===========================================================
.___ __ __
_________________ __ __ __| _/|__|/ |_
/ ___\_` __ \__ \ | | \/ __ | | \\_ __\
/ /_/ > | \// __ \| | / /_/ | | || |
\___ /|__| (____ /____/\____ | |__||__|
/_____/ \/ \/
grep rough audit - static analysis tool
v2.8 written by @Wireghoul
=================================[justanotherhacker.com]===
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS-232-
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS:233:In templates, make sure to use this as well (``<?php echo $varname ?>``), as
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS:234:the shortcut version (``<?= $var ?>``) does not work with `short_open_tag`_
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS-235-turned off.
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS-313-Horde code MUST NOT use global variables set by EGPCS (Environment, GET, POST,
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS:314:Cookie, Server) data. Instead, the magic variables ``$_ENV``, ``$_GET``,
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS:315:``$_POST``, $_COOKIE``, and ``$_SERVER`` must be used instead.
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS-316-
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS:317:To retrieve posted data (in the global ``$_GET`` and ``$_POST`` variables),
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS-318-you should normally use `Horde_Util::getFormData()`_ which will automatically
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS-776-
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS:777:system - Like passthru() but doesn't handle binary data.
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS-778-
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS-879-
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS:880:fpassthru()
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS-881------------
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS-884-
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS:885: // NO: fpassthru($stream);
php-horde-5.2.23+debian0/horde-5.2.23/docs/CODING_STANDARDS-886- while (!feof($stream)) {
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/docs/INSTALL-336- If installed, it will be used instead of the built-in PHP function
php-horde-5.2.23+debian0/horde-5.2.23/docs/INSTALL:337: gethostbyaddr() for host name lookups. This has the advantage that
php-horde-5.2.23+debian0/horde-5.2.23/docs/INSTALL-338- Net_DNS2 has configurable timeouts and retries.
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/admin/cmdshell.php-38- if (strlen($cmd)) {
php-horde-5.2.23+debian0/horde-5.2.23/admin/cmdshell.php:39: $out[] = shell_exec($cmd);
php-horde-5.2.23+debian0/horde-5.2.23/admin/cmdshell.php-40- }
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/admin/sessions.php-84- if (is_null($host)) {
php-horde-5.2.23+debian0/horde-5.2.23/admin/sessions.php:85: $host = @gethostbyaddr($data['remoteAddr']);
php-horde-5.2.23+debian0/horde-5.2.23/admin/sessions.php-86- }
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/admin/phpshell.php-65- try {
php-horde-5.2.23+debian0/horde-5.2.23/admin/phpshell.php:66: eval($command);
php-horde-5.2.23+debian0/horde-5.2.23/admin/phpshell.php-67- } catch (Exception $e) {
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/templates/shares/edit.inc:1:<form name="edit" method="post" action="<?php echo htmlspecialchars($_SERVER['PHP_SELF']) ?>">
php-horde-5.2.23+debian0/horde-5.2.23/templates/shares/edit.inc-2-<?php Horde_Util::pformInput() ?>
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/install/horde.php-50- if (strtolower($info['clear_cache']) == 'y') {
php-horde-5.2.23+debian0/horde-5.2.23/install/horde.php:51: passthru('../bin/horde-clear-cache -f');
php-horde-5.2.23+debian0/horde-5.2.23/install/horde.php-52- }
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/lib/LoginTasks/Task/LastLogin.php-75- } else {
php-horde-5.2.23+debian0/horde-5.2.23/lib/LoginTasks/Task/LastLogin.php:76: $ptrdname = @gethostbyaddr($host);
php-horde-5.2.23+debian0/horde-5.2.23/lib/LoginTasks/Task/LastLogin.php-77- }
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/lib/Ajax/Application/FacebookHandler.php-98- if ($facebook->streams->addLike($this->vars->post_id)) {
php-horde-5.2.23+debian0/horde-5.2.23/lib/Ajax/Application/FacebookHandler.php:99: $fql = 'SELECT post_id, likes FROM stream WHERE post_id="' . $this->vars->post_id . '"';
php-horde-5.2.23+debian0/horde-5.2.23/lib/Ajax/Application/FacebookHandler.php-100- try {
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/lib/Test.php-769- } else {
php-horde-5.2.23+debian0/horde-5.2.23/lib/Test.php:770: exec(escapeshellcmd($php) . ' -l ' . escapeshellarg($file), $tmp, $error);
php-horde-5.2.23+debian0/horde-5.2.23/lib/Test.php-771- if ($error === 255) {
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/lib/Block/Fortune.php-77-
php-horde-5.2.23+debian0/horde-5.2.23/lib/Block/Fortune.php:78: exec($conf['fortune']['exec_path'] . ' -f 2>&1', $output, $status);
php-horde-5.2.23+debian0/horde-5.2.23/lib/Block/Fortune.php-79- if (!$status) {
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/lib/Block/Fortune.php-125- return '<span class="fixed"><small>'
php-horde-5.2.23+debian0/horde-5.2.23/lib/Block/Fortune.php:126: . nl2br($GLOBALS['injector']->getInstance('Horde_Core_Factory_TextFilter')->filter(shell_exec($cmdLine), array('space2html'), array(array('encode' => true))))
php-horde-5.2.23+debian0/horde-5.2.23/lib/Block/Fortune.php-127- . '</small></span>';
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/lib/Block/Account/Finger.php-64- $command = $this->_params['finger_path'] . ' ' . escapeshellarg($user);
php-horde-5.2.23+debian0/horde-5.2.23/lib/Block/Account/Finger.php:65: exec($command, $output);
php-horde-5.2.23+debian0/horde-5.2.23/lib/Block/Account/Finger.php-66- $this->_information = $this->_parseAccount($output);
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/lib/Block/Account/Localhost.php-106- $mountPoint);
php-horde-5.2.23+debian0/horde-5.2.23/lib/Block/Account/Localhost.php:107: exec($cmdline, $quota_data, $return_code);
php-horde-5.2.23+debian0/horde-5.2.23/lib/Block/Account/Localhost.php-108- if ($return_code == 0 && !empty($quota_data[0])) {
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-254- $out = '';
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation:255: exec($this->gettext . ' --version', $out, $ret);
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-256- $split = explode(' ', $out[0]);
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-483- if (!$this->test) {
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation:484: exec($sh);
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-485- }
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-535- if (!$this->test) {
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation:536: exec($sh);
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-537- unlink($file . '.templates');
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-566- if (!$this->test) {
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation:567: exec($sh);
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-568- unlink($file . '.config');
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-655- }
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation:656: if (!$this->test) exec($sh);
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-657- $this->writeln($this->cli->green('done'));
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-763- } else {
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation:764: exec($sh, $out, $ret);
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-765- }
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-846- } else {
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation:847: exec($sh, $out, $ret);
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-848- }
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-948- } else {
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation:949: exec($sh, $out, $ret);
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-950- }
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-985- } else {
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation:986: exec($sh, $out, $ret);
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-987- }
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-1021- $this->writeln($this->cli->red('failed'));
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation:1022: exec($sh, $out, $ret);
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-1023- $this->writeln(implode("\n", $out));
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-1047- } else {
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation:1048: exec($sh, $out, $ret);
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-1049- }
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-1129- } else {
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation:1130: exec($sh, $out, $ret);
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-1131- }
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-1253- if (!$this->test) {
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation:1254: system('git add ' . implode(' ', $add_files));
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-1255- }
##############################################
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-1276- }
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation:1277: if (!$this->test) system($sh);
php-horde-5.2.23+debian0/horde-5.2.23/bin/horde-translation-1278- }
##############################################
php-horde-5.2.23+debian0/package.xml-2977-* [cjh] Make sure all of the sql drivers use DB::quoteString() on all strings.
php-horde-5.2.23+debian0/package.xml:2978:* [cjh] Replace a @mysql_query() that was hiding in Connection/sql.php with $this->db->query().
php-horde-5.2.23+debian0/package.xml-2979-* [cjh] Return basename($language) from Lang::Select() to avoid possible exploits.