Issues in class.addressbook_contactform.inc.php (master) - Issues in master - EGroupware/egroupware - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4868)

inc/class.addressbook_contactform.inc.php (5 issues)

Labels

Severity

<?php
/**
 * Addressbook - Sitemgr contact form
 *
 * @link http://www.egroupware.org
 * @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @package addressbook
 * @copyright (c) 2007-16 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
 * @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
 * @version $Id$
 */

use EGroupware\Api;
use EGroupware\Api\Link;
use EGroupware\Api\Vfs;

/**
 * SiteMgr contact form for the addressbook
 *
 */
class addressbook_contactform
{
	/**
	 * Callback as variable for easier extending
	 *
	 * @var string
	 */
	var $callback = 'addressbook.addressbook_contactform.display';

	/**
	 * Shows the contactform and stores the submitted data
	 *
	 * @param array $content=null submitted eTemplate content
	 * @param int $addressbook=null int owner-id of addressbook to save contacts too
	 * @param array $fields=null field-names to show
	 * @param string $msg=null message to show after submitting the form
	 * @param string $email=null comma-separated email addresses
	 * @param string $tpl_name=null custom etemplate to use
	 * @param string $subject=null subject for email
	 * @param string $copytoreceiver=false send a copy of notification to receiver
	 * @return string html content
	 */
	function display(array $content=null,$addressbook=null,$fields=null,$msg=null,$email=null,$tpl_name=null,$subject=null,$copytoreceiver=false,$sel_options=array())
	{
		return $this->display_var($content,$addressbook,$fields,$msg,$email,$tpl_name,$subject,$copytoreceiver,$sel_options);
	}

	/**
	 * Shows the contactform and stores the submitted data ($content is a var parameter, eg. for extending classes)
	 *
	 * @param array &$content=null submitted eTemplate content
	 * @param int $addressbook=null int owner-id of addressbook to save contacts too
	 * @param array $fields=null field-names to show
	 * @param string $msg=null message to show after submitting the form
	 * @param string $email=null comma-separated email addresses
	 * @param string $tpl_name=null custom etemplate to use
	 * @param string $subject=null subject for email
	 * @param string $copytoreceiver=false send a copy of notification to receiver
	 * @return string html content
	 */
	function display_var(array &$content=null,$addressbook=null,$fields=null,$msg=null,$email=null,$tpl_name=null,$subject=null,$copytoreceiver=false,$sel_options=array())
	{
		#error_log( "<p>addressbook_contactform::display(".print_r($content,true).",$addressbook,".print_r($fields,true).",$msg,$tpl_name)</p>\n");
		if (empty($tpl_name) && !empty($content['tpl_form_name'])) $tpl_name =$content['tpl_form_name'];
		$tpl = new etemplate($tpl_name ? $tpl_name : 'addressbook.contactform');
filter:
    dependency_paths: ["lib/*"]
		// initializing some fields
		if (!$fields) $fields = array('org_name','n_fn','email','tel_work','url','note','captcha');
		$submitted = false;
		// check if submitted
		if (is_array($content))
		{
			if (isset($_POST['g-recaptcha-response'])) $recaptcha = sitemgr_module::verify_recaptcha ($_POST['g-recaptcha-response']);
filter:
    dependency_paths: ["lib/*"]
			$captcha = (isset($content['captcha_result']) && $content['captcha'] != $content['captcha_result']) || ($recaptcha && $recaptcha->success == false);

			if ($captcha || // no correct captcha OR
				(time() - $content['start_time'] < 10 &&				// bot indicator (less then 10 sec to fill out the form and
				!$GLOBALS['egw_info']['etemplate']['java_script']))	// javascript disabled)
			{
				$submitted = "truebutfalse";
				$tpl->set_validation_error('captcha',lang('Wrong - try again ...'));
			}
			elseif ($content['submitit'])
			{
				$submitted = true;

				$contact = new Api\Contacts();
				if ($content['owner'])	// save the contact in the addressbook
				{
					$content['private'] = 0;	// in case default_private is set
					if (($id = $contact->save($content)))
					{
						// check for fileuploads and attach the found files
						foreach($content as $name => $value)
						{
							if (is_array($value) && isset($value['tmp_name']) && is_readable($value['tmp_name']))
							{
								// do no further permission check, as this would require_once
								// the anonymous user to have run rights for addressbook AND
								// edit rights for the addressbook used to store the new entry,
								// which is clearly not wanted securitywise
								Vfs::$is_root = true;
								Link::link('addressbook',$id,Link::VFS_APPNAME,$value,$name);
								Vfs::$is_root = false;
							}
						}

						return '<p align="center">'.($msg ? $msg : $content['msg']).'</p>';
					}
					else
					{
						return '<p align="center">'.lang('There was an error saving your data :-(').'<br />'.
							lang('The anonymous user has probably no add rights for this addressbook.').'</p>';
					}
				}
				else	// this is only called, if we send only email and dont save it
				{
					if ($content['email_contactform'])
					{
						$tracking = new Api\Contacts\Tracking($contact);
					}
					if ($tracking->do_notifications($contact->data2db($content),null))
					{
						return '<p align="center">'.$content['msg'].'</p>';
					}
					else
					{
						return '<p align="center">'.lang('There was an error saving your data :-(').'<br />'.
							lang('Either the configured email addesses are wrong or the mail configuration.').'</p>';
					}
				}
			}
		}
		if (!is_array($content))
		{
			$preserv['tpl_form_name'] = $tpl_name;

			$preserv['owner'] = $addressbook;
			$preserv['msg'] = $msg;
			$preserv['is_contactform'] = true;
			$preserv['email_contactform'] = $email;
			$preserv['subject_contactform'] = $subject;
			$preserv['email_copytoreceiver'] = $copytoreceiver;
			#if (!$fields) $fields = array('org_name','n_fn','email','tel_work','url','note','captcha');
			$custom = 1;
			foreach($fields as $name)
			{
				if ($name[0] == '#')	// custom field
				{
					static $contact;
					if (is_null($contact))
					{
						$contact = new Api\Contacts();
					}
					$content['show']['custom'.$custom] = true;
					$content['customfield'][$custom] = $name;
					$content['customlabel'][$custom] = $contact->customfields[substr($name,1)]['label'];
					++$custom;
				}
				elseif($name == 'adr_one_locality')
				{
					if (!($content['show'][$name] = $GLOBALS['egw_info']['user']['preferences']['addressbook']['addr_format']))
					{
						$content['show'][$name] = 'postcode_city';
					}
				}
				else
				{
					$content['show'][$name] = true;
				}
			}
			$preserv['start_time'] = time();
			$content['lang'] = $GLOBALS['egw_info']['user']['preferences']['common']['lang'];
		}
		elseif ($submitted == 'truebutfalse')
		{
			$preserv['tpl_form_name'] = $tpl_name;
			unset($content['submitit']);
			$custom = 1;
			// fieldnames are "defined" by the commit attempt, that way, we do not have to remember them
			foreach($content as $name => $value) {
				$preserv[$name]=$value;
				if ($name[0] == '#')     // custom field
				{
					static $contact;
					if (is_null($contact)) $contact = new Api\Contacts();
					$content['show']['custom'.$custom] = true;
					$content['customfield'][$custom] = $name;
					$content['customlabel'][$custom] = $contact->customfields[substr($name,1)]['label'];
					++$custom;
				}
				elseif($name == 'adr_one_locality')
				{
					if (!($content['show'][$name] = $GLOBALS['egw_info']['user']['preferences']['addressbook']['addr_format']))
					{
						$content['show'][$name] = 'postcode_city';
					}
				}
				else
				{
					$content['show'][$name] = true;
				}
			}
			// reset the timestamp
			$preserv['start_time'] = time();
		}
		$content['addr_format'] = $GLOBALS['egw_info']['user']['preferences']['addressbook']['addr_format'];

		if ($addressbook) $preserv['owner'] = $addressbook;
		if ($msg) $preserv['msg'] = $msg;
		if (!sitemgr_module::get_recaptcha())
		{
			// a simple calculation captcha
			$num1 = rand(1,99);
			$num2 = rand(1,99);
			if ($num2 > $num1)	// keep the result positive
			{
				$n = $num1; $num1 = $num2; $num2 = $n;
			}
			if (in_array('captcha',$fields))
			{
				$content['captcha_task'] = sprintf('%d - %d =',$num1,$num2);
				$preserv['captcha_result'] = $num1-$num2;
			}
		}
		else
		{
			$content['show']['captcha'] = false;
			$content['show']['recaptcha'] = true;
			$recaptcha = sitemgr_module::get_recaptcha();
			$content['recaptcha'] = '<div class="g-recaptcha" data-sitekey="'.$recaptcha['site'].'"></div>';
		}
		// allow to preset variables via get parameters
		if ($_SERVER['REQUEST_METHOD'] == 'GET')
		{
			$content = array_merge($_GET, (array)$content);
		}

		return $tpl->exec($this->callback,$content,$sel_options,array(),$preserv);
	}
}


1			<?php
2			/**
3			* Addressbook - Sitemgr contact form
4			*
5			* @link http://www.egroupware.org
6			* @author Ralf Becker <RalfBecker-AT-outdoor-training.de>
7			* @package addressbook
8			* @copyright (c) 2007-16 by Ralf Becker <RalfBecker-AT-outdoor-training.de>
9			* @license http://opensource.org/licenses/gpl-license.php GPL - GNU General Public License
10			* @version $Id$
11			*/
12
13			use EGroupware\Api;
14			use EGroupware\Api\Link;
15			use EGroupware\Api\Vfs;
16
17			/**
18			* SiteMgr contact form for the addressbook
19			*
20			*/
21			class addressbook_contactform
22			{
23			/**
24			* Callback as variable for easier extending
25			*
26			* @var string
27			*/
28			var $callback = 'addressbook.addressbook_contactform.display';
29
30			/**
31			* Shows the contactform and stores the submitted data
32			*
33			* @param array $content=null submitted eTemplate content
34			* @param int $addressbook=null int owner-id of addressbook to save contacts too
35			* @param array $fields=null field-names to show
36			* @param string $msg=null message to show after submitting the form
37			* @param string $email=null comma-separated email addresses
38			* @param string $tpl_name=null custom etemplate to use
39			* @param string $subject=null subject for email
40			* @param string $copytoreceiver=false send a copy of notification to receiver
41			* @return string html content
42			*/
43			function display(array $content=null,$addressbook=null,$fields=null,$msg=null,$email=null,$tpl_name=null,$subject=null,$copytoreceiver=false,$sel_options=array())
44			{
45			return $this->display_var($content,$addressbook,$fields,$msg,$email,$tpl_name,$subject,$copytoreceiver,$sel_options);
46			}
47
48			/**
49			* Shows the contactform and stores the submitted data ($content is a var parameter, eg. for extending classes)
50			*
51			* @param array &$content=null submitted eTemplate content
52			* @param int $addressbook=null int owner-id of addressbook to save contacts too
53			* @param array $fields=null field-names to show
54			* @param string $msg=null message to show after submitting the form
55			* @param string $email=null comma-separated email addresses
56			* @param string $tpl_name=null custom etemplate to use
57			* @param string $subject=null subject for email
58			* @param string $copytoreceiver=false send a copy of notification to receiver
59			* @return string html content
60			*/
61			function display_var(array &$content=null,$addressbook=null,$fields=null,$msg=null,$email=null,$tpl_name=null,$subject=null,$copytoreceiver=false,$sel_options=array())
62			{
63			#error_log( "<p>addressbook_contactform::display(".print_r($content,true).",$addressbook,".print_r($fields,true).",$msg,$tpl_name)</p>\n");
64			if (empty($tpl_name) && !empty($content['tpl_form_name'])) $tpl_name =$content['tpl_form_name'];
65			$tpl = new etemplate($tpl_name ? $tpl_name : 'addressbook.contactform');
			0 ignored issues – show Bug introduced 2019-02-28 11:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `etemplate` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
66			// initializing some fields
67			if (!$fields) $fields = array('org_name','n_fn','email','tel_work','url','note','captcha');
68			$submitted = false;
69			// check if submitted
70			if (is_array($content))
71			{
72			if (isset($_POST['g-recaptcha-response'])) $recaptcha = sitemgr_module::verify_recaptcha ($_POST['g-recaptcha-response']);
			0 ignored issues – show Bug introduced 2019-02-28 11:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `sitemgr_module` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
73			$captcha = (isset($content['captcha_result']) && $content['captcha'] != $content['captcha_result']) \|\| ($recaptcha && $recaptcha->success == false);
			0 ignored issues – show introduced 2019-02-28 11:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider adding parentheses for clarity. Current Interpretation: `$captcha = (IssetNode &&...tcha->success == false)`, Probably Intended Meaning: `$captcha = IssetNode && ...tcha->success == false)` Loading history...
74			if ($captcha \|\| // no correct captcha OR
75			(time() - $content['start_time'] < 10 && // bot indicator (less then 10 sec to fill out the form and
76			!$GLOBALS['egw_info']['etemplate']['java_script'])) // javascript disabled)
77			{
78			$submitted = "truebutfalse";
79			$tpl->set_validation_error('captcha',lang('Wrong - try again ...'));
80			}
81			elseif ($content['submitit'])
82			{
83			$submitted = true;
			0 ignored issues – show Unused Code introduced 2019-02-28 11:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The assignment to `$submitted` is dead and can be removed. Loading history...
84			$contact = new Api\Contacts();
85			if ($content['owner']) // save the contact in the addressbook
86			{
87			$content['private'] = 0; // in case default_private is set
88			if (($id = $contact->save($content)))
89			{
90			// check for fileuploads and attach the found files
91			foreach($content as $name => $value)
92			{
93			if (is_array($value) && isset($value['tmp_name']) && is_readable($value['tmp_name']))
94			{
95			// do no further permission check, as this would require_once
96			// the anonymous user to have run rights for addressbook AND
97			// edit rights for the addressbook used to store the new entry,
98			// which is clearly not wanted securitywise
99			Vfs::$is_root = true;
100			Link::link('addressbook',$id,Link::VFS_APPNAME,$value,$name);
101			Vfs::$is_root = false;
102			}
103			}
104
105			return '<p align="center">'.($msg ? $msg : $content['msg']).'</p>';
106			}
107			else
108			{
109			return '<p align="center">'.lang('There was an error saving your data :-(').'<br />'.
110			lang('The anonymous user has probably no add rights for this addressbook.').'</p>';
111			}
112			}
113			else // this is only called, if we send only email and dont save it
114			{
115			if ($content['email_contactform'])
116			{
117			$tracking = new Api\Contacts\Tracking($contact);
118			}
119			if ($tracking->do_notifications($contact->data2db($content),null))
120			{
121			return '<p align="center">'.$content['msg'].'</p>';
122			}
123			else
124			{
125			return '<p align="center">'.lang('There was an error saving your data :-(').'<br />'.
126			lang('Either the configured email addesses are wrong or the mail configuration.').'</p>';
127			}
128			}
129			}
130			}
131			if (!is_array($content))
132			{
133			$preserv['tpl_form_name'] = $tpl_name;
			0 ignored issues – show Comprehensibility Best Practice introduced 2019-02-28 11:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$preserv` was never initialized. Although not strictly required by PHP, it is generally a good practice to add `$preserv = array();` before regardless. Loading history...
134			$preserv['owner'] = $addressbook;
135			$preserv['msg'] = $msg;
136			$preserv['is_contactform'] = true;
137			$preserv['email_contactform'] = $email;
138			$preserv['subject_contactform'] = $subject;
139			$preserv['email_copytoreceiver'] = $copytoreceiver;
140			#if (!$fields) $fields = array('org_name','n_fn','email','tel_work','url','note','captcha');
141			$custom = 1;
142			foreach($fields as $name)
143			{
144			if ($name[0] == '#') // custom field
145			{
146			static $contact;
147			if (is_null($contact))
148			{
149			$contact = new Api\Contacts();
150			}
151			$content['show']['custom'.$custom] = true;
152			$content['customfield'][$custom] = $name;
153			$content['customlabel'][$custom] = $contact->customfields[substr($name,1)]['label'];
154			++$custom;
155			}
156			elseif($name == 'adr_one_locality')
157			{
158			if (!($content['show'][$name] = $GLOBALS['egw_info']['user']['preferences']['addressbook']['addr_format']))
159			{
160			$content['show'][$name] = 'postcode_city';
161			}
162			}
163			else
164			{
165			$content['show'][$name] = true;
166			}
167			}
168			$preserv['start_time'] = time();
169			$content['lang'] = $GLOBALS['egw_info']['user']['preferences']['common']['lang'];
170			}
171			elseif ($submitted == 'truebutfalse')
172			{
173			$preserv['tpl_form_name'] = $tpl_name;
174			unset($content['submitit']);
175			$custom = 1;
176			// fieldnames are "defined" by the commit attempt, that way, we do not have to remember them
177			foreach($content as $name => $value) {
178			$preserv[$name]=$value;
179			if ($name[0] == '#') // custom field
180			{
181			static $contact;
182			if (is_null($contact)) $contact = new Api\Contacts();
183			$content['show']['custom'.$custom] = true;
184			$content['customfield'][$custom] = $name;
185			$content['customlabel'][$custom] = $contact->customfields[substr($name,1)]['label'];
186			++$custom;
187			}
188			elseif($name == 'adr_one_locality')
189			{
190			if (!($content['show'][$name] = $GLOBALS['egw_info']['user']['preferences']['addressbook']['addr_format']))
191			{
192			$content['show'][$name] = 'postcode_city';
193			}
194			}
195			else
196			{
197			$content['show'][$name] = true;
198			}
199			}
200			// reset the timestamp
201			$preserv['start_time'] = time();
202			}
203			$content['addr_format'] = $GLOBALS['egw_info']['user']['preferences']['addressbook']['addr_format'];
204
205			if ($addressbook) $preserv['owner'] = $addressbook;
206			if ($msg) $preserv['msg'] = $msg;
207			if (!sitemgr_module::get_recaptcha())
208			{
209			// a simple calculation captcha
210			$num1 = rand(1,99);
211			$num2 = rand(1,99);
212			if ($num2 > $num1) // keep the result positive
213			{
214			$n = $num1; $num1 = $num2; $num2 = $n;
215			}
216			if (in_array('captcha',$fields))
217			{
218			$content['captcha_task'] = sprintf('%d - %d =',$num1,$num2);
219			$preserv['captcha_result'] = $num1-$num2;
220			}
221			}
222			else
223			{
224			$content['show']['captcha'] = false;
225			$content['show']['recaptcha'] = true;
226			$recaptcha = sitemgr_module::get_recaptcha();
227			$content['recaptcha'] = '<div class="g-recaptcha" data-sitekey="'.$recaptcha['site'].'"></div>';
228			}
229			// allow to preset variables via get parameters
230			if ($_SERVER['REQUEST_METHOD'] == 'GET')
231			{
232			$content = array_merge($_GET, (array)$content);
233			}
234
235			return $tpl->exec($this->callback,$content,$sel_options,array(),$preserv);
236			}
237			}
238

EGroupware / egroupware

Issues (4868)

inc/class.addressbook_contactform.inc.php (5 issues)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like