Showing 383 of 383 total issues
admin accesses the super-global variable $_POST. Open
function admin(){
global $root;
$apiClient = new ApiClient\ApiClient("$root/../properties/secure.ini");
if(!isset($_POST['sid']) || strlen($_POST['sid']) < 1) {
header("HTTP/1.0 400 sid not entered");- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}Source
logout accesses the super-global variable $_SESSION. Open
function logout(){
global $root;
$apiClient = new ApiClient\ApiClient("$root/../properties/secure.ini");
$results = $apiClient->logout($_COOKIE['sid']);
if($results['success'] == 1) {- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}Source
changeUser accesses the super-global variable $_POST. Open
function changeUser(){
if(isset($_POST['user']) && isset($_POST['type']) && isAdmin() /*&& checkHeaders()*/){
$user = $_POST['user'];
$type = $_POST['type'];
$user = mysql_real_escape_string($user);- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}Source
changeUserInfo accesses the super-global variable $_SESSION. Open
function changeUserInfo(){
if (isset($_SESSION['username']) && isset($_POST['oldPwd']) && isset($_POST['newPwd']) && isset($_POST['authy']) &&
isset($_POST['card']) && isset($_POST['email']) && isset($_POST['name']) && isset($_POST['confNewPass']) ){
$username = $_SESSION['username'];
$oldPassword = mysql_real_escape_string($_POST['oldPwd']);- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}Source
login accesses the super-global variable $_POST. Open
function login(){
//TODO add check headers and other functions
if(isset($_POST['Username']) && isset($_POST['Password']) /*&& checkHeaders()*/ && isset($_POST['Token']) && isset($_POST['sid'])){
$user = $_POST['Username'];
$pass = $_POST['Password'];- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}Source
login accesses the super-global variable $_SESSION. Open
function login(){
//TODO add check headers and other functions
if(isset($_POST['Username']) && isset($_POST['Password']) /*&& checkHeaders()*/ && isset($_POST['Token']) && isset($_POST['sid'])){
$user = $_POST['Username'];
$pass = $_POST['Password'];- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}Source
registerUser accesses the super-global variable $_POST. Open
function registerUser(){
if (isset($_POST['personName']) && isset($_POST['username'])&& isset($_POST['password']) && isset($_POST['email']) && isAdmin() && isset($_POST['admin'])){
$personName = $_POST['personName'];
$username = $_POST['username'];
$password = $_POST['password'];- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}Source
changeUserInfo accesses the super-global variable $_POST. Open
function changeUserInfo(){
if (isset($_SESSION['username']) && isset($_POST['oldPwd']) && isset($_POST['newPwd']) && isset($_POST['authy']) &&
isset($_POST['card']) && isset($_POST['email']) && isset($_POST['name']) && isset($_POST['confNewPass']) ){
$username = $_SESSION['username'];
$oldPassword = mysql_real_escape_string($_POST['oldPwd']);- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}Source
resetPassword accesses the super-global variable $_POST. Open
function resetPassword(){
if (isset($_POST['username']) && isset($_POST['email'])){
$username = $_POST['username'];
$email = $_POST['email'];
- Read upRead up
- Exclude checks
Superglobals
Since: 0.2
Accessing a super-global variable directly is considered a bad practice. These variables should be encapsulated in objects that are provided by a framework, for instance.
Example
class Foo {
public function bar() {
$name = $_POST['foo'];
}
}Source
Rule doesn't have all its properties in alphabetical order. Open
.inputinput {- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
.loginpage {- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
.loginform {- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
.loginbutton {- Exclude checks
Expected '!==' and instead saw '!='. Open
if(sid != null) {- Read upRead up
- Exclude checks
Require === and !== (eqeqeq)
It is considered good practice to use the type-safe equality operators === and !== instead of their regular counterparts == and !=.
The reason for this is that == and != do type coercion which follows the rather obscure Abstract Equality Comparison Algorithm.
For instance, the following statements are all considered true:
[] == false[] == ![]3 == "03"
If one of those occurs in an innocent-looking statement such as a == b the actual problem is very difficult to spot.
Rule Details
This rule is aimed at eliminating the type-unsafe equality operators.
Examples of incorrect code for this rule:
/*eslint eqeqeq: "error"*/
if (x == 42) { }
if ("" == text) { }
if (obj.getStuff() != undefined) { }The --fix option on the command line automatically fixes some problems reported by this rule. A problem is only fixed if one of the operands is a typeof expression, or if both operands are literals with the same type.
Options
always
The "always" option (default) enforces the use of === and !== in every situation (except when you opt-in to more specific handling of null [see below]).
Examples of incorrect code for the "always" option:
/*eslint eqeqeq: ["error", "always"]*/
a == b
foo == true
bananas != 1
value == undefined
typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == nullExamples of correct code for the "always" option:
/*eslint eqeqeq: ["error", "always"]*/
a === b
foo === true
bananas !== 1
value === undefined
typeof foo === 'undefined'
'hello' !== 'world'
0 === 0
true === true
foo === nullThis rule optionally takes a second argument, which should be an object with the following supported properties:
-
"null": Customize how this rule treatsnullliterals. Possible values:-
always(default) - Always use === or !==. -
never- Never use === or !== withnull. -
ignore- Do not apply this rule tonull.
-
smart
The "smart" option enforces the use of === and !== except for these cases:
- Comparing two literal values
- Evaluating the value of
typeof - Comparing against
null
Examples of incorrect code for the "smart" option:
/*eslint eqeqeq: ["error", "smart"]*/
// comparing two variables requires ===
a == b
// only one side is a literal
foo == true
bananas != 1
// comparing to undefined requires ===
value == undefinedExamples of correct code for the "smart" option:
/*eslint eqeqeq: ["error", "smart"]*/
typeof foo == 'undefined'
'hello' != 'world'
0 == 0
true == true
foo == nullallow-null
Deprecated: Instead of using this option use "always" and pass a "null" option property with value "ignore". This will tell eslint to always enforce strict equality except when comparing with the null literal.
["error", "always", {"null": "ignore"}]When Not To Use It
If you don't want to enforce a style for using equality operators, then it's safe to disable this rule. Source: http://eslint.org/docs/rules/
Rule doesn't have all its properties in alphabetical order. Open
.content {- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
.nav li:after {- Exclude checks
Use ‘===’ to compare with ‘null’. Open
if(err == null && resp.statusCode === 200) {- Read upRead up
- Exclude checks
Disallow Null Comparisons (no-eq-null)
Comparing to null without a type-checking operator (== or !=), can have unintended results as the comparison will evaluate to true when comparing to not just a null, but also an undefined value.
if (foo == null) {
bar();
}Rule Details
The no-eq-null rule aims reduce potential bug and unwanted behavior by ensuring that comparisons to null only match null, and not also undefined. As such it will flag comparisons to null when using == and !=.
Examples of incorrect code for this rule:
/*eslint no-eq-null: "error"*/
if (foo == null) {
bar();
}
while (qux != null) {
baz();
}Examples of correct code for this rule:
/*eslint no-eq-null: "error"*/
if (foo === null) {
bar();
}
while (qux !== null) {
baz();
}Source: http://eslint.org/docs/rules/
Rule is empty. Open
.userList li:first-child {- Exclude checks
Rule doesn't have all its properties in alphabetical order. Open
.container {- Exclude checks
Using width with padding can sometimes make elements larger than you expect. Open
padding: 5px;- Exclude checks