Your project uses non-strict array lookups 10

More information: https://insight.symfony.com/what-we-analyse/php.strict_array_lookup

in sources/template/ExNewTemplate/css/english/compressed_css.php, line 63 
  2.   foreach ($dir_content as $key => $content) {
  3.     $path = $root_dir . DIRECTORY_SEPARATOR . $content;
  4.     if (is_file($path) && is_readable($path)) {
  5. // skip ignored files
  6.       if (!\in_array($content, $ignore_files)) {
    in_array() should be called with the third parameter set to true to enable strict comparison and avoid type juggling bugs.
    Time to fix: about 15 minutes
    Read doc Permalink Copy Prompt
    
                                    Last edited  by ClicShopping
                    
  7.         if (preg_match($ignore_regex, $content) == 0) {
  8.           $content_chunks = explode(".", $content);
  9.           $ext = $content_chunks[\count($content_chunks) - 1];
  10. // only include files with desired extensions
  11.           if (\in_array($ext, $allow_extensions)) {
  • gyakutsuki

    not implemented
  • gyakutsuki

    not included
  • gyakutsuki

    no included
  • gyakutsuki

    no implemented
in sources/template/ExNewTemplate/css/english/compressed_css.php, line 77 
  1.         }
  2.       }
  3.     } // if content is a directory and readable, add path and name
  4.     elseif (is_dir($path) && is_readable($path)) {
  5.       // skip any ignored dirs
  6.       if (!\in_array($content, $ignore_dirs)) {
    in_array() should be called with the third parameter set to true to enable strict comparison and avoid type juggling bugs.
    Time to fix: about 15 minutes
    Read doc Permalink Copy Prompt
    
                                    Last edited  by ClicShopping
                    
  7. // recursive callback to open new directory
  8.         $all_data = get_files($path, $all_data);
  9.       }
  10.     }
  11.   } // end foreach
  • gyakutsuki

    not implemented
  • gyakutsuki

    not included
  • gyakutsuki

    no included
  • gyakutsuki

    no implemented
in sources/template/ExNewTemplate/css/english/compressed_css.php, line 68 
  1.       if (!\in_array($content, $ignore_files)) {
  2.         if (preg_match($ignore_regex, $content) == 0) {
  3.           $content_chunks = explode(".", $content);
  4.           $ext = $content_chunks[\count($content_chunks) - 1];
  5. // only include files with desired extensions
  6.           if (\in_array($ext, $allow_extensions)) {
    in_array() should be called with the third parameter set to true to enable strict comparison and avoid type juggling bugs.
    Time to fix: about 15 minutes
    Read doc Permalink Copy Prompt
    
                                    Last edited  by ClicShopping
                    
  7. // save file name with path
  8.             $all_data[] = $path;
  9.           }
  10.         }
  11.       }
  • gyakutsuki

    not implemented
  • gyakutsuki

    not included
  • gyakutsuki

    no included
  • gyakutsuki

    no implemented
in Core/ClicShopping/Apps/Tools/EditDesign/Classes/Listing.php, line 56 
  1.     $file_array = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($template_directory));
  3.     foreach ($file_array as $filename => $current) {
  4.       $fileInfo = pathinfo($current->getFileName());
  6.       if (array_key_exists('extension', $fileInfo) && in_array($fileInfo['extension'], $fileTypes)) {
    in_array() should be called with the third parameter set to true to enable strict comparison and avoid type juggling bugs.
    Time to fix: about 15 minutes
    Read doc Permalink Copy Prompt
    
                                    Last edited  by ClicShopping
                    
  7.         $found[] = $current->getFileName();
  8.       }
  9.     }
  11.     if ($found) { // Check the $found array is not empty
  • gyakutsuki

    not implemented
  • gyakutsuki

    not included
  • gyakutsuki

    no included
  • gyakutsuki

    no implemented
in Core/ClicShopping/Apps/Tools/Upgrade/Classes/ClicShoppingAdmin/ExtractFile.php, line 136 
  1.     }
  3.     // Optional: Whitelist specific domains (e.g., GitHub)
  4.     // Uncomment and modify as needed:
  5.       $allowed_domains = ['github.com', 'api.github.com'];
  6.       if (!in_array($parsed_url['host'] ?? '', $allowed_domains)) {
    in_array() should be called with the third parameter set to true to enable strict comparison and avoid type juggling bugs.
    Time to fix: about 15 minutes
    Read doc Permalink Copy Prompt
    
                                    Last edited  by clicshopping
                    
  7.         $this->messageStack->add('Download from unauthorized domain', 'error');
  8.         CLICSHOPPING::redirect('Upgrade&Marketplace');
  9.         return null;
  10.        }
in Core/ClicShopping/Apps/Tools/EditDesign/Classes/Css.php, line 55 
  1.     $file_array = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($directory_selected));
  3.     foreach ($file_array as $filename => $current) {
  4.       $fileInfo = pathinfo($current->getFileName());
  6.       if (array_key_exists('extension', $fileInfo) && in_array($fileInfo['extension'], $fileTypes)) {
    in_array() should be called with the third parameter set to true to enable strict comparison and avoid type juggling bugs.
    Time to fix: about 15 minutes
    Read doc Permalink Copy Prompt
    
                                    Last edited  by ClicShopping
                    
  7.         $found[] = $current->getFileName();
  8.       }
  9.     }
  11.     if ($found) { // Check the $found array is not empty
  • gyakutsuki

    not implemented
  • gyakutsuki

    not included
  • gyakutsuki

    no included
  • gyakutsuki

    no implemented
in Core/ClicShopping/OM/HTML.php, line 306 
  1.       $flags['session_id'] = false;
  2.     }
  4.     // Security: Validate method against whitelist
  5.     $allowed_methods = ['post', 'get'];
  6.     $safe_method = in_array(strtolower($method ?? 'post'), $allowed_methods) ? strtolower($method ?? 'post') : 'post';
    in_array() should be called with the third parameter set to true to enable strict comparison and avoid type juggling bugs.
    Time to fix: about 15 minutes
    Read doc Permalink Copy Prompt
    
                                    Last edited  by clicshopping
                    
  8.     // Security: Sanitize form action URL
  9.     $safe_action = static::sanitizeUrl($action);
  11.     $form = '<form name="' . static::outputProtected($name) . '" action="' . $safe_action . '" method="' . $safe_method . '"';
in Core/ClicShopping/Apps/Tools/Backup/Sites/ClicShoppingAdmin/Pages/Home/Actions/Backup/RestoreNow.php, line 182 
  2.         // Extract statement type
  3.         $stmt_type = strtoupper(trim(explode(' ', $sql)[0]));
  5.         // Whitelist allowed SQL types
  6.         if (!in_array($stmt_type, $allowed_statements)) {
    in_array() should be called with the third parameter set to true to enable strict comparison and avoid type juggling bugs.
    Time to fix: about 15 minutes
    Read doc Permalink Copy Prompt
    
                                    Last edited  by clicshopping
                    
  7.           $CLICSHOPPING_MessageStack->add('Restore skipped: unsupported SQL statement type (' . $stmt_type . ')', 'warning');
  8.           continue;
  9.         }
  11.         // Validate DROP TABLE statements to prevent SQL injection
in Core/ClicShopping/Apps/Tools/EditDesign/Classes/Module.php, line 50 
  2.     /* if empty error is produced : Fatal error: Uncaught exception 'RuntimeException'*/
  3.     foreach (new \RecursiveIteratorIterator(new \RecursiveDirectoryIterator($template_directory)) as $filename => $current) {
  4.       $fileInfo = pathinfo($current->getFileName());
  6.       if (array_key_exists('extension', $fileInfo) && \in_array($fileInfo['extension'], $fileTypes)) {
    in_array() should be called with the third parameter set to true to enable strict comparison and avoid type juggling bugs.
    Time to fix: about 15 minutes
    Read doc Permalink Copy Prompt
    
                                    Last edited  by ClicShopping
                    
  7.         $found[] = $current->getFileName();
  8.       }
  9.     }
  11.     if ($found) { // Check the $found array is not empty
  • gyakutsuki

    not implemented
  • gyakutsuki

    not included
  • gyakutsuki

    no included
  • gyakutsuki

    no implemented
in Core/ClicShopping/Apps/Tools/EditDesign/Classes/Gabari.php, line 41 
  1.     $file_array = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($filename_selected));
  3.     foreach ($file_array as $filename => $current) {
  4.       $fileInfo = pathinfo($current->getFileName());
  6.       if (array_key_exists('extension', $fileInfo) && in_array($fileInfo['extension'], $fileTypes)) {
    in_array() should be called with the third parameter set to true to enable strict comparison and avoid type juggling bugs.
    Time to fix: about 15 minutes
    Read doc Permalink Copy Prompt
    
                                    Last edited  by ClicShopping
                    
  7.         $found[] = $current->getFileName();
  8.       }
  9.     }
  11.     if ($found) { // Check the $found array is not empty
  • gyakutsuki

    not implemented
  • gyakutsuki

    not included
  • gyakutsuki

    no included
  • gyakutsuki

    no implemented

Your project should use dedicated PHP string functions 7

More information: https://insight.symfony.com/what-we-analyse/php.use_string_function

in Core/ClicShopping/Apps/Tools/EditDesign/Sites/ClicShoppingAdmin/Pages/Home/Actions/EditDesign/UpdateGabari.php, line 35 
  1.     $baseDir = CLICSHOPPING::getConfig('dir_root', 'Shop') . $CLICSHOPPING_Template->getDynamicTemplateDirectory() . '/files/';
  3.     $filePath = realpath($baseDir . $filename_selected);
  5.     // Sécuriser le chemin pour éviter directory traversal
  6.     if ($filePath === false || strpos($filePath, realpath($baseDir)) !== 0) {
    Consider replacing strpos() with str_starts_with() for improved readability.
    Time to fix: about 1 hour
    Read doc Permalink Copy Prompt
    
                                    Last edited  by ClicShopping
                    
  7.       $CLICSHOPPING_MessageStack->add($CLICSHOPPING_EditDesign->getDef('error_file_does_not_exist'), 'error');
  8.       $CLICSHOPPING_EditDesign->redirect('EditModuleContent&action=directory&directory_html=' . $directory_selected);
  9.       return false;
  10.     }
  • gyakutsuki

    not included
in Core/ClicShopping/Apps/Tools/EditDesign/Sites/ClicShoppingAdmin/Pages/Home/Actions/EditDesign/UpdateCss.php, line 36 
  1.     $basePathFallback = CLICSHOPPING::getConfig('dir_root', 'Shop') . $CLICSHOPPING_Template->getDynamicTemplateDirectory() . "/css/english/{$directory_selected}/";
  3.     $filePath = realpath($basePathLang . $filename_selected);
  4.     if ($filePath === false || strpos($filePath, realpath($basePathLang)) !== 0 || !is_file($filePath)) {
  5.       $filePath = realpath($basePathFallback . $filename_selected);
  6.       if ($filePath === false || strpos($filePath, realpath($basePathFallback)) !== 0 || !is_file($filePath)) {
    Consider replacing strpos() with str_starts_with() for improved readability.
    Time to fix: about 1 hour
    Read doc Permalink Copy Prompt
    
                                    Last edited  by ClicShopping
                    
  7.         $CLICSHOPPING_MessageStack->add($CLICSHOPPING_EditDesign->getDef('error_file_does_not_exist'), 'error');
  8.         $CLICSHOPPING_EditDesign->redirect('EditCss&action=directory&directory_css=' . $directory_selected);
  9.         return false;
  10.       }
  11.     }
  • gyakutsuki

    not included
in Core/ClicShopping/Apps/Tools/EditDesign/Sites/ClicShoppingAdmin/Pages/Home/Actions/EditDesign/UpdateCss.php, line 34 
  1.     $lang_dir = $CLICSHOPPING_Language->get('directory');
  2.     $basePathLang = CLICSHOPPING::getConfig('dir_root', 'Shop') . $CLICSHOPPING_Template->getDynamicTemplateDirectory() . "/css/{$lang_dir}/{$directory_selected}/";
  3.     $basePathFallback = CLICSHOPPING::getConfig('dir_root', 'Shop') . $CLICSHOPPING_Template->getDynamicTemplateDirectory() . "/css/english/{$directory_selected}/";
  5.     $filePath = realpath($basePathLang . $filename_selected);
  6.     if ($filePath === false || strpos($filePath, realpath($basePathLang)) !== 0 || !is_file($filePath)) {
    Consider replacing strpos() with str_starts_with() for improved readability.
    Time to fix: about 1 hour
    Read doc Permalink Copy Prompt
    
                                    Last edited  by ClicShopping
                    
  7.       $filePath = realpath($basePathFallback . $filename_selected);
  8.       if ($filePath === false || strpos($filePath, realpath($basePathFallback)) !== 0 || !is_file($filePath)) {
  9.         $CLICSHOPPING_MessageStack->add($CLICSHOPPING_EditDesign->getDef('error_file_does_not_exist'), 'error');
  10.         $CLICSHOPPING_EditDesign->redirect('EditCss&action=directory&directory_css=' . $directory_selected);
  11.         return false;
  • gyakutsuki

    not included
in sources/template/Default/css/english/compressed_css.php, line 82 
  1.         $CLICSHOPPING_templateCss->logSecurityError("CSS file not accessible", $cssFile);
  2.         continue;
  3.       }
  5.       // Directory Traversal protection: ensure the file is within the allowed root directory
  6.       if (strpos($real_path, $root_dir . DIRECTORY_SEPARATOR) !== 0) {
    Consider replacing strpos() with str_starts_with() for improved readability.
    Time to fix: about 1 hour
    Read doc Permalink Copy Prompt
    
                                    Last edited  by clicshopping
                    
  7.         $CLICSHOPPING_templateCss->logSecurityError("CSS file outside allowed directory", $cssFile);
  8.         continue;
  9.       }
  11.       // Check individual file size
  • gyakutsuki

    not included
in Core/ClicShopping/Sites/Shop/TemplateCss.php, line 199 
  1.           $this->logSecurityError("Invalid path detected", $path);
  2.           continue;
  3.         }
  5.         // Ensure the resolved path is still within the root directory
  6.         if (strpos($real_path, $root_dir) !== 0) {
    Consider replacing strpos() with str_starts_with() for improved readability.
    Time to fix: about 1 hour
    Read doc Permalink Copy Prompt
    
                                    Last edited  by clicshopping
                    
  7.           $this->logSecurityError("Path traversal attempt detected", $real_path);
  8.           continue;
  9.         }
  11.         if (is_file($real_path) && is_readable($real_path)) {
  • gyakutsuki

    not included
in Core/ClicShopping/Apps/Tools/EditDesign/Sites/ClicShoppingAdmin/Pages/Home/Actions/EditDesign/UpdateContent.php, line 32 
  2.     $basePath = CLICSHOPPING::getConfig('dir_root', 'Shop') . $CLICSHOPPING_Template->getDynamicTemplateDirectory() . '/modules/' . $directory_selected . '/content/';
  3.     $filePath = realpath($basePath . $filename_selected);
  5.     // Sécurité chemin
  6.     if ($filePath === false || strpos($filePath, realpath($basePath)) !== 0 || !is_file($filePath)) {
    Consider replacing strpos() with str_starts_with() for improved readability.
    Time to fix: about 1 hour
    Read doc Permalink Copy Prompt
    
                                    Last edited  by ClicShopping
                    
  7.       $CLICSHOPPING_MessageStack->add($CLICSHOPPING_EditDesign->getDef('error_file_does_not_exist'), 'error');
  8.       $CLICSHOPPING_EditDesign->redirect('EditModuleContent&action=directory&directory_html=' . $directory_selected);
  9.       return false;
  10.     }
  • gyakutsuki

    not included
in Core/ClicShopping/Apps/Tools/EditDesign/Sites/ClicShoppingAdmin/Pages/Home/Actions/EditDesign/UpdateListing.php, line 35 
  1.       . $CLICSHOPPING_Template->getDynamicTemplateDirectory()
  2.       . '/modules/' . $directory_selected . '/template_html/';
  4.     $filePath = realpath($basePath . $filename_selected);
  6.     if ($filePath === false || strpos($filePath, realpath($basePath)) !== 0 || !is_file($filePath)) {
    Consider replacing strpos() with str_starts_with() for improved readability.
    Time to fix: about 1 hour
    Read doc Permalink Copy Prompt
    
                                    Last edited  by ClicShopping
                    
  7.       $CLICSHOPPING_MessageStack->add($CLICSHOPPING_EditDesign->getDef('error_file_does_not_exist'), 'error');
  8.       $CLICSHOPPING_EditDesign->redirect('EditListing&action=directory&directory_html=' . $directory_selected);
  9.       return false;
  10.     }
  • gyakutsuki

    not included