";let n=document.getElementById("TableOfContents");n&&(n.innerHTML=e)}rerender(){this.renderFilterMenu(),this.renderPageContent(),this.populateRightNav(),this.runHooks("afterRerender")}renderPageContent(){let e={};Object.keys(this.ifFunctionsByRef).forEach(t=>{let s=this.ifFunctionsByRef[t],o=s.value,n=(0,h.reresolveFunctionNode)(s,{variables:this.selectedValsByTraitId});this.ifFunctionsByRef[t]=n,o!==n.value&&(e[t]=n.value)});let t=document.getElementsByClassName("cdoc__toggleable");for(let n=0;n{this.fitCustomizationMenuToScreen()})}addDropdownEventListeners(){let e=document.getElementsByClassName("cdoc-dropdown");for(let t=0;t{let t=e.target;for(;!t.classList.contains("cdoc-dropdown")&&t.parentElement;)t=t.parentElement;let n=t.classList.toggle("cdoc-dropdown__expanded");t.setAttribute("aria-expanded",n.toString())});document.addEventListener("keydown",e=>{if(e.key==="Enter"){let t=e.target;t.classList.contains("cdoc-filter__option")&&t.click()}}),document.addEventListener("click",t=>{for(let n=0;nthis.handleFilterSelectionChange(e));this.addDropdownEventListeners()}locateFilterSelectorEl(){let e=document.getElementById("cdoc-selector");return!!e&&(this.filterSelectorEl=e,!0)}applyFilterSelectionOverrides(){let s=Object.keys(this.selectedValsByTraitId),e=!1,t=this.browserStorage.getTraitVals();Object.keys(t).forEach(n=>{s.includes(n)&&this.selectedValsByTraitId[n]!==t[n]&&(this.selectedValsByTraitId[n]=t[n],e=!0)});let n=(0,j.getTraitValsFromUrl)({url:new URL(window.location.href),traitIds:s});return Object.keys(n).forEach(t=>{this.selectedValsByTraitId[t]!==n[t]&&(this.selectedValsByTraitId[t]=n[t],e=!0)}),e}updateEditButton(){let t=document.getElementsByClassName("toc-edit-btn")[0];if(!t)return;let e=t.getElementsByTagName("a")[0];e&&(e.href=e.href.replace(/\.md\/$/,".mdoc.md/"))}revealPage(){this.runHooks("beforeReveal"),this.filterSelectorEl&&(this.filterSelectorEl.style.position="sticky",this.filterSelectorEl.style.backgroundColor="white",this.filterSelectorEl.style.paddingTop="10px",this.filterSelectorEl.style.visibility="visible",this.filterSelectorEl.style.zIndex="1000");let e=document.getElementById("cdoc-content");e&&(e.style.visibility="visible"),this.runHooks("afterReveal")}renderFilterMenu(){if(!this.filterSelectorEl||!this.filtersManifest)throw new Error("Cannot render filter selector without filtersManifest and filterSelectorEl");let e=(0,l.resolveFilters)({filtersManifest:this.filtersManifest,valsByTraitId:this.selectedValsByTraitId});Object.keys(e).forEach(t=>{let n=e[t];this.selectedValsByTraitId[t]=n.currentValue});let t=(0,y.buildCustomizationMenuUi)(e);this.filterSelectorEl.innerHTML=t,this.fitCustomizationMenuToScreen(),this.addFilterSelectorEventListeners()}fitCustomizationMenuToScreen(){let e=document.getElementById(g);if(!e)return;let s=e.classList.contains(n),t=document.getElementById(v);if(!t)throw new Error("Dropdown menu not found");let o=document.getElementById(b);if(!o)throw new Error("Menu wrapper not found");let i=e.scrollWidth>o.clientWidth;!s&&i?(e.classList.add(n),t.classList.remove(n)):s&&!i&&(e.classList.remove(n),t.classList.add(n))}get cdocsState(){return{selectedValsByTraitId:this.selectedValsByTraitId,ifFunctionsByRef:this.ifFunctionsByRef,filtersManifest:this.filtersManifest,browserStorage:this.browserStorage,filterSelectorEl:this.filterSelectorEl}}};e.ClientFiltersManager=r,t=r,s={value:void 0}}),y=e(e=>{Object.defineProperty(e,"__esModule",{value:!0});var t=j();window.clientFiltersManager=t.ClientFiltersManager.instance}),y()})()Do not call intval on untrusted user data
The intval() function converts a value into an integer without any validation or sanitation, potentially leading to some problematic logic bugs such as an incorrect SQL query or other forms of data manipulation.
When it receives a non-numeric value, the intval() function returns 0 or 1 instead of returning an error. Passing untrusted user-provided data to this function can lead to unexpected and potentially harmful results if the data includes malicious or incorrect input.
To avoid breaking this rule, always validate and sanitize user input before using it. You can use PHP’s built-in functions like isset(), is_numeric(), and others to validate the input. Following these best practices will help you write more secure PHP code.
Non-Compliant Code Examples
<?php// Insecure: Directly using intval() on untrusted data from $_GET
$id=intval($_GET['id']);$query="SELECT * FROM users WHERE id = $id";$result=mysqli_query($conn,$query);// Insecure: Directly using intval() on untrusted data from $_POST
$quantity=intval($_POST['quantity']);// Insecure: Directly using intval() on untrusted data from $_FILES
$fileSize=intval($_FILES['uploadedFile']['size']);// Using the $fileSize variable in a condition
if($fileSize>1048576){// Check if the file size is greater than 1MB
echo"File is too large.";}else{// Proceed with the file upload
}?>
Compliant Code Examples
<?php// Secure: Validate and sanitize user input
$id=isset($_GET['id'])&&is_numeric($_GET['id'])?intval($_GET['id']):0;$stmt=$conn->prepare("SELECT * FROM users WHERE id = ?");$stmt->bind_param("i",$id);$stmt->execute();$result=$stmt->get_result();// Secure: Validate and sanitize user input
$quantity=isset($_POST['quantity'])&&is_numeric($_POST['quantity'])?intval($_POST['quantity']):0;// Secure: Validate and sanitize file size
$fileSize=isset($_FILES['uploadedFile']['size'])&&is_numeric($_FILES['uploadedFile']['size'])?intval($_FILES['uploadedFile']['size']):0;// Validate file size and type
$maxFileSize=1048576;// 1MB
$allowedTypes=['image/jpeg','image/png'];if($fileSize>0&&$fileSize<=$maxFileSize&&in_array($_FILES['uploadedFile']['type'],$allowedTypes)){// Proceed with the file upload
$uploadDir='uploads/';$uploadFile=$uploadDir.basename($_FILES['uploadedFile']['name']);if(move_uploaded_file($_FILES['uploadedFile']['tmp_name'],$uploadFile)){echo"File uploaded successfully!";}else{echo"File upload failed.";}}else{echo"Invalid file.";}?>
シームレスな統合。 Datadog Code Security をお試しください
Datadog Code Security
このルールを試し、Datadog Code Security でコードを解析する
このルールの使用方法
1
2
rulesets:- php-security # Rules to enforce PHP security.