Showing 383 of 383 total issues
admin accesses the super-global variable $_POST. Open
function admin(){
global $root;
$apiClient = new ApiClient\ApiClient("$root/../properties/secure.ini");
if(!isset($_POST['sid']) || strlen($_POST['sid']) < 1) {
header("HTTP/1.0 400 sid not entered");
- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}
Source
logout accesses the super-global variable $_SESSION. Open
function logout(){
global $root;
$apiClient = new ApiClient\ApiClient("$root/../properties/secure.ini");
$results = $apiClient->logout($_COOKIE['sid']);
if($results['success'] == 1) {
- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}
Source
changeUser accesses the super-global variable $_POST. Open
function changeUser(){
if(isset($_POST['user']) && isset($_POST['type']) && isAdmin() /*&& checkHeaders()*/){
$user = $_POST['user'];
$type = $_POST['type'];
$user = mysql_real_escape_string($user);
- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}
Source
changeUserInfo accesses the super-global variable $_SESSION. Open
function changeUserInfo(){
if (isset($_SESSION['username']) && isset($_POST['oldPwd']) && isset($_POST['newPwd']) && isset($_POST['authy']) &&
isset($_POST['card']) && isset($_POST['email']) && isset($_POST['name']) && isset($_POST['confNewPass']) ){
$username = $_SESSION['username'];
$oldPassword = mysql_real_escape_string($_POST['oldPwd']);
- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}
Source
login accesses the super-global variable $_POST. Open
function login(){
//TODO add check headers and other functions
if(isset($_POST['Username']) && isset($_POST['Password']) /*&& checkHeaders()*/ && isset($_POST['Token']) && isset($_POST['sid'])){
$user = $_POST['Username'];
$pass = $_POST['Password'];
- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}
Source
login accesses the super-global variable $_SESSION. Open
function login(){
//TODO add check headers and other functions
if(isset($_POST['Username']) && isset($_POST['Password']) /*&& checkHeaders()*/ && isset($_POST['Token']) && isset($_POST['sid'])){
$user = $_POST['Username'];
$pass = $_POST['Password'];
- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}
Source
registerUser accesses the super-global variable $_POST. Open
function registerUser(){
if (isset($_POST['personName']) && isset($_POST['username'])&& isset($_POST['password']) && isset($_POST['email']) && isAdmin() && isset($_POST['admin'])){
$personName = $_POST['personName'];
$username = $_POST['username'];
$password = $_POST['password'];
- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}
Source
changeUserInfo accesses the super-global variable $_POST. Open
function changeUserInfo(){
if (isset($_SESSION['username']) && isset($_POST['oldPwd']) && isset($_POST['newPwd']) && isset($_POST['authy']) &&
isset($_POST['card']) && isset($_POST['email']) && isset($_POST['name']) && isset($_POST['confNewPass']) ){
$username = $_SESSION['username'];
$oldPassword = mysql_real_escape_string($_POST['oldPwd']);
- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}
Source
resetPassword accesses the super-global variable $_POST. Open
function resetPassword(){
if (isset($_POST['username']) && isset($_POST['email'])){
$username = $_POST['username'];
$email = $_POST['email'];
- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}
Source
Rule doesn't have all its properties in alphabetical order. Open
.inputinput {
- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
.loginpage {
- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
.loginform {
- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
.loginbutton {
- Exclude checks
Expected '!==' and instead saw '!='. Open
if(sid != null) {
- Read upRead up
- Exclude checks
Require === and !== (eqeqeq)
It is considered good practice to use the type-safe equality operators ===
and !==
instead of their regular counterparts ==
and !=
.
The reason for this is that ==
and !=
do type coercion which follows the rather obscure Abstract Equality Comparison Algorithm.
For instance, the following statements are all considered true
:
[] == false
[] == ![]
3 == "03"
If one of those occurs in an innocent-looking statement such as a == b
the actual problem is very difficult to spot.
Rule Details
This rule is aimed at eliminating the type-unsafe equality operators.
Examples of incorrect code for this rule:
/*eslint eqeqeq: "error"*/
if (x == 42) { }
if ("" == text) { }
if (obj.getStuff() != undefined) { }
The --fix
option on the command line automatically fixes some problems reported by this rule. A problem is only fixed if one of the operands is a typeof
expression, or if both operands are literals with the same type.
Options
always
The "always"
option (default) enforces the use of ===
and !==
in every situation (except when you opt-in to more specific handling of null
[see below]).
Examples of incorrect code for the "always"
option:
/*eslint eqeqeq: ["error", "always"]*/
a == b
foo == true
bananas != 1
value == undefined
typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null
Examples of correct code for the "always"
option:
/*eslint eqeqeq: ["error", "always"]*/
a === b
foo === true
bananas !== 1
value === undefined
typeof foo === 'undefined'
'hello' !== 'world'
0 === 0
true === true
foo === null
This rule optionally takes a second argument, which should be an object with the following supported properties:
-
"null"
: Customize how this rule treatsnull
literals. Possible values:-
always
(default) - Always use === or !==. -
never
- Never use === or !== withnull
. -
ignore
- Do not apply this rule tonull
.
-
smart
The "smart"
option enforces the use of ===
and !==
except for these cases:
- Comparing two literal values
- Evaluating the value of
typeof
- Comparing against
null
Examples of incorrect code for the "smart"
option:
/*eslint eqeqeq: ["error", "smart"]*/
// comparing two variables requires ===
a == b
// only one side is a literal
foo == true
bananas != 1
// comparing to undefined requires ===
value == undefined
Examples of correct code for the "smart"
option:
/*eslint eqeqeq: ["error", "smart"]*/
typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == null
allow-null
Deprecated: Instead of using this option use "always" and pass a "null" option property with value "ignore". This will tell eslint to always enforce strict equality except when comparing with the null
literal.
["error", "always", {"null": "ignore"}]
When Not To Use It
If you don't want to enforce a style for using equality operators, then it's safe to disable this rule. Source: http://eslint.org/docs/rules/
Rule doesn't have all its properties in alphabetical order. Open
.content {
- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
.nav li:after {
- Exclude checks
Use ‘===’ to compare with ‘null’. Open
if(err == null && resp.statusCode === 200) {
- Read upRead up
- Exclude checks
Disallow Null Comparisons (no-eq-null)
Comparing to null
without a type-checking operator (==
or !=
), can have unintended results as the comparison will evaluate to true when comparing to not just a null
, but also an undefined
value.
if (foo == null) {
bar();
}
Rule Details
The no-eq-null
rule aims reduce potential bug and unwanted behavior by ensuring that comparisons to null
only match null
, and not also undefined
. As such it will flag comparisons to null when using ==
and !=
.
Examples of incorrect code for this rule:
/*eslint no-eq-null: "error"*/
if (foo == null) {
bar();
}
while (qux != null) {
baz();
}
Examples of correct code for this rule:
/*eslint no-eq-null: "error"*/
if (foo === null) {
bar();
}
while (qux !== null) {
baz();
}
Source: http://eslint.org/docs/rules/
Rule is empty. Open
.userList li:first-child {
- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
.container {
- Exclude checks
Using width with padding can sometimes make elements larger than you expect. Open
padding: 5px;
- Exclude checks