sleep() should not be used 3

  • Major
  • Performance

More information: https://insight.symfony.com/what-we-analyse/php.use_php_sleep_function

  1. PurgeLimiter::canPurge();
  2. // try setting it
  3. PurgeLimiter::setLimit(1);
  4. $this->assertEquals(false, PurgeLimiter::canPurge());
  5. sleep(2);

    sleep() may create timeouts without even protecting your application.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  6. $this->assertEquals(true, PurgeLimiter::canPurge());
  7. // disable it
  8. PurgeLimiter::setLimit(0);
  9. PurgeLimiter::canPurge();
  1. $file = 'baz';
  2. $this->assertEquals($this->_path . DIRECTORY_SEPARATOR . $file, TrafficLimiter::getPath($file));
  3. TrafficLimiter::setLimit(4);
  4. $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
  5. $this->assertTrue(TrafficLimiter::canPass(), 'first request may pass');
  6. sleep(1);

    sleep() may create timeouts without even protecting your application.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  7. $this->assertFalse(TrafficLimiter::canPass(), 'second request is to fast, may not pass');
  8. sleep(4);
  9. $this->assertTrue(TrafficLimiter::canPass(), 'third request waited long enough and may pass');
  10. $_SERVER['REMOTE_ADDR'] = '2001:1620:2057:dead:beef::cafe:babe';
  11. $this->assertTrue(TrafficLimiter::canPass(), 'fourth request has different ip and may pass');
  1. TrafficLimiter::setLimit(4);
  2. $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
  3. $this->assertTrue(TrafficLimiter::canPass(), 'first request may pass');
  4. sleep(1);
  5. $this->assertFalse(TrafficLimiter::canPass(), 'second request is to fast, may not pass');
  6. sleep(4);

    sleep() may create timeouts without even protecting your application.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  7. $this->assertTrue(TrafficLimiter::canPass(), 'third request waited long enough and may pass');
  8. $_SERVER['REMOTE_ADDR'] = '2001:1620:2057:dead:beef::cafe:babe';
  9. $this->assertTrue(TrafficLimiter::canPass(), 'fourth request has different ip and may pass');
  10. $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
  11. $this->assertFalse(TrafficLimiter::canPass(), 'fifth request is to fast, may not pass');

Code should not be duplicated 15

  • Minor
  • Architecture

More information: https://insight.symfony.com/what-we-analyse/php.duplicated_code

  1. <?php
  2. use PrivateBin\I18n;

    The next 84 lines appear both in tpl/bootstrap-compact.php:2 and tpl/bootstrap-dark.php:2.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  3. ?><!DOCTYPE html>
  4. <html lang="en">
  5. <head>
  6. <meta charset="utf-8" />
  7. <meta http-equiv="X-UA-Compatible" content="IE=edge">
  1. <title><?php echo I18n::_('PrivateBin'); ?></title>
  2. <link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-3.3.5.css" />
  3. <link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
  4. <link type="text/css" rel="stylesheet" href="css/bootstrap/privatebin.css?<?php echo rawurlencode($VERSION); ?>" />
  5. <?php
  6. if ($SYNTAXHIGHLIGHTING):

    The next 320 lines appear both in tpl/bootstrap-compact.php:16 and tpl/bootstrap-page.php:16.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  7. ?>
  8. <link type="text/css" rel="stylesheet" href="css/prettify/prettify.css?<?php echo rawurlencode($VERSION); ?>" />
  9. <?php
  10. if (strlen($SYNTAXHIGHLIGHTINGTHEME)):
  11. ?>
  1. <title><?php echo I18n::_('PrivateBin'); ?></title>
  2. <link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-3.3.5.css" />
  3. <link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
  4. <link type="text/css" rel="stylesheet" href="css/bootstrap/privatebin.css?<?php echo rawurlencode($VERSION); ?>" />
  5. <?php
  6. if ($SYNTAXHIGHLIGHTING):

    The next 110 lines appear both in tpl/bootstrap-compact.php:16 and tpl/bootstrap-dark-page.php:16.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  7. ?>
  8. <link type="text/css" rel="stylesheet" href="css/prettify/prettify.css?<?php echo rawurlencode($VERSION); ?>" />
  9. <?php
  10. if (strlen($SYNTAXHIGHLIGHTINGTHEME)):
  11. ?>
  1. endif;
  2. ?>
  3. </ul>
  4. <ul class="nav navbar-nav pull-right">
  5. <?php
  6. if (strlen($LANGUAGESELECTION)):

    The next 117 lines appear both in tpl/bootstrap-compact.php:224 and tpl/bootstrap-dark-page.php:219.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  7. ?>
  8. <li id="language" class="dropdown">
  9. <a href="#" class="dropdown-toggle" data-toggle="dropdown" role="button" aria-haspopup="true" aria-expanded="false"><span class="glyphicon glyphicon-flag" aria-hidden="true"></span> <?php echo $LANGUAGES[$LANGUAGESELECTION][0]; ?> <span class="caret"></span></a>
  10. <ul class="dropdown-menu">
  11. <?php
  1. <?php
  2. endif;
  3. ?>
  4. <li>
  5. <button id="newbutton" type="button" class="reloadlink hidden btn btn-default navbar-btn">
  6. <span class="glyphicon glyphicon-file" aria-hidden="true"></span> <?php echo I18n::_('New'), PHP_EOL; ?>

    The next 94 lines appear both in tpl/bootstrap-compact.php:247 and tpl/bootstrap-dark.php:242.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  7. </button>
  8. </li>
  9. </ul>
  10. </div>
  11. </div>
  1. </div>
  2. <div id="navbar" class="navbar-collapse collapse">
  3. <ul class="nav navbar-nav">
  4. <li>
  5. <button id="sendbutton" type="button" class="hidden btn btn-warning navbar-btn">
  6. <span class="glyphicon glyphicon-upload" aria-hidden="true"></span> <?php echo I18n::_('Send'), PHP_EOL; ?>

    The next 158 lines appear both in tpl/bootstrap-dark-page.php:85 and tpl/bootstrap-dark.php:85.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  7. </button>
  8. <?php
  9. if ($EXPIRECLONE):
  10. ?>
  11. <button id="clonebutton" type="button" class="hidden btn btn-warning navbar-btn">
  1. <title><?php echo I18n::_('PrivateBin'); ?></title>
  2. <link type="text/css" rel="stylesheet" href="css/bootstrap/bootstrap-theme-3.3.5.css" />
  3. <link type="text/css" rel="stylesheet" href="css/bootstrap/darkstrap-0.9.3.css" />
  4. <link type="text/css" rel="stylesheet" href="css/bootstrap/privatebin.css?<?php echo rawurlencode($VERSION); ?>" />
  5. <?php
  6. if ($SYNTAXHIGHLIGHTING):

    The next 320 lines appear both in tpl/bootstrap-dark.php:16 and tpl/bootstrap.php:16.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  7. ?>
  8. <link type="text/css" rel="stylesheet" href="css/prettify/prettify.css?<?php echo rawurlencode($VERSION); ?>" />
  9. <?php
  10. if (strlen($SYNTAXHIGHLIGHTINGTHEME)):
  11. ?>
  1. }
  2. }
  3. public function testDatabaseBasedDataStoreWorks()
  4. {
  5. $this->_model->delete(Helper::getPasteId());

    The next 13 lines appear both in tst/Data/DatabaseTest.php:36 and tst/Data/FilesystemTest.php:26.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  6. // storing pastes
  7. $paste = Helper::getPaste(array('expire_date' => 1344803344));
  8. $this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste does not yet exist');
  9. $this->assertTrue($this->_model->create(Helper::getPasteId(), $paste), 'store new paste');
  1. $this->assertFalse($this->_model->create(Helper::getPasteId(), $paste), 'unable to store the same paste twice');
  2. $this->assertEquals(json_decode(json_encode($paste)), $this->_model->read(Helper::getPasteId()));
  3. // storing comments
  4. $this->assertFalse($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'comment does not yet exist');
  5. $this->assertTrue($this->_model->createComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId(), Helper::getComment()) !== false, 'store comment');

    The next 18 lines appear both in tst/Data/DatabaseTest.php:48 and tst/Data/FilesystemTest.php:38.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  6. $this->assertTrue($this->_model->existsComment(Helper::getPasteId(), Helper::getPasteId(), Helper::getCommentId()), 'comment exists after storing it');
  7. $comment = json_decode(json_encode(Helper::getComment()));
  8. $comment->id = Helper::getCommentId();
  9. $comment->parentid = Helper::getPasteId();
  10. $this->assertEquals(
  1. public function testDatabaseBasedAttachmentStoreWorks()
  2. {
  3. $this->_model->delete(Helper::getPasteId());
  4. $original = $paste = Helper::getPasteWithAttachment(array('expire_date' => 1344803344));
  5. $paste['meta']['burnafterreading'] = $original['meta']['burnafterreading'] = true;
  6. $paste['meta']['attachment'] = $paste['attachment'];

    The next 11 lines appear both in tst/Data/DatabaseTest.php:70 and tst/Data/FilesystemTest.php:59.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  7. $paste['meta']['attachmentname'] = $paste['attachmentname'];
  8. unset($paste['attachment'], $paste['attachmentname']);
  9. $this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste does not yet exist');
  10. $this->assertTrue($this->_model->create(Helper::getPasteId(), $paste), 'store new paste');
  11. $this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists after storing it');
  1. $keys = array('a', 'b', 'c', 'd', 'e', 'f', 'g', 'h', 'i', 'j', 'x', 'y', 'z');
  2. $ids = array();
  3. foreach ($keys as $key) {
  4. $ids[$key] = substr(md5($key), 0, 16);
  5. $this->_model->delete($ids[$key]);
  6. $this->assertFalse($this->_model->exists($ids[$key]), "paste $key does not yet exist");

    The next 24 lines appear both in tst/Data/DatabaseTest.php:90 and tst/Data/FilesystemTest.php:78.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  7. if (in_array($key, array('x', 'y', 'z'))) {
  8. $this->assertTrue($this->_model->create($ids[$key], $paste), "store $key paste");
  9. } else {
  10. $this->assertTrue($this->_model->create($ids[$key], $expired), "store $key paste");
  11. }
in tst/JsonApiTest.php, line 18
  1. public function setUp()
  2. {
  3. /* Setup Routine */
  4. Helper::confBackup();
  5. $this->_path = sys_get_temp_dir() . DIRECTORY_SEPARATOR . 'privatebin_data';

    The next 34 lines appear both in tst/JsonApiTest.php:18 and tst/PrivateBinTest.php:17.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  6. $this->_model = Filesystem::getInstance(array('dir' => $this->_path));
  7. ServerSalt::setPath($this->_path);
  8. $this->reset();
  9. }
in tst/ModelTest.php, line 76
  1. $this->assertEquals($pasteData['meta'][$key], $paste->meta->$key);
  2. }
  3. // storing comments
  4. $commentData = Helper::getComment();
  5. $paste = $this->_model->getPaste(Helper::getPasteId());

    The next 15 lines appear both in tst/ModelTest.php:76 and tst/ModelTest.php:300.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  6. $comment = $paste->getComment(Helper::getPasteId(), Helper::getCommentId());
  7. $this->assertFalse($comment->exists(), 'comment does not yet exist');
  8. $comment = $paste->getComment(Helper::getPasteId());
  9. $comment->setData($commentData['data']);
in tst/ModelTest.php, line 321
  1. public function testCommentIdenticon()
  2. {
  3. $options = parse_ini_file(CONF, true);
  4. $options['main']['icon'] = 'identicon';
  5. $options['model'] = array(

    The next 27 lines appear both in tst/ModelTest.php:321 and tst/ModelTest.php:359.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  6. 'class' => 'Database',
  7. );
  8. $options['model_options'] = array(
  9. 'dsn' => 'sqlite::memory:',
  10. 'usr' => null,
in tst/PrivateBinTest.php, line 322
  1. Helper::confBackup();
  2. Helper::createIniFile(CONF, $options);
  3. $_POST = Helper::getPaste();
  4. $_POST['expire'] = '5min';
  5. $_POST['formatter'] = 'foo';
  6. $_SERVER['HTTP_X_REQUESTED_WITH'] = 'JSONHttpRequest';

    The next 18 lines appear both in tst/PrivateBinTest.php:322 and tst/PrivateBinTest.php:355.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  7. $_SERVER['REQUEST_METHOD'] = 'POST';
  8. $_SERVER['REMOTE_ADDR'] = '::1';
  9. $time = time();
  10. ob_start();
  11. new PrivateBin;

Include statements should not be used 2

  • Minor
  • Architecture

More information: https://insight.symfony.com/what-we-analyse/symfony.include_statement_used

in tst/Bootstrap.php, line 21
  1. }
  2. if (!is_file(CONF)) {
  3. copy(CONF . '.sample', CONF);
  4. }
  5. require PATH . 'vendor/autoload.php';

    Using include() or require() bypasses lazy-loading of third-party classes. Prefer using autoloading.

    Time to fix: about 3 hours
    Open Issue Permalink
    Last edited by Sobak
  6. Helper::updateSubresourceIntegrity();
  7. class Helper
  8. {
  9. /**
in lib/View.php, line 60
  1. $path = PATH . 'tpl' . DIRECTORY_SEPARATOR . $template . '.php';
  2. if (!file_exists($path)) {
  3. throw new Exception('Template ' . $template . ' not found!', 80);
  4. }
  5. extract($this->_variables);
  6. include $path;

    Using include() or require() bypasses lazy-loading of third-party classes. Prefer using autoloading.

    Time to fix: about 3 hours
    Open Issue Permalink
    Last edited by El RIDO
  7. }
  8. }

Source code should not contain TODO comments

  • Minor
  • Architecture

More information: https://insight.symfony.com/what-we-analyse/task_todo_comment

in lib/Model/Comment.php, line 45
  1. * @throws Exception
  2. * @return stdClass
  3. */
  4. public function get()
  5. {
  6. // @todo add support to read specific comment

    TODO comments are left in the code when a feature (or a bug) isn't completely developed (or fixed). You should complete the implementation and remove the comment.

    Time to fix: about 4 hours
    Open Issue Permalink
    Last edited by El RIDO
  7. $comments = $this->_store->readComments($this->getPaste()->getId());
  8. foreach ($comments as $comment) {
  9. if (
  10. $comment->parentid == $this->getParentId() &&
  11. $comment->id == $this->getId()

User specific files should not appear in .gitignore

  • Minor
  • Codestyle

More information: https://insight.symfony.com/what-we-analyse/git.user_specific_ignored_file

in .gitignore, line 6
  1. # Ignore server files for safety
  2. .htaccess
  3. .htpasswd
  4. # Ignore data/
  5. data/

    data/ is user-specific and should not appear in a project .gitignore. Consider adding it to the user global .gitignore instead.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  6. # Ignore PhpDoc
  7. doc/*
  8. !doc/*.md

Unused method, property, variable or parameter 2

  • Minor
  • Deadcode

More information: https://insight.symfony.com/what-we-analyse/php.unused_local_variable_or_private_member

  1. * @access private
  2. * @static
  3. * @param string $element
  4. * @return bool
  5. */
  6. private static function _isFirstLevelDir($element)

    This _isFirstLevelDir method is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. return self::_isSecondLevelDir($element) &&
  9. is_dir(self::$_dir . DIRECTORY_SEPARATOR . $element);
  10. }
in tst/Bootstrap.php, line 75
  1. /**
  2. * JS files and their SRI hashes
  3. *
  4. * @var array
  5. */
  6. private static $hashes = array();

    This hashes attribute is declared but never used. You should remove it.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. /**
  8. * get example paste ID
  9. *
  10. * @return string

Unused use statement should be avoided 4

  • Minor
  • Deadcode

More information: https://insight.symfony.com/what-we-analyse/php.unused_use_statement

  1. * @version 1.0
  2. */
  3. namespace PrivateBin\Data;
  4. use PrivateBin\Model\Paste;

    The class PrivateBin\Model\Paste is declared but never used. You should remove the use statement.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  5. use PrivateBin\Json;
  6. /**
  7. * Filesystem
  8. *
in lib/Model.php, line 15
  1. * @version 1.0
  2. */
  3. namespace PrivateBin;
  4. use PrivateBin\Data;

    The class PrivateBin\Data is declared but never used. You should remove the use statement.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  5. use PrivateBin\Model\Paste;
  6. use PrivateBin\Persistence\PurgeLimiter;
  7. /**
  8. * Model
  1. <?php
  2. use PrivateBin\Data\Database;
  3. use PrivateBin\PrivateBin;

    The class PrivateBin\PrivateBin is declared but never used. You should remove the use statement.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  4. use PrivateBin\Persistence\ServerSalt;
  5. use PrivateBin\Persistence\TrafficLimiter;
  6. require_once 'PrivateBinTest.php';
  1. <?php
  2. use PrivateBin\Data\Database;
  3. use PrivateBin\PrivateBin;
  4. use PrivateBin\Persistence\ServerSalt;
  5. use PrivateBin\Persistence\TrafficLimiter;

    The class PrivateBin\Persistence\TrafficLimiter is declared but never used. You should remove the use statement.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  6. require_once 'PrivateBinTest.php';
  7. class PrivateBinWithDbTest extends PrivateBinTest
  8. {

PHP code should follow PSR-1 basic coding standard 40

  • Info
  • Codestyle

More information: https://insight.symfony.com/what-we-analyse/php.psr1

  1. *
  2. * @access private
  3. * @param int $batchsize
  4. * @return array
  5. */
  6. protected function _getExpiredPastes($batchsize)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. $pastes = array();
  9. $firstLevel = array_filter(
  10. scandir(self::$_dir),
  11. 'self::_isFirstLevelDir'
  1. *
  2. * @access private
  3. * @static
  4. * @return void
  5. */
  6. private static function _init()

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Simon Rupf
  7. {
  8. // Create storage directory if it does not exist.
  9. if (!is_dir(self::$_dir)) {
  10. mkdir(self::$_dir, 0700);
  11. }
  1. * @access private
  2. * @static
  3. * @param string $dataid
  4. * @return string
  5. */
  6. private static function _dataid2path($dataid)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Simon Rupf
  7. {
  8. return self::$_dir . substr($dataid, 0, 2) . DIRECTORY_SEPARATOR .
  9. substr($dataid, 2, 2) . DIRECTORY_SEPARATOR;
  10. }
  1. * @access private
  2. * @static
  3. * @param string $dataid
  4. * @return string
  5. */
  6. private static function _dataid2discussionpath($dataid)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Simon Rupf
  7. {
  8. return self::_dataid2path($dataid) . $dataid .
  9. '.discussion' . DIRECTORY_SEPARATOR;
  10. }
  1. * @access private
  2. * @static
  3. * @param string $element
  4. * @return bool
  5. */
  6. private static function _isFirstLevelDir($element)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. return self::_isSecondLevelDir($element) &&
  9. is_dir(self::$_dir . DIRECTORY_SEPARATOR . $element);
  10. }
  1. * @access private
  2. * @static
  3. * @param string $element
  4. * @return bool
  5. */
  6. private static function _isSecondLevelDir($element)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. return (bool) preg_match('/^[a-f0-9]{2}$/', $element);
  9. }
  10. }
in lib/Model.php, line 84
  1. /**
  2. * Gets, and creates if neccessary, a store object
  3. *
  4. * @return AbstractData
  5. */
  6. private function _getStore()

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. if ($this->_store === null) {
  9. $this->_store = forward_static_call(
  10. 'PrivateBin\\Data\\' . $this->_conf->getKey('class', 'model') . '::getInstance',
  11. $this->_conf->getSection('model_options')
  1. *
  2. * @access protected
  3. * @param int $batchsize
  4. * @return array
  5. */
  6. abstract protected function _getExpiredPastes($batchsize);

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. /**
  8. * Perform a purge of old pastes, at most the given batchsize is deleted.
  9. *
  10. * @access public
in lib/Data/Database.php, line 415
  1. *
  2. * @access private
  3. * @param int $batchsize
  4. * @return array
  5. */
  6. protected function _getExpiredPastes($batchsize)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. $pastes = array();
  9. $rows = self::_select(
  10. 'SELECT dataid FROM ' . self::_sanitizeIdentifier('paste') .
  11. ' WHERE expiredate < ? LIMIT ?', array(time(), $batchsize)
in lib/Data/Database.php, line 440
  1. * @param string $sql
  2. * @param array $params
  3. * @throws PDOException
  4. * @return bool
  5. */
  6. private static function _exec($sql, array $params)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Simon Rupf
  7. {
  8. $statement = self::$_db->prepare($sql);
  9. $result = $statement->execute($params);
  10. $statement->closeCursor();
  11. return $result;
in lib/Data/Database.php, line 459
  1. * @param array $params
  2. * @param bool $firstOnly if only the first row should be returned
  3. * @throws PDOException
  4. * @return array
  5. */
  6. private static function _select($sql, array $params, $firstOnly = false)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Simon Rupf
  7. {
  8. $statement = self::$_db->prepare($sql);
  9. $statement->execute($params);
  10. $result = $firstOnly ?
  11. $statement->fetch(PDO::FETCH_ASSOC) :
in lib/Data/Database.php, line 479
  1. * @static
  2. * @param string $type
  3. * @throws Exception
  4. * @return string
  5. */
  6. private static function _getTableQuery($type)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. switch ($type) {
  9. case 'ibm':
  10. $sql = 'SELECT tabname FROM SYSCAT.TABLES ';
  11. break;
in lib/Data/Database.php, line 534
  1. * @static
  2. * @param string $key
  3. * @throws PDOException
  4. * @return string
  5. */
  6. private static function _getConfig($key)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. $row = self::_select(
  9. 'SELECT value FROM ' . self::_sanitizeIdentifier('config') .
  10. ' WHERE id = ?', array($key), true
  11. );
in lib/Data/Database.php, line 551
  1. * @access private
  2. * @static
  3. * @param string $key
  4. * @return array
  5. */
  6. private static function _getPrimaryKeyClauses($key = 'dataid')

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. $main_key = $after_key = '';
  9. if (self::$_type === 'mysql') {
  10. $after_key = ", PRIMARY KEY ($key)";
  11. } else {
in lib/Data/Database.php, line 569
  1. *
  2. * @access private
  3. * @static
  4. * @return void
  5. */
  6. private static function _createPasteTable()

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. list($main_key, $after_key) = self::_getPrimaryKeyClauses();
  9. $dataType = self::$_type === 'pgsql' ? 'TEXT' : 'BLOB';
  10. self::$_db->exec(
  11. 'CREATE TABLE ' . self::_sanitizeIdentifier('paste') . ' ( ' .
in lib/Data/Database.php, line 594
  1. *
  2. * @access private
  3. * @static
  4. * @return void
  5. */
  6. private static function _createCommentTable()

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. list($main_key, $after_key) = self::_getPrimaryKeyClauses();
  9. $dataType = self::$_type === 'pgsql' ? 'text' : 'BLOB';
  10. self::$_db->exec(
  11. 'CREATE TABLE ' . self::_sanitizeIdentifier('comment') . ' ( ' .
in lib/Data/Database.php, line 621
  1. *
  2. * @access private
  3. * @static
  4. * @return void
  5. */
  6. private static function _createConfigTable()

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. list($main_key, $after_key) = self::_getPrimaryKeyClauses('id');
  9. self::$_db->exec(
  10. 'CREATE TABLE ' . self::_sanitizeIdentifier('config') .
  11. " ( id CHAR(16) NOT NULL$main_key, value TEXT$after_key );"
in lib/Data/Database.php, line 643
  1. * @access private
  2. * @static
  3. * @param string $identifier
  4. * @return string
  5. */
  6. private static function _sanitizeIdentifier($identifier)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. return preg_replace('/[^A-Za-z0-9_]+/', '', self::$_prefix . $identifier);
  9. }
  10. /**
in lib/Data/Database.php, line 656
  1. * @access private
  2. * @static
  3. * @param string $oldversion
  4. * @return void
  5. */
  6. private static function _upgradeDatabase($oldversion)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. $dataType = self::$_type === 'pgsql' ? 'TEXT' : 'BLOB';
  9. switch ($oldversion) {
  10. case '0.21':
  11. // create the meta column if necessary (pre 0.21 change)
in lib/I18n.php, line 85
  1. * @static
  2. * @param string $messageId
  3. * @param mixed $args one or multiple parameters injected into placeholders
  4. * @return string
  5. */
  6. public static function _($messageId)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. return forward_static_call_array('self::translate', func_get_args());
  9. }
  10. /**
in lib/I18n.php, line 276
  1. * @access protected
  2. * @static
  3. * @param string $file
  4. * @return string
  5. */
  6. protected static function _getPath($file = '')

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. if (strlen(self::$_path) == 0) {
  9. self::$_path = PUBLIC_PATH . DIRECTORY_SEPARATOR . 'i18n';
  10. }
  11. return self::$_path . (strlen($file) ? DIRECTORY_SEPARATOR . $file : '');
in lib/I18n.php, line 294
  1. * @access protected
  2. * @static
  3. * @param int $n
  4. * @return int
  5. */
  6. protected static function _getPluralForm($n)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. switch (self::$_language) {
  9. case 'fr':
  10. case 'zh':
  11. return ($n > 1 ? 1 : 0);
in lib/I18n.php, line 319
  1. * @static
  2. * @param array $acceptedLanguages
  3. * @param array $availableLanguages
  4. * @return string
  5. */
  6. protected static function _getMatchingLanguage($acceptedLanguages, $availableLanguages)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Sobak
  7. {
  8. $matches = array();
  9. $any = false;
  10. foreach ($acceptedLanguages as $acceptedQuality => $acceptedValues) {
  11. $acceptedQuality = floatval($acceptedQuality);
in lib/I18n.php, line 371
  1. * @static
  2. * @param string $a
  3. * @param string $b
  4. * @return float
  5. */
  6. protected static function _matchLanguage($a, $b)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Sobak
  7. {
  8. $a = explode('-', $a);
  9. $b = explode('-', $b);
  10. for ($i = 0, $n = min(count($a), count($b)); $i < $n; ++$i) {
  11. if ($a[$i] !== $b[$i]) {
  1. * @access protected
  2. * @static
  3. * @param string $filename
  4. * @return bool
  5. */
  6. protected static function _exists($filename)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Simon Rupf
  7. {
  8. self::_initialize();
  9. return is_file(self::$_path . DIRECTORY_SEPARATOR . $filename);
  10. }
  1. * @access protected
  2. * @static
  3. * @throws Exception
  4. * @return void
  5. */
  6. protected static function _initialize()

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Simon Rupf
  7. {
  8. // Create storage directory if it does not exist.
  9. if (!is_dir(self::$_path)) {
  10. if (!@mkdir(self::$_path)) {
  11. throw new Exception('unable to create directory ' . self::$_path, 10);
  1. * @param string $filename
  2. * @param string $data
  3. * @throws Exception
  4. * @return string
  5. */
  6. protected static function _store($filename, $data)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Simon Rupf
  7. {
  8. self::_initialize();
  9. $file = self::$_path . DIRECTORY_SEPARATOR . $filename;
  10. $writtenBytes = @file_put_contents($file, $data, LOCK_EX);
  11. if ($writtenBytes === false || $writtenBytes < strlen($data)) {
in lib/PrivateBin.php, line 169
  1. * initialize privatebin
  2. *
  3. * @access private
  4. * @return void
  5. */
  6. private function _init()

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Simon Rupf
  7. {
  8. foreach (array('cfg', 'lib') as $dir) {
  9. if (!is_file(PATH . $dir . DIRECTORY_SEPARATOR . '.htaccess')) {
  10. file_put_contents(
  11. PATH . $dir . DIRECTORY_SEPARATOR . '.htaccess',
in lib/PrivateBin.php, line 219
  1. * pasteid (optional) = in discussion, which paste this comment belongs to.
  2. *
  3. * @access private
  4. * @return string
  5. */
  6. private function _create()

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. // Ensure last paste from visitors IP address was more than configured amount of seconds ago.
  9. TrafficLimiter::setConfiguration($this->_conf);
  10. if (!TrafficLimiter::canPass()) {
  11. return $this->_return_message(
in lib/PrivateBin.php, line 329
  1. * @access private
  2. * @param string $dataid
  3. * @param string $deletetoken
  4. * @return void
  5. */
  6. private function _delete($dataid, $deletetoken)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Sebastien SAUVAGE
  7. {
  8. try {
  9. $paste = $this->_model->getPaste($dataid);
  10. if ($paste->exists()) {
  11. // accessing this property ensures that the paste would be
in lib/PrivateBin.php, line 369
  1. *
  2. * @access private
  3. * @param string $dataid
  4. * @return void
  5. */
  6. private function _read($dataid)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Sebastien SAUVAGE
  7. {
  8. try {
  9. $paste = $this->_model->getPaste($dataid);
  10. if ($paste->exists()) {
  11. $data = $paste->get();
in lib/PrivateBin.php, line 402
  1. * Display PrivateBin frontend.
  2. *
  3. * @access private
  4. * @return void
  5. */
  6. private function _view()

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Simon Rupf
  7. {
  8. // set headers to disable caching
  9. $time = gmdate('D, d M Y H:i:s \G\M\T');
  10. header('Cache-Control: no-store, no-cache, no-transform, must-revalidate');
  11. header('Pragma: no-cache');
in lib/PrivateBin.php, line 465
  1. *
  2. * @access private
  3. * @param string $type
  4. * @return void
  5. */
  6. private function _jsonld($type)

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. if (
  9. $type !== 'paste' && $type !== 'comment' &&
  10. $type !== 'pastemeta' && $type !== 'commentmeta'
  11. ) {
in lib/PrivateBin.php, line 498
  1. * @param int $status
  2. * @param string $message
  3. * @param array $other
  4. * @return void
  5. */
  6. private function _return_message($status, $message, $other = array())

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by Sebastien SAUVAGE
  7. {
  8. $result = array('status' => $status);
  9. if ($status) {
  10. $result['message'] = I18n::_($message);
  11. } else {
in lib/Request.php, line 184
  1. * Adapted from: https://stackoverflow.com/questions/3770513/detect-browser-language-in-php#3771447
  2. *
  3. * @access private
  4. * @return bool
  5. */
  6. private function _detectJsonRequest()

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. {
  8. $hasAcceptHeader = array_key_exists('HTTP_ACCEPT', $_SERVER);
  9. $acceptHeader = $hasAcceptHeader ? $_SERVER['HTTP_ACCEPT'] : '';
  10. // simple cases
  1. $this->_writeConfigurationTest();
  2. }
  3. /**
  4. * write configuration test file based on generated configuration array
  5. */

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  6. private function _writeConfigurationTest()
  7. {
  8. $defaultOptions = parse_ini_file(CONF, true);
  9. $code = $this->_getHeader();
  10. foreach ($this->_configurations as $key => $conf) {
  1. /**
  2. * get header of configuration test file
  3. *
  4. * @return string
  5. */

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  6. private function _getHeader()
  7. {
  8. return <<<'EOT'
  9. <?php
  10. /**
  1. * @param int $key
  2. * @param array $options
  3. * @param array $preCode
  4. * @param array $testCode
  5. * @return string
  6. */

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. private function _getFunction($step, $key, &$options, $preCode, $testCode)
  8. {
  9. if (count($testCode) == 0) {
  10. echo "skipping creation of test$step$key, no valid tests found for configuration: $options". PHP_EOL;
  11. return '';
  1. /**
  2. * recursive function to generate configurations based on options
  3. *
  4. * @throws Exception
  5. * @return array
  6. */

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. private function _generateConfigurations()
  8. {
  9. // recursive factorial function
  10. if (++$this->_iterationCount > self::MAX_ITERATIONS) {
  11. echo 'max iterations reached, stopping', PHP_EOL;
  1. * @param array $setting
  2. * @param string $section
  3. * @param string $option
  4. * @throws Exception
  5. * @return array
  6. */

    Method names should be declared in camelCase.
    You should rename this method to comply with PSR-1.

    Time to fix: about 15 minutes
    Open Issue Permalink
    Last edited by El RIDO
  7. private function _addSetting(&$configuration, &$setting, &$section, &$option)
  8. {
  9. if (++$this->_iterationCount > self::MAX_ITERATIONS) {
  10. echo 'max iterations reached, stopping', PHP_EOL;
  11. return $configuration;

.htaccess should be avoided 3

  • Info
  • Performance

More information: https://insight.symfony.com/what-we-analyse/web.apache_config

A .htaccess file has been spotted. You should consider moving it to the server configuration to improve global performances.

Time to fix: about 1 hour
Open Issue Permalink
Last edited by Simon Rupf

A .htaccess file has been spotted. You should consider moving it to the server configuration to improve global performances.

Time to fix: about 1 hour
Open Issue Permalink
Last edited by Simon Rupf

A .htaccess file has been spotted. You should consider moving it to the server configuration to improve global performances.

Time to fix: about 1 hour
Open Issue Permalink
Last edited by rugk