to": 1962, "snippet_from": 1933, "snippet_to": 1997, "column_from": 3, "column_to": 30 }, { "line_from": 79, "line_to": 79, "label": "call to App\\Zip::unzip", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Import/readers/ZipReader.php", "file_path": "/app/modules/Import/readers/ZipReader.php", "snippet": "\t\t\t$this->filelist = $zip->unzip($this->importFolderLocation);", "selected_text": "$this->importFolderLocation", "from": 2348, "to": 2375, "snippet_from": 2315, "snippet_to": 2377, "column_from": 34, "column_to": 61 }, { "line_from": 92, "line_to": 92, "label": "App\\Zip::unzip#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\tpublic function unzip($toDir, bool $close = true)", "selected_text": "$toDir", "from": 1878, "to": 1884, "snippet_from": 1855, "snippet_to": 1905, "column_from": 24, "column_to": 30 }, { "line_from": 98, "line_to": 98, "label": "array-fetch", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\tforeach ($toDir as $dir => $target) {", "selected_text": "$toDir", "from": 2000, "to": 2006, "snippet_from": 1989, "snippet_to": 2028, "column_from": 12, "column_to": 18 }, { "line_from": 98, "line_to": 98, "label": "$target", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\tforeach ($toDir as $dir => $target) {", "selected_text": "$target", "from": 2018, "to": 2025, "snippet_from": 1989, "snippet_to": 2028, "column_from": 30, "column_to": 37 }, { "line_from": 106, "line_to": 106, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t$file = $target . '/' . (\\is_numeric($dir) ? $path : substr($path, \\strlen($dir) + 1));", "selected_text": "$target . '/'", "from": 2320, "to": 2333, "snippet_from": 2308, "snippet_to": 2399, "column_from": 13, "column_to": 26 }, { "line_from": 106, "line_to": 106, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t$file = $target . '/' . (\\is_numeric($dir) ? $path : substr($path, \\strlen($dir) + 1));", "selected_text": "$target . '/' . (\\is_numeric($dir) ? $path : substr($path, \\strlen($dir) + 1))", "from": 2320, "to": 2398, "snippet_from": 2308, "snippet_to": 2399, "column_from": 13, "column_to": 91 }, { "line_from": 106, "line_to": 106, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t$file = $target . '/' . (\\is_numeric($dir) ? $path : substr($path, \\strlen($dir) + 1));", "selected_text": "$file", "from": 2312, "to": 2317, "snippet_from": 2308, "snippet_to": 2399, "column_from": 5, "column_to": 10 }, { "line_from": 117, "line_to": 117, "label": "call to fopen", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t\t$fpw = fopen($file, 'w');", "selected_text": "$file", "from": 2710, "to": 2715, "snippet_from": 2692, "snippet_to": 2722, "column_from": 19, "column_to": 24 } ] }, { "severity": "error", "line_from": 117, "line_to": 117, "type": "TaintedInput", "message": "Detected tainted shell", "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t\t$fpw = fopen($file, 'w');", "selected_text": "$file", "from": 2710, "to": 2715, "snippet_from": 2692, "snippet_to": 2722, "column_from": 19, "column_to": 24, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 1643, "line_to": 1643, "label": "call to App\\Purifier::purifyHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Chat.php", "file_path": "/app/app/Chat.php", "snippet": "\t\treturn nl2br(\\App\\Utils\\Completions::decode(\\App\\Purifier::purifyHtml(\\App\\Purifier::decodeHtml($message))));", "selected_text": "\\App\\Purifier::decodeHtml($message)", "from": 48182, "to": 48217, "snippet_from": 48110, "snippet_to": 48221, "column_from": 73, "column_to": 108 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "$input", "from": 4265, "to": 4271, "snippet_from": 4230, "snippet_to": 4286, "column_from": 36, "column_to": 42 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "purifyHtml", "from": 4254, "to": 4264, "snippet_from": 4230, "snippet_to": 4286, "column_from": 25, "column_to": 35 }, { "line_from": 416, "line_to": 416, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purifyHtml($input);", "selected_text": "$value", "from": 13323, "to": 13329, "snippet_from": 13318, "snippet_to": 13357, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 31, "line_to": 31, "label": "$this->extension", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Import/readers/ZipReader.php", "file_path": "/app/modules/Import/readers/ZipReader.php", "snippet": "\t\t$this->extension = $request->getByType('extension');", "selected_text": "$this->extension", "from": 783, "to": 799, "snippet_from": 781, "snippet_to": 835, "column_from": 3, "column_to": 19 }, { "line_from": 71, "line_to": 71, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Import/readers/ZipReader.php", "file_path": "/app/modules/Import/readers/ZipReader.php", "snippet": "\t\t$this->importFolderLocation = \"{$zipfile}_{$this->extension}\";", "selected_text": "$this->extension", "from": 1978, "to": 1994, "snippet_from": 1933, "snippet_to": 1997, "column_from": 46, "column_to": 62 }, { "line_from": 71, "line_to": 71, "label": "$this->importFolderLocation", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Import/readers/ZipReader.php", "file_path": "/app/modules/Import/readers/ZipReader.php", "snippet": "\t\t$this->importFolderLocation = \"{$zipfile}_{$this->extension}\";", "selected_text": "$this->importFolderLocation", "from": 1935, "to": 1962, "snippet_from": 1933, "snippet_to": 1997, "column_from": 3, "column_to": 30 }, { "line_from": 79, "line_to": 79, "label": "call to App\\Zip::unzip", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Import/readers/ZipReader.php", "file_path": "/app/modules/Import/readers/ZipReader.php", "snippet": "\t\t\t$this->filelist = $zip->unzip($this->importFolderLocation);", "selected_text": "$this->importFolderLocation", "from": 2348, "to": 2375, "snippet_from": 2315, "snippet_to": 2377, "column_from": 34, "column_to": 61 }, { "line_from": 92, "line_to": 92, "label": "App\\Zip::unzip#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\tpublic function unzip($toDir, bool $close = true)", "selected_text": "$toDir", "from": 1878, "to": 1884, "snippet_from": 1855, "snippet_to": 1905, "column_from": 24, "column_to": 30 }, { "line_from": 98, "line_to": 98, "label": "array-fetch", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\tforeach ($toDir as $dir => $target) {", "selected_text": "$toDir", "from": 2000, "to": 2006, "snippet_from": 1989, "snippet_to": 2028, "column_from": 12, "column_to": 18 }, { "line_from": 98, "line_to": 98, "label": "$target", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\tforeach ($toDir as $dir => $target) {", "selected_text": "$target", "from": 2018, "to": 2025, "snippet_from": 1989, "snippet_to": 2028, "column_from": 30, "column_to": 37 }, { "line_from": 106, "line_to": 106, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t$file = $target . '/' . (\\is_numeric($dir) ? $path : substr($path, \\strlen($dir) + 1));", "selected_text": "$target . '/'", "from": 2320, "to": 2333, "snippet_from": 2308, "snippet_to": 2399, "column_from": 13, "column_to": 26 }, { "line_from": 106, "line_to": 106, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t$file = $target . '/' . (\\is_numeric($dir) ? $path : substr($path, \\strlen($dir) + 1));", "selected_text": "$target . '/' . (\\is_numeric($dir) ? $path : substr($path, \\strlen($dir) + 1))", "from": 2320, "to": 2398, "snippet_from": 2308, "snippet_to": 2399, "column_from": 13, "column_to": 91 }, { "line_from": 106, "line_to": 106, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t$file = $target . '/' . (\\is_numeric($dir) ? $path : substr($path, \\strlen($dir) + 1));", "selected_text": "$file", "from": 2312, "to": 2317, "snippet_from": 2308, "snippet_to": 2399, "column_from": 5, "column_to": 10 }, { "line_from": 117, "line_to": 117, "label": "call to fopen", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t\t$fpw = fopen($file, 'w');", "selected_text": "$file", "from": 2710, "to": 2715, "snippet_from": 2692, "snippet_to": 2722, "column_from": 19, "column_to": 24 } ] }, { "severity": "error", "line_from": 117, "line_to": 117, "type": "TaintedInput", "message": "Detected tainted shell", "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t\t$fpw = fopen($file, 'w');", "selected_text": "$file", "from": 2710, "to": 2715, "snippet_from": 2692, "snippet_to": 2722, "column_from": 19, "column_to": 24, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 113, "line_to": 113, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\t\t$value = \\App\\Purifier::decodeHtml($value);", "selected_text": "$value", "from": 3058, "to": 3064, "snippet_from": 3055, "snippet_to": 3101, "column_from": 4, "column_to": 10 }, { "line_from": 115, "line_to": 115, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\tif (!is_numeric($value) && (\\is_string($value) && $value !== \\App\\Purifier::decodeHtml(\\App\\Purifier::purify($value)))) {", "selected_text": "$value", "from": 3217, "to": 3223, "snippet_from": 3106, "snippet_to": 3229, "column_from": 112, "column_to": 118 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 456, "line_to": 456, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purify($input);", "selected_text": "$value", "from": 14732, "to": 14738, "snippet_from": 14727, "snippet_to": 14762, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 31, "line_to": 31, "label": "$this->extension", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Import/readers/ZipReader.php", "file_path": "/app/modules/Import/readers/ZipReader.php", "snippet": "\t\t$this->extension = $request->getByType('extension');", "selected_text": "$this->extension", "from": 783, "to": 799, "snippet_from": 781, "snippet_to": 835, "column_from": 3, "column_to": 19 }, { "line_from": 71, "line_to": 71, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Import/readers/ZipReader.php", "file_path": "/app/modules/Import/readers/ZipReader.php", "snippet": "\t\t$this->importFolderLocation = \"{$zipfile}_{$this->extension}\";", "selected_text": "$this->extension", "from": 1978, "to": 1994, "snippet_from": 1933, "snippet_to": 1997, "column_from": 46, "column_to": 62 }, { "line_from": 71, "line_to": 71, "label": "$this->importFolderLocation", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Import/readers/ZipReader.php", "file_path": "/app/modules/Import/readers/ZipReader.php", "snippet": "\t\t$this->importFolderLocation = \"{$zipfile}_{$this->extension}\";", "selected_text": "$this->importFolderLocation", "from": 1935, "to": 1962, "snippet_from": 1933, "snippet_to": 1997, "column_from": 3, "column_to": 30 }, { "line_from": 79, "line_to": 79, "label": "call to App\\Zip::unzip", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Import/readers/ZipReader.php", "file_path": "/app/modules/Import/readers/ZipReader.php", "snippet": "\t\t\t$this->filelist = $zip->unzip($this->importFolderLocation);", "selected_text": "$this->importFolderLocation", "from": 2348, "to": 2375, "snippet_from": 2315, "snippet_to": 2377, "column_from": 34, "column_to": 61 }, { "line_from": 92, "line_to": 92, "label": "App\\Zip::unzip#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\tpublic function unzip($toDir, bool $close = true)", "selected_text": "$toDir", "from": 1878, "to": 1884, "snippet_from": 1855, "snippet_to": 1905, "column_from": 24, "column_to": 30 }, { "line_from": 98, "line_to": 98, "label": "array-fetch", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\tforeach ($toDir as $dir => $target) {", "selected_text": "$toDir", "from": 2000, "to": 2006, "snippet_from": 1989, "snippet_to": 2028, "column_from": 12, "column_to": 18 }, { "line_from": 98, "line_to": 98, "label": "$target", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\tforeach ($toDir as $dir => $target) {", "selected_text": "$target", "from": 2018, "to": 2025, "snippet_from": 1989, "snippet_to": 2028, "column_from": 30, "column_to": 37 }, { "line_from": 106, "line_to": 106, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t$file = $target . '/' . (\\is_numeric($dir) ? $path : substr($path, \\strlen($dir) + 1));", "selected_text": "$target . '/'", "from": 2320, "to": 2333, "snippet_from": 2308, "snippet_to": 2399, "column_from": 13, "column_to": 26 }, { "line_from": 106, "line_to": 106, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t$file = $target . '/' . (\\is_numeric($dir) ? $path : substr($path, \\strlen($dir) + 1));", "selected_text": "$target . '/' . (\\is_numeric($dir) ? $path : substr($path, \\strlen($dir) + 1))", "from": 2320, "to": 2398, "snippet_from": 2308, "snippet_to": 2399, "column_from": 13, "column_to": 91 }, { "line_from": 106, "line_to": 106, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t$file = $target . '/' . (\\is_numeric($dir) ? $path : substr($path, \\strlen($dir) + 1));", "selected_text": "$file", "from": 2312, "to": 2317, "snippet_from": 2308, "snippet_to": 2399, "column_from": 5, "column_to": 10 }, { "line_from": 117, "line_to": 117, "label": "call to fopen", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\t\t\t\t$fpw = fopen($file, 'w');", "selected_text": "$file", "from": 2710, "to": 2715, "snippet_from": 2692, "snippet_to": 2722, "column_from": 19, "column_to": 24 } ] }, { "severity": "error", "line_from": 286, "line_to": 286, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $name . '.zip\";');", "selected_text": "'content-disposition: attachment; filename=\"' . $name . '.zip\";'", "from": 6562, "to": 6626, "snippet_from": 6553, "snippet_to": 6628, "column_from": 10, "column_to": 74, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 168, "line_to": 168, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "rawValues", "from": 3205, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 84, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues", "from": 3198, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "call to App\\Purifier::purifyByType", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues[$key]", "from": 3198, "to": 3220, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 99 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "$input", "from": 10137, "to": 10143, "snippet_from": 10100, "snippet_to": 10169, "column_from": 38, "column_to": 44 }, { "line_from": 452, "line_to": 452, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = $input && Validator::sql($input) ? $input : null;", "selected_text": "$value", "from": 14626, "to": 14632, "snippet_from": 14621, "snippet_to": 14684, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 21, "line_to": 21, "label": "$lang", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/LangManagement/actions/Export.php", "file_path": "/app/modules/Settings/LangManagement/actions/Export.php", "snippet": "\t\t$lang = $request->getByType('lang', 1);", "selected_text": "$lang", "from": 423, "to": 428, "snippet_from": 421, "snippet_to": 462, "column_from": 3, "column_to": 8 }, { "line_from": 24, "line_to": 24, "label": "call to vtlib\\LanguageExport::exportLanguage", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/LangManagement/actions/Export.php", "file_path": "/app/modules/Settings/LangManagement/actions/Export.php", "snippet": "\t\t$package->exportLanguage($lang, '', $lang . '.zip', true);", "selected_text": "$lang", "from": 532, "to": 537, "snippet_from": 505, "snippet_to": 565, "column_from": 28, "column_to": 33 }, { "line_from": 43, "line_to": 43, "label": "vtlib\\LanguageExport::exportLanguage#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/LanguageExport.php", "file_path": "/app/vtlib/Vtiger/LanguageExport.php", "snippet": "\tpublic function exportLanguage($languageCode, $todir = '', $zipfilename = '', $directDownload = false)", "selected_text": "$languageCode", "from": 1448, "to": 1461, "snippet_from": 1416, "snippet_to": 1519, "column_from": 33, "column_to": 46 }, { "line_from": 66, "line_to": 66, "label": "call to App\\Zip::download", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/LanguageExport.php", "file_path": "/app/vtlib/Vtiger/LanguageExport.php", "snippet": "\t\t\t$zip->download($languageCode);", "selected_text": "$languageCode", "from": 2250, "to": 2263, "snippet_from": 2232, "snippet_to": 2265, "column_from": 19, "column_to": 32 }, { "line_from": 278, "line_to": 278, "label": "App\\Zip::download#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\tpublic function download(string $name)", "selected_text": "$name", "from": 6331, "to": 6336, "snippet_from": 6298, "snippet_to": 6337, "column_from": 34, "column_to": 39 }, { "line_from": 286, "line_to": 286, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $name . '.zip\";');", "selected_text": "'content-disposition: attachment; filename=\"' . $name", "from": 6562, "to": 6615, "snippet_from": 6553, "snippet_to": 6628, "column_from": 10, "column_to": 63 }, { "line_from": 286, "line_to": 286, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $name . '.zip\";');", "selected_text": "'content-disposition: attachment; filename=\"' . $name . '.zip\";'", "from": 6562, "to": 6626, "snippet_from": 6553, "snippet_to": 6628, "column_from": 10, "column_to": 74 }, { "line_from": 286, "line_to": 286, "label": "call to header", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $name . '.zip\";');", "selected_text": "'content-disposition: attachment; filename=\"' . $name . '.zip\";'", "from": 6562, "to": 6626, "snippet_from": 6553, "snippet_to": 6628, "column_from": 10, "column_to": 74 } ] }, { "severity": "error", "line_from": 286, "line_to": 286, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $name . '.zip\";');", "selected_text": "'content-disposition: attachment; filename=\"' . $name . '.zip\";'", "from": 6562, "to": 6626, "snippet_from": 6553, "snippet_to": 6628, "column_from": 10, "column_to": 74, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 21, "line_to": 21, "label": "$lang", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/LangManagement/actions/Export.php", "file_path": "/app/modules/Settings/LangManagement/actions/Export.php", "snippet": "\t\t$lang = $request->getByType('lang', 1);", "selected_text": "$lang", "from": 423, "to": 428, "snippet_from": 421, "snippet_to": 462, "column_from": 3, "column_to": 8 }, { "line_from": 24, "line_to": 24, "label": "call to vtlib\\LanguageExport::exportLanguage", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/LangManagement/actions/Export.php", "file_path": "/app/modules/Settings/LangManagement/actions/Export.php", "snippet": "\t\t$package->exportLanguage($lang, '', $lang . '.zip', true);", "selected_text": "$lang", "from": 532, "to": 537, "snippet_from": 505, "snippet_to": 565, "column_from": 28, "column_to": 33 }, { "line_from": 43, "line_to": 43, "label": "vtlib\\LanguageExport::exportLanguage#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/LanguageExport.php", "file_path": "/app/vtlib/Vtiger/LanguageExport.php", "snippet": "\tpublic function exportLanguage($languageCode, $todir = '', $zipfilename = '', $directDownload = false)", "selected_text": "$languageCode", "from": 1448, "to": 1461, "snippet_from": 1416, "snippet_to": 1519, "column_from": 33, "column_to": 46 }, { "line_from": 66, "line_to": 66, "label": "call to App\\Zip::download", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/LanguageExport.php", "file_path": "/app/vtlib/Vtiger/LanguageExport.php", "snippet": "\t\t\t$zip->download($languageCode);", "selected_text": "$languageCode", "from": 2250, "to": 2263, "snippet_from": 2232, "snippet_to": 2265, "column_from": 19, "column_to": 32 }, { "line_from": 278, "line_to": 278, "label": "App\\Zip::download#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\tpublic function download(string $name)", "selected_text": "$name", "from": 6331, "to": 6336, "snippet_from": 6298, "snippet_to": 6337, "column_from": 34, "column_to": 39 }, { "line_from": 286, "line_to": 286, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $name . '.zip\";');", "selected_text": "'content-disposition: attachment; filename=\"' . $name", "from": 6562, "to": 6615, "snippet_from": 6553, "snippet_to": 6628, "column_from": 10, "column_to": 63 }, { "line_from": 286, "line_to": 286, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $name . '.zip\";');", "selected_text": "'content-disposition: attachment; filename=\"' . $name . '.zip\";'", "from": 6562, "to": 6626, "snippet_from": 6553, "snippet_to": 6628, "column_from": 10, "column_to": 74 }, { "line_from": 286, "line_to": 286, "label": "call to header", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $name . '.zip\";');", "selected_text": "'content-disposition: attachment; filename=\"' . $name . '.zip\";'", "from": 6562, "to": 6626, "snippet_from": 6553, "snippet_to": 6628, "column_from": 10, "column_to": 74 } ] }, { "severity": "error", "line_from": 286, "line_to": 286, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $name . '.zip\";');", "selected_text": "'content-disposition: attachment; filename=\"' . $name . '.zip\";'", "from": 6562, "to": 6626, "snippet_from": 6553, "snippet_to": 6628, "column_from": 10, "column_to": 74, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 1643, "line_to": 1643, "label": "call to App\\Purifier::purifyHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Chat.php", "file_path": "/app/app/Chat.php", "snippet": "\t\treturn nl2br(\\App\\Utils\\Completions::decode(\\App\\Purifier::purifyHtml(\\App\\Purifier::decodeHtml($message))));", "selected_text": "\\App\\Purifier::decodeHtml($message)", "from": 48182, "to": 48217, "snippet_from": 48110, "snippet_to": 48221, "column_from": 73, "column_to": 108 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "$input", "from": 4265, "to": 4271, "snippet_from": 4230, "snippet_to": 4286, "column_from": 36, "column_to": 42 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "purifyHtml", "from": 4254, "to": 4264, "snippet_from": 4230, "snippet_to": 4286, "column_from": 25, "column_to": 35 }, { "line_from": 416, "line_to": 416, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purifyHtml($input);", "selected_text": "$value", "from": 13323, "to": 13329, "snippet_from": 13318, "snippet_to": 13357, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 21, "line_to": 21, "label": "$lang", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/LangManagement/actions/Export.php", "file_path": "/app/modules/Settings/LangManagement/actions/Export.php", "snippet": "\t\t$lang = $request->getByType('lang', 1);", "selected_text": "$lang", "from": 423, "to": 428, "snippet_from": 421, "snippet_to": 462, "column_from": 3, "column_to": 8 }, { "line_from": 24, "line_to": 24, "label": "call to vtlib\\LanguageExport::exportLanguage", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/LangManagement/actions/Export.php", "file_path": "/app/modules/Settings/LangManagement/actions/Export.php", "snippet": "\t\t$package->exportLanguage($lang, '', $lang . '.zip', true);", "selected_text": "$lang", "from": 532, "to": 537, "snippet_from": 505, "snippet_to": 565, "column_from": 28, "column_to": 33 }, { "line_from": 43, "line_to": 43, "label": "vtlib\\LanguageExport::exportLanguage#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/LanguageExport.php", "file_path": "/app/vtlib/Vtiger/LanguageExport.php", "snippet": "\tpublic function exportLanguage($languageCode, $todir = '', $zipfilename = '', $directDownload = false)", "selected_text": "$languageCode", "from": 1448, "to": 1461, "snippet_from": 1416, "snippet_to": 1519, "column_from": 33, "column_to": 46 }, { "line_from": 66, "line_to": 66, "label": "call to App\\Zip::download", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/LanguageExport.php", "file_path": "/app/vtlib/Vtiger/LanguageExport.php", "snippet": "\t\t\t$zip->download($languageCode);", "selected_text": "$languageCode", "from": 2250, "to": 2263, "snippet_from": 2232, "snippet_to": 2265, "column_from": 19, "column_to": 32 }, { "line_from": 278, "line_to": 278, "label": "App\\Zip::download#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\tpublic function download(string $name)", "selected_text": "$name", "from": 6331, "to": 6336, "snippet_from": 6298, "snippet_to": 6337, "column_from": 34, "column_to": 39 }, { "line_from": 286, "line_to": 286, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $name . '.zip\";');", "selected_text": "'content-disposition: attachment; filename=\"' . $name", "from": 6562, "to": 6615, "snippet_from": 6553, "snippet_to": 6628, "column_from": 10, "column_to": 63 }, { "line_from": 286, "line_to": 286, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $name . '.zip\";');", "selected_text": "'content-disposition: attachment; filename=\"' . $name . '.zip\";'", "from": 6562, "to": 6626, "snippet_from": 6553, "snippet_to": 6628, "column_from": 10, "column_to": 74 }, { "line_from": 286, "line_to": 286, "label": "call to header", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $name . '.zip\";');", "selected_text": "'content-disposition: attachment; filename=\"' . $name . '.zip\";'", "from": 6562, "to": 6626, "snippet_from": 6553, "snippet_to": 6628, "column_from": 10, "column_to": 74 } ] }, { "severity": "error", "line_from": 286, "line_to": 286, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $name . '.zip\";');", "selected_text": "'content-disposition: attachment; filename=\"' . $name . '.zip\";'", "from": 6562, "to": 6626, "snippet_from": 6553, "snippet_to": 6628, "column_from": 10, "column_to": 74, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 113, "line_to": 113, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\t\t$value = \\App\\Purifier::decodeHtml($value);", "selected_text": "$value", "from": 3058, "to": 3064, "snippet_from": 3055, "snippet_to": 3101, "column_from": 4, "column_to": 10 }, { "line_from": 115, "line_to": 115, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\tif (!is_numeric($value) && (\\is_string($value) && $value !== \\App\\Purifier::decodeHtml(\\App\\Purifier::purify($value)))) {", "selected_text": "$value", "from": 3217, "to": 3223, "snippet_from": 3106, "snippet_to": 3229, "column_from": 112, "column_to": 118 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 456, "line_to": 456, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purify($input);", "selected_text": "$value", "from": 14732, "to": 14738, "snippet_from": 14727, "snippet_to": 14762, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 21, "line_to": 21, "label": "$lang", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/LangManagement/actions/Export.php", "file_path": "/app/modules/Settings/LangManagement/actions/Export.php", "snippet": "\t\t$lang = $request->getByType('lang', 1);", "selected_text": "$lang", "from": 423, "to": 428, "snippet_from": 421, "snippet_to": 462, "column_from": 3, "column_to": 8 }, { "line_from": 24, "line_to": 24, "label": "call to vtlib\\LanguageExport::exportLanguage", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/LangManagement/actions/Export.php", "file_path": "/app/modules/Settings/LangManagement/actions/Export.php", "snippet": "\t\t$package->exportLanguage($lang, '', $lang . '.zip', true);", "selected_text": "$lang", "from": 532, "to": 537, "snippet_from": 505, "snippet_to": 565, "column_from": 28, "column_to": 33 }, { "line_from": 43, "line_to": 43, "label": "vtlib\\LanguageExport::exportLanguage#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/LanguageExport.php", "file_path": "/app/vtlib/Vtiger/LanguageExport.php", "snippet": "\tpublic function exportLanguage($languageCode, $todir = '', $zipfilename = '', $directDownload = false)", "selected_text": "$languageCode", "from": 1448, "to": 1461, "snippet_from": 1416, "snippet_to": 1519, "column_from": 33, "column_to": 46 }, { "line_from": 66, "line_to": 66, "label": "call to App\\Zip::download", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/LanguageExport.php", "file_path": "/app/vtlib/Vtiger/LanguageExport.php", "snippet": "\t\t\t$zip->download($languageCode);", "selected_text": "$languageCode", "from": 2250, "to": 2263, "snippet_from": 2232, "snippet_to": 2265, "column_from": 19, "column_to": 32 }, { "line_from": 278, "line_to": 278, "label": "App\\Zip::download#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\tpublic function download(string $name)", "selected_text": "$name", "from": 6331, "to": 6336, "snippet_from": 6298, "snippet_to": 6337, "column_from": 34, "column_to": 39 }, { "line_from": 286, "line_to": 286, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $name . '.zip\";');", "selected_text": "'content-disposition: attachment; filename=\"' . $name", "from": 6562, "to": 6615, "snippet_from": 6553, "snippet_to": 6628, "column_from": 10, "column_to": 63 }, { "line_from": 286, "line_to": 286, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $name . '.zip\";');", "selected_text": "'content-disposition: attachment; filename=\"' . $name . '.zip\";'", "from": 6562, "to": 6626, "snippet_from": 6553, "snippet_to": 6628, "column_from": 10, "column_to": 74 }, { "line_from": 286, "line_to": 286, "label": "call to header", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Zip.php", "file_path": "/app/app/Zip.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $name . '.zip\";');", "selected_text": "'content-disposition: attachment; filename=\"' . $name . '.zip\";'", "from": 6562, "to": 6626, "snippet_from": 6553, "snippet_to": 6628, "column_from": 10, "column_to": 74 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 229, "line_to": 229, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "rawValues", "from": 4720, "to": 4729, "snippet_from": 4701, "snippet_to": 4736, "column_from": 20, "column_to": 29 }, { "line_from": 229, "line_to": 229, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "$this->rawValues", "from": 4713, "to": 4729, "snippet_from": 4701, "snippet_to": 4736, "column_from": 13, "column_to": 29 }, { "line_from": 229, "line_to": 229, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "$value", "from": 4704, "to": 4710, "snippet_from": 4701, "snippet_to": 4736, "column_from": 4, "column_to": 10 }, { "line_from": 250, "line_to": 250, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t\t\t$value = $type ? Purifier::purifyByType($value, $type) : Purifier::purify($value);", "selected_text": "$value", "from": 5513, "to": 5519, "snippet_from": 5434, "snippet_to": 5521, "column_from": 80, "column_to": 86 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 141, "line_to": 141, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = Purifier::purify($value);", "selected_text": "$value", "from": 2457, "to": 2463, "snippet_from": 2454, "snippet_to": 2491, "column_from": 4, "column_to": 10 }, { "line_from": 124, "line_to": 124, "label": "App\\Request::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function get($key, $value = '')", "selected_text": "get", "from": 2013, "to": 2016, "snippet_from": 1996, "snippet_to": 2035, "column_from": 18, "column_to": 21 }, { "line_from": 133, "line_to": 133, "label": "$recordId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Users/actions/SaveAjax.php", "file_path": "/app/modules/Users/actions/SaveAjax.php", "snippet": "\t\t$recordId = $request->get('record');", "selected_text": "$recordId", "from": 4554, "to": 4563, "snippet_from": 4552, "snippet_to": 4590, "column_from": 3, "column_to": 12 }, { "line_from": 144, "line_to": 144, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Users/actions/SaveAjax.php", "file_path": "/app/modules/Users/actions/SaveAjax.php", "snippet": "\t\t\trequire \"user_privileges/user_privileges_$recordId.php\";", "selected_text": "$recordId", "from": 4923, "to": 4932, "snippet_from": 4879, "snippet_to": 4938, "column_from": 45, "column_to": 54 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 113, "line_to": 113, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\t\t$value = \\App\\Purifier::decodeHtml($value);", "selected_text": "$value", "from": 3058, "to": 3064, "snippet_from": 3055, "snippet_to": 3101, "column_from": 4, "column_to": 10 }, { "line_from": 115, "line_to": 115, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\tif (!is_numeric($value) && (\\is_string($value) && $value !== \\App\\Purifier::decodeHtml(\\App\\Purifier::purify($value)))) {", "selected_text": "$value", "from": 3217, "to": 3223, "snippet_from": 3106, "snippet_to": 3229, "column_from": 112, "column_to": 118 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 456, "line_to": 456, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purify($input);", "selected_text": "$value", "from": 14732, "to": 14738, "snippet_from": 14727, "snippet_to": 14762, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 798, "line_to": 798, "label": "$relatedModuleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t$relatedModuleName = $request->getByType('relatedModule', 2);", "selected_text": "$relatedModuleName", "from": 30226, "to": 30244, "snippet_from": 30224, "snippet_to": 30287, "column_from": 3, "column_to": 21 }, { "line_from": 836, "line_to": 836, "label": "call to CRMEntity::getInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t\t$moduleInstance = CRMEntity::getInstance($relatedModuleName);", "selected_text": "$relatedModuleName", "from": 32155, "to": 32173, "snippet_from": 32111, "snippet_to": 32175, "column_from": 45, "column_to": 63 }, { "line_from": 44, "line_to": 44, "label": "CRMEntity::getInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\tpublic static function getInstance($module)", "selected_text": "$module", "from": 2184, "to": 2191, "snippet_from": 2148, "snippet_to": 2192, "column_from": 37, "column_to": 44 }, { "line_from": 60, "line_to": 60, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\t\t\t\trequire_once \"modules/$module/$module.php\";", "selected_text": "$module", "from": 2843, "to": 2850, "snippet_from": 2809, "snippet_to": 2856, "column_from": 35, "column_to": 42 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 17, "line_to": 17, "label": "$componentName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/ShowWidget.php", "file_path": "/app/modules/Vtiger/views/ShowWidget.php", "snippet": "\t\t$componentName = $request->getByType('name');", "selected_text": "$componentName", "from": 720, "to": 734, "snippet_from": 718, "snippet_to": 765, "column_from": 3, "column_to": 17 }, { "line_from": 19, "line_to": 19, "label": "call to Vtiger_Loader::getComponentClassName", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/ShowWidget.php", "file_path": "/app/modules/Vtiger/views/ShowWidget.php", "snippet": "\t\t\t$className = Vtiger_Loader::getComponentClassName('Dashboard', $componentName, $moduleName);", "selected_text": "$componentName", "from": 864, "to": 878, "snippet_from": 798, "snippet_to": 893, "column_from": 67, "column_to": 81 }, { "line_from": 110, "line_to": 110, "label": "Vtiger_Loader::getComponentClassName#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function getComponentClassName($componentType, $componentName, $moduleName = 'Vtiger', $throwException = true)", "selected_text": "$componentName", "from": 3039, "to": 3053, "snippet_from": 2977, "snippet_to": 3102, "column_from": 63, "column_to": 77 }, { "line_from": 142, "line_to": 142, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t\tif (file_exists(self::resolveNameToPath(\"$dir$classDir.$componentTypeDirectory.$componentName\"))) {", "selected_text": "$componentName", "from": 4423, "to": 4437, "snippet_from": 4340, "snippet_to": 4443, "column_from": 84, "column_to": 98 }, { "line_from": 142, "line_to": 142, "label": "call to Vtiger_Loader::resolveNameToPath", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t\tif (file_exists(self::resolveNameToPath(\"$dir$classDir.$componentTypeDirectory.$componentName\"))) {", "selected_text": "\"$dir$classDir.$componentTypeDirectory.$componentName\"", "from": 4384, "to": 4438, "snippet_from": 4340, "snippet_to": 4443, "column_from": 45, "column_to": 99 }, { "line_from": 29, "line_to": 29, "label": "Vtiger_Loader::resolveNameToPath#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function resolveNameToPath($qualifiedName, $fileExtension = 'php')", "selected_text": "$qualifiedName", "from": 996, "to": 1010, "snippet_from": 954, "snippet_to": 1035, "column_from": 43, "column_to": 57 }, { "line_from": 42, "line_to": 42, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$qualifiedName", "from": 1395, "to": 1409, "snippet_from": 1363, "snippet_to": 1411, "column_from": 33, "column_to": 47 }, { "line_from": 42, "line_to": 42, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$qualifiedName", "from": 1395, "to": 1409, "snippet_from": 1363, "snippet_to": 1411, "column_from": 33, "column_to": 47 }, { "line_from": 42, "line_to": 42, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "str_replace('~', '', $qualifiedName)", "from": 1374, "to": 1410, "snippet_from": 1363, "snippet_to": 1411, "column_from": 12, "column_to": 48 }, { "line_from": 42, "line_to": 42, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$file", "from": 1366, "to": 1371, "snippet_from": 1363, "snippet_to": 1411, "column_from": 4, "column_to": 9 }, { "line_from": 43, "line_to": 43, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file;", "selected_text": "ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file", "from": 1423, "to": 1477, "snippet_from": 1412, "snippet_to": 1478, "column_from": 12, "column_to": 66 }, { "line_from": 43, "line_to": 43, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file;", "selected_text": "$file", "from": 1415, "to": 1420, "snippet_from": 1412, "snippet_to": 1478, "column_from": 4, "column_to": 9 }, { "line_from": 29, "line_to": 29, "label": "Vtiger_Loader::resolveNameToPath", "entry_path_type": "return", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function resolveNameToPath($qualifiedName, $fileExtension = 'php')", "selected_text": "resolveNameToPath", "from": 978, "to": 995, "snippet_from": 954, "snippet_to": 1035, "column_from": 25, "column_to": 42 }, { "line_from": 64, "line_to": 64, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$file = self::resolveNameToPath($qualifiedName);", "selected_text": "$file", "from": 1938, "to": 1943, "snippet_from": 1936, "snippet_to": 1986, "column_from": 3, "column_to": 8 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 1643, "line_to": 1643, "label": "call to App\\Purifier::purifyHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Chat.php", "file_path": "/app/app/Chat.php", "snippet": "\t\treturn nl2br(\\App\\Utils\\Completions::decode(\\App\\Purifier::purifyHtml(\\App\\Purifier::decodeHtml($message))));", "selected_text": "\\App\\Purifier::decodeHtml($message)", "from": 48182, "to": 48217, "snippet_from": 48110, "snippet_to": 48221, "column_from": 73, "column_to": 108 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "$input", "from": 4265, "to": 4271, "snippet_from": 4230, "snippet_to": 4286, "column_from": 36, "column_to": 42 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "purifyHtml", "from": 4254, "to": 4264, "snippet_from": 4230, "snippet_to": 4286, "column_from": 25, "column_to": 35 }, { "line_from": 416, "line_to": 416, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purifyHtml($input);", "selected_text": "$value", "from": 13323, "to": 13329, "snippet_from": 13318, "snippet_to": 13357, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 798, "line_to": 798, "label": "$relatedModuleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t$relatedModuleName = $request->getByType('relatedModule', 2);", "selected_text": "$relatedModuleName", "from": 30226, "to": 30244, "snippet_from": 30224, "snippet_to": 30287, "column_from": 3, "column_to": 21 }, { "line_from": 836, "line_to": 836, "label": "call to CRMEntity::getInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t\t$moduleInstance = CRMEntity::getInstance($relatedModuleName);", "selected_text": "$relatedModuleName", "from": 32155, "to": 32173, "snippet_from": 32111, "snippet_to": 32175, "column_from": 45, "column_to": 63 }, { "line_from": 44, "line_to": 44, "label": "CRMEntity::getInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\tpublic static function getInstance($module)", "selected_text": "$module", "from": 2184, "to": 2191, "snippet_from": 2148, "snippet_to": 2192, "column_from": 37, "column_to": 44 }, { "line_from": 57, "line_to": 57, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\t\t\t\trequire_once \"custom/modules/$module/$module.php\";", "selected_text": "$module", "from": 2692, "to": 2699, "snippet_from": 2659, "snippet_to": 2713, "column_from": 34, "column_to": 41 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 1643, "line_to": 1643, "label": "call to App\\Purifier::purifyHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Chat.php", "file_path": "/app/app/Chat.php", "snippet": "\t\treturn nl2br(\\App\\Utils\\Completions::decode(\\App\\Purifier::purifyHtml(\\App\\Purifier::decodeHtml($message))));", "selected_text": "\\App\\Purifier::decodeHtml($message)", "from": 48182, "to": 48217, "snippet_from": 48110, "snippet_to": 48221, "column_from": 73, "column_to": 108 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "$input", "from": 4265, "to": 4271, "snippet_from": 4230, "snippet_to": 4286, "column_from": 36, "column_to": 42 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "purifyHtml", "from": 4254, "to": 4264, "snippet_from": 4230, "snippet_to": 4286, "column_from": 25, "column_to": 35 }, { "line_from": 416, "line_to": 416, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purifyHtml($input);", "selected_text": "$value", "from": 13323, "to": 13329, "snippet_from": 13318, "snippet_to": 13357, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 798, "line_to": 798, "label": "$relatedModuleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t$relatedModuleName = $request->getByType('relatedModule', 2);", "selected_text": "$relatedModuleName", "from": 30226, "to": 30244, "snippet_from": 30224, "snippet_to": 30287, "column_from": 3, "column_to": 21 }, { "line_from": 836, "line_to": 836, "label": "call to CRMEntity::getInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t\t$moduleInstance = CRMEntity::getInstance($relatedModuleName);", "selected_text": "$relatedModuleName", "from": 32155, "to": 32173, "snippet_from": 32111, "snippet_to": 32175, "column_from": 45, "column_to": 63 }, { "line_from": 44, "line_to": 44, "label": "CRMEntity::getInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\tpublic static function getInstance($module)", "selected_text": "$module", "from": 2184, "to": 2191, "snippet_from": 2148, "snippet_to": 2192, "column_from": 37, "column_to": 44 }, { "line_from": 57, "line_to": 57, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\t\t\t\trequire_once \"custom/modules/$module/$module.php\";", "selected_text": "$module", "from": 2700, "to": 2707, "snippet_from": 2659, "snippet_to": 2713, "column_from": 42, "column_to": 49 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 1643, "line_to": 1643, "label": "call to App\\Purifier::purifyHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Chat.php", "file_path": "/app/app/Chat.php", "snippet": "\t\treturn nl2br(\\App\\Utils\\Completions::decode(\\App\\Purifier::purifyHtml(\\App\\Purifier::decodeHtml($message))));", "selected_text": "\\App\\Purifier::decodeHtml($message)", "from": 48182, "to": 48217, "snippet_from": 48110, "snippet_to": 48221, "column_from": 73, "column_to": 108 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "$input", "from": 4265, "to": 4271, "snippet_from": 4230, "snippet_to": 4286, "column_from": 36, "column_to": 42 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "purifyHtml", "from": 4254, "to": 4264, "snippet_from": 4230, "snippet_to": 4286, "column_from": 25, "column_to": 35 }, { "line_from": 416, "line_to": 416, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purifyHtml($input);", "selected_text": "$value", "from": 13323, "to": 13329, "snippet_from": 13318, "snippet_to": 13357, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 798, "line_to": 798, "label": "$relatedModuleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t$relatedModuleName = $request->getByType('relatedModule', 2);", "selected_text": "$relatedModuleName", "from": 30226, "to": 30244, "snippet_from": 30224, "snippet_to": 30287, "column_from": 3, "column_to": 21 }, { "line_from": 836, "line_to": 836, "label": "call to CRMEntity::getInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t\t$moduleInstance = CRMEntity::getInstance($relatedModuleName);", "selected_text": "$relatedModuleName", "from": 32155, "to": 32173, "snippet_from": 32111, "snippet_to": 32175, "column_from": 45, "column_to": 63 }, { "line_from": 44, "line_to": 44, "label": "CRMEntity::getInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\tpublic static function getInstance($module)", "selected_text": "$module", "from": 2184, "to": 2191, "snippet_from": 2148, "snippet_to": 2192, "column_from": 37, "column_to": 44 }, { "line_from": 60, "line_to": 60, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\t\t\t\trequire_once \"modules/$module/$module.php\";", "selected_text": "$module", "from": 2835, "to": 2842, "snippet_from": 2809, "snippet_to": 2856, "column_from": 27, "column_to": 34 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 1643, "line_to": 1643, "label": "call to App\\Purifier::purifyHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Chat.php", "file_path": "/app/app/Chat.php", "snippet": "\t\treturn nl2br(\\App\\Utils\\Completions::decode(\\App\\Purifier::purifyHtml(\\App\\Purifier::decodeHtml($message))));", "selected_text": "\\App\\Purifier::decodeHtml($message)", "from": 48182, "to": 48217, "snippet_from": 48110, "snippet_to": 48221, "column_from": 73, "column_to": 108 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "$input", "from": 4265, "to": 4271, "snippet_from": 4230, "snippet_to": 4286, "column_from": 36, "column_to": 42 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "purifyHtml", "from": 4254, "to": 4264, "snippet_from": 4230, "snippet_to": 4286, "column_from": 25, "column_to": 35 }, { "line_from": 416, "line_to": 416, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purifyHtml($input);", "selected_text": "$value", "from": 13323, "to": 13329, "snippet_from": 13318, "snippet_to": 13357, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 798, "line_to": 798, "label": "$relatedModuleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t$relatedModuleName = $request->getByType('relatedModule', 2);", "selected_text": "$relatedModuleName", "from": 30226, "to": 30244, "snippet_from": 30224, "snippet_to": 30287, "column_from": 3, "column_to": 21 }, { "line_from": 836, "line_to": 836, "label": "call to CRMEntity::getInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t\t$moduleInstance = CRMEntity::getInstance($relatedModuleName);", "selected_text": "$relatedModuleName", "from": 32155, "to": 32173, "snippet_from": 32111, "snippet_to": 32175, "column_from": 45, "column_to": 63 }, { "line_from": 44, "line_to": 44, "label": "CRMEntity::getInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\tpublic static function getInstance($module)", "selected_text": "$module", "from": 2184, "to": 2191, "snippet_from": 2148, "snippet_to": 2192, "column_from": 37, "column_to": 44 }, { "line_from": 60, "line_to": 60, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\t\t\t\trequire_once \"modules/$module/$module.php\";", "selected_text": "$module", "from": 2843, "to": 2850, "snippet_from": 2809, "snippet_to": 2856, "column_from": 35, "column_to": 42 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 113, "line_to": 113, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\t\t$value = \\App\\Purifier::decodeHtml($value);", "selected_text": "$value", "from": 3058, "to": 3064, "snippet_from": 3055, "snippet_to": 3101, "column_from": 4, "column_to": 10 }, { "line_from": 115, "line_to": 115, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\tif (!is_numeric($value) && (\\is_string($value) && $value !== \\App\\Purifier::decodeHtml(\\App\\Purifier::purify($value)))) {", "selected_text": "$value", "from": 3217, "to": 3223, "snippet_from": 3106, "snippet_to": 3229, "column_from": 112, "column_to": 118 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 456, "line_to": 456, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purify($input);", "selected_text": "$value", "from": 14732, "to": 14738, "snippet_from": 14727, "snippet_to": 14762, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 798, "line_to": 798, "label": "$relatedModuleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t$relatedModuleName = $request->getByType('relatedModule', 2);", "selected_text": "$relatedModuleName", "from": 30226, "to": 30244, "snippet_from": 30224, "snippet_to": 30287, "column_from": 3, "column_to": 21 }, { "line_from": 836, "line_to": 836, "label": "call to CRMEntity::getInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t\t$moduleInstance = CRMEntity::getInstance($relatedModuleName);", "selected_text": "$relatedModuleName", "from": 32155, "to": 32173, "snippet_from": 32111, "snippet_to": 32175, "column_from": 45, "column_to": 63 }, { "line_from": 44, "line_to": 44, "label": "CRMEntity::getInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\tpublic static function getInstance($module)", "selected_text": "$module", "from": 2184, "to": 2191, "snippet_from": 2148, "snippet_to": 2192, "column_from": 37, "column_to": 44 }, { "line_from": 57, "line_to": 57, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\t\t\t\trequire_once \"custom/modules/$module/$module.php\";", "selected_text": "$module", "from": 2692, "to": 2699, "snippet_from": 2659, "snippet_to": 2713, "column_from": 34, "column_to": 41 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 113, "line_to": 113, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\t\t$value = \\App\\Purifier::decodeHtml($value);", "selected_text": "$value", "from": 3058, "to": 3064, "snippet_from": 3055, "snippet_to": 3101, "column_from": 4, "column_to": 10 }, { "line_from": 115, "line_to": 115, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\tif (!is_numeric($value) && (\\is_string($value) && $value !== \\App\\Purifier::decodeHtml(\\App\\Purifier::purify($value)))) {", "selected_text": "$value", "from": 3217, "to": 3223, "snippet_from": 3106, "snippet_to": 3229, "column_from": 112, "column_to": 118 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 456, "line_to": 456, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purify($input);", "selected_text": "$value", "from": 14732, "to": 14738, "snippet_from": 14727, "snippet_to": 14762, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 798, "line_to": 798, "label": "$relatedModuleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t$relatedModuleName = $request->getByType('relatedModule', 2);", "selected_text": "$relatedModuleName", "from": 30226, "to": 30244, "snippet_from": 30224, "snippet_to": 30287, "column_from": 3, "column_to": 21 }, { "line_from": 836, "line_to": 836, "label": "call to CRMEntity::getInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t\t$moduleInstance = CRMEntity::getInstance($relatedModuleName);", "selected_text": "$relatedModuleName", "from": 32155, "to": 32173, "snippet_from": 32111, "snippet_to": 32175, "column_from": 45, "column_to": 63 }, { "line_from": 44, "line_to": 44, "label": "CRMEntity::getInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\tpublic static function getInstance($module)", "selected_text": "$module", "from": 2184, "to": 2191, "snippet_from": 2148, "snippet_to": 2192, "column_from": 37, "column_to": 44 }, { "line_from": 57, "line_to": 57, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\t\t\t\trequire_once \"custom/modules/$module/$module.php\";", "selected_text": "$module", "from": 2700, "to": 2707, "snippet_from": 2659, "snippet_to": 2713, "column_from": 42, "column_to": 49 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 113, "line_to": 113, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\t\t$value = \\App\\Purifier::decodeHtml($value);", "selected_text": "$value", "from": 3058, "to": 3064, "snippet_from": 3055, "snippet_to": 3101, "column_from": 4, "column_to": 10 }, { "line_from": 115, "line_to": 115, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\tif (!is_numeric($value) && (\\is_string($value) && $value !== \\App\\Purifier::decodeHtml(\\App\\Purifier::purify($value)))) {", "selected_text": "$value", "from": 3217, "to": 3223, "snippet_from": 3106, "snippet_to": 3229, "column_from": 112, "column_to": 118 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 456, "line_to": 456, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purify($input);", "selected_text": "$value", "from": 14732, "to": 14738, "snippet_from": 14727, "snippet_to": 14762, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 798, "line_to": 798, "label": "$relatedModuleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t$relatedModuleName = $request->getByType('relatedModule', 2);", "selected_text": "$relatedModuleName", "from": 30226, "to": 30244, "snippet_from": 30224, "snippet_to": 30287, "column_from": 3, "column_to": 21 }, { "line_from": 836, "line_to": 836, "label": "call to CRMEntity::getInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t\t$moduleInstance = CRMEntity::getInstance($relatedModuleName);", "selected_text": "$relatedModuleName", "from": 32155, "to": 32173, "snippet_from": 32111, "snippet_to": 32175, "column_from": 45, "column_to": 63 }, { "line_from": 44, "line_to": 44, "label": "CRMEntity::getInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\tpublic static function getInstance($module)", "selected_text": "$module", "from": 2184, "to": 2191, "snippet_from": 2148, "snippet_to": 2192, "column_from": 37, "column_to": 44 }, { "line_from": 60, "line_to": 60, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\t\t\t\trequire_once \"modules/$module/$module.php\";", "selected_text": "$module", "from": 2835, "to": 2842, "snippet_from": 2809, "snippet_to": 2856, "column_from": 27, "column_to": 34 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 1643, "line_to": 1643, "label": "call to App\\Purifier::purifyHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Chat.php", "file_path": "/app/app/Chat.php", "snippet": "\t\treturn nl2br(\\App\\Utils\\Completions::decode(\\App\\Purifier::purifyHtml(\\App\\Purifier::decodeHtml($message))));", "selected_text": "\\App\\Purifier::decodeHtml($message)", "from": 48182, "to": 48217, "snippet_from": 48110, "snippet_to": 48221, "column_from": 73, "column_to": 108 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "$input", "from": 4265, "to": 4271, "snippet_from": 4230, "snippet_to": 4286, "column_from": 36, "column_to": 42 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "purifyHtml", "from": 4254, "to": 4264, "snippet_from": 4230, "snippet_to": 4286, "column_from": 25, "column_to": 35 }, { "line_from": 416, "line_to": 416, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purifyHtml($input);", "selected_text": "$value", "from": 13323, "to": 13329, "snippet_from": 13318, "snippet_to": 13357, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 53, "line_to": 53, "label": "call to App\\YetiForce\\Shop::getProduct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/YetiForce/views/BuyModal.php", "file_path": "/app/modules/Settings/YetiForce/views/BuyModal.php", "snippet": "\t\t$product = \\App\\YetiForce\\Shop::getProduct($request->getByType('product'), $department);", "selected_text": "$request->getByType('product')", "from": 1299, "to": 1329, "snippet_from": 1254, "snippet_to": 1344, "column_from": 46, "column_to": 76 }, { "line_from": 76, "line_to": 76, "label": "App\\YetiForce\\Shop::getProduct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\tpublic static function getProduct(string $name, string $department = ''): Shop\\AbstractBaseProduct", "selected_text": "$name", "from": 1611, "to": 1616, "snippet_from": 1569, "snippet_to": 1668, "column_from": 43, "column_to": 48 }, { "line_from": 87, "line_to": 87, "label": "call to App\\YetiForce\\Shop::getConfig", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\t\tif ($config = self::getConfig($name)) {", "selected_text": "$name", "from": 2001, "to": 2006, "snippet_from": 1969, "snippet_to": 2010, "column_from": 33, "column_to": 38 }, { "line_from": 124, "line_to": 124, "label": "App\\YetiForce\\Shop::getConfig#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\tpublic static function getConfig(string $name): array", "selected_text": "$name", "from": 2963, "to": 2968, "snippet_from": 2922, "snippet_to": 2976, "column_from": 42, "column_to": 47 }, { "line_from": 128, "line_to": 128, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\t\t\t$config = require ROOT_DIRECTORY . \"/app_data/shop/{$name}.php\";", "selected_text": "$name", "from": 3167, "to": 3172, "snippet_from": 3112, "snippet_to": 3179, "column_from": 56, "column_to": 61 }, { "line_from": 128, "line_to": 128, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\t\t\t$config = require ROOT_DIRECTORY . \"/app_data/shop/{$name}.php\";", "selected_text": "ROOT_DIRECTORY . \"/app_data/shop/{$name}.php\"", "from": 3133, "to": 3178, "snippet_from": 3112, "snippet_to": 3179, "column_from": 22, "column_to": 67 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 113, "line_to": 113, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\t\t$value = \\App\\Purifier::decodeHtml($value);", "selected_text": "$value", "from": 3058, "to": 3064, "snippet_from": 3055, "snippet_to": 3101, "column_from": 4, "column_to": 10 }, { "line_from": 115, "line_to": 115, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\tif (!is_numeric($value) && (\\is_string($value) && $value !== \\App\\Purifier::decodeHtml(\\App\\Purifier::purify($value)))) {", "selected_text": "$value", "from": 3217, "to": 3223, "snippet_from": 3106, "snippet_to": 3229, "column_from": 112, "column_to": 118 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 141, "line_to": 141, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = Purifier::purify($value);", "selected_text": "$value", "from": 2457, "to": 2463, "snippet_from": 2454, "snippet_to": 2491, "column_from": 4, "column_to": 10 }, { "line_from": 124, "line_to": 124, "label": "App\\Request::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function get($key, $value = '')", "selected_text": "get", "from": 2013, "to": 2016, "snippet_from": 1996, "snippet_to": 2035, "column_from": 18, "column_to": 21 }, { "line_from": 133, "line_to": 133, "label": "$recordId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Users/actions/SaveAjax.php", "file_path": "/app/modules/Users/actions/SaveAjax.php", "snippet": "\t\t$recordId = $request->get('record');", "selected_text": "$recordId", "from": 4554, "to": 4563, "snippet_from": 4552, "snippet_to": 4590, "column_from": 3, "column_to": 12 }, { "line_from": 144, "line_to": 144, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Users/actions/SaveAjax.php", "file_path": "/app/modules/Users/actions/SaveAjax.php", "snippet": "\t\t\trequire \"user_privileges/user_privileges_$recordId.php\";", "selected_text": "$recordId", "from": 4923, "to": 4932, "snippet_from": 4879, "snippet_to": 4938, "column_from": 45, "column_to": 54 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 113, "line_to": 113, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\t\t$value = \\App\\Purifier::decodeHtml($value);", "selected_text": "$value", "from": 3058, "to": 3064, "snippet_from": 3055, "snippet_to": 3101, "column_from": 4, "column_to": 10 }, { "line_from": 115, "line_to": 115, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\tif (!is_numeric($value) && (\\is_string($value) && $value !== \\App\\Purifier::decodeHtml(\\App\\Purifier::purify($value)))) {", "selected_text": "$value", "from": 3217, "to": 3223, "snippet_from": 3106, "snippet_to": 3229, "column_from": 112, "column_to": 118 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 456, "line_to": 456, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purify($input);", "selected_text": "$value", "from": 14732, "to": 14738, "snippet_from": 14727, "snippet_to": 14762, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 53, "line_to": 53, "label": "call to App\\YetiForce\\Shop::getProduct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/YetiForce/views/BuyModal.php", "file_path": "/app/modules/Settings/YetiForce/views/BuyModal.php", "snippet": "\t\t$product = \\App\\YetiForce\\Shop::getProduct($request->getByType('product'), $department);", "selected_text": "$request->getByType('product')", "from": 1299, "to": 1329, "snippet_from": 1254, "snippet_to": 1344, "column_from": 46, "column_to": 76 }, { "line_from": 76, "line_to": 76, "label": "App\\YetiForce\\Shop::getProduct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\tpublic static function getProduct(string $name, string $department = ''): Shop\\AbstractBaseProduct", "selected_text": "$name", "from": 1611, "to": 1616, "snippet_from": 1569, "snippet_to": 1668, "column_from": 43, "column_to": 48 }, { "line_from": 87, "line_to": 87, "label": "call to App\\YetiForce\\Shop::getConfig", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\t\tif ($config = self::getConfig($name)) {", "selected_text": "$name", "from": 2001, "to": 2006, "snippet_from": 1969, "snippet_to": 2010, "column_from": 33, "column_to": 38 }, { "line_from": 124, "line_to": 124, "label": "App\\YetiForce\\Shop::getConfig#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\tpublic static function getConfig(string $name): array", "selected_text": "$name", "from": 2963, "to": 2968, "snippet_from": 2922, "snippet_to": 2976, "column_from": 42, "column_to": 47 }, { "line_from": 128, "line_to": 128, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\t\t\t$config = require ROOT_DIRECTORY . \"/app_data/shop/{$name}.php\";", "selected_text": "$name", "from": 3167, "to": 3172, "snippet_from": 3112, "snippet_to": 3179, "column_from": 56, "column_to": 61 }, { "line_from": 128, "line_to": 128, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\t\t\t$config = require ROOT_DIRECTORY . \"/app_data/shop/{$name}.php\";", "selected_text": "ROOT_DIRECTORY . \"/app_data/shop/{$name}.php\"", "from": 3133, "to": 3178, "snippet_from": 3112, "snippet_to": 3179, "column_from": 22, "column_to": 67 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 1643, "line_to": 1643, "label": "call to App\\Purifier::purifyHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Chat.php", "file_path": "/app/app/Chat.php", "snippet": "\t\treturn nl2br(\\App\\Utils\\Completions::decode(\\App\\Purifier::purifyHtml(\\App\\Purifier::decodeHtml($message))));", "selected_text": "\\App\\Purifier::decodeHtml($message)", "from": 48182, "to": 48217, "snippet_from": 48110, "snippet_to": 48221, "column_from": 73, "column_to": 108 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "$input", "from": 4265, "to": 4271, "snippet_from": 4230, "snippet_to": 4286, "column_from": 36, "column_to": 42 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "purifyHtml", "from": 4254, "to": 4264, "snippet_from": 4230, "snippet_to": 4286, "column_from": 25, "column_to": 35 }, { "line_from": 416, "line_to": 416, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purifyHtml($input);", "selected_text": "$value", "from": 13323, "to": 13329, "snippet_from": 13318, "snippet_to": 13357, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 561, "line_to": 561, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$moduleName = $this->getByType('module', 'Alnum');", "selected_text": "$moduleName", "from": 12794, "to": 12805, "snippet_from": 12792, "snippet_to": 12844, "column_from": 3, "column_to": 14 }, { "line_from": 559, "line_to": 559, "label": "App\\Request::getModule", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getModule($raw = true)", "selected_text": "getModule", "from": 12766, "to": 12775, "snippet_from": 12749, "snippet_to": 12788, "column_from": 18, "column_to": 27 }, { "line_from": 37, "line_to": 37, "label": "call to App\\ConfigFile::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/OSSMail/actions/Save.php", "file_path": "/app/modules/Settings/OSSMail/actions/Save.php", "snippet": "\t\t$configFile = new \\App\\ConfigFile('module', $request->getModule(true));", "selected_text": "$request->getModule(true)", "from": 1042, "to": 1067, "snippet_from": 996, "snippet_to": 1069, "column_from": 47, "column_to": 72 }, { "line_from": 66, "line_to": 66, "label": "App\\ConfigFile::__construct#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\tpublic function __construct(string $type, ?string $component = '')", "selected_text": "$component", "from": 1367, "to": 1377, "snippet_from": 1316, "snippet_to": 1383, "column_from": 52, "column_to": 62 }, { "line_from": 77, "line_to": 77, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->templatePath = 'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php';", "selected_text": "'modules' . \\DIRECTORY_SEPARATOR . $component", "from": 1674, "to": 1719, "snippet_from": 1649, "snippet_to": 1766, "column_from": 26, "column_to": 71 }, { "line_from": 77, "line_to": 77, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->templatePath = 'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php';", "selected_text": "'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR", "from": 1674, "to": 1742, "snippet_from": 1649, "snippet_to": 1766, "column_from": 26, "column_to": 94 }, { "line_from": 77, "line_to": 77, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->templatePath = 'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php';", "selected_text": "'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php'", "from": 1674, "to": 1765, "snippet_from": 1649, "snippet_to": 1766, "column_from": 26, "column_to": 117 }, { "line_from": 77, "line_to": 77, "label": "$this->templatePath", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->templatePath = 'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php';", "selected_text": "$this->templatePath", "from": 1652, "to": 1671, "snippet_from": 1649, "snippet_to": 1766, "column_from": 4, "column_to": 23 }, { "line_from": 100, "line_to": 100, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t$data = require \"{$this->templatePath}\";", "selected_text": "$this->templatePath", "from": 2684, "to": 2703, "snippet_from": 2664, "snippet_to": 2706, "column_from": 21, "column_to": 40 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 113, "line_to": 113, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\t\t$value = \\App\\Purifier::decodeHtml($value);", "selected_text": "$value", "from": 3058, "to": 3064, "snippet_from": 3055, "snippet_to": 3101, "column_from": 4, "column_to": 10 }, { "line_from": 115, "line_to": 115, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\tif (!is_numeric($value) && (\\is_string($value) && $value !== \\App\\Purifier::decodeHtml(\\App\\Purifier::purify($value)))) {", "selected_text": "$value", "from": 3217, "to": 3223, "snippet_from": 3106, "snippet_to": 3229, "column_from": 112, "column_to": 118 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 456, "line_to": 456, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purify($input);", "selected_text": "$value", "from": 14732, "to": 14738, "snippet_from": 14727, "snippet_to": 14762, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 561, "line_to": 561, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$moduleName = $this->getByType('module', 'Alnum');", "selected_text": "$moduleName", "from": 12794, "to": 12805, "snippet_from": 12792, "snippet_to": 12844, "column_from": 3, "column_to": 14 }, { "line_from": 559, "line_to": 559, "label": "App\\Request::getModule", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getModule($raw = true)", "selected_text": "getModule", "from": 12766, "to": 12775, "snippet_from": 12749, "snippet_to": 12788, "column_from": 18, "column_to": 27 }, { "line_from": 37, "line_to": 37, "label": "call to App\\ConfigFile::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/OSSMail/actions/Save.php", "file_path": "/app/modules/Settings/OSSMail/actions/Save.php", "snippet": "\t\t$configFile = new \\App\\ConfigFile('module', $request->getModule(true));", "selected_text": "$request->getModule(true)", "from": 1042, "to": 1067, "snippet_from": 996, "snippet_to": 1069, "column_from": 47, "column_to": 72 }, { "line_from": 66, "line_to": 66, "label": "App\\ConfigFile::__construct#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\tpublic function __construct(string $type, ?string $component = '')", "selected_text": "$component", "from": 1367, "to": 1377, "snippet_from": 1316, "snippet_to": 1383, "column_from": 52, "column_to": 62 }, { "line_from": 77, "line_to": 77, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->templatePath = 'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php';", "selected_text": "'modules' . \\DIRECTORY_SEPARATOR . $component", "from": 1674, "to": 1719, "snippet_from": 1649, "snippet_to": 1766, "column_from": 26, "column_to": 71 }, { "line_from": 77, "line_to": 77, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->templatePath = 'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php';", "selected_text": "'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR", "from": 1674, "to": 1742, "snippet_from": 1649, "snippet_to": 1766, "column_from": 26, "column_to": 94 }, { "line_from": 77, "line_to": 77, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->templatePath = 'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php';", "selected_text": "'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php'", "from": 1674, "to": 1765, "snippet_from": 1649, "snippet_to": 1766, "column_from": 26, "column_to": 117 }, { "line_from": 77, "line_to": 77, "label": "$this->templatePath", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->templatePath = 'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php';", "selected_text": "$this->templatePath", "from": 1652, "to": 1671, "snippet_from": 1649, "snippet_to": 1766, "column_from": 4, "column_to": 23 }, { "line_from": 100, "line_to": 100, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t$data = require \"{$this->templatePath}\";", "selected_text": "$this->templatePath", "from": 2684, "to": 2703, "snippet_from": 2664, "snippet_to": 2706, "column_from": 21, "column_to": 40 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 1643, "line_to": 1643, "label": "call to App\\Purifier::purifyHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Chat.php", "file_path": "/app/app/Chat.php", "snippet": "\t\treturn nl2br(\\App\\Utils\\Completions::decode(\\App\\Purifier::purifyHtml(\\App\\Purifier::decodeHtml($message))));", "selected_text": "\\App\\Purifier::decodeHtml($message)", "from": 48182, "to": 48217, "snippet_from": 48110, "snippet_to": 48221, "column_from": 73, "column_to": 108 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "$input", "from": 4265, "to": 4271, "snippet_from": 4230, "snippet_to": 4286, "column_from": 36, "column_to": 42 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "purifyHtml", "from": 4254, "to": 4264, "snippet_from": 4230, "snippet_to": 4286, "column_from": 25, "column_to": 35 }, { "line_from": 416, "line_to": 416, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purifyHtml($input);", "selected_text": "$value", "from": 13323, "to": 13329, "snippet_from": 13318, "snippet_to": 13357, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 561, "line_to": 561, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$moduleName = $this->getByType('module', 'Alnum');", "selected_text": "$moduleName", "from": 12794, "to": 12805, "snippet_from": 12792, "snippet_to": 12844, "column_from": 3, "column_to": 14 }, { "line_from": 559, "line_to": 559, "label": "App\\Request::getModule", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getModule($raw = true)", "selected_text": "getModule", "from": 12766, "to": 12775, "snippet_from": 12749, "snippet_to": 12788, "column_from": 18, "column_to": 27 }, { "line_from": 37, "line_to": 37, "label": "call to App\\ConfigFile::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/OSSMail/actions/Save.php", "file_path": "/app/modules/Settings/OSSMail/actions/Save.php", "snippet": "\t\t$configFile = new \\App\\ConfigFile('module', $request->getModule(true));", "selected_text": "$request->getModule(true)", "from": 1042, "to": 1067, "snippet_from": 996, "snippet_to": 1069, "column_from": 47, "column_to": 72 }, { "line_from": 66, "line_to": 66, "label": "App\\ConfigFile::__construct#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\tpublic function __construct(string $type, ?string $component = '')", "selected_text": "$component", "from": 1367, "to": 1377, "snippet_from": 1316, "snippet_to": 1383, "column_from": 52, "column_to": 62 }, { "line_from": 81, "line_to": 81, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "$component", "from": 2127, "to": 2137, "snippet_from": 2036, "snippet_to": 2144, "column_from": 92, "column_to": 102 }, { "line_from": 81, "line_to": 81, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\"", "from": 2053, "to": 2143, "snippet_from": 2036, "snippet_to": 2144, "column_from": 18, "column_to": 108 }, { "line_from": 81, "line_to": 81, "label": "App\\ConfigFile::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "$this->path", "from": 2039, "to": 2050, "snippet_from": 2036, "snippet_to": 2144, "column_from": 4, "column_to": 15 }, { "label": "App\\ConfigFile::$path", "entry_path_type": "property-assignment" }, { "line_from": 257, "line_to": 257, "label": "App\\ConfigFile::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\trequire \"{$this->path}\";", "selected_text": "path", "from": 7479, "to": 7483, "snippet_from": 7459, "snippet_to": 7486, "column_from": 21, "column_to": 25 }, { "line_from": 257, "line_to": 257, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\trequire \"{$this->path}\";", "selected_text": "$this->path", "from": 7472, "to": 7483, "snippet_from": 7459, "snippet_to": 7486, "column_from": 14, "column_to": 25 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 113, "line_to": 113, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\t\t$value = \\App\\Purifier::decodeHtml($value);", "selected_text": "$value", "from": 3058, "to": 3064, "snippet_from": 3055, "snippet_to": 3101, "column_from": 4, "column_to": 10 }, { "line_from": 115, "line_to": 115, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\tif (!is_numeric($value) && (\\is_string($value) && $value !== \\App\\Purifier::decodeHtml(\\App\\Purifier::purify($value)))) {", "selected_text": "$value", "from": 3217, "to": 3223, "snippet_from": 3106, "snippet_to": 3229, "column_from": 112, "column_to": 118 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 456, "line_to": 456, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purify($input);", "selected_text": "$value", "from": 14732, "to": 14738, "snippet_from": 14727, "snippet_to": 14762, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 561, "line_to": 561, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$moduleName = $this->getByType('module', 'Alnum');", "selected_text": "$moduleName", "from": 12794, "to": 12805, "snippet_from": 12792, "snippet_to": 12844, "column_from": 3, "column_to": 14 }, { "line_from": 559, "line_to": 559, "label": "App\\Request::getModule", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getModule($raw = true)", "selected_text": "getModule", "from": 12766, "to": 12775, "snippet_from": 12749, "snippet_to": 12788, "column_from": 18, "column_to": 27 }, { "line_from": 37, "line_to": 37, "label": "call to App\\ConfigFile::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/OSSMail/actions/Save.php", "file_path": "/app/modules/Settings/OSSMail/actions/Save.php", "snippet": "\t\t$configFile = new \\App\\ConfigFile('module', $request->getModule(true));", "selected_text": "$request->getModule(true)", "from": 1042, "to": 1067, "snippet_from": 996, "snippet_to": 1069, "column_from": 47, "column_to": 72 }, { "line_from": 66, "line_to": 66, "label": "App\\ConfigFile::__construct#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\tpublic function __construct(string $type, ?string $component = '')", "selected_text": "$component", "from": 1367, "to": 1377, "snippet_from": 1316, "snippet_to": 1383, "column_from": 52, "column_to": 62 }, { "line_from": 81, "line_to": 81, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "$component", "from": 2127, "to": 2137, "snippet_from": 2036, "snippet_to": 2144, "column_from": 92, "column_to": 102 }, { "line_from": 81, "line_to": 81, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\"", "from": 2053, "to": 2143, "snippet_from": 2036, "snippet_to": 2144, "column_from": 18, "column_to": 108 }, { "line_from": 81, "line_to": 81, "label": "App\\ConfigFile::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "$this->path", "from": 2039, "to": 2050, "snippet_from": 2036, "snippet_to": 2144, "column_from": 4, "column_to": 15 }, { "label": "App\\ConfigFile::$path", "entry_path_type": "property-assignment" }, { "line_from": 257, "line_to": 257, "label": "App\\ConfigFile::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\trequire \"{$this->path}\";", "selected_text": "path", "from": 7479, "to": 7483, "snippet_from": 7459, "snippet_to": 7486, "column_from": 21, "column_to": 25 }, { "line_from": 257, "line_to": 257, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\trequire \"{$this->path}\";", "selected_text": "$this->path", "from": 7472, "to": 7483, "snippet_from": 7459, "snippet_to": 7486, "column_from": 14, "column_to": 25 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 1643, "line_to": 1643, "label": "call to App\\Purifier::purifyHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Chat.php", "file_path": "/app/app/Chat.php", "snippet": "\t\treturn nl2br(\\App\\Utils\\Completions::decode(\\App\\Purifier::purifyHtml(\\App\\Purifier::decodeHtml($message))));", "selected_text": "\\App\\Purifier::decodeHtml($message)", "from": 48182, "to": 48217, "snippet_from": 48110, "snippet_to": 48221, "column_from": 73, "column_to": 108 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "$input", "from": 4265, "to": 4271, "snippet_from": 4230, "snippet_to": 4286, "column_from": 36, "column_to": 42 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "purifyHtml", "from": 4254, "to": 4264, "snippet_from": 4230, "snippet_to": 4286, "column_from": 25, "column_to": 35 }, { "line_from": 416, "line_to": 416, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purifyHtml($input);", "selected_text": "$value", "from": 13323, "to": 13329, "snippet_from": 13318, "snippet_to": 13357, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 37, "line_to": 37, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/ModuleManager/actions/Basic.php", "file_path": "/app/modules/Settings/ModuleManager/actions/Basic.php", "snippet": "\t\t$moduleName = $request->getByType('forModule', 'Standard');", "selected_text": "$moduleName", "from": 1112, "to": 1123, "snippet_from": 1110, "snippet_to": 1171, "column_from": 3, "column_to": 14 }, { "line_from": 44, "line_to": 44, "label": "call to Settings_ModuleManager_Module_Model::disableModule", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/ModuleManager/actions/Basic.php", "file_path": "/app/modules/Settings/ModuleManager/actions/Basic.php", "snippet": "\t\t\t\t$moduleManagerModel->disableModule($moduleName);", "selected_text": "$moduleName", "from": 1434, "to": 1445, "snippet_from": 1395, "snippet_to": 1447, "column_from": 40, "column_to": 51 }, { "line_from": 110, "line_to": 110, "label": "Settings_ModuleManager_Module_Model::disableModule#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/ModuleManager/models/Module.php", "file_path": "/app/modules/Settings/ModuleManager/models/Module.php", "snippet": "\tpublic function disableModule($moduleName)", "selected_text": "$moduleName", "from": 4402, "to": 4413, "snippet_from": 4371, "snippet_to": 4414, "column_from": 32, "column_to": 43 }, { "line_from": 113, "line_to": 113, "label": "call to vtlib\\Module::toggleModuleAccess", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/ModuleManager/models/Module.php", "file_path": "/app/modules/Settings/ModuleManager/models/Module.php", "snippet": "\t\t\\vtlib\\Module::toggleModuleAccess($moduleName, false);", "selected_text": "$moduleName", "from": 4495, "to": 4506, "snippet_from": 4459, "snippet_to": 4515, "column_from": 37, "column_to": 48 }, { "line_from": 320, "line_to": 320, "label": "vtlib\\Module::toggleModuleAccess#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\tpublic static function toggleModuleAccess($moduleName, $enableDisable)", "selected_text": "$moduleName", "from": 10656, "to": 10667, "snippet_from": 10613, "snippet_to": 10684, "column_from": 44, "column_to": 55 }, { "line_from": 330, "line_to": 330, "label": "call to vtlib\\Module::fireEvent", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\t\t$fire = self::fireEvent($moduleName, $eventType);", "selected_text": "$moduleName", "from": 10948, "to": 10959, "snippet_from": 10922, "snippet_to": 10973, "column_from": 27, "column_to": 38 }, { "line_from": 299, "line_to": 299, "label": "vtlib\\Module::fireEvent#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\tpublic static function fireEvent($modulename, $eventType)", "selected_text": "$modulename", "from": 9990, "to": 10001, "snippet_from": 9956, "snippet_to": 10014, "column_from": 35, "column_to": 46 }, { "line_from": 302, "line_to": 302, "label": "call to vtlib\\Module::getClassInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\t\t$instance = self::getClassInstance((string) $modulename);", "selected_text": "(string) $modulename", "from": 10073, "to": 10093, "snippet_from": 10036, "snippet_to": 10095, "column_from": 38, "column_to": 58 }, { "line_from": 279, "line_to": 279, "label": "vtlib\\Module::getClassInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\tpublic static function getClassInstance($modulename)", "selected_text": "$modulename", "from": 9482, "to": 9493, "snippet_from": 9441, "snippet_to": 9494, "column_from": 42, "column_to": 53 }, { "line_from": 282, "line_to": 282, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\t\t$filepath = \"modules/$modulename/$modulename.php\";", "selected_text": "$modulename", "from": 9554, "to": 9565, "snippet_from": 9519, "snippet_to": 9571, "column_from": 36, "column_to": 47 }, { "line_from": 282, "line_to": 282, "label": "$filepath", "entry_path_type": "=", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\t\t$filepath = \"modules/$modulename/$modulename.php\";", "selected_text": "$filepath", "from": 9521, "to": 9530, "snippet_from": 9519, "snippet_to": 9571, "column_from": 3, "column_to": 12 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 113, "line_to": 113, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\t\t$value = \\App\\Purifier::decodeHtml($value);", "selected_text": "$value", "from": 3058, "to": 3064, "snippet_from": 3055, "snippet_to": 3101, "column_from": 4, "column_to": 10 }, { "line_from": 115, "line_to": 115, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\tif (!is_numeric($value) && (\\is_string($value) && $value !== \\App\\Purifier::decodeHtml(\\App\\Purifier::purify($value)))) {", "selected_text": "$value", "from": 3217, "to": 3223, "snippet_from": 3106, "snippet_to": 3229, "column_from": 112, "column_to": 118 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 456, "line_to": 456, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purify($input);", "selected_text": "$value", "from": 14732, "to": 14738, "snippet_from": 14727, "snippet_to": 14762, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 37, "line_to": 37, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/ModuleManager/actions/Basic.php", "file_path": "/app/modules/Settings/ModuleManager/actions/Basic.php", "snippet": "\t\t$moduleName = $request->getByType('forModule', 'Standard');", "selected_text": "$moduleName", "from": 1112, "to": 1123, "snippet_from": 1110, "snippet_to": 1171, "column_from": 3, "column_to": 14 }, { "line_from": 44, "line_to": 44, "label": "call to Settings_ModuleManager_Module_Model::disableModule", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/ModuleManager/actions/Basic.php", "file_path": "/app/modules/Settings/ModuleManager/actions/Basic.php", "snippet": "\t\t\t\t$moduleManagerModel->disableModule($moduleName);", "selected_text": "$moduleName", "from": 1434, "to": 1445, "snippet_from": 1395, "snippet_to": 1447, "column_from": 40, "column_to": 51 }, { "line_from": 110, "line_to": 110, "label": "Settings_ModuleManager_Module_Model::disableModule#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/ModuleManager/models/Module.php", "file_path": "/app/modules/Settings/ModuleManager/models/Module.php", "snippet": "\tpublic function disableModule($moduleName)", "selected_text": "$moduleName", "from": 4402, "to": 4413, "snippet_from": 4371, "snippet_to": 4414, "column_from": 32, "column_to": 43 }, { "line_from": 113, "line_to": 113, "label": "call to vtlib\\Module::toggleModuleAccess", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/ModuleManager/models/Module.php", "file_path": "/app/modules/Settings/ModuleManager/models/Module.php", "snippet": "\t\t\\vtlib\\Module::toggleModuleAccess($moduleName, false);", "selected_text": "$moduleName", "from": 4495, "to": 4506, "snippet_from": 4459, "snippet_to": 4515, "column_from": 37, "column_to": 48 }, { "line_from": 320, "line_to": 320, "label": "vtlib\\Module::toggleModuleAccess#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\tpublic static function toggleModuleAccess($moduleName, $enableDisable)", "selected_text": "$moduleName", "from": 10656, "to": 10667, "snippet_from": 10613, "snippet_to": 10684, "column_from": 44, "column_to": 55 }, { "line_from": 330, "line_to": 330, "label": "call to vtlib\\Module::fireEvent", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\t\t$fire = self::fireEvent($moduleName, $eventType);", "selected_text": "$moduleName", "from": 10948, "to": 10959, "snippet_from": 10922, "snippet_to": 10973, "column_from": 27, "column_to": 38 }, { "line_from": 299, "line_to": 299, "label": "vtlib\\Module::fireEvent#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\tpublic static function fireEvent($modulename, $eventType)", "selected_text": "$modulename", "from": 9990, "to": 10001, "snippet_from": 9956, "snippet_to": 10014, "column_from": 35, "column_to": 46 }, { "line_from": 302, "line_to": 302, "label": "call to vtlib\\Module::getClassInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\t\t$instance = self::getClassInstance((string) $modulename);", "selected_text": "(string) $modulename", "from": 10073, "to": 10093, "snippet_from": 10036, "snippet_to": 10095, "column_from": 38, "column_to": 58 }, { "line_from": 279, "line_to": 279, "label": "vtlib\\Module::getClassInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\tpublic static function getClassInstance($modulename)", "selected_text": "$modulename", "from": 9482, "to": 9493, "snippet_from": 9441, "snippet_to": 9494, "column_from": 42, "column_to": 53 }, { "line_from": 282, "line_to": 282, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\t\t$filepath = \"modules/$modulename/$modulename.php\";", "selected_text": "$modulename", "from": 9554, "to": 9565, "snippet_from": 9519, "snippet_to": 9571, "column_from": 36, "column_to": 47 }, { "line_from": 282, "line_to": 282, "label": "$filepath", "entry_path_type": "=", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\t\t$filepath = \"modules/$modulename/$modulename.php\";", "selected_text": "$filepath", "from": 9521, "to": 9530, "snippet_from": 9519, "snippet_to": 9571, "column_from": 3, "column_to": 12 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 1643, "line_to": 1643, "label": "call to App\\Purifier::purifyHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Chat.php", "file_path": "/app/app/Chat.php", "snippet": "\t\treturn nl2br(\\App\\Utils\\Completions::decode(\\App\\Purifier::purifyHtml(\\App\\Purifier::decodeHtml($message))));", "selected_text": "\\App\\Purifier::decodeHtml($message)", "from": 48182, "to": 48217, "snippet_from": 48110, "snippet_to": 48221, "column_from": 73, "column_to": 108 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "$input", "from": 4265, "to": 4271, "snippet_from": 4230, "snippet_to": 4286, "column_from": 36, "column_to": 42 }, { "line_from": 161, "line_to": 161, "label": "App\\Purifier::purifyHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyHtml($input, $loop = true)", "selected_text": "purifyHtml", "from": 4254, "to": 4264, "snippet_from": 4230, "snippet_to": 4286, "column_from": 25, "column_to": 35 }, { "line_from": 416, "line_to": 416, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purifyHtml($input);", "selected_text": "$value", "from": 13323, "to": 13329, "snippet_from": 13318, "snippet_to": 13357, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 17, "line_to": 17, "label": "$componentName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/ShowWidget.php", "file_path": "/app/modules/Vtiger/views/ShowWidget.php", "snippet": "\t\t$componentName = $request->getByType('name');", "selected_text": "$componentName", "from": 720, "to": 734, "snippet_from": 718, "snippet_to": 765, "column_from": 3, "column_to": 17 }, { "line_from": 19, "line_to": 19, "label": "call to Vtiger_Loader::getComponentClassName", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/ShowWidget.php", "file_path": "/app/modules/Vtiger/views/ShowWidget.php", "snippet": "\t\t\t$className = Vtiger_Loader::getComponentClassName('Dashboard', $componentName, $moduleName);", "selected_text": "$componentName", "from": 864, "to": 878, "snippet_from": 798, "snippet_to": 893, "column_from": 67, "column_to": 81 }, { "line_from": 110, "line_to": 110, "label": "Vtiger_Loader::getComponentClassName#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function getComponentClassName($componentType, $componentName, $moduleName = 'Vtiger', $throwException = true)", "selected_text": "$componentName", "from": 3039, "to": 3053, "snippet_from": 2977, "snippet_to": 3102, "column_from": 63, "column_to": 77 }, { "line_from": 142, "line_to": 142, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t\tif (file_exists(self::resolveNameToPath(\"$dir$classDir.$componentTypeDirectory.$componentName\"))) {", "selected_text": "$componentName", "from": 4423, "to": 4437, "snippet_from": 4340, "snippet_to": 4443, "column_from": 84, "column_to": 98 }, { "line_from": 142, "line_to": 142, "label": "call to Vtiger_Loader::resolveNameToPath", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t\tif (file_exists(self::resolveNameToPath(\"$dir$classDir.$componentTypeDirectory.$componentName\"))) {", "selected_text": "\"$dir$classDir.$componentTypeDirectory.$componentName\"", "from": 4384, "to": 4438, "snippet_from": 4340, "snippet_to": 4443, "column_from": 45, "column_to": 99 }, { "line_from": 29, "line_to": 29, "label": "Vtiger_Loader::resolveNameToPath#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function resolveNameToPath($qualifiedName, $fileExtension = 'php')", "selected_text": "$qualifiedName", "from": 996, "to": 1010, "snippet_from": 954, "snippet_to": 1035, "column_from": 43, "column_to": 57 }, { "line_from": 42, "line_to": 42, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$qualifiedName", "from": 1395, "to": 1409, "snippet_from": 1363, "snippet_to": 1411, "column_from": 33, "column_to": 47 }, { "line_from": 42, "line_to": 42, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$qualifiedName", "from": 1395, "to": 1409, "snippet_from": 1363, "snippet_to": 1411, "column_from": 33, "column_to": 47 }, { "line_from": 42, "line_to": 42, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "str_replace('~', '', $qualifiedName)", "from": 1374, "to": 1410, "snippet_from": 1363, "snippet_to": 1411, "column_from": 12, "column_to": 48 }, { "line_from": 42, "line_to": 42, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$file", "from": 1366, "to": 1371, "snippet_from": 1363, "snippet_to": 1411, "column_from": 4, "column_to": 9 }, { "line_from": 43, "line_to": 43, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file;", "selected_text": "ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file", "from": 1423, "to": 1477, "snippet_from": 1412, "snippet_to": 1478, "column_from": 12, "column_to": 66 }, { "line_from": 43, "line_to": 43, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file;", "selected_text": "$file", "from": 1415, "to": 1420, "snippet_from": 1412, "snippet_to": 1478, "column_from": 4, "column_to": 9 }, { "line_from": 29, "line_to": 29, "label": "Vtiger_Loader::resolveNameToPath", "entry_path_type": "return", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function resolveNameToPath($qualifiedName, $fileExtension = 'php')", "selected_text": "resolveNameToPath", "from": 978, "to": 995, "snippet_from": 954, "snippet_to": 1035, "column_from": 25, "column_to": 42 }, { "line_from": 64, "line_to": 64, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$file = self::resolveNameToPath($qualifiedName);", "selected_text": "$file", "from": 1938, "to": 1943, "snippet_from": 1936, "snippet_to": 1986, "column_from": 3, "column_to": 8 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 168, "line_to": 168, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "rawValues", "from": 3205, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 84, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues", "from": 3198, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "call to App\\Purifier::purifyByType", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues[$key]", "from": 3198, "to": 3220, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 99 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "$input", "from": 10137, "to": 10143, "snippet_from": 10100, "snippet_to": 10169, "column_from": 38, "column_to": 44 }, { "line_from": 452, "line_to": 452, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = $input && Validator::sql($input) ? $input : null;", "selected_text": "$value", "from": 14626, "to": 14632, "snippet_from": 14621, "snippet_to": 14684, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 17, "line_to": 17, "label": "$componentName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/ShowWidget.php", "file_path": "/app/modules/Vtiger/views/ShowWidget.php", "snippet": "\t\t$componentName = $request->getByType('name');", "selected_text": "$componentName", "from": 720, "to": 734, "snippet_from": 718, "snippet_to": 765, "column_from": 3, "column_to": 17 }, { "line_from": 19, "line_to": 19, "label": "call to Vtiger_Loader::getComponentClassName", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/ShowWidget.php", "file_path": "/app/modules/Vtiger/views/ShowWidget.php", "snippet": "\t\t\t$className = Vtiger_Loader::getComponentClassName('Dashboard', $componentName, $moduleName);", "selected_text": "$componentName", "from": 864, "to": 878, "snippet_from": 798, "snippet_to": 893, "column_from": 67, "column_to": 81 }, { "line_from": 110, "line_to": 110, "label": "Vtiger_Loader::getComponentClassName#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function getComponentClassName($componentType, $componentName, $moduleName = 'Vtiger', $throwException = true)", "selected_text": "$componentName", "from": 3039, "to": 3053, "snippet_from": 2977, "snippet_to": 3102, "column_from": 63, "column_to": 77 }, { "line_from": 142, "line_to": 142, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t\tif (file_exists(self::resolveNameToPath(\"$dir$classDir.$componentTypeDirectory.$componentName\"))) {", "selected_text": "$componentName", "from": 4423, "to": 4437, "snippet_from": 4340, "snippet_to": 4443, "column_from": 84, "column_to": 98 }, { "line_from": 142, "line_to": 142, "label": "call to Vtiger_Loader::resolveNameToPath", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t\tif (file_exists(self::resolveNameToPath(\"$dir$classDir.$componentTypeDirectory.$componentName\"))) {", "selected_text": "\"$dir$classDir.$componentTypeDirectory.$componentName\"", "from": 4384, "to": 4438, "snippet_from": 4340, "snippet_to": 4443, "column_from": 45, "column_to": 99 }, { "line_from": 29, "line_to": 29, "label": "Vtiger_Loader::resolveNameToPath#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function resolveNameToPath($qualifiedName, $fileExtension = 'php')", "selected_text": "$qualifiedName", "from": 996, "to": 1010, "snippet_from": 954, "snippet_to": 1035, "column_from": 43, "column_to": 57 }, { "line_from": 42, "line_to": 42, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$qualifiedName", "from": 1395, "to": 1409, "snippet_from": 1363, "snippet_to": 1411, "column_from": 33, "column_to": 47 }, { "line_from": 42, "line_to": 42, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$qualifiedName", "from": 1395, "to": 1409, "snippet_from": 1363, "snippet_to": 1411, "column_from": 33, "column_to": 47 }, { "line_from": 42, "line_to": 42, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "str_replace('~', '', $qualifiedName)", "from": 1374, "to": 1410, "snippet_from": 1363, "snippet_to": 1411, "column_from": 12, "column_to": 48 }, { "line_from": 42, "line_to": 42, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$file", "from": 1366, "to": 1371, "snippet_from": 1363, "snippet_to": 1411, "column_from": 4, "column_to": 9 }, { "line_from": 43, "line_to": 43, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file;", "selected_text": "ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file", "from": 1423, "to": 1477, "snippet_from": 1412, "snippet_to": 1478, "column_from": 12, "column_to": 66 }, { "line_from": 43, "line_to": 43, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file;", "selected_text": "$file", "from": 1415, "to": 1420, "snippet_from": 1412, "snippet_to": 1478, "column_from": 4, "column_to": 9 }, { "line_from": 29, "line_to": 29, "label": "Vtiger_Loader::resolveNameToPath", "entry_path_type": "return", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function resolveNameToPath($qualifiedName, $fileExtension = 'php')", "selected_text": "resolveNameToPath", "from": 978, "to": 995, "snippet_from": 954, "snippet_to": 1035, "column_from": 25, "column_to": 42 }, { "line_from": 64, "line_to": 64, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$file = self::resolveNameToPath($qualifiedName);", "selected_text": "$file", "from": 1938, "to": 1943, "snippet_from": 1936, "snippet_to": 1986, "column_from": 3, "column_to": 8 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 37, "line_to": 37, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/ModuleManager/actions/Basic.php", "file_path": "/app/modules/Settings/ModuleManager/actions/Basic.php", "snippet": "\t\t$moduleName = $request->getByType('forModule', 'Standard');", "selected_text": "$moduleName", "from": 1112, "to": 1123, "snippet_from": 1110, "snippet_to": 1171, "column_from": 3, "column_to": 14 }, { "line_from": 44, "line_to": 44, "label": "call to Settings_ModuleManager_Module_Model::disableModule", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/ModuleManager/actions/Basic.php", "file_path": "/app/modules/Settings/ModuleManager/actions/Basic.php", "snippet": "\t\t\t\t$moduleManagerModel->disableModule($moduleName);", "selected_text": "$moduleName", "from": 1434, "to": 1445, "snippet_from": 1395, "snippet_to": 1447, "column_from": 40, "column_to": 51 }, { "line_from": 110, "line_to": 110, "label": "Settings_ModuleManager_Module_Model::disableModule#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/ModuleManager/models/Module.php", "file_path": "/app/modules/Settings/ModuleManager/models/Module.php", "snippet": "\tpublic function disableModule($moduleName)", "selected_text": "$moduleName", "from": 4402, "to": 4413, "snippet_from": 4371, "snippet_to": 4414, "column_from": 32, "column_to": 43 }, { "line_from": 113, "line_to": 113, "label": "call to vtlib\\Module::toggleModuleAccess", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/ModuleManager/models/Module.php", "file_path": "/app/modules/Settings/ModuleManager/models/Module.php", "snippet": "\t\t\\vtlib\\Module::toggleModuleAccess($moduleName, false);", "selected_text": "$moduleName", "from": 4495, "to": 4506, "snippet_from": 4459, "snippet_to": 4515, "column_from": 37, "column_to": 48 }, { "line_from": 320, "line_to": 320, "label": "vtlib\\Module::toggleModuleAccess#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\tpublic static function toggleModuleAccess($moduleName, $enableDisable)", "selected_text": "$moduleName", "from": 10656, "to": 10667, "snippet_from": 10613, "snippet_to": 10684, "column_from": 44, "column_to": 55 }, { "line_from": 330, "line_to": 330, "label": "call to vtlib\\Module::fireEvent", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\t\t$fire = self::fireEvent($moduleName, $eventType);", "selected_text": "$moduleName", "from": 10948, "to": 10959, "snippet_from": 10922, "snippet_to": 10973, "column_from": 27, "column_to": 38 }, { "line_from": 299, "line_to": 299, "label": "vtlib\\Module::fireEvent#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\tpublic static function fireEvent($modulename, $eventType)", "selected_text": "$modulename", "from": 9990, "to": 10001, "snippet_from": 9956, "snippet_to": 10014, "column_from": 35, "column_to": 46 }, { "line_from": 302, "line_to": 302, "label": "call to vtlib\\Module::getClassInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\t\t$instance = self::getClassInstance((string) $modulename);", "selected_text": "(string) $modulename", "from": 10073, "to": 10093, "snippet_from": 10036, "snippet_to": 10095, "column_from": 38, "column_to": 58 }, { "line_from": 279, "line_to": 279, "label": "vtlib\\Module::getClassInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\tpublic static function getClassInstance($modulename)", "selected_text": "$modulename", "from": 9482, "to": 9493, "snippet_from": 9441, "snippet_to": 9494, "column_from": 42, "column_to": 53 }, { "line_from": 282, "line_to": 282, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\t\t$filepath = \"modules/$modulename/$modulename.php\";", "selected_text": "$modulename", "from": 9554, "to": 9565, "snippet_from": 9519, "snippet_to": 9571, "column_from": 36, "column_to": 47 }, { "line_from": 282, "line_to": 282, "label": "$filepath", "entry_path_type": "=", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\t\t$filepath = \"modules/$modulename/$modulename.php\";", "selected_text": "$filepath", "from": 9521, "to": 9530, "snippet_from": 9519, "snippet_to": 9571, "column_from": 3, "column_to": 12 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 168, "line_to": 168, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "rawValues", "from": 3205, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 84, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues", "from": 3198, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "call to App\\Purifier::purifyByType", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues[$key]", "from": 3198, "to": 3220, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 99 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "$input", "from": 10137, "to": 10143, "snippet_from": 10100, "snippet_to": 10169, "column_from": 38, "column_to": 44 }, { "line_from": 452, "line_to": 452, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = $input && Validator::sql($input) ? $input : null;", "selected_text": "$value", "from": 14626, "to": 14632, "snippet_from": 14621, "snippet_to": 14684, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 798, "line_to": 798, "label": "$relatedModuleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t$relatedModuleName = $request->getByType('relatedModule', 2);", "selected_text": "$relatedModuleName", "from": 30226, "to": 30244, "snippet_from": 30224, "snippet_to": 30287, "column_from": 3, "column_to": 21 }, { "line_from": 836, "line_to": 836, "label": "call to CRMEntity::getInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t\t$moduleInstance = CRMEntity::getInstance($relatedModuleName);", "selected_text": "$relatedModuleName", "from": 32155, "to": 32173, "snippet_from": 32111, "snippet_to": 32175, "column_from": 45, "column_to": 63 }, { "line_from": 44, "line_to": 44, "label": "CRMEntity::getInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\tpublic static function getInstance($module)", "selected_text": "$module", "from": 2184, "to": 2191, "snippet_from": 2148, "snippet_to": 2192, "column_from": 37, "column_to": 44 }, { "line_from": 57, "line_to": 57, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\t\t\t\trequire_once \"custom/modules/$module/$module.php\";", "selected_text": "$module", "from": 2692, "to": 2699, "snippet_from": 2659, "snippet_to": 2713, "column_from": 34, "column_to": 41 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 229, "line_to": 229, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "rawValues", "from": 4720, "to": 4729, "snippet_from": 4701, "snippet_to": 4736, "column_from": 20, "column_to": 29 }, { "line_from": 229, "line_to": 229, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "$this->rawValues", "from": 4713, "to": 4729, "snippet_from": 4701, "snippet_to": 4736, "column_from": 13, "column_to": 29 }, { "line_from": 229, "line_to": 229, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "$value", "from": 4704, "to": 4710, "snippet_from": 4701, "snippet_to": 4736, "column_from": 4, "column_to": 10 }, { "line_from": 250, "line_to": 250, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t\t\t$value = $type ? Purifier::purifyByType($value, $type) : Purifier::purify($value);", "selected_text": "$value", "from": 5513, "to": 5519, "snippet_from": 5434, "snippet_to": 5521, "column_from": 80, "column_to": 86 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 139, "line_to": 139, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t$value = static::$purifyInstanceCache->purify(static::decodeHtml($input));", "selected_text": "$input", "from": 3801, "to": 3807, "snippet_from": 3732, "snippet_to": 3810, "column_from": 70, "column_to": 76 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 72, "line_to": 72, "label": "$handlerPath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/helpers/ShortURL.php", "file_path": "/app/modules/Vtiger/helpers/ShortURL.php", "snippet": "\t\t\t$handlerPath = App\\Purifier::decodeHtml($record['handler_path']);", "selected_text": "$handlerPath", "from": 2183, "to": 2195, "snippet_from": 2180, "snippet_to": 2248, "column_from": 4, "column_to": 16 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 168, "line_to": 168, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "rawValues", "from": 3205, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 84, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues", "from": 3198, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "call to App\\Purifier::purifyByType", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues[$key]", "from": 3198, "to": 3220, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 99 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "$input", "from": 10137, "to": 10143, "snippet_from": 10100, "snippet_to": 10169, "column_from": 38, "column_to": 44 }, { "line_from": 452, "line_to": 452, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = $input && Validator::sql($input) ? $input : null;", "selected_text": "$value", "from": 14626, "to": 14632, "snippet_from": 14621, "snippet_to": 14684, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 798, "line_to": 798, "label": "$relatedModuleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t$relatedModuleName = $request->getByType('relatedModule', 2);", "selected_text": "$relatedModuleName", "from": 30226, "to": 30244, "snippet_from": 30224, "snippet_to": 30287, "column_from": 3, "column_to": 21 }, { "line_from": 836, "line_to": 836, "label": "call to CRMEntity::getInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t\t$moduleInstance = CRMEntity::getInstance($relatedModuleName);", "selected_text": "$relatedModuleName", "from": 32155, "to": 32173, "snippet_from": 32111, "snippet_to": 32175, "column_from": 45, "column_to": 63 }, { "line_from": 44, "line_to": 44, "label": "CRMEntity::getInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\tpublic static function getInstance($module)", "selected_text": "$module", "from": 2184, "to": 2191, "snippet_from": 2148, "snippet_to": 2192, "column_from": 37, "column_to": 44 }, { "line_from": 57, "line_to": 57, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\t\t\t\trequire_once \"custom/modules/$module/$module.php\";", "selected_text": "$module", "from": 2700, "to": 2707, "snippet_from": 2659, "snippet_to": 2713, "column_from": 42, "column_to": 49 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 168, "line_to": 168, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "rawValues", "from": 3205, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 84, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues", "from": 3198, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "call to App\\Purifier::purifyByType", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues[$key]", "from": 3198, "to": 3220, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 99 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "$input", "from": 10137, "to": 10143, "snippet_from": 10100, "snippet_to": 10169, "column_from": 38, "column_to": 44 }, { "line_from": 452, "line_to": 452, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = $input && Validator::sql($input) ? $input : null;", "selected_text": "$value", "from": 14626, "to": 14632, "snippet_from": 14621, "snippet_to": 14684, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 798, "line_to": 798, "label": "$relatedModuleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t$relatedModuleName = $request->getByType('relatedModule', 2);", "selected_text": "$relatedModuleName", "from": 30226, "to": 30244, "snippet_from": 30224, "snippet_to": 30287, "column_from": 3, "column_to": 21 }, { "line_from": 836, "line_to": 836, "label": "call to CRMEntity::getInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t\t$moduleInstance = CRMEntity::getInstance($relatedModuleName);", "selected_text": "$relatedModuleName", "from": 32155, "to": 32173, "snippet_from": 32111, "snippet_to": 32175, "column_from": 45, "column_to": 63 }, { "line_from": 44, "line_to": 44, "label": "CRMEntity::getInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\tpublic static function getInstance($module)", "selected_text": "$module", "from": 2184, "to": 2191, "snippet_from": 2148, "snippet_to": 2192, "column_from": 37, "column_to": 44 }, { "line_from": 60, "line_to": 60, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\t\t\t\trequire_once \"modules/$module/$module.php\";", "selected_text": "$module", "from": 2835, "to": 2842, "snippet_from": 2809, "snippet_to": 2856, "column_from": 27, "column_to": 34 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 168, "line_to": 168, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "rawValues", "from": 3205, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 84, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues", "from": 3198, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "call to App\\Purifier::purifyByType", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues[$key]", "from": 3198, "to": 3220, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 99 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "$input", "from": 10137, "to": 10143, "snippet_from": 10100, "snippet_to": 10169, "column_from": 38, "column_to": 44 }, { "line_from": 452, "line_to": 452, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = $input && Validator::sql($input) ? $input : null;", "selected_text": "$value", "from": 14626, "to": 14632, "snippet_from": 14621, "snippet_to": 14684, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 798, "line_to": 798, "label": "$relatedModuleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t$relatedModuleName = $request->getByType('relatedModule', 2);", "selected_text": "$relatedModuleName", "from": 30226, "to": 30244, "snippet_from": 30224, "snippet_to": 30287, "column_from": 3, "column_to": 21 }, { "line_from": 836, "line_to": 836, "label": "call to CRMEntity::getInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t\t$moduleInstance = CRMEntity::getInstance($relatedModuleName);", "selected_text": "$relatedModuleName", "from": 32155, "to": 32173, "snippet_from": 32111, "snippet_to": 32175, "column_from": 45, "column_to": 63 }, { "line_from": 44, "line_to": 44, "label": "CRMEntity::getInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\tpublic static function getInstance($module)", "selected_text": "$module", "from": 2184, "to": 2191, "snippet_from": 2148, "snippet_to": 2192, "column_from": 37, "column_to": 44 }, { "line_from": 60, "line_to": 60, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\t\t\t\trequire_once \"modules/$module/$module.php\";", "selected_text": "$module", "from": 2843, "to": 2850, "snippet_from": 2809, "snippet_to": 2856, "column_from": 35, "column_to": 42 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 229, "line_to": 229, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "rawValues", "from": 4720, "to": 4729, "snippet_from": 4701, "snippet_to": 4736, "column_from": 20, "column_to": 29 }, { "line_from": 229, "line_to": 229, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "$this->rawValues", "from": 4713, "to": 4729, "snippet_from": 4701, "snippet_to": 4736, "column_from": 13, "column_to": 29 }, { "line_from": 229, "line_to": 229, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "$value", "from": 4704, "to": 4710, "snippet_from": 4701, "snippet_to": 4736, "column_from": 4, "column_to": 10 }, { "line_from": 244, "line_to": 244, "label": "array-fetch", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t\t\tforeach ($value as $k => $v) {", "selected_text": "$value", "from": 5202, "to": 5208, "snippet_from": 5188, "snippet_to": 5223, "column_from": 15, "column_to": 21 }, { "line_from": 245, "line_to": 245, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t\t\t\t$k = $keyType ? Purifier::purifyByType($k, $keyType) : Purifier::purify($k);", "selected_text": "$k", "from": 5302, "to": 5304, "snippet_from": 5224, "snippet_to": 5306, "column_from": 79, "column_to": 81 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 141, "line_to": 141, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = Purifier::purify($value);", "selected_text": "$value", "from": 2457, "to": 2463, "snippet_from": 2454, "snippet_to": 2491, "column_from": 4, "column_to": 10 }, { "line_from": 124, "line_to": 124, "label": "App\\Request::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function get($key, $value = '')", "selected_text": "get", "from": 2013, "to": 2016, "snippet_from": 1996, "snippet_to": 2035, "column_from": 18, "column_to": 21 }, { "line_from": 133, "line_to": 133, "label": "$recordId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Users/actions/SaveAjax.php", "file_path": "/app/modules/Users/actions/SaveAjax.php", "snippet": "\t\t$recordId = $request->get('record');", "selected_text": "$recordId", "from": 4554, "to": 4563, "snippet_from": 4552, "snippet_to": 4590, "column_from": 3, "column_to": 12 }, { "line_from": 144, "line_to": 144, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Users/actions/SaveAjax.php", "file_path": "/app/modules/Users/actions/SaveAjax.php", "snippet": "\t\t\trequire \"user_privileges/user_privileges_$recordId.php\";", "selected_text": "$recordId", "from": 4923, "to": 4932, "snippet_from": 4879, "snippet_to": 4938, "column_from": 45, "column_to": 54 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 798, "line_to": 798, "label": "$relatedModuleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t$relatedModuleName = $request->getByType('relatedModule', 2);", "selected_text": "$relatedModuleName", "from": 30226, "to": 30244, "snippet_from": 30224, "snippet_to": 30287, "column_from": 3, "column_to": 21 }, { "line_from": 836, "line_to": 836, "label": "call to CRMEntity::getInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t\t$moduleInstance = CRMEntity::getInstance($relatedModuleName);", "selected_text": "$relatedModuleName", "from": 32155, "to": 32173, "snippet_from": 32111, "snippet_to": 32175, "column_from": 45, "column_to": 63 }, { "line_from": 44, "line_to": 44, "label": "CRMEntity::getInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\tpublic static function getInstance($module)", "selected_text": "$module", "from": 2184, "to": 2191, "snippet_from": 2148, "snippet_to": 2192, "column_from": 37, "column_to": 44 }, { "line_from": 57, "line_to": 57, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\t\t\t\trequire_once \"custom/modules/$module/$module.php\";", "selected_text": "$module", "from": 2692, "to": 2699, "snippet_from": 2659, "snippet_to": 2713, "column_from": 34, "column_to": 41 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 798, "line_to": 798, "label": "$relatedModuleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t$relatedModuleName = $request->getByType('relatedModule', 2);", "selected_text": "$relatedModuleName", "from": 30226, "to": 30244, "snippet_from": 30224, "snippet_to": 30287, "column_from": 3, "column_to": 21 }, { "line_from": 836, "line_to": 836, "label": "call to CRMEntity::getInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t\t$moduleInstance = CRMEntity::getInstance($relatedModuleName);", "selected_text": "$relatedModuleName", "from": 32155, "to": 32173, "snippet_from": 32111, "snippet_to": 32175, "column_from": 45, "column_to": 63 }, { "line_from": 44, "line_to": 44, "label": "CRMEntity::getInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\tpublic static function getInstance($module)", "selected_text": "$module", "from": 2184, "to": 2191, "snippet_from": 2148, "snippet_to": 2192, "column_from": 37, "column_to": 44 }, { "line_from": 57, "line_to": 57, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\t\t\t\trequire_once \"custom/modules/$module/$module.php\";", "selected_text": "$module", "from": 2700, "to": 2707, "snippet_from": 2659, "snippet_to": 2713, "column_from": 42, "column_to": 49 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 798, "line_to": 798, "label": "$relatedModuleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t$relatedModuleName = $request->getByType('relatedModule', 2);", "selected_text": "$relatedModuleName", "from": 30226, "to": 30244, "snippet_from": 30224, "snippet_to": 30287, "column_from": 3, "column_to": 21 }, { "line_from": 836, "line_to": 836, "label": "call to CRMEntity::getInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t\t$moduleInstance = CRMEntity::getInstance($relatedModuleName);", "selected_text": "$relatedModuleName", "from": 32155, "to": 32173, "snippet_from": 32111, "snippet_to": 32175, "column_from": 45, "column_to": 63 }, { "line_from": 44, "line_to": 44, "label": "CRMEntity::getInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\tpublic static function getInstance($module)", "selected_text": "$module", "from": 2184, "to": 2191, "snippet_from": 2148, "snippet_to": 2192, "column_from": 37, "column_to": 44 }, { "line_from": 60, "line_to": 60, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\t\t\t\trequire_once \"modules/$module/$module.php\";", "selected_text": "$module", "from": 2835, "to": 2842, "snippet_from": 2809, "snippet_to": 2856, "column_from": 27, "column_to": 34 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 798, "line_to": 798, "label": "$relatedModuleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t$relatedModuleName = $request->getByType('relatedModule', 2);", "selected_text": "$relatedModuleName", "from": 30226, "to": 30244, "snippet_from": 30224, "snippet_to": 30287, "column_from": 3, "column_to": 21 }, { "line_from": 836, "line_to": 836, "label": "call to CRMEntity::getInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/Detail.php", "file_path": "/app/modules/Vtiger/views/Detail.php", "snippet": "\t\t\t$moduleInstance = CRMEntity::getInstance($relatedModuleName);", "selected_text": "$relatedModuleName", "from": 32155, "to": 32173, "snippet_from": 32111, "snippet_to": 32175, "column_from": 45, "column_to": 63 }, { "line_from": 44, "line_to": 44, "label": "CRMEntity::getInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\tpublic static function getInstance($module)", "selected_text": "$module", "from": 2184, "to": 2191, "snippet_from": 2148, "snippet_to": 2192, "column_from": 37, "column_to": 44 }, { "line_from": 60, "line_to": 60, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/CRMEntity.php", "file_path": "/app/include/CRMEntity.php", "snippet": "\t\t\t\trequire_once \"modules/$module/$module.php\";", "selected_text": "$module", "from": 2843, "to": 2850, "snippet_from": 2809, "snippet_to": 2856, "column_from": 35, "column_to": 42 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 229, "line_to": 229, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "rawValues", "from": 4720, "to": 4729, "snippet_from": 4701, "snippet_to": 4736, "column_from": 20, "column_to": 29 }, { "line_from": 229, "line_to": 229, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "$this->rawValues", "from": 4713, "to": 4729, "snippet_from": 4701, "snippet_to": 4736, "column_from": 13, "column_to": 29 }, { "line_from": 229, "line_to": 229, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "$value", "from": 4704, "to": 4710, "snippet_from": 4701, "snippet_to": 4736, "column_from": 4, "column_to": 10 }, { "line_from": 250, "line_to": 250, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t\t\t$value = $type ? Purifier::purifyByType($value, $type) : Purifier::purify($value);", "selected_text": "$value", "from": 5513, "to": 5519, "snippet_from": 5434, "snippet_to": 5521, "column_from": 80, "column_to": 86 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 110, "line_to": 110, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/widgets/HistoryRelation.php", "file_path": "/app/modules/Vtiger/widgets/HistoryRelation.php", "snippet": "\t\t\t\t$body = str_replace(['', '
'], [\"\\r\\n\", \"\\r\\n\"], App\\Purifier::decodeHtml(App\\Purifier::purify($body)));", "selected_text": "App\\Purifier::purify($body)", "from": 3159, "to": 3186, "snippet_from": 3054, "snippet_to": 3189, "column_from": 106, "column_to": 133 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 72, "line_to": 72, "label": "$handlerPath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/helpers/ShortURL.php", "file_path": "/app/modules/Vtiger/helpers/ShortURL.php", "snippet": "\t\t\t$handlerPath = App\\Purifier::decodeHtml($record['handler_path']);", "selected_text": "$handlerPath", "from": 2183, "to": 2195, "snippet_from": 2180, "snippet_to": 2248, "column_from": 4, "column_to": 16 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 168, "line_to": 168, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "rawValues", "from": 3205, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 84, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues", "from": 3198, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "call to App\\Purifier::purifyByType", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues[$key]", "from": 3198, "to": 3220, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 99 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "$input", "from": 10137, "to": 10143, "snippet_from": 10100, "snippet_to": 10169, "column_from": 38, "column_to": 44 }, { "line_from": 452, "line_to": 452, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = $input && Validator::sql($input) ? $input : null;", "selected_text": "$value", "from": 14626, "to": 14632, "snippet_from": 14621, "snippet_to": 14684, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 37, "line_to": 37, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/ModuleManager/actions/Basic.php", "file_path": "/app/modules/Settings/ModuleManager/actions/Basic.php", "snippet": "\t\t$moduleName = $request->getByType('forModule', 'Standard');", "selected_text": "$moduleName", "from": 1112, "to": 1123, "snippet_from": 1110, "snippet_to": 1171, "column_from": 3, "column_to": 14 }, { "line_from": 44, "line_to": 44, "label": "call to Settings_ModuleManager_Module_Model::disableModule", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/ModuleManager/actions/Basic.php", "file_path": "/app/modules/Settings/ModuleManager/actions/Basic.php", "snippet": "\t\t\t\t$moduleManagerModel->disableModule($moduleName);", "selected_text": "$moduleName", "from": 1434, "to": 1445, "snippet_from": 1395, "snippet_to": 1447, "column_from": 40, "column_to": 51 }, { "line_from": 110, "line_to": 110, "label": "Settings_ModuleManager_Module_Model::disableModule#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/ModuleManager/models/Module.php", "file_path": "/app/modules/Settings/ModuleManager/models/Module.php", "snippet": "\tpublic function disableModule($moduleName)", "selected_text": "$moduleName", "from": 4402, "to": 4413, "snippet_from": 4371, "snippet_to": 4414, "column_from": 32, "column_to": 43 }, { "line_from": 113, "line_to": 113, "label": "call to vtlib\\Module::toggleModuleAccess", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/ModuleManager/models/Module.php", "file_path": "/app/modules/Settings/ModuleManager/models/Module.php", "snippet": "\t\t\\vtlib\\Module::toggleModuleAccess($moduleName, false);", "selected_text": "$moduleName", "from": 4495, "to": 4506, "snippet_from": 4459, "snippet_to": 4515, "column_from": 37, "column_to": 48 }, { "line_from": 320, "line_to": 320, "label": "vtlib\\Module::toggleModuleAccess#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\tpublic static function toggleModuleAccess($moduleName, $enableDisable)", "selected_text": "$moduleName", "from": 10656, "to": 10667, "snippet_from": 10613, "snippet_to": 10684, "column_from": 44, "column_to": 55 }, { "line_from": 330, "line_to": 330, "label": "call to vtlib\\Module::fireEvent", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\t\t$fire = self::fireEvent($moduleName, $eventType);", "selected_text": "$moduleName", "from": 10948, "to": 10959, "snippet_from": 10922, "snippet_to": 10973, "column_from": 27, "column_to": 38 }, { "line_from": 299, "line_to": 299, "label": "vtlib\\Module::fireEvent#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\tpublic static function fireEvent($modulename, $eventType)", "selected_text": "$modulename", "from": 9990, "to": 10001, "snippet_from": 9956, "snippet_to": 10014, "column_from": 35, "column_to": 46 }, { "line_from": 302, "line_to": 302, "label": "call to vtlib\\Module::getClassInstance", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\t\t$instance = self::getClassInstance((string) $modulename);", "selected_text": "(string) $modulename", "from": 10073, "to": 10093, "snippet_from": 10036, "snippet_to": 10095, "column_from": 38, "column_to": 58 }, { "line_from": 279, "line_to": 279, "label": "vtlib\\Module::getClassInstance#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\tpublic static function getClassInstance($modulename)", "selected_text": "$modulename", "from": 9482, "to": 9493, "snippet_from": 9441, "snippet_to": 9494, "column_from": 42, "column_to": 53 }, { "line_from": 282, "line_to": 282, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\t\t$filepath = \"modules/$modulename/$modulename.php\";", "selected_text": "$modulename", "from": 9554, "to": 9565, "snippet_from": 9519, "snippet_to": 9571, "column_from": 36, "column_to": 47 }, { "line_from": 282, "line_to": 282, "label": "$filepath", "entry_path_type": "=", "entry_path_description": null, "file_name": "vtlib/Vtiger/Module.php", "file_path": "/app/vtlib/Vtiger/Module.php", "snippet": "\t\t$filepath = \"modules/$modulename/$modulename.php\";", "selected_text": "$filepath", "from": 9521, "to": 9530, "snippet_from": 9519, "snippet_to": 9571, "column_from": 3, "column_to": 12 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 168, "line_to": 168, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "rawValues", "from": 3205, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 84, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues", "from": 3198, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "call to App\\Purifier::purifyByType", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues[$key]", "from": 3198, "to": 3220, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 99 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "$input", "from": 10137, "to": 10143, "snippet_from": 10100, "snippet_to": 10169, "column_from": 38, "column_to": 44 }, { "line_from": 452, "line_to": 452, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = $input && Validator::sql($input) ? $input : null;", "selected_text": "$value", "from": 14626, "to": 14632, "snippet_from": 14621, "snippet_to": 14684, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 53, "line_to": 53, "label": "call to App\\YetiForce\\Shop::getProduct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/YetiForce/views/BuyModal.php", "file_path": "/app/modules/Settings/YetiForce/views/BuyModal.php", "snippet": "\t\t$product = \\App\\YetiForce\\Shop::getProduct($request->getByType('product'), $department);", "selected_text": "$request->getByType('product')", "from": 1299, "to": 1329, "snippet_from": 1254, "snippet_to": 1344, "column_from": 46, "column_to": 76 }, { "line_from": 76, "line_to": 76, "label": "App\\YetiForce\\Shop::getProduct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\tpublic static function getProduct(string $name, string $department = ''): Shop\\AbstractBaseProduct", "selected_text": "$name", "from": 1611, "to": 1616, "snippet_from": 1569, "snippet_to": 1668, "column_from": 43, "column_to": 48 }, { "line_from": 87, "line_to": 87, "label": "call to App\\YetiForce\\Shop::getConfig", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\t\tif ($config = self::getConfig($name)) {", "selected_text": "$name", "from": 2001, "to": 2006, "snippet_from": 1969, "snippet_to": 2010, "column_from": 33, "column_to": 38 }, { "line_from": 124, "line_to": 124, "label": "App\\YetiForce\\Shop::getConfig#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\tpublic static function getConfig(string $name): array", "selected_text": "$name", "from": 2963, "to": 2968, "snippet_from": 2922, "snippet_to": 2976, "column_from": 42, "column_to": 47 }, { "line_from": 128, "line_to": 128, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\t\t\t$config = require ROOT_DIRECTORY . \"/app_data/shop/{$name}.php\";", "selected_text": "$name", "from": 3167, "to": 3172, "snippet_from": 3112, "snippet_to": 3179, "column_from": 56, "column_to": 61 }, { "line_from": 128, "line_to": 128, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\t\t\t$config = require ROOT_DIRECTORY . \"/app_data/shop/{$name}.php\";", "selected_text": "ROOT_DIRECTORY . \"/app_data/shop/{$name}.php\"", "from": 3133, "to": 3178, "snippet_from": 3112, "snippet_to": 3179, "column_from": 22, "column_to": 67 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 72, "line_to": 72, "label": "$handlerPath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/helpers/ShortURL.php", "file_path": "/app/modules/Vtiger/helpers/ShortURL.php", "snippet": "\t\t\t$handlerPath = App\\Purifier::decodeHtml($record['handler_path']);", "selected_text": "$handlerPath", "from": 2183, "to": 2195, "snippet_from": 2180, "snippet_to": 2248, "column_from": 4, "column_to": 16 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 53, "line_to": 53, "label": "call to App\\YetiForce\\Shop::getProduct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/YetiForce/views/BuyModal.php", "file_path": "/app/modules/Settings/YetiForce/views/BuyModal.php", "snippet": "\t\t$product = \\App\\YetiForce\\Shop::getProduct($request->getByType('product'), $department);", "selected_text": "$request->getByType('product')", "from": 1299, "to": 1329, "snippet_from": 1254, "snippet_to": 1344, "column_from": 46, "column_to": 76 }, { "line_from": 76, "line_to": 76, "label": "App\\YetiForce\\Shop::getProduct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\tpublic static function getProduct(string $name, string $department = ''): Shop\\AbstractBaseProduct", "selected_text": "$name", "from": 1611, "to": 1616, "snippet_from": 1569, "snippet_to": 1668, "column_from": 43, "column_to": 48 }, { "line_from": 87, "line_to": 87, "label": "call to App\\YetiForce\\Shop::getConfig", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\t\tif ($config = self::getConfig($name)) {", "selected_text": "$name", "from": 2001, "to": 2006, "snippet_from": 1969, "snippet_to": 2010, "column_from": 33, "column_to": 38 }, { "line_from": 124, "line_to": 124, "label": "App\\YetiForce\\Shop::getConfig#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\tpublic static function getConfig(string $name): array", "selected_text": "$name", "from": 2963, "to": 2968, "snippet_from": 2922, "snippet_to": 2976, "column_from": 42, "column_to": 47 }, { "line_from": 128, "line_to": 128, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\t\t\t$config = require ROOT_DIRECTORY . \"/app_data/shop/{$name}.php\";", "selected_text": "$name", "from": 3167, "to": 3172, "snippet_from": 3112, "snippet_to": 3179, "column_from": 56, "column_to": 61 }, { "line_from": 128, "line_to": 128, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/YetiForce/Shop.php", "file_path": "/app/app/YetiForce/Shop.php", "snippet": "\t\t\t$config = require ROOT_DIRECTORY . \"/app_data/shop/{$name}.php\";", "selected_text": "ROOT_DIRECTORY . \"/app_data/shop/{$name}.php\"", "from": 3133, "to": 3178, "snippet_from": 3112, "snippet_to": 3179, "column_from": 22, "column_to": 67 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 168, "line_to": 168, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "rawValues", "from": 3205, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 84, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues", "from": 3198, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "call to App\\Purifier::purifyByType", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues[$key]", "from": 3198, "to": 3220, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 99 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "$input", "from": 10137, "to": 10143, "snippet_from": 10100, "snippet_to": 10169, "column_from": 38, "column_to": 44 }, { "line_from": 452, "line_to": 452, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = $input && Validator::sql($input) ? $input : null;", "selected_text": "$value", "from": 14626, "to": 14632, "snippet_from": 14621, "snippet_to": 14684, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 561, "line_to": 561, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$moduleName = $this->getByType('module', 'Alnum');", "selected_text": "$moduleName", "from": 12794, "to": 12805, "snippet_from": 12792, "snippet_to": 12844, "column_from": 3, "column_to": 14 }, { "line_from": 559, "line_to": 559, "label": "App\\Request::getModule", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getModule($raw = true)", "selected_text": "getModule", "from": 12766, "to": 12775, "snippet_from": 12749, "snippet_to": 12788, "column_from": 18, "column_to": 27 }, { "line_from": 37, "line_to": 37, "label": "call to App\\ConfigFile::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/OSSMail/actions/Save.php", "file_path": "/app/modules/Settings/OSSMail/actions/Save.php", "snippet": "\t\t$configFile = new \\App\\ConfigFile('module', $request->getModule(true));", "selected_text": "$request->getModule(true)", "from": 1042, "to": 1067, "snippet_from": 996, "snippet_to": 1069, "column_from": 47, "column_to": 72 }, { "line_from": 66, "line_to": 66, "label": "App\\ConfigFile::__construct#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\tpublic function __construct(string $type, ?string $component = '')", "selected_text": "$component", "from": 1367, "to": 1377, "snippet_from": 1316, "snippet_to": 1383, "column_from": 52, "column_to": 62 }, { "line_from": 77, "line_to": 77, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->templatePath = 'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php';", "selected_text": "'modules' . \\DIRECTORY_SEPARATOR . $component", "from": 1674, "to": 1719, "snippet_from": 1649, "snippet_to": 1766, "column_from": 26, "column_to": 71 }, { "line_from": 77, "line_to": 77, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->templatePath = 'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php';", "selected_text": "'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR", "from": 1674, "to": 1742, "snippet_from": 1649, "snippet_to": 1766, "column_from": 26, "column_to": 94 }, { "line_from": 77, "line_to": 77, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->templatePath = 'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php';", "selected_text": "'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php'", "from": 1674, "to": 1765, "snippet_from": 1649, "snippet_to": 1766, "column_from": 26, "column_to": 117 }, { "line_from": 77, "line_to": 77, "label": "$this->templatePath", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->templatePath = 'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php';", "selected_text": "$this->templatePath", "from": 1652, "to": 1671, "snippet_from": 1649, "snippet_to": 1766, "column_from": 4, "column_to": 23 }, { "line_from": 100, "line_to": 100, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t$data = require \"{$this->templatePath}\";", "selected_text": "$this->templatePath", "from": 2684, "to": 2703, "snippet_from": 2664, "snippet_to": 2706, "column_from": 21, "column_to": 40 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "translate", "from": 3438, "to": 3447, "snippet_from": 3414, "snippet_to": 3511, "column_from": 25, "column_to": 34 }, { "line_from": 471, "line_to": 471, "label": "array['error']", "entry_path_type": "array-assignment-'error'", "entry_path_description": null, "file_name": "app/Mailer.php", "file_path": "/app/app/Mailer.php", "snippet": "\t\t\treturn ['result' => false, 'error' => Language::translate('LBL_NO_EMAIL_TEMPLATE')];", "selected_text": "'error' => Language::translate('LBL_NO_EMAIL_TEMPLATE')", "from": 13135, "to": 13190, "snippet_from": 13105, "snippet_to": 13192, "column_from": 31, "column_to": 86 }, { "line_from": 455, "line_to": 455, "label": "App\\Mailer::test", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Mailer.php", "file_path": "/app/app/Mailer.php", "snippet": "\tpublic function test()", "selected_text": "test", "from": 12532, "to": 12536, "snippet_from": 12515, "snippet_to": 12538, "column_from": 18, "column_to": 22 }, { "line_from": 58, "line_to": 58, "label": "$testMailer", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/MailSmtp/actions/SaveAjax.php", "file_path": "/app/modules/Settings/MailSmtp/actions/SaveAjax.php", "snippet": "\t\t$testMailer = $mailer->test();", "selected_text": "$testMailer", "from": 2531, "to": 2542, "snippet_from": 2529, "snippet_to": 2561, "column_from": 3, "column_to": 14 }, { "line_from": 74, "line_to": 74, "label": "$testMailer['error']", "entry_path_type": "array-fetch-'error'", "entry_path_description": null, "file_name": "modules/Settings/MailSmtp/actions/SaveAjax.php", "file_path": "/app/modules/Settings/MailSmtp/actions/SaveAjax.php", "snippet": "\t\t\t$result = ['success' => false, 'message' => \\App\\Purifier::purify($testMailer['error'])];", "selected_text": "$testMailer", "from": 3271, "to": 3282, "snippet_from": 3202, "snippet_to": 3294, "column_from": 70, "column_to": 81 }, { "line_from": 74, "line_to": 74, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/MailSmtp/actions/SaveAjax.php", "file_path": "/app/modules/Settings/MailSmtp/actions/SaveAjax.php", "snippet": "\t\t\t$result = ['success' => false, 'message' => \\App\\Purifier::purify($testMailer['error'])];", "selected_text": "$testMailer['error']", "from": 3271, "to": 3291, "snippet_from": 3202, "snippet_to": 3294, "column_from": 70, "column_to": 90 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 141, "line_to": 141, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = Purifier::purify($value);", "selected_text": "$value", "from": 2457, "to": 2463, "snippet_from": 2454, "snippet_to": 2491, "column_from": 4, "column_to": 10 }, { "line_from": 124, "line_to": 124, "label": "App\\Request::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function get($key, $value = '')", "selected_text": "get", "from": 2013, "to": 2016, "snippet_from": 1996, "snippet_to": 2035, "column_from": 18, "column_to": 21 }, { "line_from": 133, "line_to": 133, "label": "$recordId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Users/actions/SaveAjax.php", "file_path": "/app/modules/Users/actions/SaveAjax.php", "snippet": "\t\t$recordId = $request->get('record');", "selected_text": "$recordId", "from": 4554, "to": 4563, "snippet_from": 4552, "snippet_to": 4590, "column_from": 3, "column_to": 12 }, { "line_from": 144, "line_to": 144, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Users/actions/SaveAjax.php", "file_path": "/app/modules/Users/actions/SaveAjax.php", "snippet": "\t\t\trequire \"user_privileges/user_privileges_$recordId.php\";", "selected_text": "$recordId", "from": 4923, "to": 4932, "snippet_from": 4879, "snippet_to": 4938, "column_from": 45, "column_to": 54 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 561, "line_to": 561, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$moduleName = $this->getByType('module', 'Alnum');", "selected_text": "$moduleName", "from": 12794, "to": 12805, "snippet_from": 12792, "snippet_to": 12844, "column_from": 3, "column_to": 14 }, { "line_from": 559, "line_to": 559, "label": "App\\Request::getModule", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getModule($raw = true)", "selected_text": "getModule", "from": 12766, "to": 12775, "snippet_from": 12749, "snippet_to": 12788, "column_from": 18, "column_to": 27 }, { "line_from": 37, "line_to": 37, "label": "call to App\\ConfigFile::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/OSSMail/actions/Save.php", "file_path": "/app/modules/Settings/OSSMail/actions/Save.php", "snippet": "\t\t$configFile = new \\App\\ConfigFile('module', $request->getModule(true));", "selected_text": "$request->getModule(true)", "from": 1042, "to": 1067, "snippet_from": 996, "snippet_to": 1069, "column_from": 47, "column_to": 72 }, { "line_from": 66, "line_to": 66, "label": "App\\ConfigFile::__construct#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\tpublic function __construct(string $type, ?string $component = '')", "selected_text": "$component", "from": 1367, "to": 1377, "snippet_from": 1316, "snippet_to": 1383, "column_from": 52, "column_to": 62 }, { "line_from": 77, "line_to": 77, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->templatePath = 'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php';", "selected_text": "'modules' . \\DIRECTORY_SEPARATOR . $component", "from": 1674, "to": 1719, "snippet_from": 1649, "snippet_to": 1766, "column_from": 26, "column_to": 71 }, { "line_from": 77, "line_to": 77, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->templatePath = 'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php';", "selected_text": "'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR", "from": 1674, "to": 1742, "snippet_from": 1649, "snippet_to": 1766, "column_from": 26, "column_to": 94 }, { "line_from": 77, "line_to": 77, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->templatePath = 'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php';", "selected_text": "'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php'", "from": 1674, "to": 1765, "snippet_from": 1649, "snippet_to": 1766, "column_from": 26, "column_to": 117 }, { "line_from": 77, "line_to": 77, "label": "$this->templatePath", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->templatePath = 'modules' . \\DIRECTORY_SEPARATOR . $component . \\DIRECTORY_SEPARATOR . 'ConfigTemplate.php';", "selected_text": "$this->templatePath", "from": 1652, "to": 1671, "snippet_from": 1649, "snippet_to": 1766, "column_from": 4, "column_to": 23 }, { "line_from": 100, "line_to": 100, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t$data = require \"{$this->templatePath}\";", "selected_text": "$this->templatePath", "from": 2684, "to": 2703, "snippet_from": 2664, "snippet_to": 2706, "column_from": 21, "column_to": 40 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 168, "line_to": 168, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "rawValues", "from": 3205, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 84, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues", "from": 3198, "to": 3214, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 93 }, { "line_from": 168, "line_to": 168, "label": "call to App\\Purifier::purifyByType", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByType[$key][$type] = Purifier::purifyByType($this->rawValues[$key], $type, $convert);", "selected_text": "$this->rawValues[$key]", "from": 3198, "to": 3220, "snippet_from": 3122, "snippet_to": 3239, "column_from": 77, "column_to": 99 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "$input", "from": 10137, "to": 10143, "snippet_from": 10100, "snippet_to": 10169, "column_from": 38, "column_to": 44 }, { "line_from": 452, "line_to": 452, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = $input && Validator::sql($input) ? $input : null;", "selected_text": "$value", "from": 14626, "to": 14632, "snippet_from": 14621, "snippet_to": 14684, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 561, "line_to": 561, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$moduleName = $this->getByType('module', 'Alnum');", "selected_text": "$moduleName", "from": 12794, "to": 12805, "snippet_from": 12792, "snippet_to": 12844, "column_from": 3, "column_to": 14 }, { "line_from": 559, "line_to": 559, "label": "App\\Request::getModule", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getModule($raw = true)", "selected_text": "getModule", "from": 12766, "to": 12775, "snippet_from": 12749, "snippet_to": 12788, "column_from": 18, "column_to": 27 }, { "line_from": 37, "line_to": 37, "label": "call to App\\ConfigFile::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/OSSMail/actions/Save.php", "file_path": "/app/modules/Settings/OSSMail/actions/Save.php", "snippet": "\t\t$configFile = new \\App\\ConfigFile('module', $request->getModule(true));", "selected_text": "$request->getModule(true)", "from": 1042, "to": 1067, "snippet_from": 996, "snippet_to": 1069, "column_from": 47, "column_to": 72 }, { "line_from": 66, "line_to": 66, "label": "App\\ConfigFile::__construct#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\tpublic function __construct(string $type, ?string $component = '')", "selected_text": "$component", "from": 1367, "to": 1377, "snippet_from": 1316, "snippet_to": 1383, "column_from": 52, "column_to": 62 }, { "line_from": 81, "line_to": 81, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "$component", "from": 2127, "to": 2137, "snippet_from": 2036, "snippet_to": 2144, "column_from": 92, "column_to": 102 }, { "line_from": 81, "line_to": 81, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\"", "from": 2053, "to": 2143, "snippet_from": 2036, "snippet_to": 2144, "column_from": 18, "column_to": 108 }, { "line_from": 81, "line_to": 81, "label": "App\\ConfigFile::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "$this->path", "from": 2039, "to": 2050, "snippet_from": 2036, "snippet_to": 2144, "column_from": 4, "column_to": 15 }, { "label": "App\\ConfigFile::$path", "entry_path_type": "property-assignment" }, { "line_from": 257, "line_to": 257, "label": "App\\ConfigFile::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\trequire \"{$this->path}\";", "selected_text": "path", "from": 7479, "to": 7483, "snippet_from": 7459, "snippet_to": 7486, "column_from": 21, "column_to": 25 }, { "line_from": 257, "line_to": 257, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\trequire \"{$this->path}\";", "selected_text": "$this->path", "from": 7472, "to": 7483, "snippet_from": 7459, "snippet_to": 7486, "column_from": 14, "column_to": 25 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 561, "line_to": 561, "label": "$moduleName", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$moduleName = $this->getByType('module', 'Alnum');", "selected_text": "$moduleName", "from": 12794, "to": 12805, "snippet_from": 12792, "snippet_to": 12844, "column_from": 3, "column_to": 14 }, { "line_from": 559, "line_to": 559, "label": "App\\Request::getModule", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getModule($raw = true)", "selected_text": "getModule", "from": 12766, "to": 12775, "snippet_from": 12749, "snippet_to": 12788, "column_from": 18, "column_to": 27 }, { "line_from": 37, "line_to": 37, "label": "call to App\\ConfigFile::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/OSSMail/actions/Save.php", "file_path": "/app/modules/Settings/OSSMail/actions/Save.php", "snippet": "\t\t$configFile = new \\App\\ConfigFile('module', $request->getModule(true));", "selected_text": "$request->getModule(true)", "from": 1042, "to": 1067, "snippet_from": 996, "snippet_to": 1069, "column_from": 47, "column_to": 72 }, { "line_from": 66, "line_to": 66, "label": "App\\ConfigFile::__construct#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\tpublic function __construct(string $type, ?string $component = '')", "selected_text": "$component", "from": 1367, "to": 1377, "snippet_from": 1316, "snippet_to": 1383, "column_from": 52, "column_to": 62 }, { "line_from": 81, "line_to": 81, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "$component", "from": 2127, "to": 2137, "snippet_from": 2036, "snippet_to": 2144, "column_from": 92, "column_to": 102 }, { "line_from": 81, "line_to": 81, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\"", "from": 2053, "to": 2143, "snippet_from": 2036, "snippet_to": 2144, "column_from": 18, "column_to": 108 }, { "line_from": 81, "line_to": 81, "label": "App\\ConfigFile::$path", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\t$this->path = 'config' . \\DIRECTORY_SEPARATOR . 'Components' . \\DIRECTORY_SEPARATOR . \"{$component}.php\";", "selected_text": "$this->path", "from": 2039, "to": 2050, "snippet_from": 2036, "snippet_to": 2144, "column_from": 4, "column_to": 15 }, { "label": "App\\ConfigFile::$path", "entry_path_type": "property-assignment" }, { "line_from": 257, "line_to": 257, "label": "App\\ConfigFile::$path", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\trequire \"{$this->path}\";", "selected_text": "path", "from": 7479, "to": 7483, "snippet_from": 7459, "snippet_to": 7486, "column_from": 21, "column_to": 25 }, { "line_from": 257, "line_to": 257, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "app/ConfigFile.php", "file_path": "/app/app/ConfigFile.php", "snippet": "\t\t\trequire \"{$this->path}\";", "selected_text": "$this->path", "from": 7472, "to": 7483, "snippet_from": 7459, "snippet_to": 7486, "column_from": 14, "column_to": 25 } ] }, { "severity": "error", "line_from": 73, "line_to": 73, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$status = include_once $file;", "selected_text": "$file", "from": 2168, "to": 2173, "snippet_from": 2143, "snippet_to": 2174, "column_from": 26, "column_to": 31, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 113, "line_to": 113, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\t\t$value = \\App\\Purifier::decodeHtml($value);", "selected_text": "$value", "from": 3058, "to": 3064, "snippet_from": 3055, "snippet_to": 3101, "column_from": 4, "column_to": 10 }, { "line_from": 115, "line_to": 115, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/Base.php", "file_path": "/app/modules/Vtiger/uitypes/Base.php", "snippet": "\t\tif (!is_numeric($value) && (\\is_string($value) && $value !== \\App\\Purifier::decodeHtml(\\App\\Purifier::purify($value)))) {", "selected_text": "$value", "from": 3217, "to": 3223, "snippet_from": 3106, "snippet_to": 3229, "column_from": 112, "column_to": 118 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 456, "line_to": 456, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = self::purify($input);", "selected_text": "$value", "from": 14732, "to": 14738, "snippet_from": 14727, "snippet_to": 14762, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 162, "line_to": 162, "label": "App\\Request::getByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getByType($key, $type = 'Standard', $convert = false)", "selected_text": "getByType", "from": 2913, "to": 2922, "snippet_from": 2896, "snippet_to": 2966, "column_from": 18, "column_to": 27 }, { "line_from": 17, "line_to": 17, "label": "$componentName", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Vtiger/views/ShowWidget.php", "file_path": "/app/modules/Vtiger/views/ShowWidget.php", "snippet": "\t\t$componentName = $request->getByType('name');", "selected_text": "$componentName", "from": 720, "to": 734, "snippet_from": 718, "snippet_to": 765, "column_from": 3, "column_to": 17 }, { "line_from": 19, "line_to": 19, "label": "call to Vtiger_Loader::getComponentClassName", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/views/ShowWidget.php", "file_path": "/app/modules/Vtiger/views/ShowWidget.php", "snippet": "\t\t\t$className = Vtiger_Loader::getComponentClassName('Dashboard', $componentName, $moduleName);", "selected_text": "$componentName", "from": 864, "to": 878, "snippet_from": 798, "snippet_to": 893, "column_from": 67, "column_to": 81 }, { "line_from": 110, "line_to": 110, "label": "Vtiger_Loader::getComponentClassName#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function getComponentClassName($componentType, $componentName, $moduleName = 'Vtiger', $throwException = true)", "selected_text": "$componentName", "from": 3039, "to": 3053, "snippet_from": 2977, "snippet_to": 3102, "column_from": 63, "column_to": 77 }, { "line_from": 142, "line_to": 142, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t\tif (file_exists(self::resolveNameToPath(\"$dir$classDir.$componentTypeDirectory.$componentName\"))) {", "selected_text": "$componentName", "from": 4423, "to": 4437, "snippet_from": 4340, "snippet_to": 4443, "column_from": 84, "column_to": 98 }, { "line_from": 142, "line_to": 142, "label": "call to Vtiger_Loader::resolveNameToPath", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t\tif (file_exists(self::resolveNameToPath(\"$dir$classDir.$componentTypeDirectory.$componentName\"))) {", "selected_text": "\"$dir$classDir.$componentTypeDirectory.$componentName\"", "from": 4384, "to": 4438, "snippet_from": 4340, "snippet_to": 4443, "column_from": 45, "column_to": 99 }, { "line_from": 29, "line_to": 29, "label": "Vtiger_Loader::resolveNameToPath#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function resolveNameToPath($qualifiedName, $fileExtension = 'php')", "selected_text": "$qualifiedName", "from": 996, "to": 1010, "snippet_from": 954, "snippet_to": 1035, "column_from": 43, "column_to": 57 }, { "line_from": 42, "line_to": 42, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$qualifiedName", "from": 1395, "to": 1409, "snippet_from": 1363, "snippet_to": 1411, "column_from": 33, "column_to": 47 }, { "line_from": 42, "line_to": 42, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$qualifiedName", "from": 1395, "to": 1409, "snippet_from": 1363, "snippet_to": 1411, "column_from": 33, "column_to": 47 }, { "line_from": 42, "line_to": 42, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "str_replace('~', '', $qualifiedName)", "from": 1374, "to": 1410, "snippet_from": 1363, "snippet_to": 1411, "column_from": 12, "column_to": 48 }, { "line_from": 42, "line_to": 42, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = str_replace('~', '', $qualifiedName);", "selected_text": "$file", "from": 1366, "to": 1371, "snippet_from": 1363, "snippet_to": 1411, "column_from": 4, "column_to": 9 }, { "line_from": 43, "line_to": 43, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file;", "selected_text": "ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file", "from": 1423, "to": 1477, "snippet_from": 1412, "snippet_to": 1478, "column_from": 12, "column_to": 66 }, { "line_from": 43, "line_to": 43, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t\t$file = ROOT_DIRECTORY . DIRECTORY_SEPARATOR . $prefix . $file;", "selected_text": "$file", "from": 1415, "to": 1420, "snippet_from": 1412, "snippet_to": 1478, "column_from": 4, "column_to": 9 }, { "line_from": 29, "line_to": 29, "label": "Vtiger_Loader::resolveNameToPath", "entry_path_type": "return", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\tpublic static function resolveNameToPath($qualifiedName, $fileExtension = 'php')", "selected_text": "resolveNameToPath", "from": 978, "to": 995, "snippet_from": 954, "snippet_to": 1035, "column_from": 25, "column_to": 42 }, { "line_from": 64, "line_to": 64, "label": "$file", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/Loader.php", "file_path": "/app/include/Loader.php", "snippet": "\t\t$file = self::resolveNameToPath($qualifiedName);", "selected_text": "$file", "from": 1938, "to": 1943, "snippet_from": 1936, "snippet_to": 1986, "column_from": 3, "column_to": 8 } ] }, { "severity": "error", "line_from": 263, "line_to": 263, "type": "TaintedInput", "message": "Detected tainted html", "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t\techo $this->error;", "selected_text": "$this->error", "from": 5441, "to": 5453, "snippet_from": 5432, "snippet_to": 5454, "column_from": 10, "column_to": 22, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 134, "line_to": 134, "label": "call to App\\Language::translate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/actions/QuickExport.php", "file_path": "/app/modules/Vtiger/actions/QuickExport.php", "snippet": "\t\t$filename = \\App\\Language::translate($moduleName, $moduleName) . '-' . \\App\\Language::translate(App\\Purifier::decodeHtml($customView->get('viewname')), $moduleName) . '.xls';", "selected_text": "App\\Purifier::decodeHtml($customView->get('viewname'))", "from": 5796, "to": 5850, "snippet_from": 5698, "snippet_to": 5874, "column_from": 99, "column_to": 153 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "$key", "from": 3448, "to": 3452, "snippet_from": 3414, "snippet_to": 3511, "column_from": 35, "column_to": 39 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "translate", "from": 3438, "to": 3447, "snippet_from": 3414, "snippet_to": 3511, "column_from": 25, "column_to": 34 }, { "line_from": 117, "line_to": 117, "label": "call to Vtiger_Response::setError", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/Vtiger/actions/CustomRecordNumberingAjax.php", "file_path": "/app/modules/Settings/Vtiger/actions/CustomRecordNumberingAjax.php", "snippet": "\t\t\t$response->setError(false, App\\Language::translate('LBL_ERROR_WHILE_UPDATING', $sourceModule));", "selected_text": "App\\Language::translate('LBL_ERROR_WHILE_UPDATING', $sourceModule)", "from": 4447, "to": 4513, "snippet_from": 4417, "snippet_to": 4515, "column_from": 31, "column_to": 97 }, { "line_from": 76, "line_to": 76, "label": "Vtiger_Response::setError#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\tpublic function setError($code = 500, $message = null, $trace = false)", "selected_text": "$message", "from": 1580, "to": 1588, "snippet_from": 1541, "snippet_to": 1612, "column_from": 40, "column_to": 48 }, { "line_from": 81, "line_to": 81, "label": "array['message']", "entry_path_type": "array-assignment-'message'", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$error = ['code' => $code, 'message' => $message, 'trace' => $trace];", "selected_text": "'message' => $message", "from": 1697, "to": 1718, "snippet_from": 1668, "snippet_to": 1739, "column_from": 30, "column_to": 51 }, { "line_from": 81, "line_to": 81, "label": "$error", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$error = ['code' => $code, 'message' => $message, 'trace' => $trace];", "selected_text": "$error", "from": 1670, "to": 1676, "snippet_from": 1668, "snippet_to": 1739, "column_from": 3, "column_to": 9 }, { "line_from": 82, "line_to": 82, "label": "Vtiger_Response::$error", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$this->error = $error;", "selected_text": "$this->error", "from": 1742, "to": 1754, "snippet_from": 1740, "snippet_to": 1764, "column_from": 3, "column_to": 15 }, { "label": "Vtiger_Response::$error", "entry_path_type": "property-assignment" }, { "line_from": 263, "line_to": 263, "label": "Vtiger_Response::$error", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t\techo $this->error;", "selected_text": "error", "from": 5448, "to": 5453, "snippet_from": 5432, "snippet_to": 5454, "column_from": 17, "column_to": 22 }, { "line_from": 263, "line_to": 263, "label": "call to echo", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t\techo $this->error;", "selected_text": "$this->error", "from": 5441, "to": 5453, "snippet_from": 5432, "snippet_to": 5454, "column_from": 10, "column_to": 22 } ] }, { "severity": "error", "line_from": 263, "line_to": 263, "type": "TaintedInput", "message": "Detected tainted html", "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t\techo $this->error;", "selected_text": "$this->error", "from": 5441, "to": 5453, "snippet_from": 5432, "snippet_to": 5454, "column_from": 10, "column_to": 22, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 60, "line_to": 60, "label": "Throwable::getTraceAsString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function getTraceAsString() : string;", "selected_text": "string", "from": 1043, "to": 1049, "snippet_from": 1002, "snippet_to": 1050, "column_from": 42, "column_to": 48 }, { "line_from": 99, "line_to": 99, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t$trace = str_replace(ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR, '', $e->getTraceAsString());", "selected_text": "$e->getTraceAsString()", "from": 2110, "to": 2132, "snippet_from": 2043, "snippet_to": 2134, "column_from": 68, "column_to": 90 }, { "line_from": 99, "line_to": 99, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t$trace = str_replace(ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR, '', $e->getTraceAsString());", "selected_text": "$e->getTraceAsString()", "from": 2110, "to": 2132, "snippet_from": 2043, "snippet_to": 2134, "column_from": 68, "column_to": 90 }, { "line_from": 99, "line_to": 99, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t$trace = str_replace(ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR, '', $e->getTraceAsString());", "selected_text": "str_replace(ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR, '', $e->getTraceAsString())", "from": 2055, "to": 2133, "snippet_from": 2043, "snippet_to": 2134, "column_from": 13, "column_to": 91 }, { "line_from": 99, "line_to": 99, "label": "$trace", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t$trace = str_replace(ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR, '', $e->getTraceAsString());", "selected_text": "$trace", "from": 2046, "to": 2052, "snippet_from": 2043, "snippet_to": 2134, "column_from": 4, "column_to": 10 }, { "line_from": 109, "line_to": 109, "label": "array['trace']", "entry_path_type": "array-assignment-'trace'", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t'trace' => $trace", "selected_text": "'trace' => $trace", "from": 2494, "to": 2511, "snippet_from": 2491, "snippet_to": 2511, "column_from": 4, "column_to": 21 }, { "line_from": 106, "line_to": 106, "label": "Vtiger_Response::$error", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$this->error = [", "selected_text": "$this->error", "from": 2420, "to": 2432, "snippet_from": 2418, "snippet_to": 2436, "column_from": 3, "column_to": 15 }, { "label": "Vtiger_Response::$error", "entry_path_type": "property-assignment" }, { "line_from": 263, "line_to": 263, "label": "Vtiger_Response::$error", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t\techo $this->error;", "selected_text": "error", "from": 5448, "to": 5453, "snippet_from": 5432, "snippet_to": 5454, "column_from": 17, "column_to": 22 }, { "line_from": 263, "line_to": 263, "label": "call to echo", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t\techo $this->error;", "selected_text": "$this->error", "from": 5441, "to": 5453, "snippet_from": 5432, "snippet_to": 5454, "column_from": 10, "column_to": 22 } ] }, { "severity": "error", "line_from": 263, "line_to": 263, "type": "TaintedInput", "message": "Detected tainted html", "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t\techo $this->error;", "selected_text": "$this->error", "from": 5441, "to": 5453, "snippet_from": 5432, "snippet_to": 5454, "column_from": 10, "column_to": 22, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 134, "line_to": 134, "label": "call to App\\Language::translate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/actions/QuickExport.php", "file_path": "/app/modules/Vtiger/actions/QuickExport.php", "snippet": "\t\t$filename = \\App\\Language::translate($moduleName, $moduleName) . '-' . \\App\\Language::translate(App\\Purifier::decodeHtml($customView->get('viewname')), $moduleName) . '.xls';", "selected_text": "App\\Purifier::decodeHtml($customView->get('viewname'))", "from": 5796, "to": 5850, "snippet_from": 5698, "snippet_to": 5874, "column_from": 99, "column_to": 153 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "$key", "from": 3448, "to": 3452, "snippet_from": 3414, "snippet_to": 3511, "column_from": 35, "column_to": 39 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "translate", "from": 3438, "to": 3447, "snippet_from": 3414, "snippet_to": 3511, "column_from": 25, "column_to": 34 }, { "line_from": 36, "line_to": 36, "label": "call to Vtiger_Response::setError", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/Vtiger/actions/ConfigEditorSaveAjax.php", "file_path": "/app/modules/Settings/Vtiger/actions/ConfigEditorSaveAjax.php", "snippet": "\t\t\t$response->setError(\\App\\Language::translate('LBL_ERROR', $qualifiedModuleName));", "selected_text": "\\App\\Language::translate('LBL_ERROR', $qualifiedModuleName)", "from": 1310, "to": 1369, "snippet_from": 1287, "snippet_to": 1371, "column_from": 24, "column_to": 83 }, { "line_from": 76, "line_to": 76, "label": "Vtiger_Response::setError#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\tpublic function setError($code = 500, $message = null, $trace = false)", "selected_text": "$code", "from": 1567, "to": 1572, "snippet_from": 1541, "snippet_to": 1612, "column_from": 27, "column_to": 32 }, { "line_from": 79, "line_to": 79, "label": "$message", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t$message = $code;", "selected_text": "$message", "from": 1646, "to": 1654, "snippet_from": 1643, "snippet_to": 1663, "column_from": 4, "column_to": 12 }, { "line_from": 81, "line_to": 81, "label": "array['message']", "entry_path_type": "array-assignment-'message'", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$error = ['code' => $code, 'message' => $message, 'trace' => $trace];", "selected_text": "'message' => $message", "from": 1697, "to": 1718, "snippet_from": 1668, "snippet_to": 1739, "column_from": 30, "column_to": 51 }, { "line_from": 81, "line_to": 81, "label": "$error", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$error = ['code' => $code, 'message' => $message, 'trace' => $trace];", "selected_text": "$error", "from": 1670, "to": 1676, "snippet_from": 1668, "snippet_to": 1739, "column_from": 3, "column_to": 9 }, { "line_from": 82, "line_to": 82, "label": "Vtiger_Response::$error", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$this->error = $error;", "selected_text": "$this->error", "from": 1742, "to": 1754, "snippet_from": 1740, "snippet_to": 1764, "column_from": 3, "column_to": 15 }, { "label": "Vtiger_Response::$error", "entry_path_type": "property-assignment" }, { "line_from": 263, "line_to": 263, "label": "Vtiger_Response::$error", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t\techo $this->error;", "selected_text": "error", "from": 5448, "to": 5453, "snippet_from": 5432, "snippet_to": 5454, "column_from": 17, "column_to": 22 }, { "line_from": 263, "line_to": 263, "label": "call to echo", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t\techo $this->error;", "selected_text": "$this->error", "from": 5441, "to": 5453, "snippet_from": 5432, "snippet_to": 5454, "column_from": 10, "column_to": 22 } ] }, { "severity": "error", "line_from": 269, "line_to": 269, "type": "TaintedInput", "message": "Detected tainted html", "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t\techo $this->result;", "selected_text": "$this->result", "from": 5582, "to": 5595, "snippet_from": 5573, "snippet_to": 5596, "column_from": 10, "column_to": 23, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 189, "line_to": 189, "label": "$e", "entry_path_type": "method-call-__tostring", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\\App\\Log::error($e->getMessage() . PHP_EOL . $e->__toString());", "selected_text": "$e", "from": 7175, "to": 7177, "snippet_from": 7127, "snippet_to": 7193, "column_from": 49, "column_to": 51 }, { "line_from": 198, "line_to": 198, "label": "call to vtlib\\Functions::throwNewException", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\\vtlib\\Functions::throwNewException($e, false, $messageHeader);", "selected_text": "$e", "from": 7591, "to": 7593, "snippet_from": 7552, "snippet_to": 7618, "column_from": 40, "column_to": 42 }, { "line_from": 354, "line_to": 354, "label": "vtlib\\Functions::throwNewException#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Functions.php", "file_path": "/app/vtlib/Vtiger/Functions.php", "snippet": "\tpublic static function throwNewException($e, $die = true, $messageHeader = 'LBL_ERROR')", "selected_text": "$e", "from": 11788, "to": 11790, "snippet_from": 11746, "snippet_to": 11834, "column_from": 43, "column_to": 45 }, { "line_from": 359, "line_to": 359, "label": "$message", "entry_path_type": "=", "entry_path_description": null, "file_name": "vtlib/Vtiger/Functions.php", "file_path": "/app/vtlib/Vtiger/Functions.php", "snippet": "\t\t$message = \\is_object($e) ? $e->getMessage() : $e;", "selected_text": "$message", "from": 12077, "to": 12085, "snippet_from": 12075, "snippet_to": 12127, "column_from": 3, "column_to": 11 }, { "line_from": 363, "line_to": 363, "label": "call to App\\Language::translateSingleMod", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Functions.php", "file_path": "/app/vtlib/Vtiger/Functions.php", "snippet": "\t\t\t\t$message = \\App\\Language::translateSingleMod($message, 'Other.Exceptions');", "selected_text": "$message", "from": 12265, "to": 12273, "snippet_from": 12216, "snippet_to": 12295, "column_from": 50, "column_to": 58 }, { "line_from": 300, "line_to": 300, "label": "App\\Language::translateSingleMod#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translateSingleMod($key, $moduleName = '_Base', $language = false)", "selected_text": "$key", "from": 8481, "to": 8485, "snippet_from": 8438, "snippet_to": 8528, "column_from": 44, "column_to": 48 }, { "line_from": 300, "line_to": 300, "label": "App\\Language::translateSingleMod", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translateSingleMod($key, $moduleName = '_Base', $language = false)", "selected_text": "translateSingleMod", "from": 8462, "to": 8480, "snippet_from": 8438, "snippet_to": 8528, "column_from": 25, "column_to": 43 }, { "line_from": 114, "line_to": 114, "label": "array['text']", "entry_path_type": "array-assignment-'text'", "entry_path_description": null, "file_name": "modules/Users/actions/Password.php", "file_path": "/app/modules/Users/actions/Password.php", "snippet": "\t\t\t\t$response->setResult(['procesStop' => true, 'notify' => ['text' => \\App\\Language::translateSingleMod($exc->getMessage(), 'Other.Exceptions'), 'type' => 'error']]);", "selected_text": "'text' => \\App\\Language::translateSingleMod($exc->getMessage(), 'Other.Exceptions')", "from": 4231, "to": 4314, "snippet_from": 4170, "snippet_to": 4337, "column_from": 62, "column_to": 145 }, { "line_from": 114, "line_to": 114, "label": "array['notify']", "entry_path_type": "array-assignment-'notify'", "entry_path_description": null, "file_name": "modules/Users/actions/Password.php", "file_path": "/app/modules/Users/actions/Password.php", "snippet": "\t\t\t\t$response->setResult(['procesStop' => true, 'notify' => ['text' => \\App\\Language::translateSingleMod($exc->getMessage(), 'Other.Exceptions'), 'type' => 'error']]);", "selected_text": "'notify' => ['text' => \\App\\Language::translateSingleMod($exc->getMessage(), 'Other.Exceptions'), 'type' => 'error']", "from": 4218, "to": 4334, "snippet_from": 4170, "snippet_to": 4337, "column_from": 49, "column_to": 165 }, { "line_from": 114, "line_to": 114, "label": "call to Vtiger_Response::setResult", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Users/actions/Password.php", "file_path": "/app/modules/Users/actions/Password.php", "snippet": "\t\t\t\t$response->setResult(['procesStop' => true, 'notify' => ['text' => \\App\\Language::translateSingleMod($exc->getMessage(), 'Other.Exceptions'), 'type' => 'error']]);", "selected_text": "['procesStop' => true, 'notify' => ['text' => \\App\\Language::translateSingleMod($exc->getMessage(), 'Other.Exceptions'), 'type' => 'error']]", "from": 4195, "to": 4335, "snippet_from": 4170, "snippet_to": 4337, "column_from": 26, "column_to": 166 }, { "line_from": 164, "line_to": 164, "label": "Vtiger_Response::setResult#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\tpublic function setResult($result)", "selected_text": "$result", "from": 3303, "to": 3310, "snippet_from": 3276, "snippet_to": 3311, "column_from": 28, "column_to": 35 }, { "line_from": 166, "line_to": 166, "label": "Vtiger_Response::$result", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$this->result = $result;", "selected_text": "$this->result", "from": 3317, "to": 3330, "snippet_from": 3315, "snippet_to": 3341, "column_from": 3, "column_to": 16 }, { "label": "Vtiger_Response::$result", "entry_path_type": "property-assignment" }, { "line_from": 269, "line_to": 269, "label": "Vtiger_Response::$result", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t\techo $this->result;", "selected_text": "result", "from": 5589, "to": 5595, "snippet_from": 5573, "snippet_to": 5596, "column_from": 17, "column_to": 23 }, { "line_from": 269, "line_to": 269, "label": "call to echo", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t\techo $this->result;", "selected_text": "$this->result", "from": 5582, "to": 5595, "snippet_from": 5573, "snippet_to": 5596, "column_from": 10, "column_to": 23 } ] }, { "severity": "error", "line_from": 269, "line_to": 269, "type": "TaintedInput", "message": "Detected tainted html", "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t\techo $this->result;", "selected_text": "$this->result", "from": 5582, "to": 5595, "snippet_from": 5573, "snippet_to": 5596, "column_from": 10, "column_to": 23, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 40, "line_to": 40, "label": "array['value']", "entry_path_type": "array-assignment-'value'", "entry_path_description": null, "file_name": "modules/Users/actions/BasicAjax.php", "file_path": "/app/modules/Users/actions/BasicAjax.php", "snippet": "\t\t\t\t\t\t'value' => App\\Purifier::decodeHtml($recordModel->getName()),", "selected_text": "'value' => App\\Purifier::decodeHtml($recordModel->getName())", "from": 1459, "to": 1519, "snippet_from": 1453, "snippet_to": 1520, "column_from": 7, "column_to": 67 }, { "line_from": 38, "line_to": 38, "label": "$result", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "modules/Users/actions/BasicAjax.php", "file_path": "/app/modules/Users/actions/BasicAjax.php", "snippet": "\t\t\t\t\t$result[] = [", "selected_text": "$result", "from": 1371, "to": 1378, "snippet_from": 1366, "snippet_to": 1384, "column_from": 6, "column_to": 13 }, { "line_from": 47, "line_to": 47, "label": "call to Vtiger_Response::setResult", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Users/actions/BasicAjax.php", "file_path": "/app/modules/Users/actions/BasicAjax.php", "snippet": "\t\t$response->setResult($result);", "selected_text": "$result", "from": 1642, "to": 1649, "snippet_from": 1619, "snippet_to": 1651, "column_from": 24, "column_to": 31 }, { "line_from": 164, "line_to": 164, "label": "Vtiger_Response::setResult#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\tpublic function setResult($result)", "selected_text": "$result", "from": 3303, "to": 3310, "snippet_from": 3276, "snippet_to": 3311, "column_from": 28, "column_to": 35 }, { "line_from": 166, "line_to": 166, "label": "Vtiger_Response::$result", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$this->result = $result;", "selected_text": "$this->result", "from": 3317, "to": 3330, "snippet_from": 3315, "snippet_to": 3341, "column_from": 3, "column_to": 16 }, { "label": "Vtiger_Response::$result", "entry_path_type": "property-assignment" }, { "line_from": 269, "line_to": 269, "label": "Vtiger_Response::$result", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t\techo $this->result;", "selected_text": "result", "from": 5589, "to": 5595, "snippet_from": 5573, "snippet_to": 5596, "column_from": 17, "column_to": 23 }, { "line_from": 269, "line_to": 269, "label": "call to echo", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t\techo $this->result;", "selected_text": "$this->result", "from": 5582, "to": 5595, "snippet_from": 5573, "snippet_to": 5596, "column_from": 10, "column_to": 23 } ] }, { "severity": "error", "line_from": 282, "line_to": 282, "type": "TaintedInput", "message": "Detected tainted html", "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\techo (\\is_string($this->error)) ? $this->error : var_export($this->error, true);", "selected_text": "(\\is_string($this->error)) ? $this->error : var_export($this->error, true)", "from": 5796, "to": 5870, "snippet_from": 5788, "snippet_to": 5871, "column_from": 9, "column_to": 83, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 60, "line_to": 60, "label": "Throwable::getTraceAsString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function getTraceAsString() : string;", "selected_text": "string", "from": 1043, "to": 1049, "snippet_from": 1002, "snippet_to": 1050, "column_from": 42, "column_to": 48 }, { "line_from": 99, "line_to": 99, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t$trace = str_replace(ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR, '', $e->getTraceAsString());", "selected_text": "$e->getTraceAsString()", "from": 2110, "to": 2132, "snippet_from": 2043, "snippet_to": 2134, "column_from": 68, "column_to": 90 }, { "line_from": 99, "line_to": 99, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t$trace = str_replace(ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR, '', $e->getTraceAsString());", "selected_text": "$e->getTraceAsString()", "from": 2110, "to": 2132, "snippet_from": 2043, "snippet_to": 2134, "column_from": 68, "column_to": 90 }, { "line_from": 99, "line_to": 99, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t$trace = str_replace(ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR, '', $e->getTraceAsString());", "selected_text": "str_replace(ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR, '', $e->getTraceAsString())", "from": 2055, "to": 2133, "snippet_from": 2043, "snippet_to": 2134, "column_from": 13, "column_to": 91 }, { "line_from": 99, "line_to": 99, "label": "$trace", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t$trace = str_replace(ROOT_DIRECTORY . \\DIRECTORY_SEPARATOR, '', $e->getTraceAsString());", "selected_text": "$trace", "from": 2046, "to": 2052, "snippet_from": 2043, "snippet_to": 2134, "column_from": 4, "column_to": 10 }, { "line_from": 109, "line_to": 109, "label": "array['trace']", "entry_path_type": "array-assignment-'trace'", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t'trace' => $trace", "selected_text": "'trace' => $trace", "from": 2494, "to": 2511, "snippet_from": 2491, "snippet_to": 2511, "column_from": 4, "column_to": 21 }, { "line_from": 106, "line_to": 106, "label": "Vtiger_Response::$error", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$this->error = [", "selected_text": "$this->error", "from": 2420, "to": 2432, "snippet_from": 2418, "snippet_to": 2436, "column_from": 3, "column_to": 15 }, { "label": "Vtiger_Response::$error", "entry_path_type": "property-assignment" }, { "line_from": 282, "line_to": 282, "label": "Vtiger_Response::$error", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\techo (\\is_string($this->error)) ? $this->error : var_export($this->error, true);", "selected_text": "error", "from": 5832, "to": 5837, "snippet_from": 5788, "snippet_to": 5871, "column_from": 45, "column_to": 50 }, { "line_from": 282, "line_to": 282, "label": "call to echo", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\techo (\\is_string($this->error)) ? $this->error : var_export($this->error, true);", "selected_text": "(\\is_string($this->error)) ? $this->error : var_export($this->error, true)", "from": 5796, "to": 5870, "snippet_from": 5788, "snippet_to": 5871, "column_from": 9, "column_to": 83 } ] }, { "severity": "error", "line_from": 282, "line_to": 282, "type": "TaintedInput", "message": "Detected tainted html", "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\techo (\\is_string($this->error)) ? $this->error : var_export($this->error, true);", "selected_text": "(\\is_string($this->error)) ? $this->error : var_export($this->error, true)", "from": 5796, "to": 5870, "snippet_from": 5788, "snippet_to": 5871, "column_from": 9, "column_to": 83, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 134, "line_to": 134, "label": "call to App\\Language::translate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/actions/QuickExport.php", "file_path": "/app/modules/Vtiger/actions/QuickExport.php", "snippet": "\t\t$filename = \\App\\Language::translate($moduleName, $moduleName) . '-' . \\App\\Language::translate(App\\Purifier::decodeHtml($customView->get('viewname')), $moduleName) . '.xls';", "selected_text": "App\\Purifier::decodeHtml($customView->get('viewname'))", "from": 5796, "to": 5850, "snippet_from": 5698, "snippet_to": 5874, "column_from": 99, "column_to": 153 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "$key", "from": 3448, "to": 3452, "snippet_from": 3414, "snippet_to": 3511, "column_from": 35, "column_to": 39 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "translate", "from": 3438, "to": 3447, "snippet_from": 3414, "snippet_to": 3511, "column_from": 25, "column_to": 34 }, { "line_from": 117, "line_to": 117, "label": "call to Vtiger_Response::setError", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/Vtiger/actions/CustomRecordNumberingAjax.php", "file_path": "/app/modules/Settings/Vtiger/actions/CustomRecordNumberingAjax.php", "snippet": "\t\t\t$response->setError(false, App\\Language::translate('LBL_ERROR_WHILE_UPDATING', $sourceModule));", "selected_text": "App\\Language::translate('LBL_ERROR_WHILE_UPDATING', $sourceModule)", "from": 4447, "to": 4513, "snippet_from": 4417, "snippet_to": 4515, "column_from": 31, "column_to": 97 }, { "line_from": 76, "line_to": 76, "label": "Vtiger_Response::setError#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\tpublic function setError($code = 500, $message = null, $trace = false)", "selected_text": "$message", "from": 1580, "to": 1588, "snippet_from": 1541, "snippet_to": 1612, "column_from": 40, "column_to": 48 }, { "line_from": 81, "line_to": 81, "label": "array['message']", "entry_path_type": "array-assignment-'message'", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$error = ['code' => $code, 'message' => $message, 'trace' => $trace];", "selected_text": "'message' => $message", "from": 1697, "to": 1718, "snippet_from": 1668, "snippet_to": 1739, "column_from": 30, "column_to": 51 }, { "line_from": 81, "line_to": 81, "label": "$error", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$error = ['code' => $code, 'message' => $message, 'trace' => $trace];", "selected_text": "$error", "from": 1670, "to": 1676, "snippet_from": 1668, "snippet_to": 1739, "column_from": 3, "column_to": 9 }, { "line_from": 82, "line_to": 82, "label": "Vtiger_Response::$error", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$this->error = $error;", "selected_text": "$this->error", "from": 1742, "to": 1754, "snippet_from": 1740, "snippet_to": 1764, "column_from": 3, "column_to": 15 }, { "label": "Vtiger_Response::$error", "entry_path_type": "property-assignment" }, { "line_from": 282, "line_to": 282, "label": "Vtiger_Response::$error", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\techo (\\is_string($this->error)) ? $this->error : var_export($this->error, true);", "selected_text": "error", "from": 5832, "to": 5837, "snippet_from": 5788, "snippet_to": 5871, "column_from": 45, "column_to": 50 }, { "line_from": 282, "line_to": 282, "label": "call to echo", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\techo (\\is_string($this->error)) ? $this->error : var_export($this->error, true);", "selected_text": "(\\is_string($this->error)) ? $this->error : var_export($this->error, true)", "from": 5796, "to": 5870, "snippet_from": 5788, "snippet_to": 5871, "column_from": 9, "column_to": 83 } ] }, { "severity": "error", "line_from": 282, "line_to": 282, "type": "TaintedInput", "message": "Detected tainted html", "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\techo (\\is_string($this->error)) ? $this->error : var_export($this->error, true);", "selected_text": "(\\is_string($this->error)) ? $this->error : var_export($this->error, true)", "from": 5796, "to": 5870, "snippet_from": 5788, "snippet_to": 5871, "column_from": 9, "column_to": 83, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 134, "line_to": 134, "label": "call to App\\Language::translate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/actions/QuickExport.php", "file_path": "/app/modules/Vtiger/actions/QuickExport.php", "snippet": "\t\t$filename = \\App\\Language::translate($moduleName, $moduleName) . '-' . \\App\\Language::translate(App\\Purifier::decodeHtml($customView->get('viewname')), $moduleName) . '.xls';", "selected_text": "App\\Purifier::decodeHtml($customView->get('viewname'))", "from": 5796, "to": 5850, "snippet_from": 5698, "snippet_to": 5874, "column_from": 99, "column_to": 153 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "$key", "from": 3448, "to": 3452, "snippet_from": 3414, "snippet_to": 3511, "column_from": 35, "column_to": 39 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "translate", "from": 3438, "to": 3447, "snippet_from": 3414, "snippet_to": 3511, "column_from": 25, "column_to": 34 }, { "line_from": 36, "line_to": 36, "label": "call to Vtiger_Response::setError", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/Vtiger/actions/ConfigEditorSaveAjax.php", "file_path": "/app/modules/Settings/Vtiger/actions/ConfigEditorSaveAjax.php", "snippet": "\t\t\t$response->setError(\\App\\Language::translate('LBL_ERROR', $qualifiedModuleName));", "selected_text": "\\App\\Language::translate('LBL_ERROR', $qualifiedModuleName)", "from": 1310, "to": 1369, "snippet_from": 1287, "snippet_to": 1371, "column_from": 24, "column_to": 83 }, { "line_from": 76, "line_to": 76, "label": "Vtiger_Response::setError#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\tpublic function setError($code = 500, $message = null, $trace = false)", "selected_text": "$code", "from": 1567, "to": 1572, "snippet_from": 1541, "snippet_to": 1612, "column_from": 27, "column_to": 32 }, { "line_from": 79, "line_to": 79, "label": "$message", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\t$message = $code;", "selected_text": "$message", "from": 1646, "to": 1654, "snippet_from": 1643, "snippet_to": 1663, "column_from": 4, "column_to": 12 }, { "line_from": 81, "line_to": 81, "label": "array['message']", "entry_path_type": "array-assignment-'message'", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$error = ['code' => $code, 'message' => $message, 'trace' => $trace];", "selected_text": "'message' => $message", "from": 1697, "to": 1718, "snippet_from": 1668, "snippet_to": 1739, "column_from": 30, "column_to": 51 }, { "line_from": 81, "line_to": 81, "label": "$error", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$error = ['code' => $code, 'message' => $message, 'trace' => $trace];", "selected_text": "$error", "from": 1670, "to": 1676, "snippet_from": 1668, "snippet_to": 1739, "column_from": 3, "column_to": 9 }, { "line_from": 82, "line_to": 82, "label": "Vtiger_Response::$error", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$this->error = $error;", "selected_text": "$this->error", "from": 1742, "to": 1754, "snippet_from": 1740, "snippet_to": 1764, "column_from": 3, "column_to": 15 }, { "label": "Vtiger_Response::$error", "entry_path_type": "property-assignment" }, { "line_from": 282, "line_to": 282, "label": "Vtiger_Response::$error", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\techo (\\is_string($this->error)) ? $this->error : var_export($this->error, true);", "selected_text": "error", "from": 5832, "to": 5837, "snippet_from": 5788, "snippet_to": 5871, "column_from": 45, "column_to": 50 }, { "line_from": 282, "line_to": 282, "label": "call to echo", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t\techo (\\is_string($this->error)) ? $this->error : var_export($this->error, true);", "selected_text": "(\\is_string($this->error)) ? $this->error : var_export($this->error, true)", "from": 5796, "to": 5870, "snippet_from": 5788, "snippet_to": 5871, "column_from": 9, "column_to": 83 } ] }, { "severity": "error", "line_from": 284, "line_to": 284, "type": "TaintedInput", "message": "Detected tainted html", "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\techo $this->result;", "selected_text": "$this->result", "from": 5883, "to": 5896, "snippet_from": 5876, "snippet_to": 5897, "column_from": 8, "column_to": 21, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 189, "line_to": 189, "label": "$e", "entry_path_type": "method-call-__tostring", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\\App\\Log::error($e->getMessage() . PHP_EOL . $e->__toString());", "selected_text": "$e", "from": 7175, "to": 7177, "snippet_from": 7127, "snippet_to": 7193, "column_from": 49, "column_to": 51 }, { "line_from": 198, "line_to": 198, "label": "call to vtlib\\Functions::throwNewException", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\\vtlib\\Functions::throwNewException($e, false, $messageHeader);", "selected_text": "$e", "from": 7591, "to": 7593, "snippet_from": 7552, "snippet_to": 7618, "column_from": 40, "column_to": 42 }, { "line_from": 354, "line_to": 354, "label": "vtlib\\Functions::throwNewException#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Functions.php", "file_path": "/app/vtlib/Vtiger/Functions.php", "snippet": "\tpublic static function throwNewException($e, $die = true, $messageHeader = 'LBL_ERROR')", "selected_text": "$e", "from": 11788, "to": 11790, "snippet_from": 11746, "snippet_to": 11834, "column_from": 43, "column_to": 45 }, { "line_from": 359, "line_to": 359, "label": "$message", "entry_path_type": "=", "entry_path_description": null, "file_name": "vtlib/Vtiger/Functions.php", "file_path": "/app/vtlib/Vtiger/Functions.php", "snippet": "\t\t$message = \\is_object($e) ? $e->getMessage() : $e;", "selected_text": "$message", "from": 12077, "to": 12085, "snippet_from": 12075, "snippet_to": 12127, "column_from": 3, "column_to": 11 }, { "line_from": 363, "line_to": 363, "label": "call to App\\Language::translateSingleMod", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Functions.php", "file_path": "/app/vtlib/Vtiger/Functions.php", "snippet": "\t\t\t\t$message = \\App\\Language::translateSingleMod($message, 'Other.Exceptions');", "selected_text": "$message", "from": 12265, "to": 12273, "snippet_from": 12216, "snippet_to": 12295, "column_from": 50, "column_to": 58 }, { "line_from": 300, "line_to": 300, "label": "App\\Language::translateSingleMod#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translateSingleMod($key, $moduleName = '_Base', $language = false)", "selected_text": "$key", "from": 8481, "to": 8485, "snippet_from": 8438, "snippet_to": 8528, "column_from": 44, "column_to": 48 }, { "line_from": 300, "line_to": 300, "label": "App\\Language::translateSingleMod", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translateSingleMod($key, $moduleName = '_Base', $language = false)", "selected_text": "translateSingleMod", "from": 8462, "to": 8480, "snippet_from": 8438, "snippet_to": 8528, "column_from": 25, "column_to": 43 }, { "line_from": 114, "line_to": 114, "label": "array['text']", "entry_path_type": "array-assignment-'text'", "entry_path_description": null, "file_name": "modules/Users/actions/Password.php", "file_path": "/app/modules/Users/actions/Password.php", "snippet": "\t\t\t\t$response->setResult(['procesStop' => true, 'notify' => ['text' => \\App\\Language::translateSingleMod($exc->getMessage(), 'Other.Exceptions'), 'type' => 'error']]);", "selected_text": "'text' => \\App\\Language::translateSingleMod($exc->getMessage(), 'Other.Exceptions')", "from": 4231, "to": 4314, "snippet_from": 4170, "snippet_to": 4337, "column_from": 62, "column_to": 145 }, { "line_from": 114, "line_to": 114, "label": "array['notify']", "entry_path_type": "array-assignment-'notify'", "entry_path_description": null, "file_name": "modules/Users/actions/Password.php", "file_path": "/app/modules/Users/actions/Password.php", "snippet": "\t\t\t\t$response->setResult(['procesStop' => true, 'notify' => ['text' => \\App\\Language::translateSingleMod($exc->getMessage(), 'Other.Exceptions'), 'type' => 'error']]);", "selected_text": "'notify' => ['text' => \\App\\Language::translateSingleMod($exc->getMessage(), 'Other.Exceptions'), 'type' => 'error']", "from": 4218, "to": 4334, "snippet_from": 4170, "snippet_to": 4337, "column_from": 49, "column_to": 165 }, { "line_from": 114, "line_to": 114, "label": "call to Vtiger_Response::setResult", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Users/actions/Password.php", "file_path": "/app/modules/Users/actions/Password.php", "snippet": "\t\t\t\t$response->setResult(['procesStop' => true, 'notify' => ['text' => \\App\\Language::translateSingleMod($exc->getMessage(), 'Other.Exceptions'), 'type' => 'error']]);", "selected_text": "['procesStop' => true, 'notify' => ['text' => \\App\\Language::translateSingleMod($exc->getMessage(), 'Other.Exceptions'), 'type' => 'error']]", "from": 4195, "to": 4335, "snippet_from": 4170, "snippet_to": 4337, "column_from": 26, "column_to": 166 }, { "line_from": 164, "line_to": 164, "label": "Vtiger_Response::setResult#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\tpublic function setResult($result)", "selected_text": "$result", "from": 3303, "to": 3310, "snippet_from": 3276, "snippet_to": 3311, "column_from": 28, "column_to": 35 }, { "line_from": 166, "line_to": 166, "label": "Vtiger_Response::$result", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$this->result = $result;", "selected_text": "$this->result", "from": 3317, "to": 3330, "snippet_from": 3315, "snippet_to": 3341, "column_from": 3, "column_to": 16 }, { "label": "Vtiger_Response::$result", "entry_path_type": "property-assignment" }, { "line_from": 284, "line_to": 284, "label": "Vtiger_Response::$result", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\techo $this->result;", "selected_text": "result", "from": 5890, "to": 5896, "snippet_from": 5876, "snippet_to": 5897, "column_from": 15, "column_to": 21 }, { "line_from": 284, "line_to": 284, "label": "call to echo", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\techo $this->result;", "selected_text": "$this->result", "from": 5883, "to": 5896, "snippet_from": 5876, "snippet_to": 5897, "column_from": 8, "column_to": 21 } ] }, { "severity": "error", "line_from": 284, "line_to": 284, "type": "TaintedInput", "message": "Detected tainted html", "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\techo $this->result;", "selected_text": "$this->result", "from": 5883, "to": 5896, "snippet_from": 5876, "snippet_to": 5897, "column_from": 8, "column_to": 21, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 40, "line_to": 40, "label": "array['value']", "entry_path_type": "array-assignment-'value'", "entry_path_description": null, "file_name": "modules/Users/actions/BasicAjax.php", "file_path": "/app/modules/Users/actions/BasicAjax.php", "snippet": "\t\t\t\t\t\t'value' => App\\Purifier::decodeHtml($recordModel->getName()),", "selected_text": "'value' => App\\Purifier::decodeHtml($recordModel->getName())", "from": 1459, "to": 1519, "snippet_from": 1453, "snippet_to": 1520, "column_from": 7, "column_to": 67 }, { "line_from": 38, "line_to": 38, "label": "$result", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "modules/Users/actions/BasicAjax.php", "file_path": "/app/modules/Users/actions/BasicAjax.php", "snippet": "\t\t\t\t\t$result[] = [", "selected_text": "$result", "from": 1371, "to": 1378, "snippet_from": 1366, "snippet_to": 1384, "column_from": 6, "column_to": 13 }, { "line_from": 47, "line_to": 47, "label": "call to Vtiger_Response::setResult", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Users/actions/BasicAjax.php", "file_path": "/app/modules/Users/actions/BasicAjax.php", "snippet": "\t\t$response->setResult($result);", "selected_text": "$result", "from": 1642, "to": 1649, "snippet_from": 1619, "snippet_to": 1651, "column_from": 24, "column_to": 31 }, { "line_from": 164, "line_to": 164, "label": "Vtiger_Response::setResult#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\tpublic function setResult($result)", "selected_text": "$result", "from": 3303, "to": 3310, "snippet_from": 3276, "snippet_to": 3311, "column_from": 28, "column_to": 35 }, { "line_from": 166, "line_to": 166, "label": "Vtiger_Response::$result", "entry_path_type": "=", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\t$this->result = $result;", "selected_text": "$this->result", "from": 3317, "to": 3330, "snippet_from": 3315, "snippet_to": 3341, "column_from": 3, "column_to": 16 }, { "label": "Vtiger_Response::$result", "entry_path_type": "property-assignment" }, { "line_from": 284, "line_to": 284, "label": "Vtiger_Response::$result", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\techo $this->result;", "selected_text": "result", "from": 5890, "to": 5896, "snippet_from": 5876, "snippet_to": 5897, "column_from": 15, "column_to": 21 }, { "line_from": 284, "line_to": 284, "label": "call to echo", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/http/Response.php", "file_path": "/app/include/http/Response.php", "snippet": "\t\techo $this->result;", "selected_text": "$this->result", "from": 5883, "to": 5896, "snippet_from": 5876, "snippet_to": 5897, "column_from": 8, "column_to": 21 } ] }, { "severity": "error", "line_from": 20, "line_to": 20, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "modules/Settings/MappedFields/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/MappedFields/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"'", "from": 648, "to": 726, "snippet_from": 639, "snippet_to": 728, "column_from": 10, "column_to": 88, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 206, "line_to": 206, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\tif (false !== ($value = filter_var($this->rawValues[$key], FILTER_VALIDATE_INT))) {", "selected_text": "rawValues", "from": 4052, "to": 4061, "snippet_from": 4008, "snippet_to": 4093, "column_from": 45, "column_to": 54 }, { "line_from": 206, "line_to": 206, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\tif (false !== ($value = filter_var($this->rawValues[$key], FILTER_VALIDATE_INT))) {", "selected_text": "$this->rawValues", "from": 4045, "to": 4061, "snippet_from": 4008, "snippet_to": 4093, "column_from": 38, "column_to": 54 }, { "line_from": 206, "line_to": 206, "label": "call to filter_var", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\tif (false !== ($value = filter_var($this->rawValues[$key], FILTER_VALIDATE_INT))) {", "selected_text": "$this->rawValues[$key]", "from": 4045, "to": 4067, "snippet_from": 4008, "snippet_to": 4093, "column_from": 38, "column_to": 60 }, { "label": "filter_var#1", "entry_path_type": "arg" }, { "label": "filter_var", "entry_path_type": "arg" }, { "line_from": 206, "line_to": 206, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\tif (false !== ($value = filter_var($this->rawValues[$key], FILTER_VALIDATE_INT))) {", "selected_text": "$value", "from": 4025, "to": 4031, "snippet_from": 4008, "snippet_to": 4093, "column_from": 18, "column_to": 24 }, { "line_from": 198, "line_to": 198, "label": "App\\Request::getInteger", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getInteger($key, $value = 0)", "selected_text": "getInteger", "from": 3809, "to": 3819, "snippet_from": 3792, "snippet_to": 3837, "column_from": 18, "column_to": 28 }, { "line_from": 14, "line_to": 14, "label": "$recordId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/MappedFields/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/MappedFields/actions/ExportTemplate.php", "snippet": "\t\t$recordId = $request->getInteger('id');", "selected_text": "$recordId", "from": 392, "to": 401, "snippet_from": 390, "snippet_to": 431, "column_from": 3, "column_to": 12 }, { "line_from": 20, "line_to": 20, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/MappedFields/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/MappedFields/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId", "from": 648, "to": 705, "snippet_from": 639, "snippet_to": 728, "column_from": 10, "column_to": 67 }, { "line_from": 20, "line_to": 20, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/MappedFields/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/MappedFields/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"'", "from": 648, "to": 726, "snippet_from": 639, "snippet_to": 728, "column_from": 10, "column_to": 88 }, { "line_from": 20, "line_to": 20, "label": "call to header", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/MappedFields/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/MappedFields/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"'", "from": 648, "to": 726, "snippet_from": 639, "snippet_to": 728, "column_from": 10, "column_to": 88 } ] }, { "severity": "error", "line_from": 20, "line_to": 20, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "modules/Settings/MappedFields/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/MappedFields/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"'", "from": 648, "to": 726, "snippet_from": 639, "snippet_to": 728, "column_from": 10, "column_to": 88, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "translate", "from": 3438, "to": 3447, "snippet_from": 3414, "snippet_to": 3511, "column_from": 25, "column_to": 34 }, { "line_from": 186, "line_to": 186, "label": "call to App\\Request::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Import/helpers/Utils.php", "file_path": "/app/modules/Import/helpers/Utils.php", "snippet": "\t\t\t$request->set('error_message', \\App\\Language::translate('LBL_NO_ROWS_FOUND', 'Import'));", "selected_text": "\\App\\Language::translate('LBL_NO_ROWS_FOUND', 'Import')", "from": 6764, "to": 6819, "snippet_from": 6730, "snippet_to": 6821, "column_from": 35, "column_to": 90 }, { "line_from": 606, "line_to": 606, "label": "App\\Request::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 13706, "to": 13712, "snippet_from": 13679, "snippet_to": 13713, "column_from": 28, "column_to": 34 }, { "line_from": 608, "line_to": 608, "label": "$this->purifiedValuesByInteger[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues[$key] = $this->purifiedValuesByGet[$key] = $this->purifiedValuesByInteger[$key] = $this->purifiedValuesByHtml[$key] = $value;", "selected_text": "$this->purifiedValuesByInteger", "from": 13779, "to": 13809, "snippet_from": 13717, "snippet_to": 13861, "column_from": 63, "column_to": 93 }, { "line_from": 608, "line_to": 608, "label": "App\\Request::$purifiedValuesByInteger", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues[$key] = $this->purifiedValuesByGet[$key] = $this->purifiedValuesByInteger[$key] = $this->purifiedValuesByHtml[$key] = $value;", "selected_text": "$this->purifiedValuesByInteger", "from": 13779, "to": 13809, "snippet_from": 13717, "snippet_to": 13861, "column_from": 63, "column_to": 93 }, { "label": "App\\Request::$purifiedValuesByInteger", "entry_path_type": "property-assignment" }, { "line_from": 201, "line_to": 201, "label": "App\\Request::$purifiedValuesByInteger", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByInteger[$key];", "selected_text": "purifiedValuesByInteger", "from": 3911, "to": 3934, "snippet_from": 3894, "snippet_to": 3941, "column_from": 18, "column_to": 41 }, { "line_from": 201, "line_to": 201, "label": "$this->purifiedValuesByInteger[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByInteger[$key];", "selected_text": "$this->purifiedValuesByInteger", "from": 3904, "to": 3934, "snippet_from": 3894, "snippet_to": 3941, "column_from": 11, "column_to": 41 }, { "line_from": 198, "line_to": 198, "label": "App\\Request::getInteger", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getInteger($key, $value = 0)", "selected_text": "getInteger", "from": 3809, "to": 3819, "snippet_from": 3792, "snippet_to": 3837, "column_from": 18, "column_to": 28 }, { "line_from": 14, "line_to": 14, "label": "$recordId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/MappedFields/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/MappedFields/actions/ExportTemplate.php", "snippet": "\t\t$recordId = $request->getInteger('id');", "selected_text": "$recordId", "from": 392, "to": 401, "snippet_from": 390, "snippet_to": 431, "column_from": 3, "column_to": 12 }, { "line_from": 20, "line_to": 20, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/MappedFields/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/MappedFields/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId", "from": 648, "to": 705, "snippet_from": 639, "snippet_to": 728, "column_from": 10, "column_to": 67 }, { "line_from": 20, "line_to": 20, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/MappedFields/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/MappedFields/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"'", "from": 648, "to": 726, "snippet_from": 639, "snippet_to": 728, "column_from": 10, "column_to": 88 }, { "line_from": 20, "line_to": 20, "label": "call to header", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/MappedFields/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/MappedFields/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"'", "from": 648, "to": 726, "snippet_from": 639, "snippet_to": 728, "column_from": 10, "column_to": 88 } ] }, { "severity": "error", "line_from": 20, "line_to": 20, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "modules/Settings/MappedFields/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/MappedFields/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"'", "from": 648, "to": 726, "snippet_from": 639, "snippet_to": 728, "column_from": 10, "column_to": 88, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 134, "line_to": 134, "label": "call to App\\Language::translate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/actions/QuickExport.php", "file_path": "/app/modules/Vtiger/actions/QuickExport.php", "snippet": "\t\t$filename = \\App\\Language::translate($moduleName, $moduleName) . '-' . \\App\\Language::translate(App\\Purifier::decodeHtml($customView->get('viewname')), $moduleName) . '.xls';", "selected_text": "App\\Purifier::decodeHtml($customView->get('viewname'))", "from": 5796, "to": 5850, "snippet_from": 5698, "snippet_to": 5874, "column_from": 99, "column_to": 153 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "$key", "from": 3448, "to": 3452, "snippet_from": 3414, "snippet_to": 3511, "column_from": 35, "column_to": 39 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "translate", "from": 3438, "to": 3447, "snippet_from": 3414, "snippet_to": 3511, "column_from": 25, "column_to": 34 }, { "line_from": 186, "line_to": 186, "label": "call to App\\Request::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Import/helpers/Utils.php", "file_path": "/app/modules/Import/helpers/Utils.php", "snippet": "\t\t\t$request->set('error_message', \\App\\Language::translate('LBL_NO_ROWS_FOUND', 'Import'));", "selected_text": "\\App\\Language::translate('LBL_NO_ROWS_FOUND', 'Import')", "from": 6764, "to": 6819, "snippet_from": 6730, "snippet_to": 6821, "column_from": 35, "column_to": 90 }, { "line_from": 606, "line_to": 606, "label": "App\\Request::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 13706, "to": 13712, "snippet_from": 13679, "snippet_to": 13713, "column_from": 28, "column_to": 34 }, { "line_from": 608, "line_to": 608, "label": "$this->purifiedValuesByInteger[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues[$key] = $this->purifiedValuesByGet[$key] = $this->purifiedValuesByInteger[$key] = $this->purifiedValuesByHtml[$key] = $value;", "selected_text": "$this->purifiedValuesByInteger", "from": 13779, "to": 13809, "snippet_from": 13717, "snippet_to": 13861, "column_from": 63, "column_to": 93 }, { "line_from": 608, "line_to": 608, "label": "App\\Request::$purifiedValuesByInteger", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues[$key] = $this->purifiedValuesByGet[$key] = $this->purifiedValuesByInteger[$key] = $this->purifiedValuesByHtml[$key] = $value;", "selected_text": "$this->purifiedValuesByInteger", "from": 13779, "to": 13809, "snippet_from": 13717, "snippet_to": 13861, "column_from": 63, "column_to": 93 }, { "label": "App\\Request::$purifiedValuesByInteger", "entry_path_type": "property-assignment" }, { "line_from": 201, "line_to": 201, "label": "App\\Request::$purifiedValuesByInteger", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByInteger[$key];", "selected_text": "purifiedValuesByInteger", "from": 3911, "to": 3934, "snippet_from": 3894, "snippet_to": 3941, "column_from": 18, "column_to": 41 }, { "line_from": 201, "line_to": 201, "label": "$this->purifiedValuesByInteger[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByInteger[$key];", "selected_text": "$this->purifiedValuesByInteger", "from": 3904, "to": 3934, "snippet_from": 3894, "snippet_to": 3941, "column_from": 11, "column_to": 41 }, { "line_from": 198, "line_to": 198, "label": "App\\Request::getInteger", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getInteger($key, $value = 0)", "selected_text": "getInteger", "from": 3809, "to": 3819, "snippet_from": 3792, "snippet_to": 3837, "column_from": 18, "column_to": 28 }, { "line_from": 14, "line_to": 14, "label": "$recordId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/MappedFields/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/MappedFields/actions/ExportTemplate.php", "snippet": "\t\t$recordId = $request->getInteger('id');", "selected_text": "$recordId", "from": 392, "to": 401, "snippet_from": 390, "snippet_to": 431, "column_from": 3, "column_to": 12 }, { "line_from": 20, "line_to": 20, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/MappedFields/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/MappedFields/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId", "from": 648, "to": 705, "snippet_from": 639, "snippet_to": 728, "column_from": 10, "column_to": 67 }, { "line_from": 20, "line_to": 20, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/MappedFields/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/MappedFields/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"'", "from": 648, "to": 726, "snippet_from": 639, "snippet_to": 728, "column_from": 10, "column_to": 88 }, { "line_from": 20, "line_to": 20, "label": "call to header", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/MappedFields/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/MappedFields/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_mftemplate.xml\"'", "from": 648, "to": 726, "snippet_from": 639, "snippet_to": 728, "column_from": 10, "column_to": 88 } ] }, { "severity": "error", "line_from": 21, "line_to": 21, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"'", "from": 663, "to": 742, "snippet_from": 654, "snippet_to": 744, "column_from": 10, "column_to": 89, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 206, "line_to": 206, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\tif (false !== ($value = filter_var($this->rawValues[$key], FILTER_VALIDATE_INT))) {", "selected_text": "rawValues", "from": 4052, "to": 4061, "snippet_from": 4008, "snippet_to": 4093, "column_from": 45, "column_to": 54 }, { "line_from": 206, "line_to": 206, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\tif (false !== ($value = filter_var($this->rawValues[$key], FILTER_VALIDATE_INT))) {", "selected_text": "$this->rawValues", "from": 4045, "to": 4061, "snippet_from": 4008, "snippet_to": 4093, "column_from": 38, "column_to": 54 }, { "line_from": 206, "line_to": 206, "label": "call to filter_var", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\tif (false !== ($value = filter_var($this->rawValues[$key], FILTER_VALIDATE_INT))) {", "selected_text": "$this->rawValues[$key]", "from": 4045, "to": 4067, "snippet_from": 4008, "snippet_to": 4093, "column_from": 38, "column_to": 60 }, { "label": "filter_var#1", "entry_path_type": "arg" }, { "label": "filter_var", "entry_path_type": "arg" }, { "line_from": 206, "line_to": 206, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\tif (false !== ($value = filter_var($this->rawValues[$key], FILTER_VALIDATE_INT))) {", "selected_text": "$value", "from": 4025, "to": 4031, "snippet_from": 4008, "snippet_to": 4093, "column_from": 18, "column_to": 24 }, { "line_from": 198, "line_to": 198, "label": "App\\Request::getInteger", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getInteger($key, $value = 0)", "selected_text": "getInteger", "from": 3809, "to": 3819, "snippet_from": 3792, "snippet_to": 3837, "column_from": 18, "column_to": 28 }, { "line_from": 15, "line_to": 15, "label": "$recordId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t$recordId = $request->getInteger('id');", "selected_text": "$recordId", "from": 431, "to": 440, "snippet_from": 429, "snippet_to": 470, "column_from": 3, "column_to": 12 }, { "line_from": 21, "line_to": 21, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId", "from": 663, "to": 720, "snippet_from": 654, "snippet_to": 744, "column_from": 10, "column_to": 67 }, { "line_from": 21, "line_to": 21, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"'", "from": 663, "to": 742, "snippet_from": 654, "snippet_to": 744, "column_from": 10, "column_to": 89 }, { "line_from": 21, "line_to": 21, "label": "call to header", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"'", "from": 663, "to": 742, "snippet_from": 654, "snippet_to": 744, "column_from": 10, "column_to": 89 } ] }, { "severity": "error", "line_from": 21, "line_to": 21, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"'", "from": 663, "to": 742, "snippet_from": 654, "snippet_to": 744, "column_from": 10, "column_to": 89, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "translate", "from": 3438, "to": 3447, "snippet_from": 3414, "snippet_to": 3511, "column_from": 25, "column_to": 34 }, { "line_from": 186, "line_to": 186, "label": "call to App\\Request::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Import/helpers/Utils.php", "file_path": "/app/modules/Import/helpers/Utils.php", "snippet": "\t\t\t$request->set('error_message', \\App\\Language::translate('LBL_NO_ROWS_FOUND', 'Import'));", "selected_text": "\\App\\Language::translate('LBL_NO_ROWS_FOUND', 'Import')", "from": 6764, "to": 6819, "snippet_from": 6730, "snippet_to": 6821, "column_from": 35, "column_to": 90 }, { "line_from": 606, "line_to": 606, "label": "App\\Request::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 13706, "to": 13712, "snippet_from": 13679, "snippet_to": 13713, "column_from": 28, "column_to": 34 }, { "line_from": 608, "line_to": 608, "label": "$this->purifiedValuesByInteger[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues[$key] = $this->purifiedValuesByGet[$key] = $this->purifiedValuesByInteger[$key] = $this->purifiedValuesByHtml[$key] = $value;", "selected_text": "$this->purifiedValuesByInteger", "from": 13779, "to": 13809, "snippet_from": 13717, "snippet_to": 13861, "column_from": 63, "column_to": 93 }, { "line_from": 608, "line_to": 608, "label": "App\\Request::$purifiedValuesByInteger", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues[$key] = $this->purifiedValuesByGet[$key] = $this->purifiedValuesByInteger[$key] = $this->purifiedValuesByHtml[$key] = $value;", "selected_text": "$this->purifiedValuesByInteger", "from": 13779, "to": 13809, "snippet_from": 13717, "snippet_to": 13861, "column_from": 63, "column_to": 93 }, { "label": "App\\Request::$purifiedValuesByInteger", "entry_path_type": "property-assignment" }, { "line_from": 201, "line_to": 201, "label": "App\\Request::$purifiedValuesByInteger", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByInteger[$key];", "selected_text": "purifiedValuesByInteger", "from": 3911, "to": 3934, "snippet_from": 3894, "snippet_to": 3941, "column_from": 18, "column_to": 41 }, { "line_from": 201, "line_to": 201, "label": "$this->purifiedValuesByInteger[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByInteger[$key];", "selected_text": "$this->purifiedValuesByInteger", "from": 3904, "to": 3934, "snippet_from": 3894, "snippet_to": 3941, "column_from": 11, "column_to": 41 }, { "line_from": 198, "line_to": 198, "label": "App\\Request::getInteger", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getInteger($key, $value = 0)", "selected_text": "getInteger", "from": 3809, "to": 3819, "snippet_from": 3792, "snippet_to": 3837, "column_from": 18, "column_to": 28 }, { "line_from": 15, "line_to": 15, "label": "$recordId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t$recordId = $request->getInteger('id');", "selected_text": "$recordId", "from": 431, "to": 440, "snippet_from": 429, "snippet_to": 470, "column_from": 3, "column_to": 12 }, { "line_from": 21, "line_to": 21, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId", "from": 663, "to": 720, "snippet_from": 654, "snippet_to": 744, "column_from": 10, "column_to": 67 }, { "line_from": 21, "line_to": 21, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"'", "from": 663, "to": 742, "snippet_from": 654, "snippet_to": 744, "column_from": 10, "column_to": 89 }, { "line_from": 21, "line_to": 21, "label": "call to header", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"'", "from": 663, "to": 742, "snippet_from": 654, "snippet_to": 744, "column_from": 10, "column_to": 89 } ] }, { "severity": "error", "line_from": 21, "line_to": 21, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"'", "from": 663, "to": 742, "snippet_from": 654, "snippet_to": 744, "column_from": 10, "column_to": 89, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 134, "line_to": 134, "label": "call to App\\Language::translate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/actions/QuickExport.php", "file_path": "/app/modules/Vtiger/actions/QuickExport.php", "snippet": "\t\t$filename = \\App\\Language::translate($moduleName, $moduleName) . '-' . \\App\\Language::translate(App\\Purifier::decodeHtml($customView->get('viewname')), $moduleName) . '.xls';", "selected_text": "App\\Purifier::decodeHtml($customView->get('viewname'))", "from": 5796, "to": 5850, "snippet_from": 5698, "snippet_to": 5874, "column_from": 99, "column_to": 153 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "$key", "from": 3448, "to": 3452, "snippet_from": 3414, "snippet_to": 3511, "column_from": 35, "column_to": 39 }, { "line_from": 165, "line_to": 165, "label": "App\\Language::translate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Language.php", "file_path": "/app/app/Language.php", "snippet": "\tpublic static function translate($key, $moduleName = '_Base', $language = false, $encode = true)", "selected_text": "translate", "from": 3438, "to": 3447, "snippet_from": 3414, "snippet_to": 3511, "column_from": 25, "column_to": 34 }, { "line_from": 186, "line_to": 186, "label": "call to App\\Request::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Import/helpers/Utils.php", "file_path": "/app/modules/Import/helpers/Utils.php", "snippet": "\t\t\t$request->set('error_message', \\App\\Language::translate('LBL_NO_ROWS_FOUND', 'Import'));", "selected_text": "\\App\\Language::translate('LBL_NO_ROWS_FOUND', 'Import')", "from": 6764, "to": 6819, "snippet_from": 6730, "snippet_to": 6821, "column_from": 35, "column_to": 90 }, { "line_from": 606, "line_to": 606, "label": "App\\Request::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 13706, "to": 13712, "snippet_from": 13679, "snippet_to": 13713, "column_from": 28, "column_to": 34 }, { "line_from": 608, "line_to": 608, "label": "$this->purifiedValuesByInteger[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues[$key] = $this->purifiedValuesByGet[$key] = $this->purifiedValuesByInteger[$key] = $this->purifiedValuesByHtml[$key] = $value;", "selected_text": "$this->purifiedValuesByInteger", "from": 13779, "to": 13809, "snippet_from": 13717, "snippet_to": 13861, "column_from": 63, "column_to": 93 }, { "line_from": 608, "line_to": 608, "label": "App\\Request::$purifiedValuesByInteger", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues[$key] = $this->purifiedValuesByGet[$key] = $this->purifiedValuesByInteger[$key] = $this->purifiedValuesByHtml[$key] = $value;", "selected_text": "$this->purifiedValuesByInteger", "from": 13779, "to": 13809, "snippet_from": 13717, "snippet_to": 13861, "column_from": 63, "column_to": 93 }, { "label": "App\\Request::$purifiedValuesByInteger", "entry_path_type": "property-assignment" }, { "line_from": 201, "line_to": 201, "label": "App\\Request::$purifiedValuesByInteger", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByInteger[$key];", "selected_text": "purifiedValuesByInteger", "from": 3911, "to": 3934, "snippet_from": 3894, "snippet_to": 3941, "column_from": 18, "column_to": 41 }, { "line_from": 201, "line_to": 201, "label": "$this->purifiedValuesByInteger[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->purifiedValuesByInteger[$key];", "selected_text": "$this->purifiedValuesByInteger", "from": 3904, "to": 3934, "snippet_from": 3894, "snippet_to": 3941, "column_from": 11, "column_to": 41 }, { "line_from": 198, "line_to": 198, "label": "App\\Request::getInteger", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getInteger($key, $value = 0)", "selected_text": "getInteger", "from": 3809, "to": 3819, "snippet_from": 3792, "snippet_to": 3837, "column_from": 18, "column_to": 28 }, { "line_from": 15, "line_to": 15, "label": "$recordId", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t$recordId = $request->getInteger('id');", "selected_text": "$recordId", "from": 431, "to": 440, "snippet_from": 429, "snippet_to": 470, "column_from": 3, "column_to": 12 }, { "line_from": 21, "line_to": 21, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId", "from": 663, "to": 720, "snippet_from": 654, "snippet_to": 744, "column_from": 10, "column_to": 67 }, { "line_from": 21, "line_to": 21, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"'", "from": 663, "to": 742, "snippet_from": 654, "snippet_to": 744, "column_from": 10, "column_to": 89 }, { "line_from": 21, "line_to": 21, "label": "call to header", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\theader('content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"');", "selected_text": "'content-disposition: attachment; filename=\"' . $recordId . '_pdftemplate.xml\"'", "from": 663, "to": 742, "snippet_from": 654, "snippet_to": 744, "column_from": 10, "column_to": 89 } ] }, { "severity": "error", "line_from": 40, "line_to": 40, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$im = file_get_contents($watermarkPath);", "selected_text": "$watermarkPath", "from": 1572, "to": 1586, "snippet_from": 1543, "snippet_to": 1588, "column_from": 30, "column_to": 44, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 460, "line_to": 460, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->rawValues[$key];", "selected_text": "rawValues", "from": 10586, "to": 10595, "snippet_from": 10569, "snippet_to": 10602, "column_from": 18, "column_to": 27 }, { "line_from": 460, "line_to": 460, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->rawValues[$key];", "selected_text": "$this->rawValues", "from": 10579, "to": 10595, "snippet_from": 10569, "snippet_to": 10602, "column_from": 11, "column_to": 27 }, { "line_from": 457, "line_to": 457, "label": "App\\Request::getRaw", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getRaw($key, $defaultValue = '')", "selected_text": "getRaw", "from": 10494, "to": 10500, "snippet_from": 10477, "snippet_to": 10526, "column_from": 18, "column_to": 24 }, { "line_from": 28, "line_to": 28, "label": "call to Settings_WebserviceApps_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/WebserviceApps/actions/SaveAjax.php", "file_path": "/app/modules/Settings/WebserviceApps/actions/SaveAjax.php", "snippet": "\t\t$recordModel->set('pass', $request->getRaw('pass'));", "selected_text": "$request->getRaw('pass')", "from": 916, "to": 940, "snippet_from": 888, "snippet_to": 942, "column_from": 29, "column_to": 53 }, { "line_from": 33, "line_to": 33, "label": "Settings_WebserviceApps_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PickListDependency/models/ListView.php", "file_path": "/app/modules/Settings/PickListDependency/models/ListView.php", "snippet": "\t\t$field2->set('sort', false);", "selected_text": "false", "from": 1205, "to": 1210, "snippet_from": 1182, "snippet_to": 1212, "column_from": 24, "column_to": 29 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 39, "line_to": 39, "label": "$watermarkPath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$watermarkPath = $pdfModel->get($field);", "selected_text": "$watermarkPath", "from": 1502, "to": 1516, "snippet_from": 1497, "snippet_to": 1542, "column_from": 6, "column_to": 20 }, { "line_from": 40, "line_to": 40, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$im = file_get_contents($watermarkPath);", "selected_text": "$watermarkPath", "from": 1572, "to": 1586, "snippet_from": 1543, "snippet_to": 1588, "column_from": 30, "column_to": 44 } ] }, { "severity": "error", "line_from": 40, "line_to": 40, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$im = file_get_contents($watermarkPath);", "selected_text": "$watermarkPath", "from": 1572, "to": 1586, "snippet_from": 1543, "snippet_to": 1588, "column_from": 30, "column_to": 44, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 1217, "line_to": 1217, "label": "call to Vtiger_Basic_InventoryField::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/PackageImport.php", "file_path": "/app/vtlib/Vtiger/PackageImport.php", "snippet": "\t\t\t\t\t\t$fieldModel->set($name, \\App\\Purifier::purifyByType((string) $fieldNode->columnname, 'Alnum'));", "selected_text": "\\App\\Purifier::purifyByType((string) $fieldNode->columnname, 'Alnum')", "from": 37189, "to": 37258, "snippet_from": 37159, "snippet_to": 37260, "column_from": 31, "column_to": 100 }, { "line_from": 92, "line_to": 92, "label": "Vtiger_Basic_InventoryField::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1822, "to": 1828, "snippet_from": 1795, "snippet_to": 1829, "column_from": 28, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 39, "line_to": 39, "label": "$watermarkPath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$watermarkPath = $pdfModel->get($field);", "selected_text": "$watermarkPath", "from": 1502, "to": 1516, "snippet_from": 1497, "snippet_to": 1542, "column_from": 6, "column_to": 20 }, { "line_from": 40, "line_to": 40, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$im = file_get_contents($watermarkPath);", "selected_text": "$watermarkPath", "from": 1572, "to": 1586, "snippet_from": 1543, "snippet_to": 1588, "column_from": 30, "column_to": 44 } ] }, { "severity": "error", "line_from": 40, "line_to": 40, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$im = file_get_contents($watermarkPath);", "selected_text": "$watermarkPath", "from": 1572, "to": 1586, "snippet_from": 1543, "snippet_to": 1588, "column_from": 30, "column_to": 44, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 75, "line_to": 75, "label": "call to Rss_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Rss/models/Record.php", "file_path": "/app/modules/Rss/models/Record.php", "snippet": "\t\t$this->set('rsstitle', \\App\\Purifier::purifyByType((string) $rss->title, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType((string) $rss->title, 'Text')", "from": 1639, "to": 1696, "snippet_from": 1614, "snippet_to": 1698, "column_from": 26, "column_to": 83 }, { "line_from": 32, "line_to": 32, "label": "Rss_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/MultiImage.php", "file_path": "/app/modules/Vtiger/uitypes/MultiImage.php", "snippet": "\t\t\t$recordModel->set($fieldName, $this->getDBValue($value, $recordModel));", "selected_text": "$this->getDBValue($value, $recordModel)", "from": 1086, "to": 1125, "snippet_from": 1053, "snippet_to": 1127, "column_from": 34, "column_to": 73 }, { "line_from": 67, "line_to": 67, "label": "Vtiger_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/models/Record.php", "file_path": "/app/modules/Vtiger/models/Record.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1526, "to": 1532, "snippet_from": 1499, "snippet_to": 1533, "column_from": 28, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 39, "line_to": 39, "label": "$watermarkPath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$watermarkPath = $pdfModel->get($field);", "selected_text": "$watermarkPath", "from": 1502, "to": 1516, "snippet_from": 1497, "snippet_to": 1542, "column_from": 6, "column_to": 20 }, { "line_from": 40, "line_to": 40, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$im = file_get_contents($watermarkPath);", "selected_text": "$watermarkPath", "from": 1572, "to": 1586, "snippet_from": 1543, "snippet_to": 1588, "column_from": 30, "column_to": 44 } ] }, { "severity": "error", "line_from": 40, "line_to": 40, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$im = file_get_contents($watermarkPath);", "selected_text": "$watermarkPath", "from": 1572, "to": 1586, "snippet_from": 1543, "snippet_to": 1588, "column_from": 30, "column_to": 44, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 64, "line_to": 64, "label": "call to Vtiger_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/com_vtiger_workflow/tasks/VTUpdateFieldsTask.php", "file_path": "/app/modules/com_vtiger_workflow/tasks/VTUpdateFieldsTask.php", "snippet": "\t\t\t\t$recordModel->set($fieldName, App\\Purifier::decodeHtml($fieldValue));", "selected_text": "App\\Purifier::decodeHtml($fieldValue)", "from": 2463, "to": 2500, "snippet_from": 2429, "snippet_to": 2502, "column_from": 35, "column_to": 72 }, { "line_from": 67, "line_to": 67, "label": "Vtiger_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/models/Record.php", "file_path": "/app/modules/Vtiger/models/Record.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1526, "to": 1532, "snippet_from": 1499, "snippet_to": 1533, "column_from": 28, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 39, "line_to": 39, "label": "$watermarkPath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$watermarkPath = $pdfModel->get($field);", "selected_text": "$watermarkPath", "from": 1502, "to": 1516, "snippet_from": 1497, "snippet_to": 1542, "column_from": 6, "column_to": 20 }, { "line_from": 40, "line_to": 40, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$im = file_get_contents($watermarkPath);", "selected_text": "$watermarkPath", "from": 1572, "to": 1586, "snippet_from": 1543, "snippet_to": 1588, "column_from": 30, "column_to": 44 } ] }, { "severity": "error", "line_from": 40, "line_to": 40, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$im = file_get_contents($watermarkPath);", "selected_text": "$watermarkPath", "from": 1572, "to": 1586, "snippet_from": 1543, "snippet_to": 1588, "column_from": 30, "column_to": 44, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 64, "line_to": 64, "label": "call to Vtiger_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/com_vtiger_workflow/tasks/VTUpdateFieldsTask.php", "file_path": "/app/modules/com_vtiger_workflow/tasks/VTUpdateFieldsTask.php", "snippet": "\t\t\t\t$recordModel->set($fieldName, App\\Purifier::decodeHtml($fieldValue));", "selected_text": "App\\Purifier::decodeHtml($fieldValue)", "from": 2463, "to": 2500, "snippet_from": 2429, "snippet_to": 2502, "column_from": 35, "column_to": 72 }, { "line_from": 67, "line_to": 67, "label": "Vtiger_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/models/Record.php", "file_path": "/app/modules/Vtiger/models/Record.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1526, "to": 1532, "snippet_from": 1499, "snippet_to": 1533, "column_from": 28, "column_to": 34 }, { "line_from": 32, "line_to": 32, "label": "Assets_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/MultiImage.php", "file_path": "/app/modules/Vtiger/uitypes/MultiImage.php", "snippet": "\t\t\t$recordModel->set($fieldName, $this->getDBValue($value, $recordModel));", "selected_text": "$this->getDBValue($value, $recordModel)", "from": 1086, "to": 1125, "snippet_from": 1053, "snippet_to": 1127, "column_from": 34, "column_to": 73 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 39, "line_to": 39, "label": "$watermarkPath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$watermarkPath = $pdfModel->get($field);", "selected_text": "$watermarkPath", "from": 1502, "to": 1516, "snippet_from": 1497, "snippet_to": 1542, "column_from": 6, "column_to": 20 }, { "line_from": 40, "line_to": 40, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$im = file_get_contents($watermarkPath);", "selected_text": "$watermarkPath", "from": 1572, "to": 1586, "snippet_from": 1543, "snippet_to": 1588, "column_from": 30, "column_to": 44 } ] }, { "severity": "error", "line_from": 40, "line_to": 40, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$im = file_get_contents($watermarkPath);", "selected_text": "$watermarkPath", "from": 1572, "to": 1586, "snippet_from": 1543, "snippet_to": 1588, "column_from": 30, "column_to": 44, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 229, "line_to": 229, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "rawValues", "from": 4720, "to": 4729, "snippet_from": 4701, "snippet_to": 4736, "column_from": 20, "column_to": 29 }, { "line_from": 229, "line_to": 229, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "$this->rawValues", "from": 4713, "to": 4729, "snippet_from": 4701, "snippet_to": 4736, "column_from": 13, "column_to": 29 }, { "line_from": 229, "line_to": 229, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "$value", "from": 4704, "to": 4710, "snippet_from": 4701, "snippet_to": 4736, "column_from": 4, "column_to": 10 }, { "line_from": 250, "line_to": 250, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t\t\t$value = $type ? Purifier::purifyByType($value, $type) : Purifier::purify($value);", "selected_text": "$value", "from": 5513, "to": 5519, "snippet_from": 5434, "snippet_to": 5521, "column_from": 80, "column_to": 86 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 45, "line_to": 45, "label": "call to App\\Layout::truncateHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMailView/views/Preview.php", "file_path": "/app/modules/OSSMailView/views/Preview.php", "snippet": "\t\t\t$viewer->assign('CONTENT', nl2br(\\App\\Layout::truncateHtml(\\App\\Purifier::purify($recordModel->get('content')), 'full')));", "selected_text": "\\App\\Purifier::purify($recordModel->get('content'))", "from": 1659, "to": 1710, "snippet_from": 1597, "snippet_to": 1722, "column_from": 63, "column_to": 114 }, { "line_from": 156, "line_to": 156, "label": "App\\Layout::truncateHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\tpublic static function truncateHtml(?string $html, ?string $size = 'medium', ?int $length = 200): string", "selected_text": "$html", "from": 3446, "to": 3451, "snippet_from": 3401, "snippet_to": 3506, "column_from": 46, "column_to": 51 }, { "line_from": 172, "line_to": 172, "label": "call to strip_tags", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "$html", "from": 4223, "to": 4228, "snippet_from": 4169, "snippet_to": 4241, "column_from": 55, "column_to": 60 }, { "line_from": 172, "line_to": 172, "label": "strip_tags#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "$html", "from": 4223, "to": 4228, "snippet_from": 4169, "snippet_to": 4241, "column_from": 55, "column_to": 60 }, { "line_from": 172, "line_to": 172, "label": "strip_tags", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "strip_tags($html)", "from": 4212, "to": 4229, "snippet_from": 4169, "snippet_to": 4241, "column_from": 44, "column_to": 61 }, { "line_from": 172, "line_to": 172, "label": "call to trim", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "strip_tags($html)", "from": 4212, "to": 4229, "snippet_from": 4169, "snippet_to": 4241, "column_from": 44, "column_to": 61 }, { "line_from": 172, "line_to": 172, "label": "trim#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "strip_tags($html)", "from": 4212, "to": 4229, "snippet_from": 4169, "snippet_to": 4241, "column_from": 44, "column_to": 61 }, { "line_from": 172, "line_to": 172, "label": "trim", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "trim(strip_tags($html))", "from": 4207, "to": 4230, "snippet_from": 4169, "snippet_to": 4241, "column_from": 39, "column_to": 62 }, { "line_from": 172, "line_to": 172, "label": "call to App\\TextParser::textTruncate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "trim(strip_tags($html))", "from": 4207, "to": 4230, "snippet_from": 4169, "snippet_to": 4241, "column_from": 39, "column_to": 62 }, { "line_from": 1418, "line_to": 1418, "label": "App\\TextParser::textTruncate#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/TextParser.php", "file_path": "/app/app/TextParser.php", "snippet": "\tpublic static function textTruncate($text, $length = false, $addDots = true)", "selected_text": "$text", "from": 43041, "to": 43046, "snippet_from": 43004, "snippet_to": 43081, "column_from": 38, "column_to": 43 }, { "line_from": 1418, "line_to": 1418, "label": "App\\TextParser::textTruncate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/TextParser.php", "file_path": "/app/app/TextParser.php", "snippet": "\tpublic static function textTruncate($text, $length = false, $addDots = true)", "selected_text": "textTruncate", "from": 43028, "to": 43040, "snippet_from": 43004, "snippet_to": 43081, "column_from": 25, "column_to": 37 }, { "line_from": 91, "line_to": 91, "label": "call to App\\Mail\\ScannerEngine\\Outlook::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Mail/ScannerEngine/Outlook.php", "file_path": "/app/app/Mail/ScannerEngine/Outlook.php", "snippet": "\t\t$this->set('subject', $request->isEmpty('mailSubject') ? '-' : \\App\\TextParser::textTruncate($request->getByType('mailSubject', 'Text'), 65535, false));", "selected_text": "$request->isEmpty('mailSubject') ? '-' : \\App\\TextParser::textTruncate($request->getByType('mailSubject', 'Text'), 65535, false)", "from": 1965, "to": 2093, "snippet_from": 1941, "snippet_to": 2095, "column_from": 25, "column_to": 153 }, { "line_from": 69, "line_to": 69, "label": "App\\Mail\\ScannerEngine\\Outlook::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Mail/ScannerAction/CreatedMail.php", "file_path": "/app/app/Mail/ScannerAction/CreatedMail.php", "snippet": "\t\t\t$scanner->set('mailCrmId', $id);", "selected_text": "$id", "from": 2606, "to": 2609, "snippet_from": 2576, "snippet_to": 2611, "column_from": 31, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 39, "line_to": 39, "label": "$watermarkPath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$watermarkPath = $pdfModel->get($field);", "selected_text": "$watermarkPath", "from": 1502, "to": 1516, "snippet_from": 1497, "snippet_to": 1542, "column_from": 6, "column_to": 20 }, { "line_from": 40, "line_to": 40, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$im = file_get_contents($watermarkPath);", "selected_text": "$watermarkPath", "from": 1572, "to": 1586, "snippet_from": 1543, "snippet_to": 1588, "column_from": 30, "column_to": 44 } ] }, { "severity": "error", "line_from": 40, "line_to": 40, "type": "TaintedInput", "message": "Detected tainted text", "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$im = file_get_contents($watermarkPath);", "selected_text": "$watermarkPath", "from": 1572, "to": 1586, "snippet_from": 1543, "snippet_to": 1588, "column_from": 30, "column_to": 44, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 229, "line_to": 229, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "rawValues", "from": 4720, "to": 4729, "snippet_from": 4701, "snippet_to": 4736, "column_from": 20, "column_to": 29 }, { "line_from": 229, "line_to": 229, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "$this->rawValues", "from": 4713, "to": 4729, "snippet_from": 4701, "snippet_to": 4736, "column_from": 13, "column_to": 29 }, { "line_from": 229, "line_to": 229, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "$value", "from": 4704, "to": 4710, "snippet_from": 4701, "snippet_to": 4736, "column_from": 4, "column_to": 10 }, { "line_from": 244, "line_to": 244, "label": "array-fetch", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t\t\tforeach ($value as $k => $v) {", "selected_text": "$value", "from": 5202, "to": 5208, "snippet_from": 5188, "snippet_to": 5223, "column_from": 15, "column_to": 21 }, { "line_from": 245, "line_to": 245, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t\t\t\t$k = $keyType ? Purifier::purifyByType($k, $keyType) : Purifier::purify($k);", "selected_text": "$k", "from": 5302, "to": 5304, "snippet_from": 5224, "snippet_to": 5306, "column_from": 79, "column_to": 81 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 45, "line_to": 45, "label": "call to App\\Layout::truncateHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMailView/views/Preview.php", "file_path": "/app/modules/OSSMailView/views/Preview.php", "snippet": "\t\t\t$viewer->assign('CONTENT', nl2br(\\App\\Layout::truncateHtml(\\App\\Purifier::purify($recordModel->get('content')), 'full')));", "selected_text": "\\App\\Purifier::purify($recordModel->get('content'))", "from": 1659, "to": 1710, "snippet_from": 1597, "snippet_to": 1722, "column_from": 63, "column_to": 114 }, { "line_from": 156, "line_to": 156, "label": "App\\Layout::truncateHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\tpublic static function truncateHtml(?string $html, ?string $size = 'medium', ?int $length = 200): string", "selected_text": "$html", "from": 3446, "to": 3451, "snippet_from": 3401, "snippet_to": 3506, "column_from": 46, "column_to": 51 }, { "line_from": 172, "line_to": 172, "label": "call to strip_tags", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "$html", "from": 4223, "to": 4228, "snippet_from": 4169, "snippet_to": 4241, "column_from": 55, "column_to": 60 }, { "line_from": 172, "line_to": 172, "label": "strip_tags#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "$html", "from": 4223, "to": 4228, "snippet_from": 4169, "snippet_to": 4241, "column_from": 55, "column_to": 60 }, { "line_from": 172, "line_to": 172, "label": "strip_tags", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "strip_tags($html)", "from": 4212, "to": 4229, "snippet_from": 4169, "snippet_to": 4241, "column_from": 44, "column_to": 61 }, { "line_from": 172, "line_to": 172, "label": "call to trim", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "strip_tags($html)", "from": 4212, "to": 4229, "snippet_from": 4169, "snippet_to": 4241, "column_from": 44, "column_to": 61 }, { "line_from": 172, "line_to": 172, "label": "trim#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "strip_tags($html)", "from": 4212, "to": 4229, "snippet_from": 4169, "snippet_to": 4241, "column_from": 44, "column_to": 61 }, { "line_from": 172, "line_to": 172, "label": "trim", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "trim(strip_tags($html))", "from": 4207, "to": 4230, "snippet_from": 4169, "snippet_to": 4241, "column_from": 39, "column_to": 62 }, { "line_from": 172, "line_to": 172, "label": "call to App\\TextParser::textTruncate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "trim(strip_tags($html))", "from": 4207, "to": 4230, "snippet_from": 4169, "snippet_to": 4241, "column_from": 39, "column_to": 62 }, { "line_from": 1418, "line_to": 1418, "label": "App\\TextParser::textTruncate#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/TextParser.php", "file_path": "/app/app/TextParser.php", "snippet": "\tpublic static function textTruncate($text, $length = false, $addDots = true)", "selected_text": "$text", "from": 43041, "to": 43046, "snippet_from": 43004, "snippet_to": 43081, "column_from": 38, "column_to": 43 }, { "line_from": 1418, "line_to": 1418, "label": "App\\TextParser::textTruncate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/TextParser.php", "file_path": "/app/app/TextParser.php", "snippet": "\tpublic static function textTruncate($text, $length = false, $addDots = true)", "selected_text": "textTruncate", "from": 43028, "to": 43040, "snippet_from": 43004, "snippet_to": 43081, "column_from": 25, "column_to": 37 }, { "line_from": 91, "line_to": 91, "label": "call to App\\Mail\\ScannerEngine\\Outlook::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Mail/ScannerEngine/Outlook.php", "file_path": "/app/app/Mail/ScannerEngine/Outlook.php", "snippet": "\t\t$this->set('subject', $request->isEmpty('mailSubject') ? '-' : \\App\\TextParser::textTruncate($request->getByType('mailSubject', 'Text'), 65535, false));", "selected_text": "$request->isEmpty('mailSubject') ? '-' : \\App\\TextParser::textTruncate($request->getByType('mailSubject', 'Text'), 65535, false)", "from": 1965, "to": 2093, "snippet_from": 1941, "snippet_to": 2095, "column_from": 25, "column_to": 153 }, { "line_from": 69, "line_to": 69, "label": "App\\Mail\\ScannerEngine\\Outlook::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Mail/ScannerAction/CreatedMail.php", "file_path": "/app/app/Mail/ScannerAction/CreatedMail.php", "snippet": "\t\t\t$scanner->set('mailCrmId', $id);", "selected_text": "$id", "from": 2606, "to": 2609, "snippet_from": 2576, "snippet_to": 2611, "column_from": 31, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 39, "line_to": 39, "label": "$watermarkPath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$watermarkPath = $pdfModel->get($field);", "selected_text": "$watermarkPath", "from": 1502, "to": 1516, "snippet_from": 1497, "snippet_to": 1542, "column_from": 6, "column_to": 20 }, { "line_from": 40, "line_to": 40, "label": "call to file_get_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/actions/ExportTemplate.php", "file_path": "/app/modules/Settings/PDF/actions/ExportTemplate.php", "snippet": "\t\t\t\t\t$im = file_get_contents($watermarkPath);", "selected_text": "$watermarkPath", "from": 1572, "to": 1586, "snippet_from": 1543, "snippet_to": 1588, "column_from": 30, "column_to": 44 } ] }, { "severity": "error", "line_from": 64, "line_to": 64, "type": "TaintedInput", "message": "Detected tainted shell", "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\tfile_put_contents($newFilePath, $imageInstance->getContents());", "selected_text": "$newFilePath", "from": 2431, "to": 2443, "snippet_from": 2409, "snippet_to": 2476, "column_from": 23, "column_to": 35, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 460, "line_to": 460, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->rawValues[$key];", "selected_text": "rawValues", "from": 10586, "to": 10595, "snippet_from": 10569, "snippet_to": 10602, "column_from": 18, "column_to": 27 }, { "line_from": 460, "line_to": 460, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\treturn $this->rawValues[$key];", "selected_text": "$this->rawValues", "from": 10579, "to": 10595, "snippet_from": 10569, "snippet_to": 10602, "column_from": 11, "column_to": 27 }, { "line_from": 457, "line_to": 457, "label": "App\\Request::getRaw", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function getRaw($key, $defaultValue = '')", "selected_text": "getRaw", "from": 10494, "to": 10500, "snippet_from": 10477, "snippet_to": 10526, "column_from": 18, "column_to": 24 }, { "line_from": 28, "line_to": 28, "label": "call to Settings_WebserviceApps_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/WebserviceApps/actions/SaveAjax.php", "file_path": "/app/modules/Settings/WebserviceApps/actions/SaveAjax.php", "snippet": "\t\t$recordModel->set('pass', $request->getRaw('pass'));", "selected_text": "$request->getRaw('pass')", "from": 916, "to": 940, "snippet_from": 888, "snippet_to": 942, "column_from": 29, "column_to": 53 }, { "line_from": 33, "line_to": 33, "label": "Settings_WebserviceApps_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PickListDependency/models/ListView.php", "file_path": "/app/modules/Settings/PickListDependency/models/ListView.php", "snippet": "\t\t$field2->set('sort', false);", "selected_text": "false", "from": 1205, "to": 1210, "snippet_from": 1182, "snippet_to": 1212, "column_from": 24, "column_to": 29 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId()", "from": 2233, "to": 2264, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 51 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId() . '.'", "from": 2233, "to": 2270, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 57 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension()", "from": 2233, "to": 2303, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 90 }, { "line_from": 61, "line_to": 61, "label": "$newFilePath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$newFilePath", "from": 2218, "to": 2230, "snippet_from": 2214, "snippet_to": 2304, "column_from": 5, "column_to": 17 }, { "line_from": 64, "line_to": 64, "label": "call to file_put_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\tfile_put_contents($newFilePath, $imageInstance->getContents());", "selected_text": "$newFilePath", "from": 2431, "to": 2443, "snippet_from": 2409, "snippet_to": 2476, "column_from": 23, "column_to": 35 } ] }, { "severity": "error", "line_from": 64, "line_to": 64, "type": "TaintedInput", "message": "Detected tainted shell", "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\tfile_put_contents($newFilePath, $imageInstance->getContents());", "selected_text": "$newFilePath", "from": 2431, "to": 2443, "snippet_from": 2409, "snippet_to": 2476, "column_from": 23, "column_to": 35, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 1217, "line_to": 1217, "label": "call to Vtiger_Basic_InventoryField::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/PackageImport.php", "file_path": "/app/vtlib/Vtiger/PackageImport.php", "snippet": "\t\t\t\t\t\t$fieldModel->set($name, \\App\\Purifier::purifyByType((string) $fieldNode->columnname, 'Alnum'));", "selected_text": "\\App\\Purifier::purifyByType((string) $fieldNode->columnname, 'Alnum')", "from": 37189, "to": 37258, "snippet_from": 37159, "snippet_to": 37260, "column_from": 31, "column_to": 100 }, { "line_from": 92, "line_to": 92, "label": "Vtiger_Basic_InventoryField::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1822, "to": 1828, "snippet_from": 1795, "snippet_to": 1829, "column_from": 28, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId()", "from": 2233, "to": 2264, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 51 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId() . '.'", "from": 2233, "to": 2270, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 57 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension()", "from": 2233, "to": 2303, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 90 }, { "line_from": 61, "line_to": 61, "label": "$newFilePath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$newFilePath", "from": 2218, "to": 2230, "snippet_from": 2214, "snippet_to": 2304, "column_from": 5, "column_to": 17 }, { "line_from": 64, "line_to": 64, "label": "call to file_put_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\tfile_put_contents($newFilePath, $imageInstance->getContents());", "selected_text": "$newFilePath", "from": 2431, "to": 2443, "snippet_from": 2409, "snippet_to": 2476, "column_from": 23, "column_to": 35 } ] }, { "severity": "error", "line_from": 64, "line_to": 64, "type": "TaintedInput", "message": "Detected tainted shell", "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\tfile_put_contents($newFilePath, $imageInstance->getContents());", "selected_text": "$newFilePath", "from": 2431, "to": 2443, "snippet_from": 2409, "snippet_to": 2476, "column_from": 23, "column_to": 35, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 75, "line_to": 75, "label": "call to Rss_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Rss/models/Record.php", "file_path": "/app/modules/Rss/models/Record.php", "snippet": "\t\t$this->set('rsstitle', \\App\\Purifier::purifyByType((string) $rss->title, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType((string) $rss->title, 'Text')", "from": 1639, "to": 1696, "snippet_from": 1614, "snippet_to": 1698, "column_from": 26, "column_to": 83 }, { "line_from": 32, "line_to": 32, "label": "Rss_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/MultiImage.php", "file_path": "/app/modules/Vtiger/uitypes/MultiImage.php", "snippet": "\t\t\t$recordModel->set($fieldName, $this->getDBValue($value, $recordModel));", "selected_text": "$this->getDBValue($value, $recordModel)", "from": 1086, "to": 1125, "snippet_from": 1053, "snippet_to": 1127, "column_from": 34, "column_to": 73 }, { "line_from": 67, "line_to": 67, "label": "Vtiger_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/models/Record.php", "file_path": "/app/modules/Vtiger/models/Record.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1526, "to": 1532, "snippet_from": 1499, "snippet_to": 1533, "column_from": 28, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId()", "from": 2233, "to": 2264, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 51 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId() . '.'", "from": 2233, "to": 2270, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 57 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension()", "from": 2233, "to": 2303, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 90 }, { "line_from": 61, "line_to": 61, "label": "$newFilePath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$newFilePath", "from": 2218, "to": 2230, "snippet_from": 2214, "snippet_to": 2304, "column_from": 5, "column_to": 17 }, { "line_from": 64, "line_to": 64, "label": "call to file_put_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\tfile_put_contents($newFilePath, $imageInstance->getContents());", "selected_text": "$newFilePath", "from": 2431, "to": 2443, "snippet_from": 2409, "snippet_to": 2476, "column_from": 23, "column_to": 35 } ] }, { "severity": "error", "line_from": 64, "line_to": 64, "type": "TaintedInput", "message": "Detected tainted shell", "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\tfile_put_contents($newFilePath, $imageInstance->getContents());", "selected_text": "$newFilePath", "from": 2431, "to": 2443, "snippet_from": 2409, "snippet_to": 2476, "column_from": 23, "column_to": 35, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 64, "line_to": 64, "label": "call to Vtiger_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/com_vtiger_workflow/tasks/VTUpdateFieldsTask.php", "file_path": "/app/modules/com_vtiger_workflow/tasks/VTUpdateFieldsTask.php", "snippet": "\t\t\t\t$recordModel->set($fieldName, App\\Purifier::decodeHtml($fieldValue));", "selected_text": "App\\Purifier::decodeHtml($fieldValue)", "from": 2463, "to": 2500, "snippet_from": 2429, "snippet_to": 2502, "column_from": 35, "column_to": 72 }, { "line_from": 67, "line_to": 67, "label": "Vtiger_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/models/Record.php", "file_path": "/app/modules/Vtiger/models/Record.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1526, "to": 1532, "snippet_from": 1499, "snippet_to": 1533, "column_from": 28, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId()", "from": 2233, "to": 2264, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 51 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId() . '.'", "from": 2233, "to": 2270, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 57 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension()", "from": 2233, "to": 2303, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 90 }, { "line_from": 61, "line_to": 61, "label": "$newFilePath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$newFilePath", "from": 2218, "to": 2230, "snippet_from": 2214, "snippet_to": 2304, "column_from": 5, "column_to": 17 }, { "line_from": 64, "line_to": 64, "label": "call to file_put_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\tfile_put_contents($newFilePath, $imageInstance->getContents());", "selected_text": "$newFilePath", "from": 2431, "to": 2443, "snippet_from": 2409, "snippet_to": 2476, "column_from": 23, "column_to": 35 } ] }, { "severity": "error", "line_from": 64, "line_to": 64, "type": "TaintedInput", "message": "Detected tainted shell", "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\tfile_put_contents($newFilePath, $imageInstance->getContents());", "selected_text": "$newFilePath", "from": 2431, "to": 2443, "snippet_from": 2409, "snippet_to": 2476, "column_from": 23, "column_to": 35, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "line_from": 66, "line_to": 66, "label": "Throwable::__toString", "entry_path_type": "", "entry_path_description": null, "file_name": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "file_path": "/opt/phpsast/vendor/vimeo/psalm/src/Psalm/Internal/Stubs/CoreImmutableClasses.phpstub", "snippet": " public function __toString();", "selected_text": "__toString", "from": 1143, "to": 1153, "snippet_from": 1123, "snippet_to": 1156, "column_from": 21, "column_to": 31 }, { "line_from": 201, "line_to": 201, "label": "call to str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace#3", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "$e->__toString()", "from": 7900, "to": 7916, "snippet_from": 7733, "snippet_to": 7930, "column_from": 168, "column_to": 184 }, { "line_from": 201, "line_to": 201, "label": "str_replace", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 201, "line_to": 201, "label": "call to App\\Purifier::encodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "include/main/WebUI.php", "file_path": "/app/include/main/WebUI.php", "snippet": "\t\t\t\t\techo '
' . App\\Purifier::encodeHtml(str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())) . '';", "selected_text": "str_replace(ROOT_DIRECTORY . DIRECTORY_SEPARATOR, '', $e->__toString())", "from": 7846, "to": 7917, "snippet_from": 7733, "snippet_to": 7930, "column_from": 114, "column_to": 185 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "$string", "from": 15399, "to": 15406, "snippet_from": 15364, "snippet_to": 15407, "column_from": 36, "column_to": 43 }, { "line_from": 489, "line_to": 489, "label": "call to htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15437, "to": 15444, "snippet_from": 15411, "snippet_to": 15483, "column_from": 27, "column_to": 34 }, { "line_from": 489, "line_to": 489, "label": "htmlspecialchars", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "htmlspecialchars($string, ENT_QUOTES, static::$defaultCharset)", "from": 15420, "to": 15482, "snippet_from": 15411, "snippet_to": 15483, "column_from": 10, "column_to": 72 }, { "line_from": 487, "line_to": 487, "label": "App\\Purifier::encodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function encodeHtml($string)", "selected_text": "encodeHtml", "from": 15388, "to": 15398, "snippet_from": 15364, "snippet_to": 15407, "column_from": 25, "column_to": 35 }, { "line_from": 440, "line_to": 440, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\t\t\t\t$value = Fields\\File::checkFilePath($input) ? static::encodeHtml(static::purify($input)) : null;", "selected_text": "$value", "from": 14146, "to": 14152, "snippet_from": 14141, "snippet_to": 14242, "column_from": 6, "column_to": 12 }, { "line_from": 325, "line_to": 325, "label": "App\\Purifier::purifyByType", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purifyByType($input, $type, $convert = false)", "selected_text": "purifyByType", "from": 10124, "to": 10136, "snippet_from": 10100, "snippet_to": 10169, "column_from": 25, "column_to": 37 }, { "line_from": 44, "line_to": 44, "label": "call to App\\Purifier::decodeHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMail/actions/ImportMail.php", "file_path": "/app/modules/OSSMail/actions/ImportMail.php", "snippet": "\t\t$folder = \\App\\Purifier::decodeHtml(\\App\\Purifier::purifyByType($folder, 'Text'));", "selected_text": "\\App\\Purifier::purifyByType($folder, 'Text')", "from": 1318, "to": 1362, "snippet_from": 1280, "snippet_to": 1364, "column_from": 39, "column_to": 83 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "$string", "from": 15615, "to": 15622, "snippet_from": 15580, "snippet_to": 15623, "column_from": 36, "column_to": 43 }, { "line_from": 501, "line_to": 501, "label": "call to html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "$string", "from": 15655, "to": 15662, "snippet_from": 15627, "snippet_to": 15701, "column_from": 29, "column_to": 36 }, { "line_from": 501, "line_to": 501, "label": "html_entity_decode", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\t\treturn html_entity_decode($string, ENT_QUOTES, static::$defaultCharset);", "selected_text": "html_entity_decode($string, ENT_QUOTES, static::$defaultCharset)", "from": 15636, "to": 15700, "snippet_from": 15627, "snippet_to": 15701, "column_from": 10, "column_to": 74 }, { "line_from": 499, "line_to": 499, "label": "App\\Purifier::decodeHtml", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function decodeHtml($string)", "selected_text": "decodeHtml", "from": 15604, "to": 15614, "snippet_from": 15580, "snippet_to": 15623, "column_from": 25, "column_to": 35 }, { "line_from": 64, "line_to": 64, "label": "call to Vtiger_Record_Model::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/com_vtiger_workflow/tasks/VTUpdateFieldsTask.php", "file_path": "/app/modules/com_vtiger_workflow/tasks/VTUpdateFieldsTask.php", "snippet": "\t\t\t\t$recordModel->set($fieldName, App\\Purifier::decodeHtml($fieldValue));", "selected_text": "App\\Purifier::decodeHtml($fieldValue)", "from": 2463, "to": 2500, "snippet_from": 2429, "snippet_to": 2502, "column_from": 35, "column_to": 72 }, { "line_from": 67, "line_to": 67, "label": "Vtiger_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/models/Record.php", "file_path": "/app/modules/Vtiger/models/Record.php", "snippet": "\tpublic function set($key, $value)", "selected_text": "$value", "from": 1526, "to": 1532, "snippet_from": 1499, "snippet_to": 1533, "column_from": 28, "column_to": 34 }, { "line_from": 32, "line_to": 32, "label": "Assets_Record_Model::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Vtiger/uitypes/MultiImage.php", "file_path": "/app/modules/Vtiger/uitypes/MultiImage.php", "snippet": "\t\t\t$recordModel->set($fieldName, $this->getDBValue($value, $recordModel));", "selected_text": "$this->getDBValue($value, $recordModel)", "from": 1086, "to": 1125, "snippet_from": 1053, "snippet_to": 1127, "column_from": 34, "column_to": 73 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId()", "from": 2233, "to": 2264, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 51 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId() . '.'", "from": 2233, "to": 2270, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 57 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension()", "from": 2233, "to": 2303, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 90 }, { "line_from": 61, "line_to": 61, "label": "$newFilePath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$newFilePath", "from": 2218, "to": 2230, "snippet_from": 2214, "snippet_to": 2304, "column_from": 5, "column_to": 17 }, { "line_from": 64, "line_to": 64, "label": "call to file_put_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\tfile_put_contents($newFilePath, $imageInstance->getContents());", "selected_text": "$newFilePath", "from": 2431, "to": 2443, "snippet_from": 2409, "snippet_to": 2476, "column_from": 23, "column_to": 35 } ] }, { "severity": "error", "line_from": 64, "line_to": 64, "type": "TaintedInput", "message": "Detected tainted shell", "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\tfile_put_contents($newFilePath, $imageInstance->getContents());", "selected_text": "$newFilePath", "from": 2431, "to": 2443, "snippet_from": 2409, "snippet_to": 2476, "column_from": 23, "column_to": 35, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 229, "line_to": 229, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "rawValues", "from": 4720, "to": 4729, "snippet_from": 4701, "snippet_to": 4736, "column_from": 20, "column_to": 29 }, { "line_from": 229, "line_to": 229, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "$this->rawValues", "from": 4713, "to": 4729, "snippet_from": 4701, "snippet_to": 4736, "column_from": 13, "column_to": 29 }, { "line_from": 229, "line_to": 229, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "$value", "from": 4704, "to": 4710, "snippet_from": 4701, "snippet_to": 4736, "column_from": 4, "column_to": 10 }, { "line_from": 250, "line_to": 250, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t\t\t$value = $type ? Purifier::purifyByType($value, $type) : Purifier::purify($value);", "selected_text": "$value", "from": 5513, "to": 5519, "snippet_from": 5434, "snippet_to": 5521, "column_from": 80, "column_to": 86 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 45, "line_to": 45, "label": "call to App\\Layout::truncateHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMailView/views/Preview.php", "file_path": "/app/modules/OSSMailView/views/Preview.php", "snippet": "\t\t\t$viewer->assign('CONTENT', nl2br(\\App\\Layout::truncateHtml(\\App\\Purifier::purify($recordModel->get('content')), 'full')));", "selected_text": "\\App\\Purifier::purify($recordModel->get('content'))", "from": 1659, "to": 1710, "snippet_from": 1597, "snippet_to": 1722, "column_from": 63, "column_to": 114 }, { "line_from": 156, "line_to": 156, "label": "App\\Layout::truncateHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\tpublic static function truncateHtml(?string $html, ?string $size = 'medium', ?int $length = 200): string", "selected_text": "$html", "from": 3446, "to": 3451, "snippet_from": 3401, "snippet_to": 3506, "column_from": 46, "column_to": 51 }, { "line_from": 172, "line_to": 172, "label": "call to strip_tags", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "$html", "from": 4223, "to": 4228, "snippet_from": 4169, "snippet_to": 4241, "column_from": 55, "column_to": 60 }, { "line_from": 172, "line_to": 172, "label": "strip_tags#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "$html", "from": 4223, "to": 4228, "snippet_from": 4169, "snippet_to": 4241, "column_from": 55, "column_to": 60 }, { "line_from": 172, "line_to": 172, "label": "strip_tags", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "strip_tags($html)", "from": 4212, "to": 4229, "snippet_from": 4169, "snippet_to": 4241, "column_from": 44, "column_to": 61 }, { "line_from": 172, "line_to": 172, "label": "call to trim", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "strip_tags($html)", "from": 4212, "to": 4229, "snippet_from": 4169, "snippet_to": 4241, "column_from": 44, "column_to": 61 }, { "line_from": 172, "line_to": 172, "label": "trim#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "strip_tags($html)", "from": 4212, "to": 4229, "snippet_from": 4169, "snippet_to": 4241, "column_from": 44, "column_to": 61 }, { "line_from": 172, "line_to": 172, "label": "trim", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "trim(strip_tags($html))", "from": 4207, "to": 4230, "snippet_from": 4169, "snippet_to": 4241, "column_from": 39, "column_to": 62 }, { "line_from": 172, "line_to": 172, "label": "call to App\\TextParser::textTruncate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "trim(strip_tags($html))", "from": 4207, "to": 4230, "snippet_from": 4169, "snippet_to": 4241, "column_from": 39, "column_to": 62 }, { "line_from": 1418, "line_to": 1418, "label": "App\\TextParser::textTruncate#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/TextParser.php", "file_path": "/app/app/TextParser.php", "snippet": "\tpublic static function textTruncate($text, $length = false, $addDots = true)", "selected_text": "$text", "from": 43041, "to": 43046, "snippet_from": 43004, "snippet_to": 43081, "column_from": 38, "column_to": 43 }, { "line_from": 1418, "line_to": 1418, "label": "App\\TextParser::textTruncate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/TextParser.php", "file_path": "/app/app/TextParser.php", "snippet": "\tpublic static function textTruncate($text, $length = false, $addDots = true)", "selected_text": "textTruncate", "from": 43028, "to": 43040, "snippet_from": 43004, "snippet_to": 43081, "column_from": 25, "column_to": 37 }, { "line_from": 91, "line_to": 91, "label": "call to App\\Mail\\ScannerEngine\\Outlook::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Mail/ScannerEngine/Outlook.php", "file_path": "/app/app/Mail/ScannerEngine/Outlook.php", "snippet": "\t\t$this->set('subject', $request->isEmpty('mailSubject') ? '-' : \\App\\TextParser::textTruncate($request->getByType('mailSubject', 'Text'), 65535, false));", "selected_text": "$request->isEmpty('mailSubject') ? '-' : \\App\\TextParser::textTruncate($request->getByType('mailSubject', 'Text'), 65535, false)", "from": 1965, "to": 2093, "snippet_from": 1941, "snippet_to": 2095, "column_from": 25, "column_to": 153 }, { "line_from": 69, "line_to": 69, "label": "App\\Mail\\ScannerEngine\\Outlook::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Mail/ScannerAction/CreatedMail.php", "file_path": "/app/app/Mail/ScannerAction/CreatedMail.php", "snippet": "\t\t\t$scanner->set('mailCrmId', $id);", "selected_text": "$id", "from": 2606, "to": 2609, "snippet_from": 2576, "snippet_to": 2611, "column_from": 31, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId()", "from": 2233, "to": 2264, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 51 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId() . '.'", "from": 2233, "to": 2270, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 57 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension()", "from": 2233, "to": 2303, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 90 }, { "line_from": 61, "line_to": 61, "label": "$newFilePath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$newFilePath", "from": 2218, "to": 2230, "snippet_from": 2214, "snippet_to": 2304, "column_from": 5, "column_to": 17 }, { "line_from": 64, "line_to": 64, "label": "call to file_put_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\tfile_put_contents($newFilePath, $imageInstance->getContents());", "selected_text": "$newFilePath", "from": 2431, "to": 2443, "snippet_from": 2409, "snippet_to": 2476, "column_from": 23, "column_to": 35 } ] }, { "severity": "error", "line_from": 64, "line_to": 64, "type": "TaintedInput", "message": "Detected tainted shell", "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\tfile_put_contents($newFilePath, $imageInstance->getContents());", "selected_text": "$newFilePath", "from": 2431, "to": 2443, "snippet_from": 2409, "snippet_to": 2476, "column_from": 23, "column_to": 35, "error_level": -2, "shortcode": 205, "link": "https://psalm.dev/205", "taint_trace": [ { "label": "$_REQUEST", "entry_path_type": "" }, { "line_from": 738, "line_to": 738, "label": "call to App\\Request::__construct", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\tstatic::$request = new self($request ? $request : $_REQUEST);", "selected_text": "$request ? $request : $_REQUEST", "from": 16970, "to": 17001, "snippet_from": 16939, "snippet_to": 17003, "column_from": 32, "column_to": 63 }, { "line_from": 108, "line_to": 108, "label": "App\\Request::__construct#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\tpublic function __construct($rawValues, $overwrite = true)", "selected_text": "$rawValues", "from": 1727, "to": 1737, "snippet_from": 1698, "snippet_to": 1757, "column_from": 30, "column_to": 40 }, { "line_from": 110, "line_to": 110, "label": "App\\Request::$rawValues", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t$this->rawValues = $rawValues;", "selected_text": "$this->rawValues", "from": 1763, "to": 1779, "snippet_from": 1761, "snippet_to": 1793, "column_from": 3, "column_to": 19 }, { "label": "App\\Request::$rawValues", "entry_path_type": "property-assignment" }, { "line_from": 229, "line_to": 229, "label": "App\\Request::$rawValues", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "rawValues", "from": 4720, "to": 4729, "snippet_from": 4701, "snippet_to": 4736, "column_from": 20, "column_to": 29 }, { "line_from": 229, "line_to": 229, "label": "$this->rawValues[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "$this->rawValues", "from": 4713, "to": 4729, "snippet_from": 4701, "snippet_to": 4736, "column_from": 13, "column_to": 29 }, { "line_from": 229, "line_to": 229, "label": "$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t$value = $this->rawValues[$key];", "selected_text": "$value", "from": 4704, "to": 4710, "snippet_from": 4701, "snippet_to": 4736, "column_from": 4, "column_to": 10 }, { "line_from": 244, "line_to": 244, "label": "array-fetch", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t\t\tforeach ($value as $k => $v) {", "selected_text": "$value", "from": 5202, "to": 5208, "snippet_from": 5188, "snippet_to": 5223, "column_from": 15, "column_to": 21 }, { "line_from": 245, "line_to": 245, "label": "call to App\\Purifier::purify", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Request.php", "file_path": "/app/app/Request.php", "snippet": "\t\t\t\t\t\t$k = $keyType ? Purifier::purifyByType($k, $keyType) : Purifier::purify($k);", "selected_text": "$k", "from": 5302, "to": 5304, "snippet_from": 5224, "snippet_to": 5306, "column_from": 79, "column_to": 81 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "$input", "from": 2745, "to": 2751, "snippet_from": 2714, "snippet_to": 2766, "column_from": 32, "column_to": 38 }, { "line_from": 109, "line_to": 109, "label": "App\\Purifier::purify", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Purifier.php", "file_path": "/app/app/Purifier.php", "snippet": "\tpublic static function purify($input, $loop = true)", "selected_text": "purify", "from": 2738, "to": 2744, "snippet_from": 2714, "snippet_to": 2766, "column_from": 25, "column_to": 31 }, { "line_from": 45, "line_to": 45, "label": "call to App\\Layout::truncateHtml", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/OSSMailView/views/Preview.php", "file_path": "/app/modules/OSSMailView/views/Preview.php", "snippet": "\t\t\t$viewer->assign('CONTENT', nl2br(\\App\\Layout::truncateHtml(\\App\\Purifier::purify($recordModel->get('content')), 'full')));", "selected_text": "\\App\\Purifier::purify($recordModel->get('content'))", "from": 1659, "to": 1710, "snippet_from": 1597, "snippet_to": 1722, "column_from": 63, "column_to": 114 }, { "line_from": 156, "line_to": 156, "label": "App\\Layout::truncateHtml#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\tpublic static function truncateHtml(?string $html, ?string $size = 'medium', ?int $length = 200): string", "selected_text": "$html", "from": 3446, "to": 3451, "snippet_from": 3401, "snippet_to": 3506, "column_from": 46, "column_to": 51 }, { "line_from": 172, "line_to": 172, "label": "call to strip_tags", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "$html", "from": 4223, "to": 4228, "snippet_from": 4169, "snippet_to": 4241, "column_from": 55, "column_to": 60 }, { "line_from": 172, "line_to": 172, "label": "strip_tags#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "$html", "from": 4223, "to": 4228, "snippet_from": 4169, "snippet_to": 4241, "column_from": 55, "column_to": 60 }, { "line_from": 172, "line_to": 172, "label": "strip_tags", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "strip_tags($html)", "from": 4212, "to": 4229, "snippet_from": 4169, "snippet_to": 4241, "column_from": 44, "column_to": 61 }, { "line_from": 172, "line_to": 172, "label": "call to trim", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "strip_tags($html)", "from": 4212, "to": 4229, "snippet_from": 4169, "snippet_to": 4241, "column_from": 44, "column_to": 61 }, { "line_from": 172, "line_to": 172, "label": "trim#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "strip_tags($html)", "from": 4212, "to": 4229, "snippet_from": 4169, "snippet_to": 4241, "column_from": 44, "column_to": 61 }, { "line_from": 172, "line_to": 172, "label": "trim", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "trim(strip_tags($html))", "from": 4207, "to": 4230, "snippet_from": 4169, "snippet_to": 4241, "column_from": 39, "column_to": 62 }, { "line_from": 172, "line_to": 172, "label": "call to App\\TextParser::textTruncate", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Layout.php", "file_path": "/app/app/Layout.php", "snippet": "\t\t\t$teaser = TextParser::textTruncate(trim(strip_tags($html)), $length);", "selected_text": "trim(strip_tags($html))", "from": 4207, "to": 4230, "snippet_from": 4169, "snippet_to": 4241, "column_from": 39, "column_to": 62 }, { "line_from": 1418, "line_to": 1418, "label": "App\\TextParser::textTruncate#1", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/TextParser.php", "file_path": "/app/app/TextParser.php", "snippet": "\tpublic static function textTruncate($text, $length = false, $addDots = true)", "selected_text": "$text", "from": 43041, "to": 43046, "snippet_from": 43004, "snippet_to": 43081, "column_from": 38, "column_to": 43 }, { "line_from": 1418, "line_to": 1418, "label": "App\\TextParser::textTruncate", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/TextParser.php", "file_path": "/app/app/TextParser.php", "snippet": "\tpublic static function textTruncate($text, $length = false, $addDots = true)", "selected_text": "textTruncate", "from": 43028, "to": 43040, "snippet_from": 43004, "snippet_to": 43081, "column_from": 25, "column_to": 37 }, { "line_from": 91, "line_to": 91, "label": "call to App\\Mail\\ScannerEngine\\Outlook::set", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Mail/ScannerEngine/Outlook.php", "file_path": "/app/app/Mail/ScannerEngine/Outlook.php", "snippet": "\t\t$this->set('subject', $request->isEmpty('mailSubject') ? '-' : \\App\\TextParser::textTruncate($request->getByType('mailSubject', 'Text'), 65535, false));", "selected_text": "$request->isEmpty('mailSubject') ? '-' : \\App\\TextParser::textTruncate($request->getByType('mailSubject', 'Text'), 65535, false)", "from": 1965, "to": 2093, "snippet_from": 1941, "snippet_to": 2095, "column_from": 25, "column_to": 153 }, { "line_from": 69, "line_to": 69, "label": "App\\Mail\\ScannerEngine\\Outlook::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "app/Mail/ScannerAction/CreatedMail.php", "file_path": "/app/app/Mail/ScannerAction/CreatedMail.php", "snippet": "\t\t\t$scanner->set('mailCrmId', $id);", "selected_text": "$id", "from": 2606, "to": 2609, "snippet_from": 2576, "snippet_to": 2611, "column_from": 31, "column_to": 34 }, { "line_from": 181, "line_to": 181, "label": "App\\Base::set#2", "entry_path_type": "arg", "entry_path_description": null, "file_name": "vtlib/Vtiger/Filter.php", "file_path": "/app/vtlib/Vtiger/Filter.php", "snippet": "\t\t$cvRecordModel->set('advfilterlistDbFormat', true);", "selected_text": "true", "from": 5152, "to": 5156, "snippet_from": 5105, "snippet_to": 5158, "column_from": 48, "column_to": 52 }, { "line_from": 94, "line_to": 94, "label": "$this->value[$key]", "entry_path_type": "array-assignment", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "line_from": 94, "line_to": 94, "label": "App\\Base::$value", "entry_path_type": "=", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\t$this->value[$key] = $value;", "selected_text": "$this->value", "from": 1835, "to": 1847, "snippet_from": 1833, "snippet_to": 1863, "column_from": 3, "column_to": 15 }, { "label": "App\\Base::$value", "entry_path_type": "property-assignment" }, { "line_from": 48, "line_to": 48, "label": "App\\Base::$value", "entry_path_type": "property-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "value", "from": 941, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 45, "column_to": 50 }, { "line_from": 48, "line_to": 48, "label": "$this->value[$key]", "entry_path_type": "array-fetch", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\t\treturn isset($this->value[$key]) ? $this->value[$key] : null;", "selected_text": "$this->value", "from": 934, "to": 946, "snippet_from": 897, "snippet_to": 960, "column_from": 38, "column_to": 50 }, { "line_from": 46, "line_to": 46, "label": "App\\Base::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "app/Base.php", "file_path": "/app/app/Base.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 884, "to": 887, "snippet_from": 867, "snippet_to": 893, "column_from": 18, "column_to": 21 }, { "line_from": 108, "line_to": 108, "label": "Vtiger_PDF_Model::get", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function get($key)", "selected_text": "get", "from": 1895, "to": 1898, "snippet_from": 1878, "snippet_to": 1904, "column_from": 18, "column_to": 21 }, { "line_from": 84, "line_to": 84, "label": "Vtiger_PDF_Model::getId", "entry_path_type": "return", "entry_path_description": null, "file_name": "modules/Vtiger/models/PDF.php", "file_path": "/app/modules/Vtiger/models/PDF.php", "snippet": "\tpublic function getId()", "selected_text": "getId", "from": 1491, "to": 1496, "snippet_from": 1474, "snippet_to": 1498, "column_from": 18, "column_to": 23 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId()", "from": 2233, "to": 2264, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 51 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId() . '.'", "from": 2233, "to": 2270, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 57 }, { "line_from": 61, "line_to": 61, "label": "concat", "entry_path_type": "concat", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension()", "from": 2233, "to": 2303, "snippet_from": 2214, "snippet_to": 2304, "column_from": 20, "column_to": 90 }, { "line_from": 61, "line_to": 61, "label": "$newFilePath", "entry_path_type": "=", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\t$newFilePath = $targetDir . $pdfModel->getId() . '.' . $imageInstance->getExtension();", "selected_text": "$newFilePath", "from": 2218, "to": 2230, "snippet_from": 2214, "snippet_to": 2304, "column_from": 5, "column_to": 17 }, { "line_from": 64, "line_to": 64, "label": "call to file_put_contents", "entry_path_type": "arg", "entry_path_description": null, "file_name": "modules/Settings/PDF/views/Import.php", "file_path": "/app/modules/Settings/PDF/views/Import.php", "snippet": "\t\t\t\tfile_put_contents($newFilePath, $imageInstance->getContents());", "selected_text": "$newFilePath", "from": 2431, "to": 2443, "snippet_from": 2409, "snippet_to": 2476, "column_from": 23, "column_to": 35 } ] }, { "severity": "error", "line_from": 16, "line_to": 16, "type": "TaintedInput", "message": "Detected tainted html", "file_name": "modules/Settings/Vtiger/views/BasicModal.php", "file_path": "/app/modules/Settings/Vtiger/views/BasicModal.php", "snippet": "\t\techo '