Symfony secret should be changed
- Read doc
- Security
- Critical
More information: https://insight.symfony.com/what-we-analyse/symfony.obvious_csrf_key
Website should be protected against XSS Vulnerability 3
- Read doc
- Security
- Critical
More information: https://insight.symfony.com/what-we-analyse/twig.xss_vulnerability
- </div>
- <br>
- <blockquote><p>{{ post.intro }}</p></blockquote>
- <p>{{ post.content|raw }}</p>
- <div id="disqus_thread"></div>
- <script>
- /**
- * RECOMMENDED CONFIGURATION VARIABLES: EDIT AND UNCOMMENT THE SECTION BELOW TO INSERT DYNAMIC VALUES FROM YOUR PLATFORM OR CMS.
- <ul>
- {% for bundle in bundles %}
- <li>
- <a href="{{ bundle.url }}" target="_blank">{{ bundle.name }}</a><br>
- <small>{{ bundle.description|raw }}</small>
- </li>
- {% endfor %}
- </ul>
- {% endblock %}
- <div class="text-left">
- <span class="glyphicon glyphicon-time" aria-hidden="true"></span> <em>Čas branja: {{ psr.readTime }}</em>
- <span class="glyphicon glyphicon-edit" aria-hidden="true"></span> <em>Zadnja sprememba: {{ psr.updated|date("d.m.Y") }}</em>
- </div>
- {{ psr.content|raw }}
- {% endblock %}
- {% block sidebar %}
- {% if psr.meta %}
- <h2>Meta dokument</h2>
Twig templates should not contain business logic 2
- Read doc
- Architecture
- Major
More information: https://insight.symfony.com/what-we-analyse/twig.template_too_complex
Symfony applications should not contain a config.php file
- Read doc
- Security
- Major
More information: https://insight.symfony.com/what-we-analyse/symfony.web_config_should_not_be_present
-
web
- images
- app.php
- app_dev.php
- apple-touch-icon.png
- config.php
- favicon.ico
- robots.txt
Version of dependencies should be fixed 6
- Read doc
- Bugrisk
- Minor
More information: https://insight.symfony.com/what-we-analyse/composer.unfixed_dependency_version
The Symfony version should be the latest stable one
- Read doc
- Bugrisk
- Minor
More information: https://insight.symfony.com/what-we-analyse/symfony.version.latest_stable
Object parameters should be type hinted 4
- Read doc
- Bugrisk
- Minor
More information: https://insight.symfony.com/what-we-analyse/php.object_parameter_not_type_hinted
- public function findAll()
- {
- $finder = new Finder();
- $finder->files()->in($this->path.'/Resources/content/blog');
- $finder->files()->name('*.md');
- $finder->sort(function ($a, $b) { return strcmp($b->getRealpath(), $a->getRealpath()); });
- $posts = [];
- foreach ($finder as $file) {
- $post = $this->getPostByFile($file->getRealPath());
- $posts[] = $post;
- public function findAll()
- {
- $finder = new Finder();
- $finder->files()->in($this->path.'/Resources/content/blog');
- $finder->files()->name('*.md');
- $finder->sort(function ($a, $b) { return strcmp($b->getRealpath(), $a->getRealpath()); });
- $posts = [];
- foreach ($finder as $file) {
- $post = $this->getPostByFile($file->getRealPath());
- $posts[] = $post;
- public function findLatest($limit = 10)
- {
- $finder = new Finder();
- $finder->files()->in($this->path.'/Resources/content/blog');
- $finder->files()->name('*.md');
- $finder->sort(function ($a, $b) { return strcmp($b->getRealpath(), $a->getRealpath()); });
- $posts = [];
- foreach (new \LimitIterator($finder->getIterator(), 0, $limit) as $file) {
- $post = $this->getPostByFile($file->getRealPath());
- $posts[] = $post;
- public function findLatest($limit = 10)
- {
- $finder = new Finder();
- $finder->files()->in($this->path.'/Resources/content/blog');
- $finder->files()->name('*.md');
- $finder->sort(function ($a, $b) { return strcmp($b->getRealpath(), $a->getRealpath()); });
- $posts = [];
- foreach (new \LimitIterator($finder->getIterator(), 0, $limit) as $file) {
- $post = $this->getPostByFile($file->getRealPath());
- $posts[] = $post;
Commented code should not be committed
- Read doc
- Deadcode
- Minor
More information: https://insight.symfony.com/what-we-analyse/php.commented_out_code
- $kernel = new AppKernel('prod', false);
- $kernel->loadClassCache();
- $kernel = new AppCache($kernel);
- // When using the HttpCache, you need to call the method in your front controller instead of relying on the configuration parameter
- //Request::enableHttpMethodParameterOverride();
- $request = Request::createFromGlobals();
- $response = $kernel->handle($request);
- $response->send();
- $kernel->terminate($request, $response);
Default session cookie's name should be changed
- Read doc
- Security
- Minor
More information: https://insight.symfony.com/what-we-analyse/symfony.request.session_cookie_default_name
The composer.json file should not raise warnings
- Read doc
- Bugrisk
- Info
More information: https://insight.symfony.com/what-we-analyse/composer.warning
Text files should end with a valid new line character. 6
- Read doc
- Codestyle
- Info
More information: https://insight.symfony.com/what-we-analyse/missing_e_o_l
- {% block javascripts %}
- {{ parent() }}
- <script id="dsq-count-scr" src="//symfonysi.disqus.com/count.js" async></script>
- {% endblock %}
- {% if sidebarpsr.meta %}
- <li{% if path('psr_show', {'slug': sidebarpsr.meta.slug}) == currentPath %} class="active"{% endif %}><a href="{{ path('psr_show', {'slug': sidebarpsr.meta.slug}) }}">{{ sidebarpsr.meta.title }}</a></li>
- {% endif %}
- {% endfor %}
- </ul>
- {% endblock %}
- {% block title %}{{ status_code }} {{ status_text }}{% endblock %}
- {% block body %}
- <h1>Oops! And Error Occurred</h1>
- <h2>The server returned a "{{ status_code }} {{ status_text }}".</h2>
- {% endblock %}
- if (d.getElementById(id)) return;
- js = d.createElement(s); js.id = id;
- js.src = "//connect.facebook.net/en_US/sdk.js#xfbml=1&version=v2.6&appId=1062356410505765";
- fjs.parentNode.insertBefore(js, fjs);
- }(document, 'script', 'facebook-jssdk'));</script>
- <div class="fb-page" data-href="https://www.facebook.com/symfony.si/" data-small-header="true" data-adapt-container-width="true" data-hide-cover="true" data-show-facepile="true"><blockquote cite="https://www.facebook.com/symfony.si/" class="fb-xfbml-parse-ignore"><a href="https://www.facebook.com/symfony.si/">Symfony Slovenia</a></blockquote></div>
- })(window,document,'script','//www.google-analytics.com/analytics.js','ga');
- ga('create', 'UA-59671004-1', 'auto');
- ga('send', 'pageview');
- </script>
- public function getReadTime()
- {
- return $this->readTime;
- }
- }
A route should always have a valid HTTP method 14
- Read doc
- Security
- Info
More information: https://insight.symfony.com/what-we-analyse/symfony.routing.action_not_restricted_by_method
Default favicon should be changed 2
- Read doc
- Security
- Info
More information: https://insight.symfony.com/what-we-analyse/web.default_favicon