Use interfaces instead of classes in typehints 6

More information: https://insight.symfony.com/what-we-analyse/symfony.dependency_injection.use_interface_type_hint

  1. * trans_sid_hosts, $_SERVER['HTTP_HOST']
  2. * trans_sid_tags, "a=href,area=href,frame=src,form="
  3. *
  4. * @param AbstractProxy|\SessionHandlerInterface|null $handler
  5. */
  6. public function __construct(array $options = [], $handler = null, MetadataBag $metaBag = null)

    You should use the interface Symfony\Component\HttpFoundation\Session\SessionStorageInterface instead of the class Symfony\Component\HttpFoundation\Session\Storage\MetadataBag as a typehint.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Fabien Potencier
  7. {
  8. if (!\extension_loaded('session')) {
  9. throw new \LogicException('PHP extension "session" is required.');
  10. }
  1. /**
  2. * @var array|SessionBagInterface[]
  3. */
  4. protected $bags = [];
  5. public function __construct(string $name = 'MOCKSESSID', MetadataBag $metaBag = null)

    You should use the interface Symfony\Component\HttpFoundation\Session\SessionStorageInterface instead of the class Symfony\Component\HttpFoundation\Session\Storage\MetadataBag as a typehint.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. {
  7. $this->name = $name;
  8. $this->setMetadataBag($metaBag);
  9. }
  1. private $savePath;
  2. /**
  3. * @param string $savePath Path of directory to save session files
  4. */
  5. public function __construct(string $savePath = null, string $name = 'MOCKSESSID', MetadataBag $metaBag = null)

    You should use the interface Symfony\Component\HttpFoundation\Session\SessionStorageInterface instead of the class Symfony\Component\HttpFoundation\Session\Storage\MetadataBag as a typehint.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. {
  7. if (null === $savePath) {
  8. $savePath = sys_get_temp_dir();
  9. }
  1. class PhpBridgeSessionStorage extends NativeSessionStorage
  2. {
  3. /**
  4. * @param AbstractProxy|\SessionHandlerInterface|null $handler
  5. */
  6. public function __construct($handler = null, MetadataBag $metaBag = null)

    You should use the interface Symfony\Component\HttpFoundation\Session\SessionStorageInterface instead of the class Symfony\Component\HttpFoundation\Session\Storage\MetadataBag as a typehint.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Drak
  7. {
  8. if (!\extension_loaded('session')) {
  9. throw new \LogicException('PHP extension "session" is required.');
  10. }
  1. */
  2. class AddAnnotatedClassesToCachePass implements CompilerPassInterface
  3. {
  4. private $kernel;
  5. public function __construct(Kernel $kernel)

    You should use the interface Symfony\Component\HttpKernel\KernelInterface instead of the class Symfony\Component\HttpKernel\Kernel as a typehint.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. {
  7. $this->kernel = $kernel;
  8. }
  9. /**
  1. 'VG' => 'GB', // British Virgin Islands
  2. ];
  3. private $propertyAccessor;
  4. public function __construct(PropertyAccessor $propertyAccessor = null)

    You should use the interface Symfony\Component\PropertyAccess\PropertyAccessorInterface instead of the class Symfony\Component\PropertyAccess\PropertyAccessor as a typehint.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Sylvain Fabre
  5. {
  6. $this->propertyAccessor = $propertyAccessor;
  7. }
  8. /**

Global variable or function should never be used 16

More information: https://insight.symfony.com/what-we-analyse/php.use_global_variable_or_function

  1. if (!function_exists('dump')) {
  2. /**
  3. * @author Nicolas Grekas <p@tchwork.com>
  4. */
  5. function dump($var, ...$moreVars)

    dump() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Robin Chalas
  6. {
  7. VarDumper::dump($var);
  8. foreach ($moreVars as $v) {
  9. VarDumper::dump($v);
  1. return $var;
  2. }
  3. }
  4. if (!function_exists('dd')) {
  5. function dd(...$vars)

    dd() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Sjors Ottjes
  6. {
  7. foreach ($vars as $v) {
  8. VarDumper::dump($v);
  9. }
  1. }
  2. });
  3. array_shift($_SERVER['argv']);
  4. $dirs = $_SERVER['argv'];
  5. function getRelevantContent(array $composerJson)

    getRelevantContent() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. {
  7. $relevantKeys = array(
  8. 'name',
  9. 'require',
  10. 'require-dev',
  1. }
  2. return $relevantContent;
  3. }
  4. function getContentHash(array $composerJson)

    getContentHash() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. {
  6. $relevantContent = getRelevantContent($composerJson);
  7. ksort($relevantContent);
  8. return md5(json_encode($relevantContent));
  1. chdir('..');
  2. file_put_contents(".$PHPUNIT_VERSION_DIR.md5", $configurationHash);
  3. chdir($oldPwd);
  4. }
  5. global $argv, $argc;

    $argc adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Dmitry Simushev
  6. $argv = isset($_SERVER['argv']) ? $_SERVER['argv'] : array();
  7. $argc = isset($_SERVER['argc']) ? $_SERVER['argc'] : 0;
  8. if ($PHPUNIT_VERSION < 8.0) {
  9. $argv = array_filter($argv, function ($v) use (&$argc) { if ('--do-not-cache-result' !== $v) return true; --$argc; return false; });
  1. chdir('..');
  2. file_put_contents(".$PHPUNIT_VERSION_DIR.md5", $configurationHash);
  3. chdir($oldPwd);
  4. }
  5. global $argv, $argc;

    $argv adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Dmitry Simushev
  6. $argv = isset($_SERVER['argv']) ? $_SERVER['argv'] : array();
  7. $argc = isset($_SERVER['argc']) ? $_SERVER['argc'] : 0;
  8. if ($PHPUNIT_VERSION < 8.0) {
  9. $argv = array_filter($argv, function ($v) use (&$argc) { if ('--do-not-cache-result' !== $v) return true; --$argc; return false; });
  1. printTranslationStatus($originalFilePath, $translationStatus, $config['verbose_output']);
  2. }
  3. exit($totalMissingTranslations > 0 ? 1 : 0);
  4. function findTranslationFiles($originalFilePath, $localeToAnalyze)

    findTranslationFiles() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Javier Eguiluz
  5. {
  6. $translations = [];
  7. $translationsDir = dirname($originalFilePath);
  8. $originalFileName = basename($originalFilePath);
  1. }
  2. return $translations;
  3. }
  4. function calculateTranslationStatus($originalFilePath, $translationFilePaths)

    calculateTranslationStatus() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Javier Eguiluz
  5. {
  6. $translationStatus = [];
  7. $allTranslationKeys = extractTranslationKeys($originalFilePath);
  8. foreach ($translationFilePaths as $locale => $translationPath) {
  1. }
  2. return $translationStatus;
  3. }
  4. function printTranslationStatus($originalFilePath, $translationStatus, $verboseOutput)

    printTranslationStatus() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Javier Eguiluz
  5. {
  6. printTitle($originalFilePath);
  7. printTable($translationStatus, $verboseOutput);
  8. echo PHP_EOL.PHP_EOL;
  9. }
  1. printTitle($originalFilePath);
  2. printTable($translationStatus, $verboseOutput);
  3. echo PHP_EOL.PHP_EOL;
  4. }
  5. function extractLocaleFromFilePath($filePath)

    extractLocaleFromFilePath() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Javier Eguiluz
  6. {
  7. $parts = explode('.', $filePath);
  8. return $parts[count($parts) - 2];
  9. }
  1. $parts = explode('.', $filePath);
  2. return $parts[count($parts) - 2];
  3. }
  4. function extractTranslationKeys($filePath)

    extractTranslationKeys() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Javier Eguiluz
  5. {
  6. $translationKeys = [];
  7. $contents = new \SimpleXMLElement(file_get_contents($filePath));
  8. foreach ($contents->file->body->{'trans-unit'} as $translationKey) {
  1. }
  2. return $translationKeys;
  3. }
  4. function printTitle($title)

    printTitle() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Javier Eguiluz
  5. {
  6. echo $title.PHP_EOL;
  7. echo str_repeat('=', strlen($title)).PHP_EOL.PHP_EOL;
  8. }
  1. {
  2. echo $title.PHP_EOL;
  3. echo str_repeat('=', strlen($title)).PHP_EOL.PHP_EOL;
  4. }
  5. function printTable($translations, $verboseOutput)

    printTable() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Javier Eguiluz
  6. {
  7. if (0 === count($translations)) {
  8. echo 'No translations found';
  9. return;
  1. echo str_repeat('-', 80).PHP_EOL;
  2. }
  3. }
  4. }
  5. function textColorGreen()

    textColorGreen() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Javier Eguiluz
  6. {
  7. echo "\033[32m";
  8. }
  9. function textColorRed()
  1. function textColorGreen()
  2. {
  3. echo "\033[32m";
  4. }
  5. function textColorRed()

    textColorRed() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Roland Franssen
  6. {
  7. echo "\033[31m";
  8. }
  9. function textColorNormal()
  1. function textColorRed()
  2. {
  3. echo "\033[31m";
  4. }
  5. function textColorNormal()

    textColorNormal() adds to the global scope. Prefer class properties or methods to let other developers know what this relates to.

    Time to fix: about 1 day
    Open Issue Permalink
    Last edited by Javier Eguiluz
  6. {
  7. echo "\033[0m";
  8. }

PHP configuration should not be changed dynamically 21

More information: https://insight.symfony.com/what-we-analyse/php.dynamically_change_configuration

  1. {
  2. if (!static::isSupported()) {
  3. throw new CacheException('APCu is not enabled');
  4. }
  5. if ('cli' === \PHP_SAPI) {
  6. ini_set('apc.use_request_time', 0);

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  7. }
  8. parent::__construct($namespace, $defaultLifetime);
  9. if (null !== $version) {
  10. CacheItem::validateKey($version);
  1. /**
  2. * {@inheritdoc}
  3. */
  4. protected function doFetch(array $ids)
  5. {
  6. $unserializeCallbackHandler = ini_set('unserialize_callback_func', __CLASS__.'::handleUnserializeCallback');

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  7. try {
  8. $values = [];
  9. foreach (apcu_fetch($ids, $ok) ?: [] as $k => $v) {
  10. if (null !== $v || $ok) {
  11. $values[$k] = $v;
  1. return $values;
  2. } catch (\Error $e) {
  3. throw new \ErrorException($e->getMessage(), $e->getCode(), E_ERROR, $e->getFile(), $e->getLine());
  4. } finally {
  5. ini_set('unserialize_callback_func', $unserializeCallbackHandler);

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. }
  7. }
  8. /**
  9. * {@inheritdoc}
  1. /**
  2. * {@inheritdoc}
  3. */
  4. protected function doFetch(array $ids)
  5. {
  6. $unserializeCallbackHandler = ini_set('unserialize_callback_func', parent::class.'::handleUnserializeCallback');

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  7. try {
  8. return $this->provider->fetchMultiple($ids);
  9. } catch (\Error $e) {
  10. $trace = $e->getTrace();
  1. }
  2. }
  3. throw $e;
  4. } finally {
  5. ini_set('unserialize_callback_func', $unserializeCallbackHandler);

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. }
  7. }
  8. /**
  9. * {@inheritdoc}
  1. }
  2. static $igbinaryNull;
  3. if ($value === ($igbinaryNull ?? $igbinaryNull = \extension_loaded('igbinary') && \PHP_VERSION_ID !== 70400 ? igbinary_serialize(null) : false)) {
  4. return null;
  5. }
  6. $unserializeCallbackHandler = ini_set('unserialize_callback_func', __CLASS__.'::handleUnserializeCallback');

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  7. try {
  8. if (':' === ($value[1] ?? ':')) {
  9. if (false !== $value = unserialize($value)) {
  10. return $value;
  11. }
  1. throw new \DomainException(error_get_last() ? error_get_last()['message'] : 'Failed to unserialize values.');
  2. } catch (\Error $e) {
  3. throw new \ErrorException($e->getMessage(), $e->getCode(), E_ERROR, $e->getFile(), $e->getLine());
  4. } finally {
  5. ini_set('unserialize_callback_func', $unserializeCallbackHandler);

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. }
  7. }
  8. /**
  9. * @internal
  1. {
  2. $e = null;
  3. $meta = false;
  4. $content = file_get_contents($file);
  5. $signalingException = new \UnexpectedValueException();
  6. $prevUnserializeHandler = ini_set('unserialize_callback_func', self::class.'::handleUnserializeCallback');

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by renanbr
  7. $prevErrorHandler = set_error_handler(function ($type, $msg, $file, $line, $context = []) use (&$prevErrorHandler, $signalingException) {
  8. if (__FILE__ === $file) {
  9. throw $signalingException;
  10. }
  1. if ($e !== $signalingException) {
  2. throw $e;
  3. }
  4. } finally {
  5. restore_error_handler();
  6. ini_set('unserialize_callback_func', $prevUnserializeHandler);

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  7. }
  8. return $meta;
  9. }
  1. } else {
  2. error_reporting(E_ALL);
  3. }
  4. if (!\in_array(\PHP_SAPI, ['cli', 'phpdbg'], true)) {
  5. ini_set('display_errors', 0);

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Yonel Ceruto
  6. } elseif ($displayErrors && (!filter_var(ini_get('log_errors'), FILTER_VALIDATE_BOOLEAN) || ini_get('error_log'))) {
  7. // CLI - display errors only if they're not already logged to STDERR
  8. ini_set('display_errors', 1);
  9. }
  10. if ($displayErrors) {
  1. if (!\in_array(\PHP_SAPI, ['cli', 'phpdbg'], true)) {
  2. ini_set('display_errors', 0);
  3. } elseif ($displayErrors && (!filter_var(ini_get('log_errors'), FILTER_VALIDATE_BOOLEAN) || ini_get('error_log'))) {
  4. // CLI - display errors only if they're not already logged to STDERR
  5. ini_set('display_errors', 1);

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Yonel Ceruto
  6. }
  7. if ($displayErrors) {
  8. ErrorHandler::register(new ErrorHandler(new BufferingLogger()));
  9. } else {
  10. ErrorHandler::register()->throwAt(0, true);
  1. if ($baseDir && !is_dir($baseDir) && !@mkdir($baseDir, 0777, true) && !is_dir($baseDir)) {
  2. throw new \RuntimeException(sprintf('Session Storage was not able to create directory "%s"', $baseDir));
  3. }
  4. ini_set('session.save_path', $savePath);

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Drak
  5. ini_set('session.save_handler', 'files');
  6. }
  7. }
  1. if ($baseDir && !is_dir($baseDir) && !@mkdir($baseDir, 0777, true) && !is_dir($baseDir)) {
  2. throw new \RuntimeException(sprintf('Session Storage was not able to create directory "%s"', $baseDir));
  3. }
  4. ini_set('session.save_path', $savePath);
  5. ini_set('session.save_handler', 'files');

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Drak
  6. }
  7. }
  1. if (headers_sent()) {
  2. return false;
  3. }
  4. if (null !== $lifetime) {
  5. ini_set('session.cookie_lifetime', $lifetime);

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Drak
  6. }
  7. if ($destroy) {
  8. $this->metadataBag->stampNew();
  9. }
  1. // PHP < 7.3 does not support same_site cookies. We will emulate it in
  2. // the start() method instead.
  3. $this->emulateSameSite = $value;
  4. continue;
  5. }
  6. ini_set('url_rewriter.tags' !== $key ? 'session.'.$key : $key, $value);

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Nikolay Labinskiy
  7. }
  8. }
  9. }
  10. /**
  1. private function safelyUnserialize(string $contents)
  2. {
  3. $e = null;
  4. $signalingException = new MessageDecodingFailedException(sprintf('Could not decode message using PHP serialization: %s.', $contents));
  5. $prevUnserializeHandler = ini_set('unserialize_callback_func', self::class.'::handleUnserializeCallback');

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Ryan Weaver
  6. $prevErrorHandler = set_error_handler(function ($type, $msg, $file, $line, $context = []) use (&$prevErrorHandler, $signalingException) {
  7. if (__FILE__ === $file) {
  8. throw $signalingException;
  9. }
  1. try {
  2. $meta = unserialize($contents);
  3. } finally {
  4. restore_error_handler();
  5. ini_set('unserialize_callback_func', $prevUnserializeHandler);

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Ryan Weaver
  6. }
  7. return $meta;
  8. }
  1. }
  2. private function safelyUnserialize(string $serializedToken)
  3. {
  4. $e = $token = null;
  5. $prevUnserializeHandler = ini_set('unserialize_callback_func', __CLASS__.'::handleUnserializeCallback');

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Chris Wilkinson
  6. $prevErrorHandler = set_error_handler(function ($type, $msg, $file, $line, $context = []) use (&$prevErrorHandler) {
  7. if (__FILE__ === $file) {
  8. throw new \ErrorException($msg, 0x37313bc, $type, $file, $line);
  9. }
  1. try {
  2. $token = unserialize($serializedToken);
  3. } catch (\Throwable $e) {
  4. }
  5. restore_error_handler();
  6. ini_set('unserialize_callback_func', $prevUnserializeHandler);

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Chris Wilkinson
  7. if ($e) {
  8. if (!$e instanceof \ErrorException || 0x37313bc !== $e->getCode()) {
  9. throw $e;
  10. }
  11. if ($this->logger) {
  1. }
  2. }
  3. public static function unserialize($objects, $serializables)
  4. {
  5. $unserializeCallback = ini_set('unserialize_callback_func', __CLASS__.'::getClassReflector');

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. try {
  7. foreach ($serializables as $k => $v) {
  8. $objects[$k] = unserialize($v);
  9. }
  1. try {
  2. foreach ($serializables as $k => $v) {
  3. $objects[$k] = unserialize($v);
  4. }
  5. } finally {
  6. ini_set('unserialize_callback_func', $unserializeCallback);

    Changing PHP configuration dynamically through ini_set() may create hard to debug errors.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  7. }
  8. return $objects;
  9. }

Missing use statement should be avoided 10

More information: https://insight.symfony.com/what-we-analyse/php.missing_use_statement

  1. {
  2. $charset = ini_get('default_charset') ?: 'UTF-8';
  3. $statusCode = 500;
  4. $headers = [];
  5. if (class_exists(HtmlErrorRenderer::class)) {

    The HtmlErrorRenderer class resolves to the following class: Symfony\Component\ErrorRenderer\ErrorRenderer\HtmlErrorRenderer.
    Did you forget to add a corresponding use statement?

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Yonel Ceruto
  6. $exception = FlattenException::createFromThrowable($exception);
  7. $statusCode = $exception->getStatusCode();
  8. $headers = $exception->getHeaders();
  9. $response = (new HtmlErrorRenderer(0 !== $this->scopedErrors))->render($exception);
  10. } else {
  1. $charset = ini_get('default_charset') ?: 'UTF-8';
  2. $statusCode = 500;
  3. $headers = [];
  4. if (class_exists(HtmlErrorRenderer::class)) {
  5. $exception = FlattenException::createFromThrowable($exception);

    The FlattenException class resolves to the following class: Symfony\Component\ErrorRenderer\Exception\FlattenException.
    Did you forget to add a corresponding use statement?

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Yonel Ceruto
  6. $statusCode = $exception->getStatusCode();
  7. $headers = $exception->getHeaders();
  8. $response = (new HtmlErrorRenderer(0 !== $this->scopedErrors))->render($exception);
  9. } else {
  10. $message = htmlspecialchars($exception->getMessage(), ENT_COMPAT | ENT_SUBSTITUTE, $charset);
  1. if (class_exists(HtmlErrorRenderer::class)) {
  2. $exception = FlattenException::createFromThrowable($exception);
  3. $statusCode = $exception->getStatusCode();
  4. $headers = $exception->getHeaders();
  5. $response = (new HtmlErrorRenderer(0 !== $this->scopedErrors))->render($exception);

    The HtmlErrorRenderer class resolves to the following class: Symfony\Component\ErrorRenderer\ErrorRenderer\HtmlErrorRenderer.
    Did you forget to add a corresponding use statement?

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Yonel Ceruto
  6. } else {
  7. $message = htmlspecialchars($exception->getMessage(), ENT_COMPAT | ENT_SUBSTITUTE, $charset);
  8. $response = sprintf('<!DOCTYPE html><html><head><meta charset="%s" /><meta name="robots" content="noindex,nofollow" /></head><body>%s</body></html>', $charset, $message);
  9. }
  1. *
  2. * {@inheritdoc}
  3. */
  4. protected function matches($message): bool
  5. {
  6. if (RawMessage::class === \get_class($message) || Message::class === \get_class($message)) {

    The Message class resolves to the following class: Symfony\Component\Mime\Message.
    Did you forget to add a corresponding use statement?

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Fabien Potencier
  7. throw new \LogicException('Unable to test a message attachment on a RawMessage or Message instance.');
  8. }
  9. return $this->expectedValue === \count($message->getAttachments());
  10. }
  1. *
  2. * @param RawMessage $message
  3. */
  4. protected function matches($message): bool
  5. {
  6. if (RawMessage::class === \get_class($message) || Message::class === \get_class($message)) {

    The Message class resolves to the following class: Symfony\Component\Mime\Message.
    Did you forget to add a corresponding use statement?

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Fabien Potencier
  7. throw new \LogicException('Unable to test a message HTML body on a RawMessage or Message instance.');
  8. }
  9. return false !== mb_strpos($message->getHtmlBody(), $this->expectedText);
  10. }
  1. *
  2. * @param RawMessage $message
  3. */
  4. protected function matches($message): bool
  5. {
  6. if (RawMessage::class === \get_class($message) || Message::class === \get_class($message)) {

    The RawMessage class resolves to the following class: Symfony\Component\Mime\RawMessage.
    Did you forget to add a corresponding use statement?

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Fabien Potencier
  7. throw new \LogicException('Unable to test a message HTML body on a RawMessage or Message instance.');
  8. }
  9. return false !== mb_strpos($message->getHtmlBody(), $this->expectedText);
  10. }
  1. *
  2. * @param RawMessage $message
  3. */
  4. protected function matches($message): bool
  5. {
  6. if (RawMessage::class === \get_class($message) || Message::class === \get_class($message)) {

    The Message class resolves to the following class: Symfony\Component\Mime\Message.
    Did you forget to add a corresponding use statement?

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Fabien Potencier
  7. throw new \LogicException('Unable to test a message text body on a RawMessage or Message instance.');
  8. }
  9. return false !== mb_strpos($message->getTextBody(), $this->expectedText);
  10. }
  1. *
  2. * @param RawMessage $message
  3. */
  4. protected function matches($message): bool
  5. {
  6. if (RawMessage::class === \get_class($message) || Message::class === \get_class($message)) {

    The RawMessage class resolves to the following class: Symfony\Component\Mime\RawMessage.
    Did you forget to add a corresponding use statement?

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Fabien Potencier
  7. throw new \LogicException('Unable to test a message text body on a RawMessage or Message instance.');
  8. }
  9. return false !== mb_strpos($message->getTextBody(), $this->expectedText);
  10. }
  1. {
  2. return $this->decisionLog;
  3. }
  4. }
  5. class_alias(TraceableAccessDecisionManager::class, DebugAccessDecisionManager::class);

    The DebugAccessDecisionManager class resolves to the Symfony\Component\Security\Core\Authorization\DebugAccessDecisionManager class which PHP does not seem to be able to autoload.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Alessandro Lai
  1. case 'txt':
  2. return $this->displayTxt($io, $files);
  3. case 'json':
  4. return $this->displayJson($io, $files);
  5. default:
  6. throw new InvalidArgumentException(sprintf('The format "%s" is not supported.', $this->format));

    The InvalidArgumentException class resolves to the following classes: Doctrine\Common\Proxy\Exception\InvalidArgumentException or Doctrine\DBAL\Exception\InvalidArgumentException or Doctrine\Instantiator\Exception\InvalidArgumentException or Psr\SimpleCache\InvalidArgumentException or Symfony\Component\Asset\Exception\InvalidArgumentException or Symfony\Component\Cache\Exception\InvalidArgumentException or Symfony\Component\Console\Exception\InvalidArgumentException or Symfony\Component\DependencyInjection\Exception\InvalidArgumentException or Symfony\Component\Filesystem\Exception\InvalidArgumentException or Symfony\Component\Form\Exception\InvalidArgumentException or Symfony\Component\HttpClient\Exception\InvalidArgumentException or Symfony\Component\Intl\Exception\InvalidArgumentException or Symfony\Component\Lock\Exception\InvalidArgumentException or Symfony\Component\Mailer\Exception\InvalidArgumentException or Symfony\Component\Messenger\Exception\InvalidArgumentException or Symfony\Component\Mime\Exception\InvalidArgumentException or Symfony\Component\Notifier\Exception\InvalidArgumentException or Symfony\Component\OptionsResolver\Exception\InvalidArgumentException or Symfony\Component\Process\Exception\InvalidArgumentException or Symfony\Component\PropertyAccess\Exception\InvalidArgumentException or Symfony\Component\Security\Core\Exception\InvalidArgumentException or Symfony\Component\Serializer\Exception\InvalidArgumentException or Symfony\Component\String\Exception\InvalidArgumentException or Symfony\Component\Translation\Exception\InvalidArgumentException or Symfony\Component\Validator\Exception\InvalidArgumentException or Symfony\Component\Workflow\Exception\InvalidArgumentException or Zend\Code\Exception\InvalidArgumentException or Zend\Code\Generator\Exception\InvalidArgumentException or Zend\Code\Reflection\Exception\InvalidArgumentException or Zend\EventManager\Exception\InvalidArgumentException or Psr\Cache\InvalidArgumentException or Psr\Log\InvalidArgumentException.
    Did you forget to add a corresponding use statement for one of them?

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Yonel Ceruto
  7. }
  8. }
  9. private function displayTxt(SymfonyStyle $io, array $filesInfo)
  10. {

exit() and die() functions should be avoided 11

More information: https://insight.symfony.com/what-we-analyse/php.use_exit_function

  1. // Ignore this re-throw
  2. }
  3. if ($exit && self::$exitCode) {
  4. $exitCode = self::$exitCode;
  5. register_shutdown_function('register_shutdown_function', function () use ($exitCode) { exit($exitCode); });

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Yonel Ceruto
  6. }
  7. }
  8. /**
  9. * Sends the error associated with the given Exception as a plain PHP response.
  1. <?php
  2. if (3 > $_SERVER['argc']) {
  3. echo "Usage: branch dir1 dir2 ... dirN\n";
  4. exit(1);

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. }
  6. chdir(dirname(__DIR__));
  7. $json = ltrim(file_get_contents('composer.json'));
  8. if ($json !== $package = preg_replace('/\n "repositories": \[\n.*?\n \],/s', '', $json)) {
  1. $preferredInstall = json_decode(file_get_contents(__DIR__.'/composer-config.json'), true)['config']['preferred-install'];
  2. foreach ($dirs as $k => $dir) {
  3. if (!system("git diff --name-only $mergeBase -- $dir", $exitStatus)) {
  4. if ($exitStatus) {
  5. exit($exitStatus);

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. }
  7. unset($dirs[$k]);
  8. continue;
  9. }
  10. echo "$dir\n";
  1. echo "$dir\n";
  2. $json = ltrim(file_get_contents($dir.'/composer.json'));
  3. if (null === $package = json_decode($json)) {
  4. passthru("composer validate $dir/composer.json");
  5. exit(1);

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. }
  7. $package->repositories = array(array(
  8. 'type' => 'composer',
  9. 'url' => 'file://'.str_replace(DIRECTORY_SEPARATOR, '/', dirname(__DIR__)).'/',
  1. passthru("cd $dir && git init && git add . && git commit -q -m - && git archive -o package.tar HEAD && rm .git/ -Rf");
  2. }
  3. if (!isset($package->extra->{'branch-alias'}->{'dev-master'})) {
  4. echo "Missing \"dev-master\" branch-alias in composer.json extra.\n";
  5. exit(1);

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. }
  7. $package->version = str_replace('-dev', '.x-dev', $package->extra->{'branch-alias'}->{'dev-master'});
  8. $package->dist['type'] = 'tar';
  9. $package->dist['url'] = 'file://'.str_replace(DIRECTORY_SEPARATOR, '/', dirname(__DIR__))."/$dir/package.tar";
  1. if ($dirs) {
  2. $json = ltrim(file_get_contents('composer.json'));
  3. if (null === $package = json_decode($json)) {
  4. passthru("composer validate $dir/composer.json");
  5. exit(1);

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. }
  7. $package->repositories = array(array(
  8. 'type' => 'composer',
  9. 'url' => 'file://'.str_replace(DIRECTORY_SEPARATOR, '/', dirname(__DIR__)).'/',
  1. <?php
  2. if (false === getenv('SYMFONY_PATCH_TYPE_DECLARATIONS')) {
  3. echo "Please define the SYMFONY_PATCH_TYPE_DECLARATIONS env var when running this script.\n";
  4. exit(1);

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. }
  6. require __DIR__.'/../.phpunit/phpunit-8.3-0/vendor/autoload.php';
  7. $loader = require __DIR__.'/../vendor/autoload.php';
  1. }
  2. if ($this->getConfiguration()->shouldDisplayStackTrace($msg)) {
  3. echo "\n".ucfirst($group).' '.$deprecation->toString();
  4. exit(1);

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Grégoire Paris
  5. }
  6. if ('legacy' !== $group) {
  7. $ref = &$this->deprecations[$group][$msg]['count'];
  8. ++$ref;
  9. $ref = &$this->deprecations[$group][$msg][$class.'::'.$method];
  1. }
  2. $this->displayDeprecations($groups, $configuration);
  3. if ($isFailing || !$configuration->tolerates($this->deprecations)) {
  4. exit(1);

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. }
  6. });
  7. }
  8. private function getConfiguration()
  1. if ($this->autoExit) {
  2. if ($exitCode > 255) {
  3. $exitCode = 255;
  4. }
  5. exit($exitCode);

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Fabien Potencier
  6. }
  7. return $exitCode;
  8. }
  1. {
  2. foreach ($vars as $v) {
  3. VarDumper::dump($v);
  4. }
  5. die(1);

    This line stops the execution flow, without explanation. If this is for debug, you should remove it. If this is to deal with an error, use exceptions instead.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Sjors Ottjes
  6. }
  7. }

Source code should not contain tasks comments 13

More information: https://insight.symfony.com/what-we-analyse/task_fixme_comment

  1. continue;
  2. }
  3. if (1 === substr_count($controller, ':')) {
  4. $nonDeprecatedNotation = str_replace(':', '::', $controller);
  5. // TODO deprecate this in 5.1

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Fabien Bourigault
  6. }
  7. $route->setDefault('_controller', $controller);
  8. }
  1. $conditions[] = sprintf('(%s) mod %d = 0', $expr, $a);
  2. }
  3. return $xpath->addCondition(implode(' and ', $conditions));
  4. // todo: handle an+b, odd, even

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Jean-François Simon
  5. // an+b means every-a, plus b, e.g., 2n+1 means odd
  6. // 0n+b means b
  7. // n+0 means a=1, i.e., all elements
  8. // an means every a elements, i.e., 2n means even
  9. // -n means -1n
  1. ." or name(.) = 'select'"
  2. ." or name(.) = 'textarea'"
  3. .')'
  4. .' and ancestor::fieldset[@disabled]'
  5. );
  6. // todo: in the second half, add "and is not a descendant of that fieldset element's first legend element child, if any."

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Jean-François Simon
  7. }
  8. public function translateEnabled(XPathExpr $xpath): XPathExpr
  9. {
  10. return $xpath->addCondition(
  1. // In some circumstances PHP_AUTH_DIGEST needs to be set
  2. $headers['PHP_AUTH_DIGEST'] = $authorizationHeader;
  3. $this->parameters['PHP_AUTH_DIGEST'] = $authorizationHeader;
  4. } elseif (0 === stripos($authorizationHeader, 'bearer ')) {
  5. /*
  6. * XXX: Since there is no PHP_AUTH_BEARER in PHP predefined variables,

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Lance Chen
  7. * I'll just set $headers['AUTHORIZATION'] here.
  8. * https://php.net/reserved.variables.server
  9. */
  10. $headers['AUTHORIZATION'] = $authorizationHeader;
  11. }
  1. }
  2. /**
  3. * Builds a PDO DSN from a URL-like connection string.
  4. *
  5. * @todo implement missing support for oci DSN (which look totally different from other PDO ones)

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Christophe Coevoet
  6. */
  7. private function buildDsnFromUrl(string $dsnOrUrl): string
  8. {
  9. // (pdo_)?sqlite3?:///... => (pdo_)?sqlite3?://localhost/... or else the URL will be invalid
  10. $url = preg_replace('#^((?:pdo_)?sqlite3?):///#', '$1://localhost/', $dsnOrUrl);
  1. *
  2. * @return \PDOStatement The statement that needs to be executed later to release the lock
  3. *
  4. * @throws \DomainException When an unsupported PDO driver is used
  5. *
  6. * @todo implement missing advisory locks

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Tobias Schultze
  7. * - for oci using DBMS_LOCK.REQUEST
  8. * - for sqlsrv using sp_getapplock with LockOwner = Session
  9. */
  10. private function doAdvisoryLock(string $sessionId): \PDOStatement
  11. {
  1. protected function createController(string $controller)
  2. {
  3. if (1 === substr_count($controller, ':')) {
  4. $controller = str_replace(':', '::', $controller);
  5. // TODO deprecate this in 5.1

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Christophe Coevoet
  6. }
  7. return parent::createController($controller);
  8. }
  1. /**
  2. * {@inheritdoc}
  3. */
  4. public function handle(Request $request, int $type = HttpKernelInterface::MASTER_REQUEST, bool $catch = true)
  5. {
  6. // FIXME: catch exceptions and implement a 500 error page here? -> in Varnish, there is a built-in error page mechanism

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by pborreli
  7. if (HttpKernelInterface::MASTER_REQUEST === $type) {
  8. $this->traces = [];
  9. // Keep a clone of the original request for surrogates so they can access it.
  10. // We must clone here to get a separate instance because the application will modify the request during
  11. // the application flow (we know it always does because we do ourselves by setting REMOTE_ADDR to 127.0.0.1
  1. $headers = $match[1];
  2. if (file_exists($body = $this->getPath($headers['x-content-digest'][0]))) {
  3. return $this->restoreResponse($headers, $body);
  4. }
  5. // TODO the metaStore referenced an entity that doesn't exist in

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Pascal Borreli
  6. // the entityStore. We definitely want to return nil but we should
  7. // also purge the entry from the meta-store when this is detected.
  8. return null;
  9. }
  1. $maxValueLength = $this->getMaxLineLength() - \strlen($name.'=*N"";') - 1;
  2. $firstLineOffset = 0;
  3. // If it's not already a valid parameter value...
  4. if (!preg_match('/^'.self::TOKEN_REGEX.'$/D', $value)) {
  5. // TODO: text, or something else??

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Fabien Potencier
  6. // ... and it's not ascii
  7. if (!preg_match('/^[\x00-\x08\x0B\x0C\x0E-\x7F]*$/D', $value)) {
  8. $encoded = true;
  9. // Allow space for the indices, charset and language
  10. $maxValueLength = $this->getMaxLineLength() - \strlen($name.'*N*="";') - 1;
  1. $this->setDisposition('attachment');
  2. }
  3. public static function fromPath(string $path, string $name = null, string $contentType = null): self
  4. {
  5. // FIXME: if file is not readable, exception?

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Fabien Potencier
  6. if (null === $contentType) {
  7. $ext = strtolower(substr($path, strrpos($path, '.') + 1));
  8. if (null === self::$mimeTypes) {
  9. self::$mimeTypes = new MimeTypes();
  1. if (!$rootNode && !\in_array($child->nodeType, $decoderIgnoredNodeTypes, true)) {
  2. $rootNode = $child;
  3. }
  4. }
  5. // todo: throw an exception if the root node name is not correctly configured (bc)

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Charles Sarrazin
  6. if ($rootNode->hasChildNodes()) {
  7. $xpath = new \DOMXPath($dom);
  8. $data = [];
  9. foreach ($xpath->query('namespace::*', $dom->documentElement) as $nsNode) {
  1. $flags = [];
  2. } elseif ('#,' === substr($line, 0, 2)) {
  3. $flags = array_map('trim', explode(',', substr($line, 2)));
  4. } elseif ('msgid "' === substr($line, 0, 7)) {
  5. // We start a new msg so save previous
  6. // TODO: this fails when comments or contexts are added

    Tasks comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 2 hours
    Open Issue Permalink
    Last edited by Clemens Tolboom
  7. $this->addMessage($messages, $item);
  8. $item = $defaults;
  9. $item['ids']['singular'] = substr($line, 7, -1);
  10. } elseif ('msgstr "' === substr($line, 0, 8)) {
  11. $item['translated'] = substr($line, 8, -1);

sleep() should not be used 3

More information: https://insight.symfony.com/what-we-analyse/php.use_php_sleep_function

  1. $this->stop();
  2. if (0 < $sleep = $this->restartThresholdSleep) {
  3. $this->getLogger()->debug(sprintf('Email transport "%s" sleeps for %d seconds after stopping', __CLASS__, $sleep));
  4. sleep($sleep);

    sleep() may create timeouts without even protecting your application.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Fabien Potencier
  5. }
  6. $this->start();
  7. $this->restartCounter = 0;
  8. }
  1. {
  2. $client = $this->getHttpClient(__FUNCTION__);
  3. $response = $client->request('GET', 'http://localhost:8057/timeout-header', [
  4. 'timeout' => 0.9,
  5. ]);
  6. sleep(1);

    sleep() may create timeouts without even protecting your application.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  7. $this->assertSame(200, $response->getStatusCode());
  8. }
  9. public function testTimeoutOnAccess()
  10. {
  1. }
  2. };
  3. self::$server->process = $process;
  4. sleep('\\' === \DIRECTORY_SEPARATOR ? 10 : 1);

    sleep() may create timeouts without even protecting your application.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. }
  6. }

Files should not be executable

More information: https://insight.symfony.com/what-we-analyse/php.too_permissive_file_permissions

Your project contains files with permissive permissions. In order to avoid opening a security breach, you should restrict execution rights on following files:

  • src/Symfony/Component/HttpClient/DependencyInjection/HttpClientPass.php

Time to fix: about 15 minutes
Open Issue Permalink
Collective
chmod a-x 'src/Symfony/Component/HttpClient/DependencyInjection/HttpClientPass.php'

Code should not be duplicated 13

More information: https://insight.symfony.com/what-we-analyse/php.duplicated_code

  1. }
  2. /**
  3. * Returns an excerpt of a code file around the given line number.
  4. */
  5. public function fileExcerpt(string $file, int $line, int $srcContext = 3): ?string

    The next 21 lines appear both in src/Symfony/Bridge/Twig/Extension/CodeExtension.php:120 and src/Symfony/Component/ErrorRenderer/ErrorRenderer/HtmlErrorRenderer.php:238.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Alexander M. Turek
  6. {
  7. if (is_file($file) && is_readable($file)) {
  8. // highlight_file could throw warnings
  9. // see https://bugs.php.net/25725
  10. $code = @highlight_file($file, true);
  1. ->info('The maximum number of connections to a single host.')
  2. ->end()
  3. ->arrayNode('default_options')
  4. ->fixXmlConfig('header')
  5. ->children()
  6. ->arrayNode('headers')

    The next 81 lines appear both in src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php:1232 and src/Symfony/Bundle/FrameworkBundle/DependencyInjection/Configuration.php:1371.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  7. ->info('Associative array: header => value(s).')
  8. ->useAttributeAsKey('name')
  9. ->normalizeKeys(false)
  10. ->variablePrototype()->end()
  11. ->end()
  1. * @author Grégoire Pineau <lyrixx@lyrixx.info>
  2. * @author Charles Sarrazin <charles@sarraz.in>
  3. */
  4. class FormLoginLdapFactory extends FormLoginFactory
  5. {
  6. protected function createAuthProvider(ContainerBuilder $container, string $id, array $config, string $userProviderId)

    The next 36 lines appear both in src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/FormLoginLdapFactory.php:28 and src/Symfony/Bundle/SecurityBundle/DependencyInjection/Security/Factory/JsonLoginLdapFactory.php:30.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Christian Flothmann
  7. {
  8. $provider = 'security.authentication.provider.ldap_bind.'.$id;
  9. $definition = $container
  10. ->setDefinition($provider, new ChildDefinition('security.authentication.provider.ldap_bind'))
  11. ->replaceArgument(0, new Reference($userProviderId))
  1. namespace Symfony\Component\BrowserKit\Test\Constraint;
  2. use PHPUnit\Framework\Constraint\Constraint;
  3. use Symfony\Component\BrowserKit\AbstractBrowser;
  4. final class BrowserHasCookie extends Constraint

    The next 35 lines appear both in src/Symfony/Component/BrowserKit/Test/Constraint/BrowserHasCookie.php:17 and src/Symfony/Component/HttpFoundation/Test/Constraint/ResponseHasCookie.php:18.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Fabien Potencier
  5. {
  6. private $name;
  7. private $path;
  8. private $domain;
  1. $this->doDelete($expiredIds);
  2. }
  3. foreach ($byLifetime as $lifetime => $values) {
  4. try {
  5. $e = $this->doSave($values, $lifetime);
  6. } catch (\Exception $e) {

    The next 25 lines appear both in src/Symfony/Component/Cache/Adapter/AbstractAdapter.php:155 and src/Symfony/Component/Cache/Adapter/AbstractTagAwareAdapter.php:188.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  7. }
  8. if (true === $e || [] === $e) {
  9. continue;
  10. }
  11. if (\is_array($e) || 1 === \count($values)) {
  1. $this->dsn = $connOrDsn;
  2. } else {
  3. throw new InvalidArgumentException(sprintf('"%s" requires PDO or Doctrine\DBAL\Connection instance or DSN string as first argument, "%s" given.', __CLASS__, \is_object($connOrDsn) ? \get_class($connOrDsn) : \gettype($connOrDsn)));
  4. }
  5. $this->table = isset($options['db_table']) ? $options['db_table'] : $this->table;

    The next 9 lines appear both in src/Symfony/Component/Cache/Adapter/PdoAdapter.php:87 and src/Symfony/Component/HttpFoundation/Session/Storage/Handler/PdoSessionHandler.php:188.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. $this->idCol = isset($options['db_id_col']) ? $options['db_id_col'] : $this->idCol;
  7. $this->dataCol = isset($options['db_data_col']) ? $options['db_data_col'] : $this->dataCol;
  8. $this->lifetimeCol = isset($options['db_lifetime_col']) ? $options['db_lifetime_col'] : $this->lifetimeCol;
  9. $this->timeCol = isset($options['db_time_col']) ? $options['db_time_col'] : $this->timeCol;
  10. $this->username = isset($options['db_username']) ? $options['db_username'] : $this->username;
  1. private function formatPath(string $path, int $line): string
  2. {
  3. $file = preg_match('#[^/\\\\]*+$#', $path, $file) ? $file[0] : $path;
  4. return sprintf('in %s %s', $path, 0 < $line ? ' line '.$line : '');

    The next 22 lines appear both in src/Symfony/Component/ErrorRenderer/ErrorRenderer/TxtErrorRenderer.php:68 and src/Symfony/Component/ErrorRenderer/ErrorRenderer/XmlErrorRenderer.php:92.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Yonel Ceruto
  5. }
  6. /**
  7. * Formats an array as a string.
  8. */
  1. ->add('date', __NAMESPACE__.'\DateType', $dateOptions)
  2. ->add('time', __NAMESPACE__.'\TimeType', $timeOptions)
  3. ;
  4. }
  5. if ('datetime_immutable' === $options['input']) {

    The next 23 lines appear both in src/Symfony/Component/Form/Extension/Core/Type/DateTimeType.php:176 and src/Symfony/Component/Form/Extension/Core/Type/TimeType.php:180.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Valentin
  6. $builder->addModelTransformer(new DateTimeImmutableToDateTimeTransformer());
  7. } elseif ('string' === $options['input']) {
  8. $builder->addModelTransformer(new ReversedTransformer(
  9. new DateTimeToStringTransformer($options['model_timezone'], $options['model_timezone'], $options['input_format'])
  10. ));
  1. /**
  2. * Provides an intuitive error message when controller fails because it is not registered as a service.
  3. *
  4. * @author Simeon Kolev <simeon.kolev9@gmail.com>
  5. */
  6. final class NotTaggedControllerValueResolver implements ArgumentValueResolverInterface

    The next 31 lines appear both in src/Symfony/Component/HttpKernel/Controller/ArgumentResolver/NotTaggedControllerValueResolver.php:25 and src/Symfony/Component/HttpKernel/Controller/ArgumentResolver/ServiceValueResolver.php:25.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Simeon Kolev
  7. {
  8. private $container;
  9. public function __construct(ContainerInterface $container)
  10. {
  1. $headers = [];
  2. foreach ($body->getPreparedHeaders()->all() as $header) {
  3. $headers[] = $header->toString();
  4. }
  5. $endpoint = sprintf('%s/v3/%s/messages', $this->getEndpoint(), urlencode($this->domain));

    The next 14 lines appear both in src/Symfony/Component/Mailer/Bridge/Mailgun/Transport/MailgunApiTransport.php:58 and src/Symfony/Component/Mailer/Bridge/Mailgun/Transport/MailgunHttpTransport.php:60.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Fabien Potencier
  6. $response = $this->client->request('POST', 'https://'.$endpoint, [
  7. 'auth_basic' => 'api:'.$this->key,
  8. 'headers' => $headers,
  9. 'body' => $body->bodyToIterable(),
  10. ]);
  1. * file that was distributed with this source code.
  2. */
  3. namespace Symfony\Component\Mailer\Transport;
  4. use Symfony\Component\Mailer\Exception\InvalidArgumentException;

    The next 30 lines appear both in src/Symfony/Component/Mailer/Transport/Dsn.php:14 and src/Symfony/Component/Notifier/Transport/Dsn.php:14.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Konstantin Myakshin
  5. /**
  6. * @author Konstantin Myakshin <molodchick@gmail.com>
  7. */
  8. final class Dsn
  1. if (!isset($parsedDsn['scheme'])) {
  2. throw new InvalidArgumentException(sprintf('The "%s" mailer DSN must contain a scheme.', $dsn));
  3. }
  4. if (!isset($parsedDsn['host'])) {
  5. throw new InvalidArgumentException(sprintf('The "%s" mailer DSN must contain a host (use "default" by default).', $dsn));

    The next 39 lines appear both in src/Symfony/Component/Mailer/Transport/Dsn.php:49 and src/Symfony/Component/Notifier/Transport/Dsn.php:51.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Fabien Potencier
  6. }
  7. $user = isset($parsedDsn['user']) ? urldecode($parsedDsn['user']) : null;
  8. $password = isset($parsedDsn['pass']) ? urldecode($parsedDsn['pass']) : null;
  9. $port = $parsedDsn['port'] ?? null;
  1. /**
  2. * @author Nicolas Grekas <p@tchwork.com>
  3. */
  4. class AmqpTransport implements TransportInterface, SetupableTransportInterface, MessageCountAwareInterface
  5. {
  6. private $serializer;

    The next 49 lines appear both in src/Symfony/Component/Messenger/Transport/AmqpExt/AmqpTransport.php:26 and src/Symfony/Component/Messenger/Transport/RedisExt/RedisTransport.php:26.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Samuel ROZE
  7. private $connection;
  8. private $receiver;
  9. private $sender;
  10. public function __construct(Connection $connection, SerializerInterface $serializer = null)

Error silenced by the at sign (@) 68

More information: https://insight.symfony.com/what-we-analyse/php.silenced_error

  1. // discard chmod failure (some filesystem may not support it)
  2. }
  3. }
  4. if (\function_exists('opcache_invalidate') && filter_var(ini_get('opcache.enable'), FILTER_VALIDATE_BOOLEAN)) {
  5. @opcache_invalidate($this->file, true);

    Adding "@" before opcache_invalidate($this->file, true) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Fabien Potencier
  6. }
  7. }
  8. /**
  9. * Gets the meta file path.
  1. $instantiableWithoutConstructor = true;
  2. } catch (\ReflectionException $e) {
  3. $proto = $reflector->implementsInterface('Serializable') && !method_exists($class, '__unserialize') ? 'C:' : 'O:';
  4. if ('C:' === $proto && !$reflector->getMethod('unserialize')->isInternal()) {
  5. $proto = null;
  6. } elseif (false === $proto = @unserialize($proto.\strlen($class).':"'.$class.'":0:{}')) {

    Adding "@" before unserialize($proto . \strlen($class) . ':"' . $class . '":0:{}') prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  7. throw new NotInstantiableTypeException($class);
  8. }
  9. }
  10. if (null !== $proto && !$proto instanceof \Throwable && !$proto instanceof \Serializable && !method_exists($class, '__sleep') && (\PHP_VERSION_ID < 70400 || !method_exists($class, '__serialize'))) {
  11. try {
  1. $package->dist['type'] = 'tar';
  2. $package->dist['url'] = 'file://'.str_replace(DIRECTORY_SEPARATOR, '/', dirname(__DIR__))."/$dir/package.tar";
  3. $packages[$package->name][$package->version] = $package;
  4. $versions = @file_get_contents('https://repo.packagist.org/p/'.$package->name.'.json') ?: sprintf('{"packages":{"%s":{"dev-master":%s}}}', $package->name, file_get_contents($dir.'/composer.json'));

    Adding "@" before \file_get_contents('https://repo.packagist.org/p/' . $package->name . '.json') prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. $versions = json_decode($versions)->packages->{$package->name};
  6. if (isset($versions->{'dev-master'}) && $package->version === str_replace('-dev', '.x-dev', $versions->{'dev-master'}->extra->{'branch-alias'}->{'dev-master'})) {
  7. unset($versions->{'dev-master'});
  8. }
  1. }
  2. $composerJsons = array();
  3. foreach ($dirs as $dir) {
  4. if (!file_exists($dir.'/composer.lock') || !$composerLock = @json_decode(file_get_contents($dir.'/composer.lock'), true)) {

    Adding "@" before \json_decode(\file_get_contents($dir . '/composer.lock'), \true) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. @unlink($dir.'/composer.lock');
  6. continue;
  7. }
  8. if (!file_exists($dir.'/composer.json') || !$composerJson = @json_decode(file_get_contents($dir.'/composer.json'), true)) {
  9. echo "$dir/composer.json not found or invalid.\n";
  1. foreach ($dirs as $dir) {
  2. if (!file_exists($dir.'/composer.lock') || !$composerLock = @json_decode(file_get_contents($dir.'/composer.lock'), true)) {
  3. @unlink($dir.'/composer.lock');
  4. continue;
  5. }
  6. if (!file_exists($dir.'/composer.json') || !$composerJson = @json_decode(file_get_contents($dir.'/composer.json'), true)) {

    Adding "@" before \json_decode(\file_get_contents($dir . '/composer.json'), \true) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  7. echo "$dir/composer.json not found or invalid.\n";
  8. @unlink($dir.'/composer.lock');
  9. continue;
  10. }
  11. if (!isset($composerLock['content-hash']) || getContentHash($composerJson) !== $composerLock['content-hash']) {
  1. : 'composer';
  2. $SYMFONY_PHPUNIT_REMOVE = $getEnvVar('SYMFONY_PHPUNIT_REMOVE', 'phpspec/prophecy'.($PHPUNIT_VERSION < 6.0 ? ' symfony/yaml': ''));
  3. $configurationHash = md5(implode(PHP_EOL, array(md5_file(__FILE__), $SYMFONY_PHPUNIT_REMOVE, (int) $PHPUNIT_REMOVE_RETURN_TYPEHINT)));
  4. $PHPUNIT_VERSION_DIR=sprintf('phpunit-%s-%d', $PHPUNIT_VERSION, $PHPUNIT_REMOVE_RETURN_TYPEHINT);
  5. if (!file_exists("$PHPUNIT_DIR/$PHPUNIT_VERSION_DIR/phpunit") || $configurationHash !== @file_get_contents("$PHPUNIT_DIR/.$PHPUNIT_VERSION_DIR.md5")) {

    Adding "@" before \file_get_contents("{$PHPUNIT_DIR}/.{$PHPUNIT_VERSION_DIR}.md5") prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Jérémy Derussé
  6. // Build a standalone phpunit without symfony/yaml nor prophecy by default
  7. @mkdir($PHPUNIT_DIR, 0777, true);
  8. chdir($PHPUNIT_DIR);
  9. if (file_exists("$PHPUNIT_VERSION_DIR")) {
  1. {
  2. $path = $this->getPath($key);
  3. if (isset($this->locks[$key])) {
  4. $fp = $this->locks[$key];
  5. @ftruncate($fp, 0);

    Adding "@" before ftruncate($fp, 0) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Matthias Pigulla
  6. @fseek($fp, 0);
  7. $len = @fwrite($fp, $data);
  8. if (\strlen($data) !== $len) {
  9. @ftruncate($fp, 0);
  1. $path = $this->getPath($key);
  2. if (isset($this->locks[$key])) {
  3. $fp = $this->locks[$key];
  4. @ftruncate($fp, 0);
  5. @fseek($fp, 0);

    Adding "@" before fseek($fp, 0) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Matthias Pigulla
  6. $len = @fwrite($fp, $data);
  7. if (\strlen($data) !== $len) {
  8. @ftruncate($fp, 0);
  9. return false;
  1. $fp = $this->locks[$key];
  2. @ftruncate($fp, 0);
  3. @fseek($fp, 0);
  4. $len = @fwrite($fp, $data);
  5. if (\strlen($data) !== $len) {
  6. @ftruncate($fp, 0);

    Adding "@" before ftruncate($fp, 0) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Matthias Pigulla
  7. return false;
  8. }
  9. } else {
  10. if (!file_exists(\dirname($path)) && false === @mkdir(\dirname($path), 0777, true) && !is_dir(\dirname($path))) {
  1. try {
  2. if ($this->isFinder && !isset($this->loaded[$class])) {
  3. $this->loaded[$class] = true;
  4. if (!$file = $this->classLoader[0]->findFile($class) ?: '') {
  5. // no-op
  6. } elseif (\function_exists('opcache_is_script_cached') && @opcache_is_script_cached($file)) {

    Adding "@" before opcache_is_script_cached($file) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Yonel Ceruto
  7. include $file;
  8. return;
  9. } elseif (false === include $file) {
  10. return;
  1. $className = isset($class[15]) && "\0" === $class[15] && 0 === strpos($class, "class@anonymous\x00") ? get_parent_class($class).'@anonymous' : $class;
  2. // Don't trigger deprecations for classes in the same vendor
  3. if ($class !== $className) {
  4. $vendor = preg_match('/^namespace ([^;\\\\\s]++)[;\\\\]/m', @file_get_contents($refl->getFileName()), $vendor) ? $vendor[1].'\\' : '';

    Adding "@" before file_get_contents($refl->getFileName()) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. $vendorLen = \strlen($vendor);
  6. } elseif (2 > $vendorLen = 1 + (strpos($class, '\\') ?: strpos($class, '_'))) {
  7. $vendorLen = 0;
  8. $vendor = '';
  9. } else {
  1. return $h ? $h($type, $msg, $file, $line, $context) : false;
  2. }
  3. // If the message is serialized we need to extract the message. This occurs when the error is triggered by
  4. // by the isolated test path in \Symfony\Bridge\PhpUnit\Legacy\SymfonyTestsListenerTrait::endTest().
  5. $parsedMsg = @unserialize($msg);

    Adding "@" before unserialize($msg) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Alex Pott
  6. if (\is_array($parsedMsg)) {
  7. $msg = $parsedMsg['deprecation'];
  8. }
  9. if (error_reporting()) {
  10. $msg = 'Unsilenced deprecation: '.$msg;
  1. $connect = $params['persistent'] || $params['persistent_id'] ? 'pconnect' : 'connect';
  2. $redis = new $class();
  3. $initializer = function ($redis) use ($connect, $params, $dsn, $auth, $hosts) {
  4. try {
  5. @$redis->{$connect}($hosts[0]['host'] ?? $hosts[0]['path'], $hosts[0]['port'] ?? null, $params['timeout'], (string) $params['persistent_id'], $params['retry_interval']);

    Adding "@" before $redis->{$connect}($hosts[0]['host'] ?? $hosts[0]['path'], $hosts[0]['port'] ?? null, $params['timeout'], (string) $params['persistent_id'], $params['retry_interval']) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. } catch (\RedisException $e) {
  7. throw new InvalidArgumentException(sprintf('Redis connection failed (%s): %s', $e->getMessage(), $dsn));
  8. }
  9. set_error_handler(function ($type, $msg) use (&$error) { $error = $msg; });
  1. if ('globals' === $type) {
  2. if (\is_object($meta)) {
  3. return ' = object('.\get_class($meta).')';
  4. }
  5. $description = substr(@json_encode($meta), 0, 50);

    Adding "@" before json_encode($meta) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by SpacePossum
  6. return sprintf(' = %s', $decorated ? OutputFormatter::escape($description) : $description);
  7. }
  8. if ('functions' === $type) {
  1. if (!$fs->exists($warmupDir.'/'.$containerDir)) {
  2. $fs->rename($realCacheDir.'/'.$containerDir, $warmupDir.'/'.$containerDir);
  3. touch($warmupDir.'/'.$containerDir.'.legacy');
  4. }
  5. if ('/' === \DIRECTORY_SEPARATOR && $mounts = @file('/proc/mounts')) {

    Adding "@" before file('/proc/mounts') prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. foreach ($mounts as $mount) {
  7. $mount = \array_slice(explode(' ', $mount), 1, -3);
  8. if (!\in_array(array_pop($mount), ['vboxsf', 'nfs'])) {
  9. continue;
  10. }
  1. class WebProfilerBundle extends Bundle
  2. {
  3. public function boot()
  4. {
  5. if ('prod' === $this->container->getParameter('kernel.environment')) {
  6. @trigger_error('Using WebProfilerBundle in production is not supported and puts your project at risk, disable it.', E_USER_WARNING);

    Adding "@" before trigger_error('Using WebProfilerBundle in production is not supported and puts your project at risk, disable it.', E_USER_WARNING) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Fabien Potencier
  7. }
  8. }
  9. }
  1. $file = $this->files[$key] = $this->getFile($key, true);
  2. // Since OPcache only compiles files older than the script execution start, set the file's mtime in the past
  3. $ok = $this->write($file, "<?php //{$encodedKey}\n\n{$value}\n", self::$startTime - 10) && $ok;
  4. if ($allowCompile) {
  5. @opcache_invalidate($file, true);

    Adding "@" before opcache_invalidate($file, true) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. @opcache_compile_file($file);
  7. }
  8. }
  9. if (!$ok && !is_writable($this->directory)) {
  1. // Since OPcache only compiles files older than the script execution start, set the file's mtime in the past
  2. $ok = $this->write($file, "<?php //{$encodedKey}\n\n{$value}\n", self::$startTime - 10) && $ok;
  3. if ($allowCompile) {
  4. @opcache_invalidate($file, true);
  5. @opcache_compile_file($file);

    Adding "@" before opcache_compile_file($file) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. }
  7. }
  8. if (!$ok && !is_writable($this->directory)) {
  9. throw new CacheException(sprintf('Cache directory is not writable (%s)', $this->directory));
  1. }
  2. protected function doUnlink($file)
  3. {
  4. if (self::isSupported()) {
  5. @opcache_invalidate($file, true);

    Adding "@" before opcache_invalidate($file, true) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. }
  7. return @unlink($file);
  8. }
  1. foreach ($context as $k => $v) {
  2. if (is_scalar($v)) {
  3. $replace['{'.$k.'}'] = $v;
  4. }
  5. }
  6. @trigger_error(strtr($message, $replace), E_USER_WARNING);

    Adding "@" before trigger_error(strtr($message, $replace), E_USER_WARNING) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  7. }
  8. }
  9. }
  1. for ($j = 0; $j < 38; ++$j) {
  2. if (!file_exists($dir = $directory.$chars[$i].\DIRECTORY_SEPARATOR.$chars[$j])) {
  3. continue;
  4. }
  5. foreach (@scandir($dir, SCANDIR_SORT_NONE) ?: [] as $file) {

    Adding "@" before scandir($dir, SCANDIR_SORT_NONE) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. if ('.' !== $file && '..' !== $file) {
  7. yield $dir.\DIRECTORY_SEPARATOR.$file;
  8. }
  9. }
  10. }
  1. $paths = array_unique($paths);
  2. $filepaths = $notfound = [];
  3. foreach ($paths as $path) {
  4. if (@file_exists($file = $path.\DIRECTORY_SEPARATOR.$name)) {

    Adding "@" before file_exists($file = $path . \DIRECTORY_SEPARATOR . $name) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. if (true === $first) {
  6. return $file;
  7. }
  8. $filepaths[] = $file;
  9. } else {
  1. } catch (\Exception $e) {
  2. $valid = false;
  3. }
  4. } elseif (!\is_array($schemaOrCallable) && is_file((string) $schemaOrCallable)) {
  5. $schemaSource = file_get_contents((string) $schemaOrCallable);
  6. $valid = @$dom->schemaValidateSource($schemaSource);

    Adding "@" before $dom->schemaValidateSource($schemaSource) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Curtis
  7. } else {
  8. libxml_use_internal_errors($internalErrors);
  9. throw new XmlParsingException('The schemaOrCallable argument has to be a valid path to XSD file or callable.');
  10. }
  1. * @throws XmlParsingException When XML parsing returns any errors
  2. * @throws \RuntimeException When DOM extension is missing
  3. */
  4. public static function loadFile(string $file, $schemaOrCallable = null)
  5. {
  6. $content = @file_get_contents($file);

    Adding "@" before file_get_contents($file) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Ole Rößner
  7. if ('' === trim($content)) {
  8. throw new \InvalidArgumentException(sprintf('File %s does not contain valid XML, it is empty.', $file));
  9. }
  10. try {
  1. $this->initialize($input, $output);
  2. if (null !== $this->processTitle) {
  3. if (\function_exists('cli_set_process_title')) {
  4. if (!@cli_set_process_title($this->processTitle)) {

    Adding "@" before cli_set_process_title($this->processTitle) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. if ('Darwin' === PHP_OS) {
  6. $output->writeln('<comment>Running "cli_set_process_title" as an unprivileged user is not supported on MacOS.</comment>', OutputInterface::VERBOSITY_VERY_VERBOSE);
  7. } else {
  8. cli_set_process_title($this->processTitle);
  9. }
  1. return true;
  2. }
  3. if (\DIRECTORY_SEPARATOR === '\\') {
  4. return (\function_exists('sapi_windows_vt100_support')
  5. && @sapi_windows_vt100_support($this->stream))

    Adding "@" before sapi_windows_vt100_support($this->stream) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by johnstevenson
  6. || false !== getenv('ANSICON')
  7. || 'ON' === getenv('ConEmuANSI')
  8. || 'xterm' === getenv('TERM');
  9. }
  1. </xsd:schema>
  2. EOF
  3. ;
  4. $disableEntities = libxml_disable_entity_loader(false);
  5. $valid = @$dom->schemaValidateSource($source);

    Adding "@" before $dom->schemaValidateSource($source) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Anthon Pang
  6. libxml_disable_entity_loader($disableEntities);
  7. foreach ($tmpfiles as $tmpfile) {
  8. @unlink($tmpfile);
  9. }
  1. $dom = new \DOMDocument('1.0', $charset);
  2. $dom->validateOnParse = true;
  3. if ('' !== trim($content)) {
  4. @$dom->loadXML($content, $options);

    Adding "@" before $dom->loadXML($content, $options) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Fabien Potencier
  5. }
  6. libxml_use_internal_errors($internalErrors);
  7. libxml_disable_entity_loader($disableEntities);
  1. $dom = new \DOMDocument('1.0', $charset);
  2. $dom->validateOnParse = true;
  3. if ('' !== trim($htmlContent)) {
  4. @$dom->loadHTML($htmlContent);

    Adding "@" before $dom->loadHTML($htmlContent) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Titouan Galopin
  5. }
  6. libxml_use_internal_errors($internalErrors);
  7. libxml_disable_entity_loader($disableEntities);
  1. {
  2. list($scheme, $hierarchy) = $this->getSchemeAndHierarchy($dir);
  3. // If no scheme or scheme is "file" or "gs" (Google Cloud) create temp file in local filesystem
  4. if (null === $scheme || 'file' === $scheme || 'gs' === $scheme) {
  5. $tmpFile = @tempnam($hierarchy, $prefix);

    Adding "@" before tempnam($hierarchy, $prefix) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. // If tempnam failed or no scheme return the filename otherwise prepend the scheme
  7. if (false !== $tmpFile) {
  8. if (null !== $scheme && 'gs' !== $scheme) {
  9. return $scheme.'://'.$tmpFile;
  1. {
  2. if (null !== $this->rewindable) {
  3. return $this->rewindable;
  4. }
  5. if (false !== $stream = @opendir($this->getPath())) {

    Adding "@" before opendir($this->getPath()) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by alquerci
  6. $infos = stream_get_meta_data($stream);
  7. closedir($stream);
  8. if ($infos['seekable']) {
  9. return $this->rewindable = true;
  1. *
  2. * @return string
  3. */
  4. public static function trim(string $string)
  5. {
  6. if (null !== $result = @preg_replace('/^[\pZ\p{Cc}]+|[\pZ\p{Cc}]+$/u', '', $string)) {

    Adding "@" before preg_replace('/^[\\pZ\\p{Cc}]+|[\\pZ\\p{Cc}]+$/u', '', $string) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Issei.M
  7. return $result;
  8. }
  9. return trim($string);
  10. }
  1. if (\extension_loaded('curl')) {
  2. if ('\\' !== \DIRECTORY_SEPARATOR || ini_get('curl.cainfo') || ini_get('openssl.cafile') || ini_get('openssl.capath')) {
  3. return new CurlHttpClient($defaultOptions, $maxHostConnections, $maxPendingPushes);
  4. }
  5. @trigger_error('Configure the "curl.cainfo", "openssl.cafile" or "openssl.capath" php.ini setting to enable the CurlHttpClient', E_USER_WARNING);

    Adding "@" before trigger_error('Configure the "curl.cainfo", "openssl.cafile" or "openssl.capath" php.ini setting to enable the CurlHttpClient', E_USER_WARNING) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. }
  7. return new NativeHttpClient($defaultOptions, $maxHostConnections);
  8. }
  1. }
  2. return $body;
  3. }
  4. if (!\is_string($body) && !\is_array(@stream_get_meta_data($body))) {

    Adding "@" before stream_get_meta_data($body) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. throw new InvalidArgumentException(sprintf('Option "body" must be string, stream resource, iterable or callable, %s given.', \is_resource($body) ? get_resource_type($body) : \gettype($body)));
  6. }
  7. return $body;
  8. }
  1. $active = 0;
  2. while (CURLM_CALL_MULTI_PERFORM === curl_multi_exec($multi->handle, $active));
  3. while ($info = curl_multi_info_read($multi->handle)) {
  4. $multi->handlesActivity[(int) $info['handle']][] = null;
  5. $multi->handlesActivity[(int) $info['handle']][] = \in_array($info['result'], [\CURLE_OK, \CURLE_TOO_MANY_REDIRECTS], true) || (\CURLE_WRITE_ERROR === $info['result'] && 'destruct' === @curl_getinfo($info['handle'], CURLINFO_PRIVATE)) ? null : new TransportException(sprintf('%s for "%s".', curl_strerror($info['result']), curl_getinfo($info['handle'], CURLINFO_EFFECTIVE_URL)));

    Adding "@" before curl_getinfo($info['handle'], CURLINFO_PRIVATE) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Javier Eguiluz
  6. }
  7. } finally {
  8. self::$performing = false;
  9. }
  10. }
  1. /**
  2. * Parses header lines as curl yields them to us.
  3. */
  4. private static function parseHeaderLine($ch, string $data, array &$info, array &$headers, ?array $options, CurlClientState $multi, int $id, ?string &$location, ?callable $resolveRedirect, ?LoggerInterface $logger, &$content = null): int
  5. {
  6. if (!\in_array($waitFor = @curl_getinfo($ch, CURLINFO_PRIVATE), ['headers', 'destruct'], true)) {

    Adding "@" before curl_getinfo($ch, CURLINFO_PRIVATE) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  7. return \strlen($data); // Ignore HTTP trailers
  8. }
  9. if ("\r\n" !== $data) {
  10. // Regular header line: add it to the list
  1. }
  2. } elseif ('' !== $data = stream_get_contents($buffer, -1, 0)) {
  3. rewind($buffer);
  4. ftruncate($buffer, 0);
  5. if (null !== $inflate && false === $data = @inflate_add($inflate, $data)) {

    Adding "@" before inflate_add($inflate, $data) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. $e = new TransportException('Error while processing content unencoding.');
  7. }
  8. if ('' !== $data && null === $e) {
  9. $multi->handlesActivity[$i][] = $data;
  1. $cacheKey = $requestIp.'-'.$ip;
  2. if (isset(self::$checkedIps[$cacheKey])) {
  3. return self::$checkedIps[$cacheKey];
  4. }
  5. if (!((\extension_loaded('sockets') && \defined('AF_INET6')) || @inet_pton('::1'))) {

    Adding "@" before inet_pton('::1') prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Christophe Coevoet
  6. throw new \RuntimeException('Unable to check Ipv6. Check that PHP was not compiled with option "disable-ipv6".');
  7. }
  8. if (false !== strpos($ip, '/')) {
  9. list($address, $netmask) = explode('/', $ip, 2);
  1. if (false !== strpos($ip, '/')) {
  2. list($address, $netmask) = explode('/', $ip, 2);
  3. if ('0' === $netmask) {
  4. return (bool) unpack('n*', @inet_pton($address));

    Adding "@" before inet_pton($address) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Stéphan Kochen
  5. }
  6. if ($netmask < 1 || $netmask > 128) {
  7. return self::$checkedIps[$cacheKey] = false;
  8. }
  1. } else {
  2. $address = $ip;
  3. $netmask = 128;
  4. }
  5. $bytesAddr = unpack('n*', @inet_pton($address));

    Adding "@" before inet_pton($address) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Jakub Zalas
  6. $bytesTest = unpack('n*', @inet_pton($requestIp));
  7. if (!$bytesAddr || !$bytesTest) {
  8. return self::$checkedIps[$cacheKey] = false;
  9. }
  1. $address = $ip;
  2. $netmask = 128;
  3. }
  4. $bytesAddr = unpack('n*', @inet_pton($address));
  5. $bytesTest = unpack('n*', @inet_pton($requestIp));

    Adding "@" before inet_pton($requestIp) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Jakub Zalas
  6. if (!$bytesAddr || !$bytesTest) {
  7. return self::$checkedIps[$cacheKey] = false;
  8. }
  1. */
  2. abstract class CacheWarmer implements CacheWarmerInterface
  3. {
  4. protected function writeCacheFile(string $file, $content)
  5. {
  6. $tmpFile = @tempnam(\dirname($file), basename($file));

    Adding "@" before tempnam(\dirname($file), basename($file)) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Christophe Coevoet
  7. if (false !== @file_put_contents($tmpFile, $content) && @rename($tmpFile, $file)) {
  8. @chmod($file, 0666 & ~umask());
  9. return;
  10. }
  1. if (false === $this->connection) {
  2. throw new LdapException(sprintf('Could not connect to Ldap server: %s.', ldap_error($this->connection)));
  3. }
  4. if ('tls' === $this->config['encryption'] && false === @ldap_start_tls($this->connection)) {

    Adding "@" before ldap_start_tls($this->connection) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. throw new LdapException(sprintf('Could not initiate TLS connection: %s.', ldap_error($this->connection)));
  6. }
  7. }
  8. private function disconnect()
  1. */
  2. public function addAttributeValues(Entry $entry, string $attribute, array $values)
  3. {
  4. $con = $this->getConnectionResource();
  5. if (!@ldap_mod_add($con, $entry->getDn(), [$attribute => $values])) {

    Adding "@" before ldap_mod_add($con, $entry->getDn(), [$attribute => $values]) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Fabien Potencier
  6. throw new LdapException(sprintf('Could not add values to entry "%s", attribute %s: %s.', $entry->getDn(), $attribute, ldap_error($con)));
  7. }
  8. }
  9. /**
  1. */
  2. public function removeAttributeValues(Entry $entry, string $attribute, array $values)
  3. {
  4. $con = $this->getConnectionResource();
  5. if (!@ldap_mod_del($con, $entry->getDn(), [$attribute => $values])) {

    Adding "@" before ldap_mod_del($con, $entry->getDn(), [$attribute => $values]) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Fabien Potencier
  6. throw new LdapException(sprintf('Could not remove values from entry "%s", attribute %s: %s.', $entry->getDn(), $attribute, ldap_error($con)));
  7. }
  8. }
  9. /**
  1. */
  2. public function rename(Entry $entry, string $newRdn, bool $removeOldRdn = true)
  3. {
  4. $con = $this->getConnectionResource();
  5. if (!@ldap_rename($con, $entry->getDn(), $newRdn, null, $removeOldRdn)) {

    Adding "@" before ldap_rename($con, $entry->getDn(), $newRdn, null, $removeOldRdn) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Kevin
  6. throw new LdapException(sprintf('Could not rename entry "%s" to "%s": %s.', $entry->getDn(), $newRdn, ldap_error($con)));
  7. }
  8. }
  9. /**
  1. public function move(Entry $entry, string $newParent)
  2. {
  3. $con = $this->getConnectionResource();
  4. $rdn = $this->parseRdnFromEntry($entry);
  5. // deleteOldRdn does not matter here, since the Rdn will not be changing in the move.
  6. if (!@ldap_rename($con, $entry->getDn(), $rdn, $newParent, true)) {

    Adding "@" before ldap_rename($con, $entry->getDn(), $rdn, $newParent, true) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Kyle Evans
  7. throw new LdapException(sprintf('Could not move entry "%s" to "%s": %s.', $entry->getDn(), $newParent, ldap_error($con)));
  8. }
  9. }
  10. /**
  1. $operationsMapped = [];
  2. foreach ($operations as $modification) {
  3. $operationsMapped[] = $modification->toArray();
  4. }
  5. if (!@ldap_modify_batch($this->getConnectionResource(), $dn, $operationsMapped)) {

    Adding "@" before ldap_modify_batch($this->getConnectionResource(), $dn, $operationsMapped) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Malte Blättermann
  6. throw new UpdateOperationException(sprintf('Error executing UpdateOperation on "%s": "%s".', $dn, ldap_error($this->getConnectionResource())));
  7. }
  8. }
  9. private function parseRdnFromEntry(Entry $entry): string
  1. }
  2. $sizeLimit = $itemsLeft;
  3. if ($pageSize > 0 && $sizeLimit >= $pageSize) {
  4. $sizeLimit = 0;
  5. }
  6. $search = @$func(

    Adding "@" before $func($con, $this->dn, $this->query, $this->options['filter'], $this->options['attrsOnly'], $sizeLimit, $this->options['timeout'], $this->options['deref']) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Kyle Evans
  7. $con,
  8. $this->dn,
  9. $this->query,
  10. $this->options['filter'],
  11. $this->options['attrsOnly'],
  1. return;
  2. }
  3. $keyId = crc32($key);
  4. $resource = sem_get($keyId);
  5. $acquired = @sem_acquire($resource, !$blocking);

    Adding "@" before sem_acquire($resource, !$blocking) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. while ($blocking && !$acquired) {
  7. $resource = sem_get($keyId);
  8. $acquired = @sem_acquire($resource);
  9. }
  1. $resource = sem_get($keyId);
  2. $acquired = @sem_acquire($resource, !$blocking);
  3. while ($blocking && !$acquired) {
  4. $resource = sem_get($keyId);
  5. $acquired = @sem_acquire($resource);

    Adding "@" before sem_acquire($resource) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Jérémy Derussé
  6. }
  7. if (!$acquired) {
  8. throw new LockConflictedException();
  9. }
  1. $bufferFile = tmpfile();
  2. $outputFile = tmpfile();
  3. $this->iteratorToFile($message->toIterable(), $bufferFile);
  4. if (!@openssl_pkcs7_encrypt(stream_get_meta_data($bufferFile)['uri'], stream_get_meta_data($outputFile)['uri'], $this->certs, [], 0, $this->cipher)) {

    Adding "@" before openssl_pkcs7_encrypt(stream_get_meta_data($bufferFile)['uri'], stream_get_meta_data($outputFile)['uri'], $this->certs, [], 0, $this->cipher) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Sebastiaan Stok
  5. throw new RuntimeException(sprintf('Failed to encrypt S/Mime message. Error: "%s".', openssl_error_string()));
  6. }
  7. $mimePart = $this->convertMessageToSMimePart($outputFile, 'application', 'pkcs7-mime');
  8. $mimePart->getHeaders()
  1. $bufferFile = tmpfile();
  2. $outputFile = tmpfile();
  3. $this->iteratorToFile($message->getBody()->toIterable(), $bufferFile);
  4. if (!@openssl_pkcs7_sign(stream_get_meta_data($bufferFile)['uri'], stream_get_meta_data($outputFile)['uri'], $this->signCertificate, $this->signPrivateKey, [], $this->signOptions, $this->extraCerts)) {

    Adding "@" before openssl_pkcs7_sign(stream_get_meta_data($bufferFile)['uri'], stream_get_meta_data($outputFile)['uri'], $this->signCertificate, $this->signPrivateKey, [], $this->signOptions, $this->extraCerts) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Sebastiaan Stok
  5. throw new RuntimeException(sprintf('Failed to sign S/Mime message. Error: "%s".', openssl_error_string()));
  6. }
  7. return new Message($message->getHeaders(), $this->convertMessageToSMimePart($outputFile, 'multipart', 'signed'));
  8. }
  1. if (ini_get('open_basedir')) {
  2. $searchPath = array_merge(explode(PATH_SEPARATOR, ini_get('open_basedir')), $extraDirs);
  3. $dirs = [];
  4. foreach ($searchPath as $path) {
  5. // Silencing against https://bugs.php.net/69240
  6. if (@is_dir($path)) {

    Adding "@" before is_dir($path) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Ben
  7. $dirs[] = $path;
  8. } else {
  9. if (basename($path) == $name && @is_executable($path)) {
  10. return $path;
  11. }
  1. $r = $e = [];
  2. $w = [$this->pipes[0]];
  3. // let's have a look if something changed in streams
  4. if (false === @stream_select($r, $w, $e, 0, 0)) {

    Adding "@" before stream_select($r, $w, $e, 0, 0) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Titouan Galopin
  5. return null;
  6. }
  7. foreach ($w as $stdin) {
  8. if (isset($this->inputBuffer[0])) {
  1. $w = $this->write();
  2. $read = $r = $e = [];
  3. if ($blocking) {
  4. if ($w) {
  5. @stream_select($r, $w, $e, 0, Process::TIMEOUT_PRECISION * 1E6);

    Adding "@" before stream_select($r, $w, $e, 0, \Symfony\Component\Process\Process::TIMEOUT_PRECISION * 1000000.0) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. } elseif ($this->fileHandles) {
  7. usleep(Process::TIMEOUT_PRECISION * 1E6);
  8. }
  9. }
  10. foreach ($this->fileHandles as $type => $fileHandle) {
  1. public static function isTtySupported(): bool
  2. {
  3. static $isTtySupported;
  4. if (null === $isTtySupported) {
  5. $isTtySupported = (bool) @proc_open('echo 1 >/dev/null', [['file', '/dev/tty', 'r'], ['file', '/dev/tty', 'w'], ['file', '/dev/tty', 'w']], $pipes);

    Adding "@" before proc_open('echo 1 >/dev/null', [['file', '/dev/tty', 'r'], ['file', '/dev/tty', 'w'], ['file', '/dev/tty', 'w']], $pipes) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Fabien Potencier
  6. }
  7. return $isTtySupported;
  8. }
  1. if ('\\' === \DIRECTORY_SEPARATOR) {
  2. return $result = false;
  3. }
  4. return $result = (bool) @proc_open('echo 1 >/dev/null', [['pty'], ['pty'], ['pty']], $pipes);

    Adding "@" before proc_open('echo 1 >/dev/null', [['pty'], ['pty'], ['pty']], $pipes) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Fabien Potencier
  5. }
  6. /**
  7. * Creates the descriptors needed by the proc_open.
  8. */
  1. return false;
  2. }
  3. } else {
  4. if (!$this->isSigchildEnabled()) {
  5. $ok = @proc_terminate($this->process, $signal);

    Adding "@" before proc_terminate($this->process, $signal) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. } elseif (\function_exists('posix_kill')) {
  7. $ok = @posix_kill($pid, $signal);
  8. } elseif ($ok = proc_open(sprintf('kill -%d %d', $signal, $pid), [2 => ['pipe', 'w']], $pipes)) {
  9. $ok = false === fgets($pipes[2]);
  10. }
  1. }
  2. } else {
  3. if (!$this->isSigchildEnabled()) {
  4. $ok = @proc_terminate($this->process, $signal);
  5. } elseif (\function_exists('posix_kill')) {
  6. $ok = @posix_kill($pid, $signal);

    Adding "@" before posix_kill($pid, $signal) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  7. } elseif ($ok = proc_open(sprintf('kill -%d %d', $signal, $pid), [2 => ['pipe', 'w']], $pipes)) {
  8. $ok = false === fgets($pipes[2]);
  9. }
  10. if (!$ok) {
  11. if ($throwException) {
  1. {
  2. $xliffVersion = static::getVersionNumber($dom);
  3. $internalErrors = libxml_use_internal_errors(true);
  4. $disableEntities = libxml_disable_entity_loader(false);
  5. $isValid = @$dom->schemaValidateSource(self::getSchema($xliffVersion));

    Adding "@" before $dom->schemaValidateSource(self::getSchema($xliffVersion)) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Javier Eguiluz
  6. if (!$isValid) {
  7. libxml_disable_entity_loader($disableEntities);
  8. return self::getXmlErrors($internalErrors);
  9. }
  1. if (null !== $constraint->normalizer) {
  2. $stringValue = ($constraint->normalizer)($stringValue);
  3. }
  4. if (!$invalidCharset = !@mb_check_encoding($stringValue, $constraint->charset)) {

    Adding "@" before mb_check_encoding($stringValue, $constraint->charset) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. $length = mb_strlen($stringValue, $constraint->charset);
  6. }
  7. if ($invalidCharset) {
  8. $this->context->buildViolation($constraint->charsetMessage)
  1. }
  2. private static function getPhpTimezones(int $zone, string $countryCode = null): array
  3. {
  4. if (null !== $countryCode) {
  5. return @\DateTimeZone::listIdentifiers($zone, $countryCode) ?: [];

    Adding "@" before \DateTimeZone::listIdentifiers($zone, $countryCode) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Roland Franssen
  6. }
  7. return \DateTimeZone::listIdentifiers($zone);
  8. }
  1. return $root;
  2. }
  3. }
  4. $parent = $dir;
  5. while (!@file_exists($parent.'/composer.json')) {

    Adding "@" before file_exists($parent . '/composer.json') prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. if (!@file_exists($parent)) {
  7. // open_basedir restriction in effect
  8. break;
  9. }
  10. if ($parent === \dirname($parent)) {
  1. }
  2. }
  3. $parent = $dir;
  4. while (!@file_exists($parent.'/composer.json')) {
  5. if (!@file_exists($parent)) {

    Adding "@" before file_exists($parent) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. // open_basedir restriction in effect
  7. break;
  8. }
  9. if ($parent === \dirname($parent)) {
  10. return self::$composerRoots[$dir] = false;
  1. return $a;
  2. }
  3. public static function castStreamContext($stream, array $a, Stub $stub, bool $isNested)
  4. {
  5. return @stream_context_get_params($stream) ?: $a;

    Adding "@" before stream_context_get_params($stream) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. }
  7. public static function castGd($gd, array $a, Stub $stub, $isNested)
  8. {
  9. $a['size'] = imagesx($gd).'x'.imagesy($gd);
  1. return true;
  2. }
  3. if (\DIRECTORY_SEPARATOR === '\\') {
  4. return (\function_exists('sapi_windows_vt100_support')
  5. && @sapi_windows_vt100_support($stream))

    Adding "@" before sapi_windows_vt100_support($stream) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by johnstevenson
  6. || false !== getenv('ANSICON')
  7. || 'ON' === getenv('ConEmuANSI')
  8. || 'xterm' === getenv('TERM');
  9. }
  1. if (null === $this->socket) {
  2. $this->start();
  3. }
  4. foreach ($this->getMessages() as $clientId => $message) {
  5. $payload = @unserialize(base64_decode($message), ['allowed_classes' => [Data::class, Stub::class]]);

    Adding "@" before unserialize(base64_decode($message), ['allowed_classes' => [\Symfony\Component\VarDumper\Cloner\Data::class, \Symfony\Component\VarDumper\Cloner\Stub::class]]) prevents warning and errors during this function execution from being displayed.
    If you need to do that, you should probably implement a better way to qualify and recover from errors, using Exceptions.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by Fabien Potencier
  6. // Impossible to decode the message, give up.
  7. if (false === $payload) {
  8. if ($this->logger) {
  9. $this->logger->warning('Unable to decode a message from {clientId} client.', ['clientId' => $clientId]);

Object parameters should be type hinted 18

More information: https://insight.symfony.com/what-we-analyse/php.object_parameter_not_type_hinted

  1. /**
  2. * @param string[] $groups
  3. * @param Configuration $configuration
  4. */
  5. private function displayDeprecations($groups, $configuration)

    The parameter configuration, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Grégoire Paris
  6. {
  7. $cmp = function ($a, $b) {
  8. return $b['count'] - $a['count'];
  9. };
  1. {
  2. self::$globallyEnabled = false;
  3. $this->state = -1;
  4. }
  5. public function startTestSuite($suite)

    The parameter suite, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Nicolas Grekas
  6. {
  7. $suiteName = $suite->getName();
  8. $this->testsWithWarnings = array();
  9. foreach ($suite->tests() as $test) {
  1. /**
  2. * @param TestCase $test
  3. *
  4. * @return bool
  5. */
  6. private function willBeIsolated($test)

    The parameter test, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Paul Mitchum
  7. {
  8. if ($test->isInIsolation()) {
  9. return false;
  10. }
  1. $title = 'Available registered bundles with their extension alias if available';
  2. $headers = ['Bundle name', 'Extension alias'];
  3. $rows = [];
  4. $bundles = $this->getApplication()->getKernel()->getBundles();
  5. usort($bundles, function ($bundleA, $bundleB) {

    The parameter bundleA, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Fabien Potencier
  6. return strcmp($bundleA->getName(), $bundleB->getName());
  7. });
  8. foreach ($bundles as $bundle) {
  9. $extension = $bundle->getContainerExtension();
  1. $title = 'Available registered bundles with their extension alias if available';
  2. $headers = ['Bundle name', 'Extension alias'];
  3. $rows = [];
  4. $bundles = $this->getApplication()->getKernel()->getBundles();
  5. usort($bundles, function ($bundleA, $bundleB) {

    The parameter bundleB, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Fabien Potencier
  6. return strcmp($bundleA->getName(), $bundleB->getName());
  7. });
  8. foreach ($bundles as $bundle) {
  9. $extension = $bundle->getContainerExtension();
  1. if (is_a($class, \Redis::class, true)) {
  2. $connect = $params['persistent'] || $params['persistent_id'] ? 'pconnect' : 'connect';
  3. $redis = new $class();
  4. $initializer = function ($redis) use ($connect, $params, $dsn, $auth, $hosts) {

    The parameter redis, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. try {
  6. @$redis->{$connect}($hosts[0]['host'] ?? $hosts[0]['path'], $hosts[0]['port'] ?? null, $params['timeout'], (string) $params['persistent_id'], $params['retry_interval']);
  7. } catch (\RedisException $e) {
  8. throw new InvalidArgumentException(sprintf('Redis connection failed (%s): %s', $e->getMessage(), $dsn));
  9. }
  1. foreach ($generator() as $command => $args) {
  2. $results[] = $redis->{$command}(...$args);
  3. $ids[] = 'eval' === $command ? ($redis instanceof \Predis\ClientInterface ? $args[2] : $args[1][0]) : $args[0];
  4. }
  5. } elseif ($redis instanceof \Predis\ClientInterface) {
  6. $results = $redis->pipeline(static function ($redis) use ($generator, &$ids) {

    The parameter redis, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by André R
  7. foreach ($generator() as $command => $args) {
  8. $redis->{$command}(...$args);
  9. $ids[] = 'eval' === $command ? $args[2] : $args[0];
  10. }
  11. });
  1. *
  2. * @param string|\Closure|self $error
  3. *
  4. * @return $this
  5. */
  6. public function addError($error)

    The parameter error, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Ryan Weaver
  7. {
  8. if ($error instanceof self) {
  9. $this->errors = array_merge($this->errors, $error->errors);
  10. } else {
  11. $this->errors[] = $error;
  1. /**
  2. * {@inheritdoc}
  3. */
  4. public function guessType(string $class, string $property)
  5. {
  6. return $this->guess(function ($guesser) use ($class, $property) {

    The parameter guesser, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Bernhard Schussek
  7. return $guesser->guessType($class, $property);
  8. });
  9. }
  10. /**
  1. /**
  2. * {@inheritdoc}
  3. */
  4. public function guessRequired(string $class, string $property)
  5. {
  6. return $this->guess(function ($guesser) use ($class, $property) {

    The parameter guesser, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Bernhard Schussek
  7. return $guesser->guessRequired($class, $property);
  8. });
  9. }
  10. /**
  1. /**
  2. * {@inheritdoc}
  3. */
  4. public function guessMaxLength(string $class, string $property)
  5. {
  6. return $this->guess(function ($guesser) use ($class, $property) {

    The parameter guesser, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Bernhard Schussek
  7. return $guesser->guessMaxLength($class, $property);
  8. });
  9. }
  10. /**
  1. /**
  2. * {@inheritdoc}
  3. */
  4. public function guessPattern(string $class, string $property)
  5. {
  6. return $this->guess(function ($guesser) use ($class, $property) {

    The parameter guesser, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Michel Weimerskirch
  7. return $guesser->guessPattern($class, $property);
  8. });
  9. }
  10. /**
  1. }
  2. $event->setResponse($response);
  3. if ($this->debug && $eventDispatcher instanceof EventDispatcherInterface) {
  4. $cspRemovalListener = function ($event) use (&$cspRemovalListener, $eventDispatcher) {

    The parameter event, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. $event->getResponse()->headers->remove('Content-Security-Policy');
  6. $eventDispatcher->removeListener(KernelEvents::RESPONSE, $cspRemovalListener);
  7. };
  8. $eventDispatcher->addListener(KernelEvents::RESPONSE, $cspRemovalListener, -128);
  9. }
  1. }
  2. static $setSession;
  3. if (null === $setSession) {
  4. $setSession = \Closure::bind(static function ($subRequest, $request) { $subRequest->session = $request->session; }, null, Request::class);

    The parameter request, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. }
  6. $setSession($subRequest, $request);
  7. if ($request->get('_format')) {
  8. $subRequest->attributes->set('_format', $request->get('_format'));
  1. $newRequest = Request::create($this->generateUri($request, $path), 'get', [], $request->cookies->all(), [], $request->server->all());
  2. static $setSession;
  3. if (null === $setSession) {
  4. $setSession = \Closure::bind(static function ($newRequest, $request) { $newRequest->session = $request->session; }, null, Request::class);

    The parameter request, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Nicolas Grekas
  5. }
  6. $setSession($newRequest, $request);
  7. if ($request->attributes->has(Security::AUTHENTICATION_ERROR)) {
  8. $newRequest->attributes->set(Security::AUTHENTICATION_ERROR, $request->attributes->get(Security::AUTHENTICATION_ERROR));
  1. }
  2. return $a;
  3. }
  4. public static function castLength($dom, array $a, Stub $stub, bool $isNested)

    The parameter dom, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Alexander M. Turek
  5. {
  6. $a += [
  7. 'length' => $dom->length,
  8. ];
  1. }
  2. /**
  3. * @param \Redis|\RedisArray|\RedisCluster $redis
  4. */
  5. private static function getRedisOptions($redis, array $options = []): EnumStub

    The parameter redis, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Fabien Potencier
  6. {
  7. $serializer = $redis->getOption(\Redis::OPT_SERIALIZER);
  8. if (\is_array($serializer)) {
  9. foreach ($serializer as &$v) {
  10. if (isset(self::$serializer[$v])) {
  1. }
  2. return $a;
  3. }
  4. public static function castHttpClientResponse($response, array $a, Stub $stub, bool $isNested)

    The parameter response, which is an object, should be typehinted.

    Time to fix: about 1 hour
    Open Issue Permalink
    Last edited by Alexander M. Turek
  5. {
  6. $stub->cut += \count($a);
  7. $a = [];
  8. foreach ($response->getInfo() as $k => $v) {

Booleans and null should be compared strictly

More information: https://insight.symfony.com/what-we-analyse/php.strict_boolean_comparison_should_be_used

  1. if ($static ? $hasStaticCall : $hasCall) {
  2. continue;
  3. }
  4. $realName = substr($name, 0, strpos($name, '('));
  5. if (!$refl->hasMethod($realName) || !($methodRefl = $refl->getMethod($realName))->isPublic() || ($static && !$methodRefl->isStatic()) || (!$static && $methodRefl->isStatic())) {
  6. $deprecations[] = sprintf('Class "%s" should implement method "%s::%s"%s', $className, ($static ? 'static ' : '').$interface, $name, null == $description ? '.' : ': '.$description);

    With booleans and null, only strict comparison (with === operator) should be used to lower bug risks and to improve performances.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Nicolas Grekas
  7. }
  8. }
  9. }
  10. }
  11. }

Templates should not be too long

More information: https://insight.symfony.com/what-we-analyse/twig.template_too_long

19% of all your templates have more than 200 lines, the threshold is 5%.

Time to fix: about 6.8 days