Issues in Project.class.php (master) - Issues in master - Enalean/tuleap - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4873)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/common/project/Project.class.php (2 issues)

Labels

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Copyright 1999-2000 (c) The SourceForge Crew
 * Copyright Enalean (c) 2015. All rights reserved.
 *
 * Tuleap and Enalean names and logos are registrated trademarks owned by
 * Enalean SAS. All other trademarks or names are properties of their respective
 * owners.
 *
 * This file is a part of Tuleap.
 *
 * Tuleap is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * Tuleap is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with Tuleap. If not, see <http://www.gnu.org/licenses/>.
 */

// see getProjectsDescFieldsInfos
function cmp($a, $b){
	if ($a["desc_rank"] == $b["desc_rank"]) {
        return 0;
    }
    return ($a["desc_rank"] < $b["desc_rank"]) ? -1 : 1;
}
 
function getProjectsDescFieldsInfos(){
	$sql = 'SELECT * FROM group_desc WHERE 1';
      
    $descfieldsinfos = array();
    if ($res = db_query($sql)) {
        while($data = db_fetch_array($res)) {
            $descfieldsinfos[] = $data;
        }
    }
    
	usort($descfieldsinfos, "cmp");
    return $descfieldsinfos;
}	


class Project extends Group implements PFO_Project {

    /**
     * The project is active
     */
    const STATUS_ACTIVE = 'A';
    
    /**
     * The project is pending
     */
    const STATUS_PENDING = 'P';

    /**
     * The project is incomplete
     */
    const STATUS_INCOMPLETE = 'I';

    /**
     * The project is holding
     */
    const STATUS_HOLDING = 'H';

    const SITE_NEWS_PROJECT_ID = 46;
    const ADMIN_PROJECT_ID     = 100;

    const ACCESS_PRIVATE             = 'private';
    const ACCESS_PUBLIC_UNRESTRICTED = 'unrestricted';
    const ACCESS_PUBLIC              = 'public';

    var $project_data_array;

    // All data concerning services for this project
    private $service_data_array = null;
    private $cache_active_services;
    private $services;
    
    /**
     * @var array The classnames for services
     */
    private $serviceClassnames;
    
    /*
		basically just call the parent to set up everything
                and set up services arrays
    */
    function Project($param) {
        $this->Group($param);
        
        //for right now, just point our prefs array at Group's data array
        //this will change later when we split the project_data table off from groups table
        $this->project_data_array = $this->data_array;
    }

    private function cacheServices() {
        if ($this->services !== null) {
            return;
        }

        $this->serviceClassnames = array(
            'file' => 'ServiceFile',
            'svn'  => 'ServiceSVN'
        );
        EventManager::instance()->processEvent(Event::SERVICE_CLASSNAMES, array('classnames' => &$this->serviceClassnames));

        // Get Service data
        $allowed_services = ServiceManager::instance()->getListOfAllowedServicesForProject($this);
        if (count($allowed_services) < 1) {
            $this->service_data_array = array();
        }
        $j = 1;
        foreach ($allowed_services as $service) {
            $res_row = $service->data;
            $short_name = $service->getShortName();
            if (! $short_name) {
                $short_name = $j++;
            }

            // needed for localisation
            $matches = array();
            if ($res_row['description'] == "service_" . $short_name . "_desc_key") {
                $res_row['description'] = $GLOBALS['Language']->getText('project_admin_editservice', $res_row['description']);
            } elseif (preg_match('/(.*):(.*)/', $res_row['description'], $matches)) {
                if ($GLOBALS['Language']->hasText($matches[1], $matches[2])) {
                    $res_row['description'] = $GLOBALS['Language']->getText($matches[1], $matches[2]);
                }
            }
            if ($res_row['label'] == "service_" . $short_name . "_lbl_key") {
                $res_row['label'] = $GLOBALS['Language']->getText('project_admin_editservice', $res_row['label']);
            } elseif (preg_match('/(.*):(.*)/', $res_row['label'], $matches)) {
                if ($GLOBALS['Language']->hasText($matches[1], $matches[2])) {
                    $res_row['label'] = $GLOBALS['Language']->getText($matches[1], $matches[2]);
                }
            }

            $this->service_data_array[$short_name] = $res_row;
            $this->services[$short_name] = $service;
            if ($service->isActive()) {
                $this->cache_active_services[] = $service;
            }
        }
    }

    public function getMinimalRank() {
        // get it, no matter if summary is enabled or not
        $this->cacheServices();
        return $this->services[Service::SUMMARY]->getRank();
    }

    public function getServiceLabel($short_name) {
        return $this->getService($short_name)->getLabel();
    }

    private function getServiceLink($short_name) {
        return $this->getService($short_name)->getUrl();
    }

    public function getServicesData() {
        $this->cacheServices();
        return $this->service_data_array;
    }

    /**
     * Return the name of the class to instantiate a service based on its short name
     *
     * @param string $short_name the short name of the service
     *
     * @return string
     */
    public function getServiceClassName($short_name) {
        $classname = 'Service';
        if (isset($this->serviceClassnames[$short_name])) {
            $classname = $this->serviceClassnames[$short_name];
        }
        return $classname;
    }

    /**
     * Return service corresponding to project
     *
     * @param String $service_name
     * 
     * @return Service
     */
    public function getService($service_name) {
        $this->cacheServices();
        return $this->usesService($service_name) ? $this->services[$service_name] : null;
    }

    /**
     * 
     * @return array
     */
    public function getAllUsedServices() {
        $used_services = array();
        foreach($this->getServices() as $service) {
            if ($service->isUsed()) {
                $used_services[] = $service->getShortName();
            }
        }
        
        return $used_services;
    }

    /**
     * @return Service[]
     */
    public function getServices() {
        $this->cacheServices();
        return $this->services;
    }

    public function getActiveServices() {
        $this->cacheServices();
        return $this->cache_active_services;
    }
    
    function usesHomePage() {
        return $this->usesService(Service::HOMEPAGE);
    }
    
    function usesAdmin() {
        return $this->usesService(Service::ADMIN);
    }
    
    function usesSummary() {
        return $this->usesService(Service::SUMMARY);
    }

    function usesTracker() {
        return $this->usesService(Service::TRACKERV3);
    }

    function usesCVS() {
        return $this->usesService(Service::CVS);
    }

    function usesSVN() {
        return $this->usesService(Service::SVN);
    }

    function usesDocman() {
        return $this->usesService(Service::LEGACYDOC);
    }

    function usesFile() {
        return $this->usesService(Service::FILE);
    }

    //whether or not this group has opted to use mailing lists
    function usesMail() {
        return $this->usesService(Service::ML);
    }

    //whether or not this group has opted to use news
    function usesNews() {
        return $this->usesService(Service::NEWS);
    }

    //whether or not this group has opted to use discussion forums
    function usesForum() {
        return $this->usesService(Service::FORUM);
    }       

    //whether or not this group has opted to use surveys
    function usesSurvey() {
        return $this->usesService(Service::SURVEY);
    }       

    //whether or not this group has opted to use wiki
    function usesWiki() {
        return $this->usesService(Service::WIKI);
    }   


    // Generic versions

    function usesService($service_short_name) {
        $data = $this->getServicesData();
        return isset($data[$service_short_name]) && $data[$service_short_name]['is_used'];
    }

    /*
        The URL for this project's home page
    */
    function getHomePage() {
        return $this->usesHomePage() ? $this->getServiceLink(Service::HOMEPAGE) : '';
    }
    
    function getWikiPage(){
        return $this->getServiceLink(Service::WIKI);
    }

    function getForumPage(){
        return $this->getServiceLink(Service::FORUM);
    }
    
    function getMailPage(){
        return $this->getServiceLink(Service::ML);
    }
    
    function getCvsPage(){
        return $this->getServiceLink(Service::CVS);
    }
    
    function getSvnPage(){
        return $this->getServiceLink(Service::SVN);
    }
    
    function getTrackerPage(){
        return $this->getServiceLink(Service::TRACKERV3);
    }
    
    /*

    Subversion and CVS settings

    */

    function cvsMailingList() {
        return $this->project_data_array['cvs_events_mailing_list'];
    }

    function getCVSMailingHeader() {
        return $this->project_data_array['cvs_events_mailing_header'];
    }

    function isCVSTracked() {
        return $this->project_data_array['cvs_tracker'];
    }

    function getCVSWatchMode() {
        return $this->project_data_array['cvs_watch_mode'];
    }

    function getCVSpreamble() {
        return $this->project_data_array['cvs_preamble'];
    }
    
    function isCVSPrivate() {
        return $this->project_data_array['cvs_is_private'];
    }

    function getSVNMailingHeader() {
        return $this->project_data_array['svn_events_mailing_header'];
    }

    function isSVNTracked() {
        return $this->project_data_array['svn_tracker'];
    }

    function isSVNMandatoryRef() {
        return $this->project_data_array['svn_mandatory_ref'];
    }

    function canChangeSVNLog(){
        return $this->project_data_array['svn_can_change_log'];
    }
    
    function getSVNpreamble() {
        return $this->project_data_array['svn_preamble'];
    }

    function isSVNPrivate() {
        // TODO XXXX not implemented yet.
        return false;
    }
    
    function getSVNAccess() {
        return $this->project_data_array['svn_accessfile'];
    }

    public function getAccess() {
        return $this->data_array['access'];
    }

    public function getTruncatedEmailsUsage() {
        return $this->data_array['truncated_emails'];
    }

    public function isPublic() {
        $access = $this->data_array['access'];
        return $access != Project::ACCESS_PRIVATE;
    }

    /**
     * @return boolean
     */
    public function allowsRestricted() {
        return $this->getAccess() === self::ACCESS_PUBLIC_UNRESTRICTED
            || $this->isSuperPublic();
    }

    private function isSuperPublic() {
        $super_public_projects = ForgeConfig::getSuperPublicProjectsFromRestrictedFile();

        return in_array($this->getID(), $super_public_projects);
    }

    /**
     * SVN root path must have project name in mixed case.
     *
     * @return String
     */
    public function getSVNRootPath() {
        return ForgeConfig::get('svn_prefix') . DIRECTORY_SEPARATOR . $this->getUnixNameMixedCase();
    }

    function getProjectsCreatedFrom() {
        $sql = 'SELECT * FROM groups WHERE built_from_template = '. $this->getGroupId() ." AND status <> 'D'";
        $subprojects = array();
        if ($res = db_query($sql)) {
            while($data = db_fetch_array($res)) {
                $subprojects[] = $data;
            }
        }
        return $subprojects;
    }
    
    function getProjectsDescFieldsValue(){
    	$sql = 'SELECT group_desc_id, value FROM group_desc_value WHERE group_id='.$this->getGroupId() ;
        
        $descfieldsvalue = array();
        if ($res = db_query($sql)) {
            while($data = db_fetch_array($res)) {
                $descfieldsvalue[] = $data;
            }
        }
        
        return $descfieldsvalue;
    }
    
    function displayProjectsDescFieldsValue(){
    	$descfieldsvalue=$this->getProjectsDescFieldsValue();
    	$descfields = getProjectsDescFieldsInfos();
    	$hp = Codendi_HTMLPurifier::instance();
    	
    	for($i=0;$i<sizeof($descfields);$i++){
for ($i=0; $i<count($array); $i++) { // calls count() on each iteration
}

// Better
for ($i=0, $c=count($array); $i<$c; $i++) { // calls count() just once
}
	
			$displayfieldname[$i]=$descfields[$i]['desc_name'];
			$displayfieldvalue[$i]='';
			for($j=0;$j<sizeof($descfieldsvalue);$j++){
for ($i=0; $i<count($array); $i++) { // calls count() on each iteration
}

// Better
for ($i=0, $c=count($array); $i<$c; $i++) { // calls count() just once
}
				
				if($descfieldsvalue[$j]['group_desc_id']==$descfields[$i]['group_desc_id']){
					$displayfieldvalue[$i]=$descfieldsvalue[$j]['value'];
				}	
			}
			
			$descname=$displayfieldname[$i];
                        if (preg_match('/(.*):(.*)/', $descname, $matches)) {
                            if ($GLOBALS['Language']->hasText($matches[1], $matches[2])) {
                                $descname = $GLOBALS['Language']->getText($matches[1], $matches[2]);
                            }
                        }
			
			echo "<h3>".$hp->purify($descname,CODENDI_PURIFIER_LIGHT,$this->getGroupId())."</h3>";
			echo "<p>";
			echo ($displayfieldvalue[$i] == '') ? $GLOBALS['Language']->getText('global','none') : $hp->purify($displayfieldvalue[$i], CODENDI_PURIFIER_LIGHT,$this->getGroupId())  ;
			echo "</p>";
			
		}
    	
    }

    private function getUGroupManager() {
        return new UGroupManager();
    }

    /**
     * @return array of User admin of the project
     */
    public function getAdmins() {
        return $this->getUGroupManager()->getDynamicUGroupsMembers(ProjectUGroup::PROJECT_ADMIN, $this->getID());
    }

    /**
     * @return array of User members of the project
     */
    public function getMembers() {
        return $this->getUGroupManager()->getDynamicUGroupsMembers(ProjectUGroup::PROJECT_MEMBERS, $this->getID());
    }

    /**
     * Alias of @see getMembers()
     */
    public function getUsers() {
        return $this->getMembers();
    }
    
    /**
     * getRolesId - Get the roles of the group.
     *
     * @return      array   Role ids of this group.
     */
    function getRolesId() {
            $role_ids = array();

            /*if (USE_PFO_RBAC) {
                    $res = db_query_params('SELECT role_id FROM pfo_role WHERE home_group_id=$1',
                                            array($this->getID()));
                    while ($arr = db_fetch_array($res)) {
                            $role_ids[] = $arr['role_id'];
                    }
                    $res = db_query_params('SELECT role_id FROM role_project_refs WHERE group_id=$1',
                                            array($this->getID()));
                    while ($arr = db_fetch_array($res)) {
                            $role_ids[] = $arr['role_id'];
                    }
            } else {
                    $res = db_query_params('SELECT role_id FROM role WHERE group_id=$1',
                                                        array($this->getID()));
                    while ($arr = db_fetch_array($res)) {
                            $role_ids[] = $arr['role_id'];
                    }
            }*/

            return array_unique($role_ids);
    }

    /**
     * getRoles - Get the roles of the group.
     *
     * @return      array   Roles of this group.
     */
    function getRoles() {
            $result = array();

            /*$roles = $this->getRolesId();
            if (USE_PFO_RBAC) {
                    $engine = RBACEngine::getInstance();
                    foreach ($roles as $role_id) {
                            $result[] = $engine->getRoleById ($role_id);
                    }
            } else {
                    foreach ($roles as $role_id) {
                            $result[] = new Role ($this, $role_id);
                    }
            }*/

            return $result;
    }

    public function projectsMustBeApprovedByAdmin() {
        return ForgeConfig::get('sys_project_approval', 1) === 1;
    }
}
?>


GitHub Access Token became invalid

Issues (4873)

Security Analysis not enabled

src/common/project/Project.class.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2			/**
3			* Copyright 1999-2000 (c) The SourceForge Crew
4			* Copyright Enalean (c) 2015. All rights reserved.
5			*
6			* Tuleap and Enalean names and logos are registrated trademarks owned by
7			* Enalean SAS. All other trademarks or names are properties of their respective
8			* owners.
9			*
10			* This file is a part of Tuleap.
11			*
12			* Tuleap is free software; you can redistribute it and/or modify
13			* it under the terms of the GNU General Public License as published by
14			* the Free Software Foundation; either version 2 of the License, or
15			* (at your option) any later version.
16			*
17			* Tuleap is distributed in the hope that it will be useful,
18			* but WITHOUT ANY WARRANTY; without even the implied warranty of
19			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20			* GNU General Public License for more details.
21			*
22			* You should have received a copy of the GNU General Public License
23			* along with Tuleap. If not, see <http://www.gnu.org/licenses/>.
24			*/
25
26			// see getProjectsDescFieldsInfos
27			function cmp($a, $b){
28			if ($a["desc_rank"] == $b["desc_rank"]) {
29			return 0;
30			}
31			return ($a["desc_rank"] < $b["desc_rank"]) ? -1 : 1;
32			}
33
34			function getProjectsDescFieldsInfos(){
35			$sql = 'SELECT * FROM group_desc WHERE 1';
36
37			$descfieldsinfos = array();
38			if ($res = db_query($sql)) {
39			while($data = db_fetch_array($res)) {
40			$descfieldsinfos[] = $data;
41			}
42			}
43
44			usort($descfieldsinfos, "cmp");
45			return $descfieldsinfos;
46			}
47
48
49			class Project extends Group implements PFO_Project {
50
51			/**
52			* The project is active
53			*/
54			const STATUS_ACTIVE = 'A';
55
56			/**
57			* The project is pending
58			*/
59			const STATUS_PENDING = 'P';
60
61			/**
62			* The project is incomplete
63			*/
64			const STATUS_INCOMPLETE = 'I';
65
66			/**
67			* The project is holding
68			*/
69			const STATUS_HOLDING = 'H';
70
71			const SITE_NEWS_PROJECT_ID = 46;
72			const ADMIN_PROJECT_ID = 100;
73
74			const ACCESS_PRIVATE = 'private';
75			const ACCESS_PUBLIC_UNRESTRICTED = 'unrestricted';
76			const ACCESS_PUBLIC = 'public';
77
78			var $project_data_array;
79
80			// All data concerning services for this project
81			private $service_data_array = null;
82			private $cache_active_services;
83			private $services;
84
85			/**
86			* @var array The classnames for services
87			*/
88			private $serviceClassnames;
89
90			/*
91			basically just call the parent to set up everything
92			and set up services arrays
93			*/
94			function Project($param) {
95			$this->Group($param);
96
97			//for right now, just point our prefs array at Group's data array
98			//this will change later when we split the project_data table off from groups table
99			$this->project_data_array = $this->data_array;
100			}
101
102			private function cacheServices() {
103			if ($this->services !== null) {
104			return;
105			}
106
107			$this->serviceClassnames = array(
108			'file' => 'ServiceFile',
109			'svn' => 'ServiceSVN'
110			);
111			EventManager::instance()->processEvent(Event::SERVICE_CLASSNAMES, array('classnames' => &$this->serviceClassnames));
112
113			// Get Service data
114			$allowed_services = ServiceManager::instance()->getListOfAllowedServicesForProject($this);
115			if (count($allowed_services) < 1) {
116			$this->service_data_array = array();
117			}
118			$j = 1;
119			foreach ($allowed_services as $service) {
120			$res_row = $service->data;
121			$short_name = $service->getShortName();
122			if (! $short_name) {
123			$short_name = $j++;
124			}
125
126			// needed for localisation
127			$matches = array();
128			if ($res_row['description'] == "service_" . $short_name . "_desc_key") {
129			$res_row['description'] = $GLOBALS['Language']->getText('project_admin_editservice', $res_row['description']);
130			} elseif (preg_match('/(.):(.)/', $res_row['description'], $matches)) {
131			if ($GLOBALS['Language']->hasText($matches[1], $matches[2])) {
132			$res_row['description'] = $GLOBALS['Language']->getText($matches[1], $matches[2]);
133			}
134			}
135			if ($res_row['label'] == "service_" . $short_name . "_lbl_key") {
136			$res_row['label'] = $GLOBALS['Language']->getText('project_admin_editservice', $res_row['label']);
137			} elseif (preg_match('/(.):(.)/', $res_row['label'], $matches)) {
138			if ($GLOBALS['Language']->hasText($matches[1], $matches[2])) {
139			$res_row['label'] = $GLOBALS['Language']->getText($matches[1], $matches[2]);
140			}
141			}
142
143			$this->service_data_array[$short_name] = $res_row;
144			$this->services[$short_name] = $service;
145			if ($service->isActive()) {
146			$this->cache_active_services[] = $service;
147			}
148			}
149			}
150
151			public function getMinimalRank() {
152			// get it, no matter if summary is enabled or not
153			$this->cacheServices();
154			return $this->services[Service::SUMMARY]->getRank();
155			}
156
157			public function getServiceLabel($short_name) {
158			return $this->getService($short_name)->getLabel();
159			}
160
161			private function getServiceLink($short_name) {
162			return $this->getService($short_name)->getUrl();
163			}
164
165			public function getServicesData() {
166			$this->cacheServices();
167			return $this->service_data_array;
168			}
169
170			/**
171			* Return the name of the class to instantiate a service based on its short name
172			*
173			* @param string $short_name the short name of the service
174			*
175			* @return string
176			*/
177			public function getServiceClassName($short_name) {
178			$classname = 'Service';
179			if (isset($this->serviceClassnames[$short_name])) {
180			$classname = $this->serviceClassnames[$short_name];
181			}
182			return $classname;
183			}
184
185			/**
186			* Return service corresponding to project
187			*
188			* @param String $service_name
189			*
190			* @return Service
191			*/
192			public function getService($service_name) {
193			$this->cacheServices();
194			return $this->usesService($service_name) ? $this->services[$service_name] : null;
195			}
196
197			/**
198			*
199			* @return array
200			*/
201			public function getAllUsedServices() {
202			$used_services = array();
203			foreach($this->getServices() as $service) {
204			if ($service->isUsed()) {
205			$used_services[] = $service->getShortName();
206			}
207			}
208
209			return $used_services;
210			}
211
212			/**
213			* @return Service[]
214			*/
215			public function getServices() {
216			$this->cacheServices();
217			return $this->services;
218			}
219
220			public function getActiveServices() {
221			$this->cacheServices();
222			return $this->cache_active_services;
223			}
224
225			function usesHomePage() {
226			return $this->usesService(Service::HOMEPAGE);
227			}
228
229			function usesAdmin() {
230			return $this->usesService(Service::ADMIN);
231			}
232
233			function usesSummary() {
234			return $this->usesService(Service::SUMMARY);
235			}
236
237			function usesTracker() {
238			return $this->usesService(Service::TRACKERV3);
239			}
240
241			function usesCVS() {
242			return $this->usesService(Service::CVS);
243			}
244
245			function usesSVN() {
246			return $this->usesService(Service::SVN);
247			}
248
249			function usesDocman() {
250			return $this->usesService(Service::LEGACYDOC);
251			}
252
253			function usesFile() {
254			return $this->usesService(Service::FILE);
255			}
256
257			//whether or not this group has opted to use mailing lists
258			function usesMail() {
259			return $this->usesService(Service::ML);
260			}
261
262			//whether or not this group has opted to use news
263			function usesNews() {
264			return $this->usesService(Service::NEWS);
265			}
266
267			//whether or not this group has opted to use discussion forums
268			function usesForum() {
269			return $this->usesService(Service::FORUM);
270			}
271
272			//whether or not this group has opted to use surveys
273			function usesSurvey() {
274			return $this->usesService(Service::SURVEY);
275			}
276
277			//whether or not this group has opted to use wiki
278			function usesWiki() {
279			return $this->usesService(Service::WIKI);
280			}
281
282
283			// Generic versions
284
285			function usesService($service_short_name) {
286			$data = $this->getServicesData();
287			return isset($data[$service_short_name]) && $data[$service_short_name]['is_used'];
288			}
289
290			/*
291			The URL for this project's home page
292			*/
293			function getHomePage() {
294			return $this->usesHomePage() ? $this->getServiceLink(Service::HOMEPAGE) : '';
295			}
296
297			function getWikiPage(){
298			return $this->getServiceLink(Service::WIKI);
299			}
300
301			function getForumPage(){
302			return $this->getServiceLink(Service::FORUM);
303			}
304
305			function getMailPage(){
306			return $this->getServiceLink(Service::ML);
307			}
308
309			function getCvsPage(){
310			return $this->getServiceLink(Service::CVS);
311			}
312
313			function getSvnPage(){
314			return $this->getServiceLink(Service::SVN);
315			}
316
317			function getTrackerPage(){
318			return $this->getServiceLink(Service::TRACKERV3);
319			}
320
321			/*
322
323			Subversion and CVS settings
324
325			*/
326
327			function cvsMailingList() {
328			return $this->project_data_array['cvs_events_mailing_list'];
329			}
330
331			function getCVSMailingHeader() {
332			return $this->project_data_array['cvs_events_mailing_header'];
333			}
334
335			function isCVSTracked() {
336			return $this->project_data_array['cvs_tracker'];
337			}
338
339			function getCVSWatchMode() {
340			return $this->project_data_array['cvs_watch_mode'];
341			}
342
343			function getCVSpreamble() {
344			return $this->project_data_array['cvs_preamble'];
345			}
346
347			function isCVSPrivate() {
348			return $this->project_data_array['cvs_is_private'];
349			}
350
351			function getSVNMailingHeader() {
352			return $this->project_data_array['svn_events_mailing_header'];
353			}
354
355			function isSVNTracked() {
356			return $this->project_data_array['svn_tracker'];
357			}
358
359			function isSVNMandatoryRef() {
360			return $this->project_data_array['svn_mandatory_ref'];
361			}
362
363			function canChangeSVNLog(){
364			return $this->project_data_array['svn_can_change_log'];
365			}
366
367			function getSVNpreamble() {
368			return $this->project_data_array['svn_preamble'];
369			}
370
371			function isSVNPrivate() {
372			// TODO XXXX not implemented yet.
373			return false;
374			}
375
376			function getSVNAccess() {
377			return $this->project_data_array['svn_accessfile'];
378			}
379
380			public function getAccess() {
381			return $this->data_array['access'];
382			}
383
384			public function getTruncatedEmailsUsage() {
385			return $this->data_array['truncated_emails'];
386			}
387
388			public function isPublic() {
389			$access = $this->data_array['access'];
390			return $access != Project::ACCESS_PRIVATE;
391			}
392
393			/**
394			* @return boolean
395			*/
396			public function allowsRestricted() {
397			return $this->getAccess() === self::ACCESS_PUBLIC_UNRESTRICTED
398			\|\| $this->isSuperPublic();
399			}
400
401			private function isSuperPublic() {
402			$super_public_projects = ForgeConfig::getSuperPublicProjectsFromRestrictedFile();
403
404			return in_array($this->getID(), $super_public_projects);
405			}
406
407			/**
408			* SVN root path must have project name in mixed case.
409			*
410			* @return String
411			*/
412			public function getSVNRootPath() {
413			return ForgeConfig::get('svn_prefix') . DIRECTORY_SEPARATOR . $this->getUnixNameMixedCase();
414			}
415
416			function getProjectsCreatedFrom() {
417			$sql = 'SELECT * FROM groups WHERE built_from_template = '. $this->getGroupId() ." AND status <> 'D'";
418			$subprojects = array();
419			if ($res = db_query($sql)) {
420			while($data = db_fetch_array($res)) {
421			$subprojects[] = $data;
422			}
423			}
424			return $subprojects;
425			}
426
427			function getProjectsDescFieldsValue(){
428			$sql = 'SELECT group_desc_id, value FROM group_desc_value WHERE group_id='.$this->getGroupId() ;
429
430			$descfieldsvalue = array();
431			if ($res = db_query($sql)) {
432			while($data = db_fetch_array($res)) {
433			$descfieldsvalue[] = $data;
434			}
435			}
436
437			return $descfieldsvalue;
438			}
439
440			function displayProjectsDescFieldsValue(){
441			$descfieldsvalue=$this->getProjectsDescFieldsValue();
442			$descfields = getProjectsDescFieldsInfos();
443			$hp = Codendi_HTMLPurifier::instance();
444
445			for($i=0;$i<sizeof($descfields);$i++){
			0 ignored issues – show Performance Best Practice introduced 2015-12-16 20:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are calling the size function `sizeof()` as part of the test condition. You might want to compute the size beforehand, and not on each iteration. If the size of the collection does not change during the iteration, it is generally a good practice to compute it beforehand, and not on each iteration: for ($i=0; $i<count($array); $i++) { // calls count() on each iteration } // Better for ($i=0, $c=count($array); $i<$c; $i++) { // calls count() just once } Loading history...
446
447			$displayfieldname[$i]=$descfields[$i]['desc_name'];
448			$displayfieldvalue[$i]='';
449			for($j=0;$j<sizeof($descfieldsvalue);$j++){
			0 ignored issues – show Performance Best Practice introduced 2015-12-16 20:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are calling the size function `sizeof()` as part of the test condition. You might want to compute the size beforehand, and not on each iteration. If the size of the collection does not change during the iteration, it is generally a good practice to compute it beforehand, and not on each iteration: for ($i=0; $i<count($array); $i++) { // calls count() on each iteration } // Better for ($i=0, $c=count($array); $i<$c; $i++) { // calls count() just once } Loading history...
450
451			if($descfieldsvalue[$j]['group_desc_id']==$descfields[$i]['group_desc_id']){
452			$displayfieldvalue[$i]=$descfieldsvalue[$j]['value'];
453			}
454			}
455
456			$descname=$displayfieldname[$i];
457			if (preg_match('/(.):(.)/', $descname, $matches)) {
458			if ($GLOBALS['Language']->hasText($matches[1], $matches[2])) {
459			$descname = $GLOBALS['Language']->getText($matches[1], $matches[2]);
460			}
461			}
462
463			echo "<h3>".$hp->purify($descname,CODENDI_PURIFIER_LIGHT,$this->getGroupId())."</h3>";
464			echo "<p>";
465			echo ($displayfieldvalue[$i] == '') ? $GLOBALS['Language']->getText('global','none') : $hp->purify($displayfieldvalue[$i], CODENDI_PURIFIER_LIGHT,$this->getGroupId()) ;
466			echo "</p>";
467
468			}
469
470			}
471
472			private function getUGroupManager() {
473			return new UGroupManager();
474			}
475
476			/**
477			* @return array of User admin of the project
478			*/
479			public function getAdmins() {
480			return $this->getUGroupManager()->getDynamicUGroupsMembers(ProjectUGroup::PROJECT_ADMIN, $this->getID());
481			}
482
483			/**
484			* @return array of User members of the project
485			*/
486			public function getMembers() {
487			return $this->getUGroupManager()->getDynamicUGroupsMembers(ProjectUGroup::PROJECT_MEMBERS, $this->getID());
488			}
489
490			/**
491			* Alias of @see getMembers()
492			*/
493			public function getUsers() {
494			return $this->getMembers();
495			}
496
497			/**
498			* getRolesId - Get the roles of the group.
499			*
500			* @return array Role ids of this group.
501			*/
502			function getRolesId() {
503			$role_ids = array();
504
505			/*if (USE_PFO_RBAC) {
506			$res = db_query_params('SELECT role_id FROM pfo_role WHERE home_group_id=$1',
507			array($this->getID()));
508			while ($arr = db_fetch_array($res)) {
509			$role_ids[] = $arr['role_id'];
510			}
511			$res = db_query_params('SELECT role_id FROM role_project_refs WHERE group_id=$1',
512			array($this->getID()));
513			while ($arr = db_fetch_array($res)) {
514			$role_ids[] = $arr['role_id'];
515			}
516			} else {
517			$res = db_query_params('SELECT role_id FROM role WHERE group_id=$1',
518			array($this->getID()));
519			while ($arr = db_fetch_array($res)) {
520			$role_ids[] = $arr['role_id'];
521			}
522			}*/
523
524			return array_unique($role_ids);
525			}
526
527			/**
528			* getRoles - Get the roles of the group.
529			*
530			* @return array Roles of this group.
531			*/
532			function getRoles() {
533			$result = array();
534
535			/*$roles = $this->getRolesId();
536			if (USE_PFO_RBAC) {
537			$engine = RBACEngine::getInstance();
538			foreach ($roles as $role_id) {
539			$result[] = $engine->getRoleById ($role_id);
540			}
541			} else {
542			foreach ($roles as $role_id) {
543			$result[] = new Role ($this, $role_id);
544			}
545			}*/
546
547			return $result;
548			}
549
550			public function projectsMustBeApprovedByAdmin() {
551			return ForgeConfig::get('sys_project_approval', 1) === 1;
552			}
553			}
554			?>
555

Enalean / tuleap

GitHub Access Token became invalid

Issues (4873)

Security Analysis not enabled

src/common/project/Project.class.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like