Your project uses non-strict array lookups 3

More information: https://insight.symfony.com/what-we-analyse/php.strict_array_lookup

in Core/ClicShopping/Apps/Tools/Backup/Sites/ClicShoppingAdmin/Pages/Home/Actions/Backup/RestoreNow.php, line 182 
  2.         // Extract statement type
  3.         $stmt_type = strtoupper(trim(explode(' ', $sql)[0]));
  5.         // Whitelist allowed SQL types
  6.         if (!in_array($stmt_type, $allowed_statements)) {
    in_array() should be called with the third parameter set to true to enable strict comparison and avoid type juggling bugs.
    Time to fix: about 15 minutes
    Read doc
                Open Issue
             Permalink Copy Prompt
    
                                    Last edited  by clicshopping
                    
  7.           $CLICSHOPPING_MessageStack->add('Restore skipped: unsupported SQL statement type (' . $stmt_type . ')', 'warning');
  8.           continue;
  9.         }
  11.         // Validate DROP TABLE statements to prevent SQL injection
in Core/ClicShopping/Apps/Tools/Upgrade/Classes/ClicShoppingAdmin/ExtractFile.php, line 136 
  1.     }
  3.     // Optional: Whitelist specific domains (e.g., GitHub)
  4.     // Uncomment and modify as needed:
  5.       $allowed_domains = ['github.com', 'api.github.com'];
  6.       if (!in_array($parsed_url['host'] ?? '', $allowed_domains)) {
    in_array() should be called with the third parameter set to true to enable strict comparison and avoid type juggling bugs.
    Time to fix: about 15 minutes
    Read doc
                Open Issue
             Permalink Copy Prompt
    
                                    Last edited  by clicshopping
                    
  7.         $this->messageStack->add('Download from unauthorized domain', 'error');
  8.         CLICSHOPPING::redirect('Upgrade&Marketplace');
  9.         return null;
  10.        }
in Core/ClicShopping/OM/HTML.php, line 306 
  1.       $flags['session_id'] = false;
  2.     }
  4.     // Security: Validate method against whitelist
  5.     $allowed_methods = ['post', 'get'];
  6.     $safe_method = in_array(strtolower($method ?? 'post'), $allowed_methods) ? strtolower($method ?? 'post') : 'post';
    in_array() should be called with the third parameter set to true to enable strict comparison and avoid type juggling bugs.
    Time to fix: about 15 minutes
    Read doc
                Open Issue
             Permalink Copy Prompt
    
                                    Last edited  by clicshopping
                    
  8.     // Security: Sanitize form action URL
  9.     $safe_action = static::sanitizeUrl($action);
  11.     $form = '<form name="' . static::outputProtected($name) . '" action="' . $safe_action . '" method="' . $safe_method . '"';

Your project should not contain PHP files defining multiple classes 2

More information: https://insight.symfony.com/what-we-analyse/php.file_contains_more_than_one_class

in Core/ClicShopping/Apps/Tools/MCP/Classes/ClicShoppingAdmin/Exceptions/Exceptions.php
This file contains 4 classes. Keeping only one class per file is a standard in the PHP community, since it promotes interoperability and maintainability.
Time to fix: about 1 day
Read doc Open Issue Permalink Copy Prompt
Collective
  • McpException (defined at line 18)
  • McpConnectionException (defined at line 27)
  • McpProtocolException (defined at line 36)
  • McpConfigurationException (defined at line 45)
in sources/template/Default/modules/modules_header/he_header_multi_template.php
This file contains 2 classes. Keeping only one class per file is a standard in the PHP community, since it promotes interoperability and maintainability.
Time to fix: about 4 hours
Read doc Open Issue Permalink Copy Prompt
Collective
  • he_header_multi_template (defined at line 14)
  • explodeCategoryTree (defined at line 235)