Issues in edit.php - New Issues - Inspection of "Merge pull request #10664 from hypeJunction/groups..." - Elgg/Elgg - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 0ffdca...fb72ff )

by Jeroen

created 2017-01-19 14:15 UTC

mod/groups/actions/groups/edit.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Elgg groups plugin edit action.
 *
 * If editing an existing group, only the "group_guid" must be submitted. All other form
 * elements may be omitted and the corresponding data will be left as is.
 *
 * @package ElggGroups
 */

elgg_make_sticky_form('groups');

// Get group fields
$input = array();
foreach (elgg_get_config('group') as $shortname => $valuetype) {
	$value = get_input($shortname);

	if ($value === null) {
		// only submitted fields should be updated
		continue;
	}

	$input[$shortname] = $value;

	// @todo treat profile fields as unescaped: don't filter, encode on output
	if (is_array($input[$shortname])) {
		array_walk_recursive($input[$shortname], function (&$v) {
			$v = elgg_html_decode($v);
		});
	} else {
		$input[$shortname] = elgg_html_decode($input[$shortname]);
	}

	if ($valuetype == 'tags') {
		$input[$shortname] = string_to_tag_array($input[$shortname]);
	}
}

// only set if submitted
$name = get_input('name', null, false);
if ($name !== null) {
	$input['name'] = htmlspecialchars($name, ENT_QUOTES, 'UTF-8');
}

$user = elgg_get_logged_in_user_entity();

$group_guid = (int) get_input('group_guid');

if ($group_guid) {
	$is_new_group = false;
	$group = get_entity($group_guid);
	if (!$group instanceof ElggGroup || !$group->canEdit()) {
		$error = elgg_echo('groups:cantedit');
		return elgg_error_response($error);
	}
} else {
	if (elgg_get_plugin_setting('limited_groups', 'groups') == 'yes' && !$user->isAdmin()) {
		$error = elgg_echo('groups:cantcreate');
		return elgg_error_response($error);
	}
	
	$container_guid = get_input('container_guid', $user->guid);
	$container = get_entity($container_guid);
	
	if (!$container || !$container->canWriteToContainer($user->guid, 'group')) {
		$error = elgg_echo('groups:cantcreate');
		return elgg_error_response($error);
	}
	
	$is_new_group = true;
	$group = new ElggGroup();
	$group->container_guid = $container->guid;
}

// Assume we can edit or this is a new group
foreach ($input as $shortname => $value) {
	if ($value === '' && !in_array($shortname, ['name', 'description'])) {
		// The group profile displays all profile fields that have a value.
		// We don't want to display fields with empty string value, so we
		// remove the metadata completely.
		$group->deleteMetadata($shortname);
		continue;
	}

	$group->$shortname = $value;
}

// Validate create
if (!$group->name) {
	return elgg_error_response(elgg_echo('groups:notitle'));
}

// Set group tool options (only pass along saved entities)
$tool_entity = !$is_new_group ? $group : null;
$tool_options = groups_get_group_tool_options($tool_entity);
if ($tool_options) {
	foreach ($tool_options as $group_option) {
		$option_toggle_name = $group_option->name . "_enable";
		$option_default = $group_option->default_on ? 'yes' : 'no';
		$value = get_input($option_toggle_name);

		// if already has option set, don't change if no submission
		if ($group->$option_toggle_name && $value === null) {
			continue;
		}

		$group->$option_toggle_name = $value ? $value : $option_default;
	}
}

// Group membership - should these be treated with same constants as access permissions?
$value = get_input('membership');
if ($group->membership === null || $value !== null) {
	$is_public_membership = ($value == ACCESS_PUBLIC);
	$group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE;
}

$group->setContentAccessMode((string)get_input('content_access_mode'));

if ($is_new_group) {
	$group->access_id = ACCESS_PUBLIC;
}

$old_owner_guid = $is_new_group ? 0 : $group->owner_guid;

$value = get_input('owner_guid');
$new_owner_guid = ($value === null) ? $old_owner_guid : (int)$value;

if (!$is_new_group && $new_owner_guid && $new_owner_guid != $old_owner_guid) {
	// verify new owner is member and old owner/admin is logged in
	if ($group->isMember(get_user($new_owner_guid)) && ($old_owner_guid == $user->guid || $user->isAdmin())) {
		$group->owner_guid = $new_owner_guid;
		if ($group->container_guid == $old_owner_guid) {
			// Even though this action defaults container_guid to the logged in user guid,
			// the group may have initially been created with a custom script that assigned
			// a different container entity. We want to make sure we preserve the original
			// container if it the group is not contained by the original owner.
			$group->container_guid = $new_owner_guid;
		}
	}
}

if ($is_new_group) {
	// if new group, we need to save so group acl gets set in event handler
	if (!$group->save()) {
		return elgg_error_response(elgg_echo('groups:save_error'));
	}
}

// Invisible group support
// @todo this requires save to be called to create the acl for the group. This
// is an odd requirement and should be removed. Either the acl creation happens
// in the action or the visibility moves to a plugin hook
if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
	$value = get_input('vis');
	if ($is_new_group || $value !== null) {
		$visibility = (int)$value;

		if ($visibility == ACCESS_PRIVATE) {
			// Make this group visible only to group members. We need to use
			// ACCESS_PRIVATE on the form and convert it to group_acl here
			// because new groups do not have acl until they have been saved once.
			$visibility = $group->group_acl;

			// Force all new group content to be available only to members
			$group->setContentAccessMode(ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY);
		}

		$group->access_id = $visibility;
	}
}

if (!$group->save()) {
	return elgg_error_response(elgg_echo('groups:save_error'));
}

// group saved so clear sticky form
elgg_clear_sticky_form('groups');

// group creator needs to be member of new group and river entry created
if ($is_new_group) {

	// @todo this should not be necessary...
	elgg_set_page_owner_guid($group->guid);

	$group->join($user);
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}
	elgg_create_river_item(array(
		'view' => 'river/group/create',
		'action_type' => 'create',
		'subject_guid' => $user->guid,
		'object_guid' => $group->guid,
	));
}

$group->saveIconFromUploadedFile('icon');

$data = [
	'entity' => $group,
];
return elgg_ok_response($data, elgg_echo('groups:saved'), $group->getURL());


1			<?php
2			/**
3			* Elgg groups plugin edit action.
4			*
5			* If editing an existing group, only the "group_guid" must be submitted. All other form
6			* elements may be omitted and the corresponding data will be left as is.
7			*
8			* @package ElggGroups
9			*/
10
11			elgg_make_sticky_form('groups');
12
13			// Get group fields
14			$input = array();
15			foreach (elgg_get_config('group') as $shortname => $valuetype) {
16			$value = get_input($shortname);
17
18			if ($value === null) {
19			// only submitted fields should be updated
20			continue;
21			}
22
23			$input[$shortname] = $value;
24
25			// @todo treat profile fields as unescaped: don't filter, encode on output
26			if (is_array($input[$shortname])) {
27			array_walk_recursive($input[$shortname], function (&$v) {
28			$v = elgg_html_decode($v);
29			});
30			} else {
31			$input[$shortname] = elgg_html_decode($input[$shortname]);
32			}
33
34			if ($valuetype == 'tags') {
35			$input[$shortname] = string_to_tag_array($input[$shortname]);
36			}
37			}
38
39			// only set if submitted
40			$name = get_input('name', null, false);
41			if ($name !== null) {
42			$input['name'] = htmlspecialchars($name, ENT_QUOTES, 'UTF-8');
43			}
44
45			$user = elgg_get_logged_in_user_entity();
46
47			$group_guid = (int) get_input('group_guid');
48
49			if ($group_guid) {
50			$is_new_group = false;
51			$group = get_entity($group_guid);
52			if (!$group instanceof ElggGroup \|\| !$group->canEdit()) {
53			$error = elgg_echo('groups:cantedit');
54			return elgg_error_response($error);
55			}
56			} else {
57			if (elgg_get_plugin_setting('limited_groups', 'groups') == 'yes' && !$user->isAdmin()) {
58			$error = elgg_echo('groups:cantcreate');
59			return elgg_error_response($error);
60			}
61
62			$container_guid = get_input('container_guid', $user->guid);
63			$container = get_entity($container_guid);
64
65			if (!$container \|\| !$container->canWriteToContainer($user->guid, 'group')) {
66			$error = elgg_echo('groups:cantcreate');
67			return elgg_error_response($error);
68			}
69
70			$is_new_group = true;
71			$group = new ElggGroup();
72			$group->container_guid = $container->guid;
73			}
74
75			// Assume we can edit or this is a new group
76			foreach ($input as $shortname => $value) {
77			if ($value === '' && !in_array($shortname, ['name', 'description'])) {
78			// The group profile displays all profile fields that have a value.
79			// We don't want to display fields with empty string value, so we
80			// remove the metadata completely.
81			$group->deleteMetadata($shortname);
82			continue;
83			}
84
85			$group->$shortname = $value;
86			}
87
88			// Validate create
89			if (!$group->name) {
90			return elgg_error_response(elgg_echo('groups:notitle'));
91			}
92
93			// Set group tool options (only pass along saved entities)
94			$tool_entity = !$is_new_group ? $group : null;
95			$tool_options = groups_get_group_tool_options($tool_entity);
96			if ($tool_options) {
97			foreach ($tool_options as $group_option) {
98			$option_toggle_name = $group_option->name . "_enable";
99			$option_default = $group_option->default_on ? 'yes' : 'no';
100			$value = get_input($option_toggle_name);
101
102			// if already has option set, don't change if no submission
103			if ($group->$option_toggle_name && $value === null) {
104			continue;
105			}
106
107			$group->$option_toggle_name = $value ? $value : $option_default;
108			}
109			}
110
111			// Group membership - should these be treated with same constants as access permissions?
112			$value = get_input('membership');
113			if ($group->membership === null \|\| $value !== null) {
114			$is_public_membership = ($value == ACCESS_PUBLIC);
115			$group->membership = $is_public_membership ? ACCESS_PUBLIC : ACCESS_PRIVATE;
116			}
117
118			$group->setContentAccessMode((string)get_input('content_access_mode'));
119
120			if ($is_new_group) {
121			$group->access_id = ACCESS_PUBLIC;
122			}
123
124			$old_owner_guid = $is_new_group ? 0 : $group->owner_guid;
125
126			$value = get_input('owner_guid');
127			$new_owner_guid = ($value === null) ? $old_owner_guid : (int)$value;
128
129			if (!$is_new_group && $new_owner_guid && $new_owner_guid != $old_owner_guid) {
130			// verify new owner is member and old owner/admin is logged in
131			if ($group->isMember(get_user($new_owner_guid)) && ($old_owner_guid == $user->guid \|\| $user->isAdmin())) {
132			$group->owner_guid = $new_owner_guid;
133			if ($group->container_guid == $old_owner_guid) {
134			// Even though this action defaults container_guid to the logged in user guid,
135			// the group may have initially been created with a custom script that assigned
136			// a different container entity. We want to make sure we preserve the original
137			// container if it the group is not contained by the original owner.
138			$group->container_guid = $new_owner_guid;
139			}
140			}
141			}
142
143			if ($is_new_group) {
144			// if new group, we need to save so group acl gets set in event handler
145			if (!$group->save()) {
146			return elgg_error_response(elgg_echo('groups:save_error'));
147			}
148			}
149
150			// Invisible group support
151			// @todo this requires save to be called to create the acl for the group. This
152			// is an odd requirement and should be removed. Either the acl creation happens
153			// in the action or the visibility moves to a plugin hook
154			if (elgg_get_plugin_setting('hidden_groups', 'groups') == 'yes') {
155			$value = get_input('vis');
156			if ($is_new_group \|\| $value !== null) {
157			$visibility = (int)$value;
158
159			if ($visibility == ACCESS_PRIVATE) {
160			// Make this group visible only to group members. We need to use
161			// ACCESS_PRIVATE on the form and convert it to group_acl here
162			// because new groups do not have acl until they have been saved once.
163			$visibility = $group->group_acl;
164
165			// Force all new group content to be available only to members
166			$group->setContentAccessMode(ElggGroup::CONTENT_ACCESS_MODE_MEMBERS_ONLY);
167			}
168
169			$group->access_id = $visibility;
170			}
171			}
172
173			if (!$group->save()) {
174			return elgg_error_response(elgg_echo('groups:save_error'));
175			}
176
177			// group saved so clear sticky form
178			elgg_clear_sticky_form('groups');
179
180			// group creator needs to be member of new group and river entry created
181			if ($is_new_group) {
182
183			// @todo this should not be necessary...
184			elgg_set_page_owner_guid($group->guid);
185
186			$group->join($user);
			0 ignored issues – show Bug introduced 2016-12-16 21:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$user` defined by `elgg_get_logged_in_user_entity()` on line `45` can be `null`; however, `ElggGroup::join()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
187			elgg_create_river_item(array(
188			'view' => 'river/group/create',
189			'action_type' => 'create',
190			'subject_guid' => $user->guid,
191			'object_guid' => $group->guid,
192			));
193			}
194
195			$group->saveIconFromUploadedFile('icon');
196
197			$data = [
198			'entity' => $group,
199			];
200			return elgg_ok_response($data, elgg_echo('groups:saved'), $group->getURL());
201

Elgg / Elgg

Push — master ( 0ffdca...fb72ff )

mod/groups/actions/groups/edit.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like